Here's the summary of the IRC meeting.


Place: #openvpn-meeting on irc.freenode.net
Date: Wednesday 24th Jan 2018
Time: 11:30 CET (10:30 UTC)

Planned meeting topics for this meeting were here:


The next meeting has not been scheduled yet.

Your local meeting time is easy to check from services such as



chipitsine, cron2, mattock and syzzer participated in this meeting.


Discussed the OpenVPN 2.4.5 release. The release was postponed to next
Wednesday (31st Jan) to get some fixes and enhancements in.

# openvpn

Ensure strings read from registry are null-terminated:


Plug memory leak if push is interrupted:


TLS v1.2 support for cryptoapicert -- RSA only:


# openvpn-gui

Update openvpn-gui-res-dk.rc:


Update Ukrainian localization:


# openvpn-build

Ensure that NSIS installer/uninstaller correctly manages new OpenSSL
(1.1.0) libraries (names have changed since 1.0.x).


Full chatlog attached.

Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

(12:28:49) cron2: meow
(12:31:42) mattock: howdy
(12:31:47) syzzer: hi!
(12:32:42) mattock: shall we begin?
(12:33:56) syzzer: yup
(12:34:28) chipitsine: as for windows installer 2.4.5 + openssl-1,1,0
(12:34:31) chipitsine: [ilia@localhost bin]$ ls
(12:34:33) chipitsine: c_rehash  libcrypto-1_1-x64.dll  liblzo2-2.dll  
libpkcs11-helper-1.dll  libssl-1_1-x64.dll  openssl.exe  openvpn.exe  
openvpn-gui.exe  openvpnserv.exe
(12:34:37) chipitsine: [ilia@localhost bin]$ 
(12:34:39) chipitsine: openssl libs changed their names
(12:34:50) chipitsine: I'm still working on openvpn.nsi
(12:35:25) chipitsine: not sure if I can finish it today
(12:36:42) cron2: I would also propose to postpone by one week
(12:36:52) cron2: there's patches we want in, and I've been distracted by icky 
(12:36:55) mattock: postponing is good
(12:37:10) syzzer: I have no opinion
(12:37:11) mattock: I failed to build with openssl 1.1.0
(12:37:23) chipitsine: or we can release windows installer with openssl-1.0.2
(12:37:29) mattock: we could yes
(12:37:30) cron2: tincantech posted build errors with 1.1.0 that showed "built 
wrong branch"
(12:37:42) mattock: cron2: ok
(12:37:42) cron2: 2.4.4 will *not* build with 1.1, release/2.4 *should* build
(12:37:47) mattock: ah, ok
(12:37:58) mattock: I didn't have time to test release/2.4 yet
(12:37:59) cron2: (you need the cryptoapi patch from Selva, which has been 
merged, but came after 2.4.4 release)
(12:38:16) mattock: but NSIS needs to be modified if openssl filenames changed
(12:38:41) mattock: are there any openvpn patches that are still missing from 
(12:38:43) chipitsine: 1-2 days for NSIS
(12:39:04) cron2: there's the ccd cipher one
(12:39:05) mattock: chipitsine: sounds good
(12:39:49) chipitsine: it would be nice to merge 
https://patchwork.openvpn.net/project/openvpn2/list/?series=59 before 2.4.5
(12:39:50) vpnHelper: Title: OpenVPN 2 - Patchwork (at patchwork.openvpn.net)
(12:40:07) chipitsine: it improves UX on windows a bit
(12:40:26) cron2: indeed.  I'll see that I can review this on thursday
(12:42:01) mattock: new release date?
(12:42:13) mattock: I could do wed next week, but not thu or fri
(12:42:14) cron2: oh, and we have more ACKs that I failed to merge (TLSv1.2 for 
(12:42:29) cron2: lets go for wed then
(12:42:40) mattock: ok
(12:43:02) mattock: let's compile a list of missing things
(12:43:08) syzzer: I'll be snowboard by then, but will read up in the evenings 
(12:43:11) mattock: 
(12:43:12) vpnHelper: Title: OpenVPN 2 - Patchwork (at patchwork.openvpn.net)
(12:43:13) syzzer: *snowboarding
(12:43:18) mattock: the ccd cipher one
(12:43:29) mattock: NSIS fixes for openssl libraries
(12:43:36) cron2: TLSv1.2 for cryptoapicert
(12:43:55) mattock: anything else?
(12:44:34) syzzer: maybe this: https://patchwork.openvpn.net/patch/195/
(12:44:36) vpnHelper: Title: [Openvpn-devel] Plug memory leak if push is 
interrupted - Patchwork (at patchwork.openvpn.net)
(12:44:51) mattock: there are some openvpn-gui translation updates that would 
be good to have, but not blockers (danish and ukrainian)
(12:44:52) syzzer: but quite a corner case, so not critical
(12:44:55) cron2: sounds bugfixy, soyes
(12:45:21) mattock: syzzer: looks fairly trivial to review
(12:47:26) mattock: so this is the TLSv2 cryptoapicert thing 
(12:47:28) vpnHelper: Title: [Openvpn-devel,v2,2/2] TLS v1.2 support for 
cryptoapicert -- RSA only - Patchwork (at patchwork.openvpn.net)
(12:47:31) cron2: yep
(12:47:33) syzzer: mattock: change looks simple, but testing it is annoying 
because the issue usually doesn't occur
(12:47:58) mattock: you've tested it, right?
(12:48:05) syzzer: yeah, I did
(12:48:20) mattock: do we need independent tests or just code review, in your 
(12:48:21) syzzer: but a second pair of eyes is good
(12:48:54) syzzer: depends on the change, but I try to test every patch I ACK.  
If I don't I state so in the ack mail.
(12:49:25) mattock: that's a good policy
(12:49:35) cron2: indeed :)
(12:49:45) mattock: maybe you could share your testing instructions?
(12:49:49) mattock: and/or scripts
(12:52:13) syzzer: mattock: I have a test suite @ work for mbedtls-related 
stuff, but other that that it is usually just "make check" (including t_client 
if I think that's useful) + manual testing of the code that changed
(12:52:22) syzzer: so not much to share unfortunately
(12:53:36) mattock: ok
(12:53:55) mattock: are we done with 2.4.5 planning?
(12:55:06) cron2: I'm done
(12:55:44) mattock: any other topics worthy of discussion?
(12:56:11) ***cron2 has none
(12:56:17) cron2: except "$wife is hungry" :)
(12:56:27) syzzer: me neither
(12:56:27) cron2: and "I want to go snowboarding as well!!"
(12:56:27) mattock: $me is hungry :P
(12:56:33) mattock: let's conclude this meeting then
(12:56:39) mattock: 26 minutes is a good achievement :)
(12:56:43) cron2: yep :-)
(12:56:55) mattock: ok bye guys! I will write the summary later today
(12:57:02) cron2: thanks
(12:57:20) syzzer: great!
(12:57:24) syzzer: enjoy lunch :)
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Openvpn-devel mailing list

Reply via email to