Re: [Openvpn-devel] [PATCH 01/02] Add support for PolarSSL 1.1.x branch

[Fabian Knittel]

Hi Igor,

2012/2/27 Igor Novgorodov :
> The attached patch adds checking for PolarSSL version on crypto_polarssl.c
> and depending on which version we are using (1.0.x or 1.1.x) chooses a new
> shiny havege_random() function, or an old ugly while{} loop hack to generate
> randomness.

Your patch removes the code that causes havege_init() to only be
called once. You never want to initialise your PRNG more than once,
otherwise you increase the risk that your randomness is predictable.
So please revert that part of your patch.

(The rest looks fine, although I haven't tested it and don't have any
experience with PolarSSL.)

Cheers
Fabian

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

[Alon Bar-Lev]

These are needed for 0.9.8 as far as I remember.

On Mon, Feb 27, 2012 at 10:06 PM, Igor Novgorodov  wrote:
> The attached patch removes deprecated(?) calls to OpenSSL functions from
> crypro.c,
> which are called when USE_SSL is not defined.
>
> I'm not so deep into OpenVPN, so maybe these functions are needed, but i
> thought that all crypto-lib
> dependent functions should be moved to the corresponding crypto_LIB.c files.
>
> If they are needed, we should #ifdef them, so that PolarSSL-based build
> won't break on it.
>
> --
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>

[Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

[Igor Novgorodov]

The attached patch removes deprecated(?) calls to OpenSSL functions from 
crypro.c,

which are called when USE_SSL is not defined.

I'm not so deep into OpenVPN, so maybe these functions are needed, but i 
thought that all crypto-lib

dependent functions should be moved to the corresponding crypto_LIB.c files.

If they are needed, we should #ifdef them, so that PolarSSL-based build 
won't break on it.
--- openvpn/crypto.c2012-02-27 23:10:53.613624010 +0400
+++ openvpn.mod/crypto.c2012-02-27 23:45:02.128929211 +0400
@@ -1378,8 +1378,6 @@
 void
 init_ssl_lib (void)
 {
-  ERR_load_crypto_strings ();
-  OpenSSL_add_all_algorithms ();
   crypto_init_lib ();
 }

@@ -1388,8 +1386,6 @@
 {
   crypto_uninit_lib ();
   prng_uninit();
-  EVP_cleanup ();
-  ERR_free_strings ();
 }

 #endif /* USE_SSL */

[Openvpn-devel] [PATCH 01/02] Add support for PolarSSL 1.1.x branch

[Igor Novgorodov]

Continuing to struggle with making OpenVPN as tiny as possible :)

The attached patch adds checking for PolarSSL version on 
crypto_polarssl.c and depending
on which version we are using (1.0.x or 1.1.x) chooses a new shiny 
havege_random() function,

or an old ugly while{} loop hack to generate randomness.
--- a/crypto_polarssl.c
+++ b/crypto_polarssl.c
@@ -41,6 +41,7 @@
 #include 
 #include 
 #include 
+#include 

 /*
  *
@@ -157,25 +158,24 @@
 rand_bytes (uint8_t *output, int len)
 {
   static havege_state hs = {0};
-  static bool hs_initialised = false;
-  const int int_size = sizeof(int);

-  if (!hs_initialised)
-{
-  /* Initialise PolarSSL RNG */
-  havege_init();
-  hs_initialised = true;
-}
+  /* Initialise PolarSSL RNG */
+  havege_init();
+#if (POLARSSL_VERSION_MAJOR >= 1 && POLARSSL_VERSION_MINOR >= 1)
+  havege_random(, output, len);
+#else
+  const int int_size = sizeof(int);

   while (len > 0)
 {
-  const int blen   = min_int (len, int_size);
-  const int rand_int   = havege_rand();
+  const int blen= min_int (len, int_size);
+  const int rand_int= havege_rand();

   memcpy (output, _int, blen);
   output += blen;
   len -= blen;
 }
+#endif
   return 1;
 }

Re: [Openvpn-devel] static build

[Gert Doering]

Hi,

On Mon, Feb 27, 2012 at 03:28:46PM +, Mr Dash Four wrote:
> The Alon's version of "openvpn 2.3_alpha1" is very different from 
> "openvpn 2.3_alpha1" downloaded from the official openvpn git repository 
> using the same tag! If you do not believe me - take a look for yourself.

This is well understood.  

The C sources are (basically) the same, but in Alon's tree, the build 
system has been re-built from scratch, from "something that sort-of works" 
to something new, which is more flexible, and (most important here) handles 
cross-building including all the dependencies in a fully automated way.

As soon as the rest of the OpenVPN developers agree on all the details,
Alon's changes will be integrated into the "main" openvpn git.

> I don't mind Alon (or anybody else for that matter) altering the openvpn 
> source code and its structure, because at the end of the day it is an 
> open source project, but to give it a name like "openvpn 2.3_alpha1" 
> clearly implying that this is the official "openvpn 2.3_alpha1" source 
> without explicitly stating that there were alterations/changes made to 
> that source code is clearly very misleading and in this respect Alon is 
> no better than the scum out there offering "loaded" source code of 
> well-known software products to naive idiots like myself, stupid enough 
> to download it.

Alon's new build system was announced here on the list just a few days
ago.

> As for the main topic of this thread - static build of openvpn, the 
> following is the last gcc command line which links and creates the final 
> openvpn executable (again, using the "standard" openvpn source and not 
> the mickey-mouse version Alon is "offering") - judge for yourself 
> whether this produces a monolithic, statically-linked openvpn executable:

We don't care.  Really.  Alon's build system is where the journey is
going to, and we are not going to do piecemeal fixes in the existing
build system.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpX3b93MncUw.pgp
Description: PGP signature

Re: [Openvpn-devel] openvpn windows gui

[Alon Bar-Lev]

On Mon, Feb 27, 2012 at 6:04 PM, Heiko Hund  wrote:
> Hi Alon
>
> On Monday 27 February 2012 14:01:25 Alon Bar-Lev wrote:
>> I am going to re-write your build system :)
>
> Take it easy! =)
>
>> It uses autoconf but not automake and looks some rewrite is needed.
>
> I did not see the the need for automake in the past. However, now that dist
> produces a .tar.gz and there's the res/ subdir and the Makefile is quite ugly,
> plus not all the dependency tracking is in place working, a little automake
> will be beneficial, so go ahead. Please make sure the snapshot target stays
> intact and that configure still supports the --with-cyrpto-* arguments for
> libcrypto (guess you'll go pkg-config here as well).

Great.
The crypto stuff will be converted to pkg-config style OPENSSL_CFLAGS
and OPENSSL_LIBS.
The automake move will make the build much easier to maintain.

>> We should probably write an installer.
>
> I'm not sure if it's the best idea to make each and every GUI project out
> there write it's own installer, when it's mostly a single executable that
> needs to be replaced to package it with upstream openvpn. The pragmatic way to
> do it would be to leave the GUI stuff in openvpn itself, but I guess you guys
> like the idea of bundling installers with other installers, right?

If this is a single .exe I will put this in installer for now as-is.

Will be ready in a few hours.

Alon.

Re: [Openvpn-devel] openvpn windows gui

[Heiko Hund]

Hi Alon

On Monday 27 February 2012 14:01:25 Alon Bar-Lev wrote:
> I am going to re-write your build system :)

Take it easy! =)

> It uses autoconf but not automake and looks some rewrite is needed.

I did not see the the need for automake in the past. However, now that dist 
produces a .tar.gz and there's the res/ subdir and the Makefile is quite ugly, 
plus not all the dependency tracking is in place working, a little automake 
will be beneficial, so go ahead. Please make sure the snapshot target stays 
intact and that configure still supports the --with-cyrpto-* arguments for 
libcrypto (guess you'll go pkg-config here as well).

> We should probably write an installer.

I'm not sure if it's the best idea to make each and every GUI project out 
there write it's own installer, when it's mostly a single executable that 
needs to be replaced to package it with upstream openvpn. The pragmatic way to 
do it would be to leave the GUI stuff in openvpn itself, but I guess you guys 
like the idea of bundling installers with other installers, right?

Heiko 
-- 
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
 
Represented by the General Partner Astaro Verwaltungs GmbH
Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen

Re: [Openvpn-devel] static build

[Mr Dash Four]

Mr Dash Four: could you try following the steps Alon gave in his earlier
mail to see if it works for you? The buildsystem fetches the
dependencies from standard URLs, see "openvpn-build/generic/build.vars".
  

Except that they are not "standard", at least not all of them.

The openvpn url in build.vars from Alon's project defaults to 
"https://github.com/downloads/alonbl/openvpn/openvpn-${OPENVPN_VERSION}.tar.gz;. 
As evident, the openvpn source refers to 
"openvpn-${OPENVPN_VERSION}.tar.gz" (${OPENVPN_VERSION} itself defaults 
to "2.3_alpha1").


Naturally, one would assume that this is the standard openvpn source 
version 2.3 alpha1, hence I did not use 
"https://github.com/downloads/alonbl; - a private github repository of 
Alon himself (nothing whatsoever to do with openvpn), but opted to 
download  and archive that same openvpn version from the main 
openvpn.net git repository, using the appropriate tag ("v2.3_alpha1"). 
It is worth noting that I did exactly the same with all other source 
dependencies, like lzo, openssh etc (something I have made very clear in 
one of my last posts) and downloaded their corresponding sources from 
"official" repositories directly.


That, I thought, rather naively as it turned out, should get me the 
desired version of openvpn as I assumed that the openvpn source code 
"offered" by Alon and the official one were exactly the same. How wrong 
was I!


The Alon's version of "openvpn 2.3_alpha1" is very different from 
"openvpn 2.3_alpha1" downloaded from the official openvpn git repository 
using the same tag! If you do not believe me - take a look for yourself.


I don't mind Alon (or anybody else for that matter) altering the openvpn 
source code and its structure, because at the end of the day it is an 
open source project, but to give it a name like "openvpn 2.3_alpha1" 
clearly implying that this is the official "openvpn 2.3_alpha1" source 
without explicitly stating that there were alterations/changes made to 
that source code is clearly very misleading and in this respect Alon is 
no better than the scum out there offering "loaded" source code of 
well-known software products to naive idiots like myself, stupid enough 
to download it.


As for the main topic of this thread - static build of openvpn, the 
following is the last gcc command line which links and creates the final 
openvpn executable (again, using the "standard" openvpn source and not 
the mickey-mouse version Alon is "offering") - judge for yourself 
whether this produces a monolithic, statically-linked openvpn executable:


arm-pc-linux-gnueabi-gcc  -g -O2   -o openvpn base64.o buffer.o crypto.o 
dhcp.o error.o event.o fdmisc.o forward.o fragment.o gremlin.o helper.o 
httpdigest.o lladdr.o init.o interval.o list.o lzo.o manage.o mbuf.o 
misc.o mroute.o mss.o mtcp.o mtu.o mudp.o multi.o ntlm.o occ.o pkcs11.o 
openvpn.o options.o otime.o packet_id.o perf.o pf.o ping.o plugin.o 
pool.o proto.o proxy.o ieproxy.o ps.o push.o reliable.o route.o 
schedule.o session_id.o shaper.o sig.o socket.o socks.o ssl.o status.o 
tun.o win32.o cryptoapi.o  memcmp.o -lssl -lcrypto -llzo2


As I already pointed out in my previous post, to produce a proper, 
statically-linked openvpn executable, the following options need to be 
added to the above command line:


"-static", "-static-libgcc" and "-ldl" at the very end, in order to 
avoid "unknown symbol" link errors like:


"undefined reference to `dlopen'", "undefined reference to `dlsym'", 
"undefined reference to `dladdr'" and "undefined reference to `dlerror'".


To conclude this, I am very happy that I was finally able to produce 
openvpn, which is statically-linked so that I could avoid all bionic 
dependencies or depending on any other android-based stuff. Now I can, 
hopefully, use this on my android device without further problems, 
fingers crossed!

Re: [Openvpn-devel] openvpn windows gui

[Alon Bar-Lev]

2012/2/27 Samuli Seppänen :
>
>> Hello,
>>
>> A stupid question
>> Which GUI is embedded in the installer?
>> What is GUI and what is XGUI?
>> All I found is[1].
>>
> In 2.2.x installers the GUI is the old one from here, just signed:
>
> 
>
> In 2.3-alpha1 we use the latest snapshot from here:
>
> 
>
> XGUI is obsolete, it can be ignored. I removed all of the XGUI-related
> stuff from the Python-based buildsystem, but it's still lurking in the
> old "domake-win" buildscripts/.nsi files.
>

Hello Heiko,

I am going to re-write your build system :)
It uses autoconf but not automake and looks some rewrite is needed.
We should probably write an installer.

Is that OK?

Alon.

[Openvpn-devel] 2012-08 Snapshot Signature

[Eric Crist]

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (FreeBSD)

iQEcBAABAgAGBQJPS4G8AAoJEHKWQhk5DQ0OgxoH/Rlv20qKcnYNjmSdyqgIKatE
Qn8sTfFskrBTkXXis1UjriVlwxtFFKB7YCrdWjjfTtPVRbjt59iqjT82wnFFhX3d
bMUnYzHAMx94kJi0jZ5tcRn0ATrkHLv0Euzgw7xBvY1tbJBUXgOtExxE5XFTbdeo
7yUY/868MdbYLuG03Tj4PXnT4uILFMDOSTSYyPSVcF6qKwnSBfnDHic9DvmWDTkU
ysK8R6mvpAvzfdyjlr26wQfPAeIWn6LcYs5Ab/CXoMsfI1U1VNWStPVkSrD678DV
ObmAmpJLZYo5cXR3tidnmAdBI6cy7l8vuGj/Ut8jow0jS9S91zXYg37JWENdfKk=
=Q2KF
-END PGP SIGNATURE-


-
Eric F Crist


signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [Openvpn-devel] [build] tap-windows

[Samuli Seppänen]

> 2012/2/27 Samuli Seppänen :
>>> Hello,
>>>
>>> A repository is available[1], stripped down with only tap sources.
>>>
>>> To build use you need ddk available:
 configure
 build
>> Checked out the sources using "Git Bash", then ran the commands from a
>> (non-admin) Visual Studio 2008 command prompt. Got these errors:
>>
>> 
> Please remove the @echo off for me to see the files.
> You can also look into it... It simply look for files to substitute vars in.
I'll look into this in detail later, I just briefly tested it.

>>> It builds winxp 32bit and win7 64bit I hope this is what the current
>>> installer is doing,
>>> as building the tap is kept secret.
>> Actually, the TAP-driver is built using the Python build scripts in the
>> "win" subdirectory. Those scripts build both 32-bit and 64-bit drivers.
> Yes.
> But something is not right there as far the signing goes.
That is correct. James has a Python wrapper module that handles signing
using signtool.exe, but for one reason or another, he can't release it.

>>> In the open source package we will provide vanilla devcon and not the 
>>> modified
>>> tapinstaller which we do not have the sources of. I it is so important
>>> to hack computer
>>> and bypass Windows confirmation dialog.
>> The Python-based buildsystem also builds tapinstall.exe/devcon.exe. It
>> looks for the sources from ../tapinstall by default (see "grep T1SRC
>> win/*"). The sources are standard devcon sources; the resulting binary
>> is simply renamed to "tapinstall.exe".
> There is no T1SRC in master.
Oops, a typo. TISRC, not T1SRC. It's defined in win/settings.in.

> There is no point in compiling devcon if it is provided in DDK.
> What james done in the past is to modify the sources to override the
> sign warning message.
> I provide devcon as-is and let user override it if needed.
Ah, ok, didn't know that. Sounds good.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] [build] tap-windows

[Alon Bar-Lev]

2012/2/27 Alon Bar-Lev :
>>> To build use you need ddk available:
 configure
 build
>> Checked out the sources using "Git Bash", then ran the commands from a
>> (non-admin) Visual Studio 2008 command prompt. Got these errors:
>>
>> 
>
> Please remove the @echo off for me to see the files.
> You can also look into it... It simply look for files to substitute vars in.

Oh... it looked for config-local.bat, this should be optional.
You can create empty file for now.

Alon.

Re: [Openvpn-devel] [build] tap-windows

[Alon Bar-Lev]

2012/2/27 Samuli Seppänen :
>
>> Hello,
>>
>> A repository is available[1], stripped down with only tap sources.
>>
>> To build use you need ddk available:
>>> configure
>>> build
> Checked out the sources using "Git Bash", then ran the commands from a
> (non-admin) Visual Studio 2008 command prompt. Got these errors:
>
> 

Please remove the @echo off for me to see the files.
You can also look into it... It simply look for files to substitute vars in.

>> It builds winxp 32bit and win7 64bit I hope this is what the current
>> installer is doing,
>> as building the tap is kept secret.
> Actually, the TAP-driver is built using the Python build scripts in the
> "win" subdirectory. Those scripts build both 32-bit and 64-bit drivers.

Yes.
But something is not right there as far the signing goes.

>
>> In the open source package we will provide vanilla devcon and not the 
>> modified
>> tapinstaller which we do not have the sources of. I it is so important
>> to hack computer
>> and bypass Windows confirmation dialog.
> The Python-based buildsystem also builds tapinstall.exe/devcon.exe. It
> looks for the sources from ../tapinstall by default (see "grep T1SRC
> win/*"). The sources are standard devcon sources; the resulting binary
> is simply renamed to "tapinstall.exe".

There is no T1SRC in master.

There is no point in compiling devcon if it is provided in DDK.
What james done in the past is to modify the sources to override the
sign warning message.
I provide devcon as-is and let user override it if needed.

Alon.

Re: [Openvpn-devel] [PATCH 07/35] build: tests do not work disable

[Alon Bar-Lev]

Checkout the latest HEAD.
The tests were modified and it is now working.

On Mon, Feb 27, 2012 at 11:01 AM, David Sommerseth
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 21/02/12 02:22, Alon Bar-Lev wrote:
>>
>> Signed-off-by: Alon Bar-Lev  --- Makefile.am |
>> 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/Makefile.am b/Makefile.am index 26b80f3..f96eb45 100644
>> --- a/Makefile.am +++ b/Makefile.am @@ -57,16 +57,17 @@ SUBDIRS = \
>> service-win32 \ install-win32
>>
>> -TESTS = t_client.sh t_lpback.sh t_cltsrv.sh +test_scripts =
>> t_client.sh t_lpback.sh t_cltsrv.sh +#TESTS = $(test_scripts)
>> sbin_PROGRAMS = openvpn
>>
>> dist_doc_DATA = \ management/management-notes.txt
>>
>> dist_noinst_SCRIPTS = \ -     $(TESTS) \ doclean \ domake-win \ +
>> $(test_scripts) \ t_cltsrv-down.sh \ configure_h.awk
>> configure_log.awk
>>
>
> Which of these tests are not working?  And how do they fail?
>
> I'm running 'make check' before pushing a new git tree, and it passes
> fine for me.  The only "exception" is t_client.sh (generated via
> t_client.sh.in) which depends on a configuration file (t_client.rc) -
> otherwise it is just skipped.  This test is however run in our buildbot
> farm, AFAIR.  Gert also runs this test in his development repos.  So it's
> rather odd to hear that these tests fail.
>
>
> kind regards,
>
> David Sommerseth
>
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9LRl4ACgkQDC186MBRfrrWcQCgklcEZ8ATjLQqsQ9mxOFLbMjM
> 2FAAoI2cJAVd7GVdv9hO7TvkSSVCAPmK
> =xG/s
> -END PGP SIGNATURE-

Re: [Openvpn-devel] static build

[Samuli Seppänen]

> This is my last reply on this thread.
> What I show you is that without any change I compile static code for
> arm using cross compiler.
> I guess I am far more knowledgeable than you to tell me what is right,
> and I disapprove your comments and language.
>
> So the answer to your initial question: yes, openvpn can be compiled 
> statically.
> Figure it out your-self.

Timeout guys, getting personal does not help.

Mr Dash Four: could you try following the steps Alon gave in his earlier
mail to see if it works for you? The buildsystem fetches the
dependencies from standard URLs, see "openvpn-build/generic/build.vars".

Best regards,

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock



> On Sun, Feb 26, 2012 at 5:42 PM, Mr Dash Four
>  wrote:
>>> arm-unknown-linux-gnueabi-objdump:
>>> image-arm-static/openvpn/sbin/openvpn: Invalid operation
>>>
>> Huh?
>>
>> Have you altered the sources/makefiles of openvpn or any of the dependent
>> libraries (lzo, openssh etc) by any chance? I noticed you are applying a
>> single patch to the lzo source, which I had to re-adjust as I was using a
>> newer version, but I am not aware of any alterations that you have made to
>> these - if you have done so, please state what these alterations are?
>>
>> I don't know whether you've altered the original build script or not, but
>> the end result, before applying my changes, clearly produces openvpn
>> executable, which has external dependencies on all statically-produced .la
>> files/libraries (lzo, openssh etc) - they are all packed in the .tar archive
>> produced at the end of this script (located in the /lib directory to be more
>> precise).
>>
>> I don't know what you are trying to prove by posting the above though - the
>> final gcc linker call, which produces the openvpn executable before packing
>> the image does *not* have any static-linking related options whatsoever! I
>> could post the exact gcc command line, but I do not have access to that
>> machine at present.
>>
>> These options are, as I already pointed out previously, "-static",
>> "-static-gcc" as well as "-ldl" - the latter being a new dependencies,
>> necessary to offset the fact that all dl* calls (dlopen etc) won't be
>> satisfied if static linking is invoked, so this external library needs to be
>> included so that static linking succeeds, otherwise you will get "unknown
>> symbol" errors.
>>
>> Again, all that is provided you haven't altered any of the core source
>> and/or makefile scripts in any way (I haven't used your own - alonbv - repos
>> to download these, but downloaded these packages from their original source
>> where these projects are created - openvpn.net, openssh.org etc). If you
>> have made such alterations, I'd like to know what changes have you made?
>>
> --
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing 
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 preview 1 installer now available

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 24/02/12 20:13, David Sommerseth wrote:
> On 22/02/12 20:49, debrabander wrote:
>> This is not the a problem when building using the latest Mac OS X 
>> SDK. I've did a quick search and it seems to be a more common issue
>> on some (old) Darwin platforms. Please try building again after
>> applying the patch below.
> 
> 
>> Signed-off-by: Frank de Brabander  ---
>> socket.c |5 + 1 files changed, 5 insertions(+), 0
>> deletions(-)
> 
>> diff --git a/socket.c b/socket.c index 1a772af..6337900 100644 --- 
>> a/socket.c +++ b/socket.c @@ -893,8 +893,13 @@ create_socket_udp6 
>> (const unsigned int flags) else if (flags & SF_USE_IP_PKTINFO) {
>> int pad = 1; +#ifndef IPV6_RECVPKTINFO /* Some older Darwin
>> platforms require this */ +  if (setsockopt (sd, IPPROTO_IPV6, 
>> IPV6_PKTINFO, +(void*), sizeof(pad)) < 0) +#else if 
>> (setsockopt (sd, IPPROTO_IPV6, IPV6_RECVPKTINFO, (void*), 
>> sizeof(pad)) < 0) +#endif msg(M_SOCKERR, "UDP: failed setsockopt
>> for IPV6_RECVPKTINFO"); } #endif
> 
> Right now, I'm a bit sceptic to this patch, as the JJO fixed a bug 
> related to the --multihome feature by moving over to IPV6_RECVPKTINFO
> 
> commit 5d6dbb03776de4d38f45e429ef674313a2bda8cc Author: JuanJo
> Ciarlante  Date:   Sun Feb 6 09:52:46 2011 +0100
> 
> * fix --multihome for ipv6: IPV6_RECVPKTINFO - setsockopt
> IPV6_RECVPKTINFO (not IPV6_PKTINFO!)   [1] - do check for
> setsockopt() failures
> 
> 
> [1] This is why I'm nervous for this patch.
> 
> If we can confirm that --multihome works as expected on platforms
> without IPV6_RECVPKTINFO, then I'm fine with this patch.  Otherwise,
> we need to figure out how to make --multihome work too.
> 
> JJO, please have a look at this.

(somehow JJO fell off the Cc list; re-adding)

Gert and I discussed this a little bit further.  We are concerned about
breaking --multihome.  But we're also not sure how important that feature
is on OSX.  The use case is server setups with UDP and who use either
- --proto udp6 to accept incoming IPv4 and IPv6 traffic - or accepting
traffic from multiple IPv4 (or IPv6) addresses.

So if someone could test this patch on OSX which is lacking
IPV6_RECVPKTINFO, setting up a test server with --multihome and --proto
udp6 and test incomming IPv4 and IPv6 traffic, especially simultaneously
(2-3 IPv4 and 1-2 IPv6 clients at the same time).  If this works, please
report back to the mailing list.

The second test would be to see how this setup would work _without_
- --multihome.  And then document the test results here too.


If all this works fine, then we don't need to worry - and I'll pull this
patch in instantly.  But if it does not and we don't get a good fix at
some point, we need to consider if we will allow --multihome to break on
OSX.  A related question to this is, how many do use the server features
in OpenVPN on OSX?   Not being able to build on OSX is also not a real
option.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LVTUACgkQDC186MBRfrqKcQCdF/9/A1XIDgeTh8H+5Wv4xoZI
aQMAn11Y0miv3LjH271SF0GKxPW9OVfQ
=09kn
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 00/35] build revolution

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 27/02/12 09:57, Samuli Seppänen wrote:
> 
>> On Fri, Feb 24, 2012 at 9:33 AM, Adriaan de Jong 
>> wrote:
 I did not add the UI stuff, I think there should be a discussion
 why these are embedded.
 
>>> One of the few pieces criticism we got about the OpenVPN-NL
>>> release was the fact that we didn't bundle the GUI. End-users
>>> expect an all-in-one installer for a simple user experience. As an
>>> end user of OpenVPN, I agree. On Windows, I don't want to use the
>>> command line, as it is very painful.
>> There are two options which are better.
>> 
>> 1. Embed openvpn installer within the UI of your choice.
>> 
>> 2. Embed more defined UI installer into openvpn installer.
>> 
>> In both cases every project handles the installation of its own
>> components.
>> 
> Makes sense, especially when as we're splitting the TAP-driver, 
> easy-rsa, etc. into separate subprojects. I would prefer 2) where
> each subproject would have it's own installer, which the OpenVPN
> "bundle" installer could call as necessary. As a bonus, each
> subproject could be installed separately without touching OpenVPN
> itself. The only downside would be some duplicate code in the
> installer scripts.

If each sub-project just bundles .msi installers, that would just be
smooth!  Where a "global" installer bundles it into a single package for
OpenVPN.  Which means other projects which needs a TAP driver on Windows
can just pull down our MSI installer and bundle that one.

Upgrades could also be handled much smoother than now.  The "global"
installer detects if the sub-components are up-to-date or not, and
updates just the needed packages.


kind regards,

David Sommerseth



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LVCoACgkQDC186MBRfroAJACfZ0GB+2wiHKk9FJlgVxbbsyo0
fTsAn3YwKBltC35+UBeb0i8kbPSKIq8z
=I3lE
-END PGP SIGNATURE-

Re: [Openvpn-devel] [build] tap-windows

[Samuli Seppänen]

> Hello,
>
> A repository is available[1], stripped down with only tap sources.
>
> To build use you need ddk available:
>> configure
>> build
Checked out the sources using "Git Bash", then ran the commands from a
(non-admin) Visual Studio 2008 command prompt. Got these errors:



The OS is Windows server 2008r2. Any ideas? I noticed there was some
ActiveX stuff in the scripts... could this be related to security settings?

> It builds winxp 32bit and win7 64bit I hope this is what the current
> installer is doing,
> as building the tap is kept secret.
Actually, the TAP-driver is built using the Python build scripts in the
"win" subdirectory. Those scripts build both 32-bit and 64-bit drivers.

> In the open source package we will provide vanilla devcon and not the modified
> tapinstaller which we do not have the sources of. I it is so important
> to hack computer
> and bypass Windows confirmation dialog.
The Python-based buildsystem also builds tapinstall.exe/devcon.exe. It
looks for the sources from ../tapinstall by default (see "grep T1SRC
win/*"). The sources are standard devcon sources; the resulting binary
is simply renamed to "tapinstall.exe".

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] [PATCH 12/35] Remove easy-rsa

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev  --- Makefile.am
> |1 - easy-rsa/1.0/README|  161
>  easy-rsa/1.0/build-ca  |   13 - 
> easy-rsa/1.0/build-dh  |   12 - 
> easy-rsa/1.0/build-inter   |   19 -- 
> easy-rsa/1.0/build-key |   20 -- 
> easy-rsa/1.0/build-key-pass|   20 -- 
> easy-rsa/1.0/build-key-pkcs12  |   21 -- 
> easy-rsa/1.0/build-key-server  |   22 -- 
> easy-rsa/1.0/build-req |   18 -- 
> easy-rsa/1.0/build-req-pass|   18 -- 
> easy-rsa/1.0/clean-all |   19 -- 
> easy-rsa/1.0/list-crl  |   18 -- 
> easy-rsa/1.0/make-crl  |   18 -- 
> easy-rsa/1.0/openssl.cnf   |  255 --- 
> easy-rsa/1.0/revoke-crt|   18 -- 
> easy-rsa/1.0/revoke-full   |   29 --- 
> easy-rsa/1.0/sign-req  |   18 -- easy-rsa/1.0/vars
> |   49  easy-rsa/2.0/Makefile  |   13 - 
> easy-rsa/2.0/README|  229 - 
> easy-rsa/2.0/build-ca  |8 - 
> easy-rsa/2.0/build-dh  |   11 - 
> easy-rsa/2.0/build-inter   |7 - 
> easy-rsa/2.0/build-key |7 - 
> easy-rsa/2.0/build-key-pass|7 - 
> easy-rsa/2.0/build-key-pkcs12  |8 - 
> easy-rsa/2.0/build-key-server  |   10 - 
> easy-rsa/2.0/build-req |7 - 
> easy-rsa/2.0/build-req-pass|7 - 
> easy-rsa/2.0/clean-all |   16 -- 
> easy-rsa/2.0/inherit-inter |   39 --- 
> easy-rsa/2.0/list-crl  |   13 - 
> easy-rsa/2.0/openssl-0.9.6.cnf |  265 --- 
> easy-rsa/2.0/openssl-0.9.8.cnf |  290
> - easy-rsa/2.0/openssl-1.0.0.cnf |
> 285 - easy-rsa/2.0/pkitool   |
> 379  easy-rsa/2.0/revoke-full
> |   40 --- easy-rsa/2.0/sign-req  |7 - 
> easy-rsa/2.0/vars  |   74 -- 
> easy-rsa/2.0/whichopensslcnf   |   26 -- 
> easy-rsa/Windows/README.txt|   44  
> easy-rsa/Windows/build-ca-pass.bat |8 - 
> easy-rsa/Windows/build-ca.bat  |4 - 
> easy-rsa/Windows/build-dh.bat  |4 - 
> easy-rsa/Windows/build-key-pass.bat|8 - 
> easy-rsa/Windows/build-key-pkcs12.bat  |   10 - 
> easy-rsa/Windows/build-key-server-pass.bat |8 - 
> easy-rsa/Windows/build-key-server.bat  |8 - 
> easy-rsa/Windows/build-key.bat |8 - 
> easy-rsa/Windows/clean-all.bat |   13 - 
> easy-rsa/Windows/init-config.bat   |1 - 
> easy-rsa/Windows/revoke-full.bat   |   13 - 
> easy-rsa/Windows/serial.start  |1 - 
> easy-rsa/Windows/vars.bat.sample   |   40 --- 55 files
> changed, 0 insertions(+), 2667 deletions(-) delete mode 100644
> easy-rsa/1.0/README delete mode 100755 easy-rsa/1.0/build-ca delete
> mode 100755 easy-rsa/1.0/build-dh delete mode 100755
> easy-rsa/1.0/build-inter delete mode 100755 easy-rsa/1.0/build-key 
> delete mode 100755 easy-rsa/1.0/build-key-pass delete mode 100755
> easy-rsa/1.0/build-key-pkcs12 delete mode 100755
> easy-rsa/1.0/build-key-server delete mode 100755
> easy-rsa/1.0/build-req delete mode 100755 easy-rsa/1.0/build-req-pass 
> delete mode 100755 easy-rsa/1.0/clean-all delete mode 100644
> easy-rsa/1.0/list-crl delete mode 100644 easy-rsa/1.0/make-crl delete
> mode 100644 easy-rsa/1.0/openssl.cnf delete mode 100644
> easy-rsa/1.0/revoke-crt delete mode 100755 easy-rsa/1.0/revoke-full 
> delete mode 100755 easy-rsa/1.0/sign-req delete mode 100644
> easy-rsa/1.0/vars delete mode 100644 easy-rsa/2.0/Makefile delete mode
> 100644 easy-rsa/2.0/README delete mode 100755 easy-rsa/2.0/build-ca 
> delete mode 100755 easy-rsa/2.0/build-dh delete mode 100755
> easy-rsa/2.0/build-inter delete mode 100755 easy-rsa/2.0/build-key 
> delete mode 100755 easy-rsa/2.0/build-key-pass delete mode 100755
> easy-rsa/2.0/build-key-pkcs12 delete mode 100755
> easy-rsa/2.0/build-key-server delete mode 100755
> easy-rsa/2.0/build-req delete mode 100755 easy-rsa/2.0/build-req-pass 
> delete mode 100755 easy-rsa/2.0/clean-all delete mode 100755
> easy-rsa/2.0/inherit-inter delete mode 100755 easy-rsa/2.0/list-crl 
> delete mode 100755 easy-rsa/2.0/openssl-0.9.6.cnf delete mode 100755
> easy-rsa/2.0/openssl-0.9.8.cnf delete mode 100755
> easy-rsa/2.0/openssl-1.0.0.cnf delete mode 100755
> easy-rsa/2.0/pkitool delete mode 100755 easy-rsa/2.0/revoke-full 
> delete mode 

Re: [Openvpn-devel] [PATCH 11/35] Remove install-win32

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev  --- Makefile.am
> |5 +- configure.ac   |3 - 
> images/.svnignore  |2 - images/Makefile.am
> |   41 -- images/icon.ico|  Bin 22486 -> 0
> bytes images/install-whirl.bmp   |  Bin 25820 -> 0 bytes 
> install-win32/.svnignore   |4 - 
> install-win32/GetWindowsVersion.nsi|  109  
> install-win32/Makefile.am  |   97  
> install-win32/build-pkcs11-helper.sh   |   24 - 
> install-win32/buildinstaller   |   14 - 
> install-win32/ddk-common   |2 - install-win32/doclean
> |6 - install-win32/dosname.pl   |9 - 
> install-win32/getgui   |   19 - 
> install-win32/getopenssl   |   19 - 
> install-win32/getpkcs11helper  |   17 - 
> install-win32/getprebuilt  |   10 - install-win32/getxgui
> |   28 - install-win32/ifdef.pl |   53 -- 
> install-win32/m4todef.pl   |   15 - install-win32/macro.pl
> |   61 --- install-win32/makeopenvpn  |   67 --- 
> install-win32/maketap  |   17 - 
> install-win32/maketapinstall   |   15 - install-win32/maketext
> |   59 --- install-win32/openssl/README.txt   |   21 - 
> install-win32/openssl/openssl097.patch |   68 --- 
> install-win32/openssl/openssl098.patch |   56 -- 
> install-win32/openvpn.nsi  |  886
>  install-win32/sample.ovpn
> |  103  install-win32/setpath.nsi  |  231 - 
> install-win32/settings.in  |   71 --- 
> install-win32/trans.pl |   97  install-win32/u2d.c
> |   20 - install-win32/winconfig|   18 - 36 files
> changed, 1 insertions(+), 2266 deletions(-) delete mode 100644
> images/.svnignore delete mode 100644 images/Makefile.am delete mode
> 100755 images/icon.ico delete mode 100755 images/install-whirl.bmp 
> delete mode 100644 install-win32/.svnignore delete mode 100644
> install-win32/GetWindowsVersion.nsi delete mode 100644
> install-win32/Makefile.am delete mode 100644
> install-win32/build-pkcs11-helper.sh delete mode 100644
> install-win32/buildinstaller delete mode 100644
> install-win32/ddk-common delete mode 100644 install-win32/doclean 
> delete mode 100644 install-win32/dosname.pl delete mode 100644
> install-win32/getgui delete mode 100644 install-win32/getopenssl 
> delete mode 100644 install-win32/getpkcs11helper delete mode 100644
> install-win32/getprebuilt delete mode 100644 install-win32/getxgui 
> delete mode 100644 install-win32/ifdef.pl delete mode 100644
> install-win32/m4todef.pl delete mode 100644 install-win32/macro.pl 
> delete mode 100755 install-win32/makeopenvpn delete mode 100644
> install-win32/maketap delete mode 100644 install-win32/maketapinstall 
> delete mode 100644 install-win32/maketext delete mode 100644
> install-win32/openssl/README.txt delete mode 100644
> install-win32/openssl/openssl097.patch delete mode 100644
> install-win32/openssl/openssl098.patch delete mode 100755
> install-win32/openvpn.nsi delete mode 100755
> install-win32/sample.ovpn delete mode 100755
> install-win32/setpath.nsi delete mode 100644
> install-win32/settings.in delete mode 100644 install-win32/trans.pl 
> delete mode 100755 install-win32/u2d.c delete mode 100644
> install-win32/winconfig
> 

ACK.


kind regards,

David Sommerseth


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LScAACgkQDC186MBRfro64ACgr7fZ80f+F23iB2JNciD4JMIp
nkAAn2h4cQv4VEMrahmUqSe/O9D3vRgu
=dqKf
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 10/35] build: plugins: properly use CFLAGS and LDFLAGS

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev  --- 
> plugins/auth-pam/Makefile  |9 + plugins/defer/build
> |6 +++--- plugins/down-root/Makefile |6 +++--- 
> plugins/examples/build |6 +++--- 4 files changed, 14
> insertions(+), 13 deletions(-)
> 
> diff --git a/plugins/auth-pam/Makefile b/plugins/auth-pam/Makefile 
> index e69fe3f..17d6c80 100755 --- a/plugins/auth-pam/Makefile +++
> b/plugins/auth-pam/Makefile @@ -15,16 +15,17 @@ endif # This directory
> is where we will look for openvpn-plugin.h INCLUDE=-I../..
> 
> -CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM) +CFLAGS=-O2 -Wall +DEFS
> = -DDLOPEN_PAM=$(DLOPEN_PAM)
> 
> openvpn-auth-pam.so : auth-pam.o pamdl.o -gcc ${CC_FLAGS} -fPIC
> -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so
> auth-pam.o pamdl.o -lc $(LIBPAM) +gcc $(CFLAGS) -fPIC -shared
> $(LDFLAGS) -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so
> auth-pam.o pamdl.o -lc $(LIBPAM)
> 
> auth-pam.o : auth-pam.c pamdl.h - gcc ${CC_FLAGS} -fPIC -c ${INCLUDE}
> auth-pam.c +  gcc $(CFLAGS) $(DEFS) -fPIC -c $(INCLUDE) auth-pam.c
> 
> pamdl.o : pamdl.c pamdl.h -   gcc ${CC_FLAGS} -fPIC -c ${INCLUDE}
> pamdl.c + gcc $(CFLAGS) $(DEFS) -fPIC -c $(INCLUDE) pamdl.c
> 
> clean : rm -f *.o *.so diff --git a/plugins/defer/build
> b/plugins/defer/build index 5907afa..cb650f3 100755 ---
> a/plugins/defer/build +++ b/plugins/defer/build @@ -8,7 +8,7 @@ # This
> directory is where we will look for openvpn-plugin.h 
> INCLUDE="-I../.."
> 
> -CC_FLAGS="-O2 -Wall -g" +CFLAGS="${CFLAGS:--O2 -Wall -g}"
> 
> -gcc $CC_FLAGS -fPIC -c $INCLUDE $1.c && \ -gcc $CC_FLAGS -fPIC
> -shared -Wl,-soname,$1.so -o $1.so $1.o -lc +gcc $CFLAGS -fPIC -c
> $INCLUDE $1.c && \ +gcc $CFLAGS -fPIC -shared $LDFLAGS
> -Wl,-soname,$1.so -o $1.so $1.o -lc diff --git
> a/plugins/down-root/Makefile b/plugins/down-root/Makefile index
> 5ce4ffb..f8a183c 100755 --- a/plugins/down-root/Makefile +++
> b/plugins/down-root/Makefile @@ -5,13 +5,13 @@ # This directory is
> where we will look for openvpn-plugin.h INCLUDE=-I../..
> 
> -CC_FLAGS=-O2 -Wall +CFLAGS=-O2 -Wall
> 
> down-root.so : down-root.o -  gcc ${CC_FLAGS} -fPIC -shared
> -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o
> -lc + gcc $(CFLAGS) -fPIC -shared $(LDFLAGS)
> -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o
> -lc
> 
> down-root.o : down-root.c -   gcc ${CC_FLAGS} -fPIC -c ${INCLUDE}
> down-root.c + gcc $(CFLAGS) -fPIC -c $(INCLUDE) down-root.c
> 
> clean : rm -f *.o *.so diff --git a/plugins/examples/build
> b/plugins/examples/build index 5907afa..93e1936 100755 ---
> a/plugins/examples/build +++ b/plugins/examples/build @@ -8,7 +8,7 @@ 
> # This directory is where we will look for openvpn-plugin.h 
> INCLUDE="-I../.."
> 
> -CC_FLAGS="-O2 -Wall -g" +CFLAGS="${CFLAGS:--O2 -Wall -g}"
> 
> -gcc $CC_FLAGS -fPIC -c $INCLUDE $1.c && \ -gcc $CC_FLAGS -fPIC
> -shared -Wl,-soname,$1.so -o $1.so $1.o -lc +gcc $CFLAGS -fPIC -c
> $INCLUDE $1.c && \ +gcc $CFLAGS -fPIC -shared ${LDFLAS}
> -Wl,-soname,$1.so -o $1.so $1.o -lc


ACK.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LSZMACgkQDC186MBRfrrtNgCgkEkksNlbExJPBynVkEXn5QNA
9RQAoIX4+5mbNoeKXlVKjE1qBlRrNLrv
=yG8v
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 09/35] build: rename plugin directory to plugins

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> This to avoid conflit with plugin.c rules
> 
> Signed-off-by: Alon Bar-Lev  --- Makefile.am
> |3 +- plugin/README |   47 --- 
> plugin/auth-pam/.svnignore|1 - plugin/auth-pam/Makefile  |
> 30 -- plugin/auth-pam/README|   74  
> plugin/auth-pam/auth-pam.c|  804
> - plugin/auth-pam/pamdl.c
> |  180 - plugin/auth-pam/pamdl.h   |7 - 
> plugin/defer/README   |   16 - plugin/defer/build|
> 14 - plugin/defer/simple.c |  305  
> plugin/defer/simple.def   |6 - plugin/defer/winbuild |
> 18 - plugin/down-root/Makefile |   17 - plugin/down-root/README
> |   29 -- plugin/down-root/down-root.c  |  553
>  plugin/examples/README|   16 - 
> plugin/examples/build |   14 - plugin/examples/log.c |
> 184 -- plugin/examples/log_v3.c  |  249 - 
> plugin/examples/simple.c  |  120 -- plugin/examples/simple.def
> |6 - plugin/examples/winbuild  |   18 - plugins/README
> |   47 +++ plugins/auth-pam/.svnignore   |1 + 
> plugins/auth-pam/Makefile |   30 ++ plugins/auth-pam/README
> |   74  plugins/auth-pam/auth-pam.c   |  804
> + plugins/auth-pam/pamdl.c
> |  180 + plugins/auth-pam/pamdl.h  |7 + 
> plugins/defer/README  |   16 + plugins/defer/build   |
> 14 + plugins/defer/simple.c|  305  
> plugins/defer/simple.def  |6 + plugins/defer/winbuild|
> 18 + plugins/down-root/Makefile|   17 + plugins/down-root/README
> |   29 ++ plugins/down-root/down-root.c |  553
>  plugins/examples/README   |   16 + 
> plugins/examples/build|   14 + plugins/examples/log.c|
> 184 ++ plugins/examples/log_v3.c |  249 + 
> plugins/examples/simple.c |  120 ++ 
> plugins/examples/simple.def   |6 + plugins/examples/winbuild |
> 18 + 45 files changed, 2709 insertions(+), 2710 deletions(-) delete
> mode 100644 plugin/README delete mode 100644
> plugin/auth-pam/.svnignore delete mode 100755
> plugin/auth-pam/Makefile delete mode 100644 plugin/auth-pam/README 
> delete mode 100644 plugin/auth-pam/auth-pam.c delete mode 100644
> plugin/auth-pam/pamdl.c delete mode 100644 plugin/auth-pam/pamdl.h 
> delete mode 100644 plugin/defer/README delete mode 100755
> plugin/defer/build delete mode 100644 plugin/defer/simple.c delete
> mode 100755 plugin/defer/simple.def delete mode 100755
> plugin/defer/winbuild delete mode 100755 plugin/down-root/Makefile 
> delete mode 100644 plugin/down-root/README delete mode 100644
> plugin/down-root/down-root.c delete mode 100644
> plugin/examples/README delete mode 100755 plugin/examples/build delete
> mode 100644 plugin/examples/log.c delete mode 100644
> plugin/examples/log_v3.c delete mode 100644 plugin/examples/simple.c 
> delete mode 100755 plugin/examples/simple.def delete mode 100755
> plugin/examples/winbuild create mode 100644 plugins/README create mode
> 100644 plugins/auth-pam/.svnignore create mode 100755
> plugins/auth-pam/Makefile create mode 100644 plugins/auth-pam/README 
> create mode 100644 plugins/auth-pam/auth-pam.c create mode 100644
> plugins/auth-pam/pamdl.c create mode 100644 plugins/auth-pam/pamdl.h 
> create mode 100644 plugins/defer/README create mode 100755
> plugins/defer/build create mode 100644 plugins/defer/simple.c create
> mode 100755 plugins/defer/simple.def create mode 100755
> plugins/defer/winbuild create mode 100755 plugins/down-root/Makefile 
> create mode 100644 plugins/down-root/README create mode 100644
> plugins/down-root/down-root.c create mode 100644
> plugins/examples/README create mode 100755 plugins/examples/build 
> create mode 100644 plugins/examples/log.c create mode 100644
> plugins/examples/log_v3.c create mode 100644
> plugins/examples/simple.c create mode 100755
> plugins/examples/simple.def create mode 100755
> plugins/examples/winbuild


ACK.  I've not checked that files are not modified, but will check that
more carefully when it is pulled into the tree.


kind regards,

David Sommerseth


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LSWIACgkQDC186MBRfrofjACcDmONwrtbSxSR1kAqGA2QHVjn
6IQAni6jfx/gPtGsv1ousJKaj84XAICP
=NvNR
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 08/35] build: handle printf style format in mingw

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev 
> ---
>  buffer.h |   12 ++--
>  error.h  |6 +-
>  misc.h   |   12 ++--
>  status.h |6 +-
>  4 files changed, 30 insertions(+), 6 deletions(-)
> 
> diff --git a/buffer.h b/buffer.h
> index 6c79007..9bc33db 100644
> --- a/buffer.h
> +++ b/buffer.h
> @@ -312,7 +312,11 @@ has_digit (const unsigned char* src)
>   */
>  bool buf_printf (struct buffer *buf, const char *format, ...)
>  #ifdef __GNUC__
> -__attribute__ ((format (printf, 2, 3)))
> +#if __USE_MINGW_ANSI_STDIO
> + __attribute__ ((format (gnu_printf, 2, 3)))
> +#else
> + __attribute__ ((format (__printf__, 2, 3)))
> +#endif
>  #endif
>  ;
>  
> @@ -326,7 +330,11 @@ bool buf_puts (struct buffer *buf, const char *str);
>   */
>  bool openvpn_snprintf(char *str, size_t size, const char *format, ...)
>  #ifdef __GNUC__
> -__attribute__ ((format (printf, 3, 4)))
> +#if __USE_MINGW_ANSI_STDIO
> + __attribute__ ((format (gnu_printf, 3, 4)))
> +#else
> + __attribute__ ((format (__printf__, 3, 4)))
> +#endif
>  #endif
>  ;
>  
> diff --git a/error.h b/error.h
> index aafd055..d2c04b0 100644
> --- a/error.h
> +++ b/error.h
> @@ -178,7 +178,11 @@ bool dont_mute (unsigned int flags); /* check muting 
> filter */
>  
>  void x_msg (const unsigned int flags, const char *format, ...)
>  #ifdef __GNUC__
> -__attribute__ ((format (printf, 2, 3)))
> +#if __USE_MINGW_ANSI_STDIO
> + __attribute__ ((format (gnu_printf, 2, 3)))
> +#else
> + __attribute__ ((format (__printf__, 2, 3)))
> +#endif
>  #endif
>  ; /* should be called via msg above */
>  
> diff --git a/misc.h b/misc.h
> index bdada42..5df8cec 100644
> --- a/misc.h
> +++ b/misc.h
> @@ -435,13 +435,21 @@ void argv_printf_arglist (struct argv *a, const char 
> *format, const unsigned int
>  
>  void argv_printf (struct argv *a, const char *format, ...)
>  #ifdef __GNUC__
> -  __attribute__ ((format (printf, 2, 3)))
> +#if __USE_MINGW_ANSI_STDIO
> + __attribute__ ((format (gnu_printf, 2, 3)))
> +#else
> + __attribute__ ((format (__printf__, 2, 3)))
> +#endif
>  #endif
>;
>  
>  void argv_printf_cat (struct argv *a, const char *format, ...)
>  #ifdef __GNUC__
> -  __attribute__ ((format (printf, 2, 3)))
> +#if __USE_MINGW_ANSI_STDIO
> + __attribute__ ((format (gnu_printf, 2, 3)))
> +#else
> + __attribute__ ((format (__printf__, 2, 3)))
> +#endif
>  #endif
>;
>  
> diff --git a/status.h b/status.h
> index 0bdad4e..af16fd2 100644
> --- a/status.h
> +++ b/status.h
> @@ -77,7 +77,11 @@ void status_flush (struct status_output *so);
>  bool status_close (struct status_output *so);
>  void status_printf (struct status_output *so, const char *format, ...)
>  #ifdef __GNUC__
> -__attribute__ ((format (printf, 2, 3)))
> +#if __USE_MINGW_ANSI_STDIO
> + __attribute__ ((format (gnu_printf, 2, 3)))
> +#else
> + __attribute__ ((format (__printf__, 2, 3)))
> +#endif
>  #endif
>  ;
>  

ACK!


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LSM0ACgkQDC186MBRfrqI/QCePqdjVuyvhqEBEXcJb8IHaoBr
dL4AoJnbRxUayMqsg17JgTb5CcQ1FsIV
=S8gc
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 07/35] build: tests do not work disable

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev  --- Makefile.am |
> 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/Makefile.am b/Makefile.am index 26b80f3..f96eb45 100644 
> --- a/Makefile.am +++ b/Makefile.am @@ -57,16 +57,17 @@ SUBDIRS = \ 
> service-win32 \ install-win32
> 
> -TESTS = t_client.sh t_lpback.sh t_cltsrv.sh +test_scripts =
> t_client.sh t_lpback.sh t_cltsrv.sh +#TESTS = $(test_scripts) 
> sbin_PROGRAMS = openvpn
> 
> dist_doc_DATA = \ management/management-notes.txt
> 
> dist_noinst_SCRIPTS = \ - $(TESTS) \ doclean \ domake-win \ +
> $(test_scripts) \ t_cltsrv-down.sh \ configure_h.awk
> configure_log.awk
> 

Which of these tests are not working?  And how do they fail?

I'm running 'make check' before pushing a new git tree, and it passes
fine for me.  The only "exception" is t_client.sh (generated via
t_client.sh.in) which depends on a configuration file (t_client.rc) -
otherwise it is just skipped.  This test is however run in our buildbot
farm, AFAIR.  Gert also runs this test in his development repos.  So it's
rather odd to hear that these tests fail.


kind regards,

David Sommerseth



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LRl4ACgkQDC186MBRfrrWcQCgklcEZ8ATjLQqsQ9mxOFLbMjM
2FAAoI2cJAVd7GVdv9hO7TvkSSVCAPmK
=xG/s
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 00/35] build revolution

[Samuli Seppänen]

> On Fri, Feb 24, 2012 at 9:33 AM, Adriaan de Jong  wrote:
>>> I did not add the UI stuff, I think there should be a discussion why
>>> these are embedded.
>>>
>> One of the few pieces criticism we got about the OpenVPN-NL release was the 
>> fact that we didn't bundle the GUI. End-users expect an all-in-one installer 
>> for a simple user experience. As an end user of OpenVPN, I agree. On 
>> Windows, I don't want to use the command line, as it is very painful.
> There are two options which are better.
>
> 1. Embed openvpn installer within the UI of your choice.
>
> 2. Embed more defined UI installer into openvpn installer.
>
> In both cases every project handles the installation of its own components.
>
Makes sense, especially when as we're splitting the TAP-driver,
easy-rsa, etc. into separate subprojects. I would prefer 2) where each
subproject would have it's own installer, which the OpenVPN "bundle"
installer could call as necessary. As a bonus, each subproject could be
installed separately without touching OpenVPN itself. The only downside
would be some duplicate code in the installer scripts.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] [PATCH 06/35] Update .gitignore

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev  --- .gitignore |
> 1 + 1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/.gitignore b/.gitignore index 3d12f5d..8cc07de 100644 ---
> a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ *.obj *.pyc *.so +*~ 
> .deps Makefile Makefile.in


ACK.


Kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LRUYACgkQDC186MBRfroV+wCglSwC6DGYbaMFnX8UM1z5rUj5
7dsAn3z7mYskOnLVfsALjIs6DE3U2RMA
=Z3OF
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 05/35] build: correct place to alter WINVER is at build system

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev  --- configure.ac
> |2 +- syshead.h   |4  win/msvc.mak.in |2 +- 3
> files changed, 2 insertions(+), 6 deletions(-)
> 
> diff --git a/configure.ac b/configure.ac index 1c4d66c..aa1d509
> 100644 --- a/configure.ac +++ b/configure.ac @@ -342,7 +342,7 @@ case
> "$host" in ;; *-mingw*) AC_DEFINE(TARGET_WIN32, 1, [Are we running
> WIN32?]) -CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN" +
> CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN -DWINVER=0x0501" 
> OPENVPN_ADD_LIBS(-lgdi32) OPENVPN_ADD_LIBS(-lws2_32) 
> OPENVPN_ADD_LIBS(-lwininet) diff --git a/syshead.h b/syshead.h index
> 0235abd..e8e70d2 100644 --- a/syshead.h +++ b/syshead.h @@ -28,10
> +28,6 @@ /* * Only include if not during configure */ -#ifdef WIN32 
> -/* PF_INET6: win32 ipv6 exists only after 0x0501 (XP) */ -#define
> WINVER 0x0501 -#endif #ifndef PACKAGE_NAME #include "config.h" 
> #include "compat.h" diff --git a/win/msvc.mak.in b/win/msvc.mak.in 
> index 191f370..43c3335 100644 --- a/win/msvc.mak.in +++
> b/win/msvc.mak.in @@ -38,7 +38,7 @@ LIB_DIRS = -LIBPATH:$(OPENSSL)\lib
> -LIBPATH:$(POLARSSL)\build\library -LIBPATH:$ EXE = openvpn.exe
> 
> CPP=cl.exe -CPP_ARG_COMMON=/nologo /W3 -DWIN32 -DWIN32_LEAN_AND_MEAN
> -D_CONSOLE -D_MBCS -D_CRT_SECURE_NO_DEPRECATE
> -D_CRT_NONSTDC_NO_WARNINGS -D_CRT_SECURE_NO_WARNINGS $(INCLUDE_DIRS)
> /FD /c +CPP_ARG_COMMON=/nologo /W3 -DWIN32 -DWIN32_LEAN_AND_MEAN
> -DWINVER=0x0501 -D_CONSOLE -D_MBCS -D_CRT_SECURE_NO_DEPRECATE
> -D_CRT_NONSTDC_NO_WARNINGS -D_CRT_SECURE_NO_WARNINGS $(INCLUDE_DIRS)
> /FD /c
> 
> LINK32=link.exe
> 


ACK.


Kind regards,

David Sommerseth

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LRT4ACgkQDC186MBRfroHHwCfRYRV4pvQvDbGIYO8ODj2rU8i
0H4AniwZ45kaq/lG5W/1QGxj7UT7uE2b
=9b4K
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 04/35] cleanup: memcmp.c: remove unused source

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev  --- configure.ac |
> 3 --- memcmp.c |   43 --- 
> 2 files changed, 0 insertions(+), 46 deletions(-) delete mode 100644
> memcmp.c
> 
> diff --git a/configure.ac b/configure.ac index 25dcc37..1c4d66c
> 100644 --- a/configure.ac +++ b/configure.ac @@ -564,9 +564,6 @@ else
> 
> fi
> 
> -dnl Required library functions -AC_FUNC_MEMCMP - dnl dnl Check for
> res_init dnl diff --git a/memcmp.c b/memcmp.c deleted file mode
> 100644 index d921aac..000 --- a/memcmp.c +++ /dev/null @@ -1,43
> +0,0 @@ -/* - *  OpenVPN -- An application to securely tunnel IP
> networks - * over a single TCP/UDP port, with support for
> SSL/TLS-based - * session authentication and key
> exchange, - * packet encryption, packet authentication,
> and - * packet compression. - * - *  Copyright (C)
> 2002-2010 OpenVPN Technologies, Inc.  - * - *  This
> program is free software; you can redistribute it and/or modify - *
> it under the terms of the GNU General Public License version 2 - *  as
> published by the Free Software Foundation. - * - *  This program is
> distributed in the hope that it will be useful, - *  but WITHOUT ANY
> WARRANTY; without even the implied warranty of - *  MERCHANTABILITY or
> FITNESS FOR A PARTICULAR PURPOSE.  See the - *  GNU General Public
> License for more details. - * - *  You should have received a copy of
> the GNU General Public License - *  along with this program (see the
> file COPYING included with this - *  distribution); if not, write to
> the Free Software Foundation, Inc., - *  59 Temple Place, Suite 330,
> Boston, MA  02111-1307  USA - */ - -#include "syshead.h" - -#include
> "memdbg.h" - -int -memcmp (const void *s1, const void *s2, size_t n) 
> -{ -  unsigned const char *p1 = s1, *p2 = s2; -  int d; - -  if (n) -
> while (n-- > 0) -  { -d = *p1++ - *p2++; -if (d != 0) - return
> d; -  } -  return 0; -}


ACK.


Kind regards,

David Sommerseth

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LRPAACgkQDC186MBRfrryIgCfZey8UxGKJWZRtLOcAnwyE4Ew
nB0AoKFQCqaIam9Wb37VlP07dushqYqs
=CVAz
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 03/35] cleanup: tun.c: fix incorrect option in message (ip-win32)

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/02/12 02:22, Alon Bar-Lev wrote:
> 
> Signed-off-by: Alon Bar-Lev 
> ---
>  tun.c |2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/tun.c b/tun.c
> index c92c0d7..81b66fb 100644
> --- a/tun.c
> +++ b/tun.c
> @@ -4492,7 +4492,7 @@ dhcp_masq_addr (const in_addr_t local, const in_addr_t 
> netmask, const int offset
>  msg (M_FATAL, "ERROR: There is a clash between the --ifconfig local 
> address and the internal DHCP server address -- both are set to %s -- please 
> use the --ip-win32 dynamic option to choose a different free address from the 
> --ifconfig subnet for the internal DHCP server", print_in_addr_t (dsa, 0, 
> ));
>  
>if ((local & netmask) != (dsa & netmask))
> -msg (M_FATAL, "ERROR: --tap-win32 dynamic [offset] : offset is outside 
> of --ifconfig subnet");
> +msg (M_FATAL, "ERROR: --ip-win32 dynamic [offset] : offset is outside of 
> --ifconfig subnet");
>  
>gc_free ();
>return htonl(dsa);

ACK.


Kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9LRJEACgkQDC186MBRfrpufwCaApTJnlpQQJ9iWW3PBh+sJCxo
0TIAn1j4gSvEM7GiwuVhep7q/yELWcuf
=F7DR
-END PGP SIGNATURE-

Re: [Openvpn-devel] openvpn windows gui

[Samuli Seppänen]

> Hello,
>
> A stupid question
> Which GUI is embedded in the installer?
> What is GUI and what is XGUI?
> All I found is[1].
>
In 2.2.x installers the GUI is the old one from here, just signed:



In 2.3-alpha1 we use the latest snapshot from here:



XGUI is obsolete, it can be ignored. I removed all of the XGUI-related
stuff from the Python-based buildsystem, but it's still lurking in the
old "domake-win" buildscripts/.nsi files.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] [build] tap-windows

[Alon Bar-Lev]

Also signs and package.
Please test.

On Sun, Feb 26, 2012 at 4:49 AM, Alon Bar-Lev  wrote:
> Hello,
>
> A repository is available[1], stripped down with only tap sources.
>
> To build use you need ddk available:
>> configure
>> build
>
> It builds winxp 32bit and win7 64bit I hope this is what the current
> installer is doing,
> as building the tap is kept secret.
>
> In the open source package we will provide vanilla devcon and not the modified
> tapinstaller which we do not have the sources of. I it is so important
> to hack computer
> and bypass Windows confirmation dialog.
>
> Left is to package it up.
>
> Alon.
>
> [1] https://github.com/alonbl/tap-windows/