[Openvpn-devel] [M] Change in openvpn[master]: Implement support for AEAD tag at the end

2024-01-25 Thread plaisthos (Code Review) 
Attention is currently required from: flichtenheld.

Hello flichtenheld,

I'd like you to do a code review.
Please visit

http://gerrit.openvpn.net/c/openvpn/+/506?usp=email

to review the following change.


Change subject: Implement support for AEAD tag at the end
..

Implement support for AEAD tag at the end

Change-Id: I00821d75342daf3f813b829812d648fe298bea81
---
M src/openvpn/crypto.c
M src/openvpn/crypto.h
M src/openvpn/init.c
M src/openvpn/options.c
M src/openvpn/push.c
M src/openvpn/ssl.h
M tests/unit_tests/openvpn/test_ssl.c
7 files changed, 85 insertions(+), 26 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/06/506/1

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 2fca131..9988ebe 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -104,14 +104,10 @@
 ASSERT(cipher_ctx_reset(ctx->cipher, iv));
 }

-/* Reserve space for authentication tag */
-mac_out = buf_write_alloc(, mac_len);
-ASSERT(mac_out);
-
 dmsg(D_PACKET_CONTENT, "ENCRYPT FROM: %s", format_hex(BPTR(buf), 
BLEN(buf), 80, ));

 /* Buffer overflow check */
-if (!buf_safe(, buf->len + cipher_ctx_block_size(ctx->cipher)))
+if (!buf_safe(, buf->len + mac_len + 
cipher_ctx_block_size(ctx->cipher)))
 {
 msg(D_CRYPT_ERRORS,
 "ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d",
@@ -121,9 +117,16 @@
 }

 /* For AEAD ciphers, authenticate Additional Data, including opcode */
-ASSERT(cipher_ctx_update_ad(ctx->cipher, BPTR(), BLEN() - 
mac_len));
+ASSERT(cipher_ctx_update_ad(ctx->cipher, BPTR(), BLEN()));
 dmsg(D_PACKET_CONTENT, "ENCRYPT AD: %s",
- format_hex(BPTR(), BLEN() - mac_len, 0, ));
+ format_hex(BPTR(), BLEN(), 0, ));
+
+if (!(opt->flags & CO_AEAD_TAG_AT_THE_END))
+{
+/* Reserve space for authentication tag */
+mac_out = buf_write_alloc(, mac_len);
+ASSERT(mac_out);
+}

 /* Encrypt packet ID, payload */
 ASSERT(cipher_ctx_update(ctx->cipher, BEND(), , BPTR(buf), 
BLEN(buf)));
@@ -133,6 +136,14 @@
 ASSERT(cipher_ctx_final(ctx->cipher, BEND(), ));
 ASSERT(buf_inc_len(, outlen));

+/* if the tag is at end the end, allocate it now */
+if (opt->flags & CO_AEAD_TAG_AT_THE_END)
+{
+/* Reserve space for authentication tag */
+mac_out = buf_write_alloc(, mac_len);
+ASSERT(mac_out);
+}
+
 /* Write authentication tag */
 ASSERT(cipher_ctx_get_tag(ctx->cipher, mac_out, mac_len));
 
@@ -353,7 +364,6 @@
 static const char error_prefix[] = "AEAD Decrypt error";
 struct packet_id_net pin = { 0 };
 const struct key_ctx *ctx = >key_ctx_bi.decrypt;
-uint8_t *tag_ptr = NULL;
 int outlen;
 struct gc_arena gc;

@@ -406,19 +416,29 @@

 /* keep the tag value to feed in later */
 const int tag_size = OPENVPN_AEAD_TAG_LENGTH;
-if (buf->len < tag_size)
+if (buf->len < tag_size + 1)
 {
-CRYPT_ERROR("missing tag");
+CRYPT_ERROR("missing tag or no payload");
 }
-tag_ptr = BPTR(buf);
-ASSERT(buf_advance(buf, tag_size));
+
+const int ad_size = BPTR(buf) - ad_start;
+
+uint8_t *tag_ptr = NULL;
+int data_len = 0;
+
+if (opt->flags & CO_AEAD_TAG_AT_THE_END)
+{
+data_len = BLEN(buf) - tag_size;
+tag_ptr = BPTR(buf) + data_len;
+}
+else
+{
+tag_ptr = BPTR(buf);
+ASSERT(buf_advance(buf, tag_size));
+data_len = BLEN(buf);
+}
+
 dmsg(D_PACKET_CONTENT, "DECRYPT MAC: %s", format_hex(tag_ptr, tag_size, 0, 
));
-
-if (buf->len < 1)
-{
-CRYPT_ERROR("missing payload");
-}
-
 dmsg(D_PACKET_CONTENT, "DECRYPT FROM: %s", format_hex(BPTR(buf), 
BLEN(buf), 0, ));

 /* Buffer overflow check (should never fail) */
@@ -427,20 +447,19 @@
 CRYPT_ERROR("potential buffer overflow");
 }

-{
-/* feed in tag and the authenticated data */
-const int ad_size = BPTR(buf) - ad_start - tag_size;
-ASSERT(cipher_ctx_update_ad(ctx->cipher, ad_start, ad_size));
-dmsg(D_PACKET_CONTENT, "DECRYPT AD: %s",
- format_hex(BPTR(buf) - ad_size - tag_size, ad_size, 0, ));
-}
+
+/* feed in tag and the authenticated data */
+ASSERT(cipher_ctx_update_ad(ctx->cipher, ad_start, ad_size));
+dmsg(D_PACKET_CONTENT, "DECRYPT AD: %s",
+ format_hex(ad_start, ad_size, 0, ));

 /* Decrypt and authenticate packet */
 if (!cipher_ctx_update(ctx->cipher, BPTR(), , BPTR(buf),
-   BLEN(buf)))
+   data_len))
 {
 CRYPT_ERROR("cipher update failed");
 }
+
 ASSERT(buf_inc_len(, outlen));
 if (!cipher_ctx_final_check_tag(ctx->cipher, BPTR() + outlen,
 , tag_ptr, tag_size))
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h

[Openvpn-devel] [M] Change in openvpn[master]: Implement support for larger packet counter sizes

2024-01-25 Thread plaisthos (Code Review) 
Attention is currently required from: flichtenheld.

Hello flichtenheld,

I'd like you to do a code review.
Please visit

http://gerrit.openvpn.net/c/openvpn/+/507?usp=email

to review the following change.


Change subject: Implement support for larger packet counter sizes
..

Implement support for larger packet counter sizes

With DCO and possible future hardware assisted OpenVPN acceleration we
are approaching the point where 32 bit IVs are not cutting it any more.

To illustrate the problem, some back of the envelope math here:

If we want to keep the current 3600s renegotiation interval and have
a safety margin of 25% (when we trigger renegotiation) we have about
3.2 million packets (2*32 * 0.7) to work with. That translates to
about 835k packets per second.

With 1300 Byte packets that translates into 8-9 Gbit/s. That is far
from unrealistic any more. Current DCO implementations are already in
spitting distance to that or might even reach (for a single client
connection) that if you have extremely fast
single core performance CPU.

This introduces the 64bit packet counters for AEAD data channel
ciphers in TLS mode ciphers. No effort has been made to support
larger packet counters in any scenario since the other scenarios
are all legacy.

While we still keep the old --secret logic around we use the same
weird unix timestamp + packet counter format to avoid refactoring the
code now and again when we remove --secret code but DCO
implementations are free to use just a single 64 bit counter. One
other small downside of this approach is that when rollover happens
and we get reordering all the older packets are thrown away since
the distance between the packet before and after the rollover is
quite large as we probably jump forward more than 1s (or more than
2^32 packet ids) forward. But this is an obscure edge that we can
(currently) live with.

Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2
---
M src/openvpn/crypto.c
M src/openvpn/crypto.h
M src/openvpn/init.c
M src/openvpn/multi.c
M src/openvpn/options.c
M src/openvpn/push.c
M src/openvpn/ssl.c
M src/openvpn/ssl_common.h
M src/openvpn/ssl_ncp.c
M tests/unit_tests/openvpn/test_ssl.c
10 files changed, 105 insertions(+), 20 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/07/507/1

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 9988ebe..81b33fe 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -68,6 +68,7 @@
 const struct key_ctx *ctx = >key_ctx_bi.encrypt;
 uint8_t *mac_out = NULL;
 const int mac_len = OPENVPN_AEAD_TAG_LENGTH;
+bool longiv = opt->flags & CO_64_BIT_PKT_ID;

 /* IV, packet-ID and implicit IV required for this mode. */
 ASSERT(ctx->cipher);
@@ -86,7 +87,7 @@
 buf_set_write(_buffer, iv, iv_len);

 /* IV starts with packet id to make the IV unique for packet */
-if (!packet_id_write(>packet_id.send, _buffer, false, false))
+if (!packet_id_write(>packet_id.send, _buffer, longiv, false))
 {
 msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
 goto err;
@@ -384,6 +385,8 @@
 /* IV and Packet ID required for this mode */
 ASSERT(packet_id_initialized(>packet_id));

+bool longiv = opt->flags & CO_64_BIT_PKT_ID;
+
 /* Combine IV from explicit part from packet and implicit part from 
context */
 {
 uint8_t iv[OPENVPN_MAX_IV_LENGTH] = { 0 };
@@ -409,7 +412,7 @@
 }

 /* Read packet ID from packet */
-if (!packet_id_read(, buf, false))
+if (!packet_id_read(, buf, longiv))
 {
 CRYPT_ERROR("error reading packet-id");
 }
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 95a5b31..0ef13e0 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -283,6 +283,11 @@
 /**< Bit-flag indicating that the AEAD tag is at the end of the
  *   packet.
  */
+#define CO_64_BIT_PKT_ID  (1<<9)
+/**< Bit-flag indicating that we should use a 64 bit (8 byte) packet
+ * counter instead of the 32 bit that we normally use.
+ */
+

 unsigned int flags; /**< Bit-flags determining behavior of
  *   security operation functions. */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cd37b36..7db8d06 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2327,6 +2327,10 @@
 {
 buf_printf(, " aead-tag-end");
 }
+if (o->imported_protocol_flags & CO_64_BIT_PKT_ID)
+{
+buf_printf(, " pkt-id-64-bit");
+}
 }

 if (buf_len() > strlen(header))
@@ -3297,6 +3301,16 @@
 to.push_peer_info_detail = 1;
 }

+/* Check if the DCO drivers support the new 64bit packet counter and
+ * AEAD tag at the end */
+if (dco_enabled(options))
+{
+to.data_v3_features_supported = false;
+}
+else
+{
+

[Openvpn-devel] [M] Change in openvpn[master]: Print SSL peer signature information in handshake debug details

2024-01-25 Thread plaisthos (Code Review) 
Attention is currently required from: flichtenheld, plaisthos.

Hello flichtenheld,

I'd like you to reexamine a change. Please visit

http://gerrit.openvpn.net/c/openvpn/+/365?usp=email

to look at the new patch set (#9).

The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld


Change subject: Print SSL peer signature information in handshake debug details
..

Print SSL peer signature information in handshake debug details

This is more SSL debug information that most people do not really need
or care about. OpenSSL's own s_client also logs them:

Peer signing digest: SHA256
Peer signature type: ECDSA

The complete message looks like this:

   Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer 
certificate: 2048 bits RSA, signature: RSA-SHA256, server temp key: 253 bits 
X25519, peer signing digest/type: SHA256 RSASSA-PSS

or when forcing a specific group via tls-groups X448 with a ECDSA server:

   Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer 
certificate: 384 bits ECsecp384r1, signature: ecdsa-with-SHA256, server temp 
key: 448 bits X448, peer signing digest/type: SHA384 ECDSA

Change-Id: Ib5fc0c4b8f164596681ac5ad73002068ec6de1e5
Signed-off-by: Arne Schwabe 
---
M src/openvpn/ssl_openssl.c
1 file changed, 81 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/65/365/9

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index c30e6a9..9b6027c 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2166,6 +2166,83 @@
 EVP_PKEY_free(pkey);
 }

+#if !defined(LIBRESSL_VERSION_NUMBER)  && OPENSSL_VERSION_NUMBER >= 0x101fL
+/**
+ * Translate an OpenSSL NID into a more human readable name
+ * @param nid
+ * @return
+ */
+static const char *
+get_sigtype(int nid)
+{
+/* Fix a few OpenSSL names to be better understandable */
+switch (nid)
+{
+case EVP_PKEY_RSA:
+/* will otherwise say rsaEncryption */
+return "RSA";
+
+case EVP_PKEY_DSA:
+/* dsaEncryption otherwise */
+return "DSA";
+
+case EVP_PKEY_EC:
+/* will say id-ecPublicKey */
+return "ECDSA";
+
+case -1:
+return "(error getting name)";
+
+default:
+return OBJ_nid2sn(nid);
+}
+}
+#endif /* ifndef LIBRESSL_VERSION_NUMBER */
+
+/**
+ * Get the type of the signature that is used by the peer during the
+ * TLS handshake
+ */
+static void
+print_peer_signature(SSL *ssl, char *buf, size_t buflen)
+{
+int peer_sig_nid = NID_undef, peer_sig_type_nid = NID_undef;
+const char *peer_sig = "unknown";
+const char *peer_sig_type = "unknown type";
+
+/* Even though these methods use the deprecated NIDs instead of using
+ * string as new OpenSSL APIs do, there seem to be no API that replaces
+ * it yet */
+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3050400fL
+if (SSL_get_peer_signature_nid(ssl, _sig_nid)
+&& peer_sig_nid != NID_undef)
+{
+peer_sig = OBJ_nid2sn(peer_sig_nid);
+}
+#endif
+
+#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 
0x101fL) \
+|| (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 
0x309fL)
+/* LibreSSL 3.7.x and 3.8.x implement this function but do not export it
+ * and fail linking with an unresolved symbol */
+if (SSL_get_peer_signature_type_nid(ssl, _sig_type_nid)
+&& peer_sig_type_nid != NID_undef)
+{
+peer_sig_type = get_sigtype(peer_sig_type_nid);
+}
+#endif
+
+if (peer_sig_nid == NID_undef && peer_sig_type_nid == NID_undef)
+{
+return;
+}
+
+openvpn_snprintf(buf, buflen, ", peer signing digest/type: %s %s",
+ peer_sig, peer_sig_type);
+}
+
+
+
 /* **
  *
  * Information functions
@@ -2180,8 +2257,9 @@
 char s1[256];
 char s2[256];
 char s3[256];
+char s4[256];

-s1[0] = s2[0] = s3[0] = 0;
+s1[0] = s2[0] = s3[0] = s4[0] = 0;
 ciph = SSL_get_current_cipher(ks_ssl->ssl);
 openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
  prefix,
@@ -2196,8 +2274,9 @@
 X509_free(cert);
 }
 print_server_tempkey(ks_ssl->ssl, s3, sizeof(s3));
+print_peer_signature(ks_ssl->ssl, s4, sizeof(s4));

-msg(D_HANDSHAKE, "%s%s%s", s1, s2, s3);
+msg(D_HANDSHAKE, "%s%s%s%s", s1, s2, s3, s4);
 }

 void

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/365?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ib5fc0c4b8f164596681ac5ad73002068ec6de1e5
Gerrit-Change-Number: 365
Gerrit-PatchSet: 9
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC:

[Openvpn-devel] [PATCH v7] forked-test-driver: Show test output always

2024-01-25 Thread Frank Lichtenheld 
We want to see the progress, at least for slow tests
like t_client.sh.

Change-Id: I11e0091482d9acee89ca018374cb8d96d22f8514
Signed-off-by: Frank Lichtenheld 
Acked-by: Arne Schwabe 
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/479
This mail reflects revision 7 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe 


diff --git a/forked-test-driver b/forked-test-driver
index be73b80..6971dfb 100755
--- a/forked-test-driver
+++ b/forked-test-driver
@@ -108,9 +108,14 @@
 # Test script is run here. We create the file first, then append to it,
 # to ameliorate tests themselves also writing to the log file. Our tests
 # don't, but others can (automake bug#35762).
+# OVPN changes:
+#  - add tee to see output of tests
+#  - needs portable pipefail mechanism
+estatusfile="${trs_file}.exit"
 : >"$log_file"
-"$@" >>"$log_file" 2>&1
-estatus=$?
+("$@" 2>&1; estatus=$?; echo $estatus >"$estatusfile") | tee -a "$log_file"
+estatus=$(cat "$estatusfile")
+rm -f "$estatusfile"
 
 if test $enable_hard_errors = no && test $estatus -eq 99; then
   tweaked_estatus=1


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v6] tests: fork default automake test-driver

2024-01-25 Thread Frank Lichtenheld 
For some of the test we don't like the default log behavior
and there seems no easy way to change that except to fork
the driver. The license seems unproblematic since we're
GPL anyway.

v2:
 - Do not use forked-test-driver for UTs. Default behavior
   is fine for those.

Change-Id: I67d461afbcc9c06b1fc5ab4477141d7b8bd9ba8e
Signed-off-by: Frank Lichtenheld 
Acked-by: Arne Schwabe 
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/478
This mail reflects revision 6 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe 


diff --git a/Makefile.am b/Makefile.am
index 792588a..d93bd1b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -45,7 +45,8 @@
ltrc.inc \
CMakeLists.txt \
CMakePresets.json \
-   config.h.cmake.in
+   config.h.cmake.in \
+   forked-test-driver
 
 .PHONY: config-version.h doxygen
 
diff --git a/forked-test-driver b/forked-test-driver
new file mode 100755
index 000..be73b80
--- /dev/null
+++ b/forked-test-driver
@@ -0,0 +1,153 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 2011-2021 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to  or send patches to
+# .
+
+# Make unconditional expansion of undefined variables an error.  This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+  echo "$0: $*" >&2
+  print_usage >&2
+  exit 2
+}
+
+print_usage ()
+{
+  cat <"$log_file"
+"$@" >>"$log_file" 2>&1
+estatus=$?
+
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+  tweaked_estatus=1
+else
+  tweaked_estatus=$estatus
+fi
+
+case $tweaked_estatus:$expect_failure in
+  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
+  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
+  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
+  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
+  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
+esac
+
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>"$log_file"
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 6c71067..b3b2d74 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -15,6 +15,7 @@
 SUBDIRS = unit_tests
 
 AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING) System Tests'
+LOG_DRIVER = $(SHELL) $(top_srcdir)/forked-test-driver
 
 if !WIN32
 test_scripts = t_client.sh t_lpback.sh t_cltsrv.sh


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [XS] Change in openvpn[master]: forked-test-driver: Show test output always

2024-01-25 Thread plaisthos (Code Review) 
Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/479?usp=email )

Change subject: forked-test-driver: Show test output always
..


Patch Set 7: Code-Review+2


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/479?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I11e0091482d9acee89ca018374cb8d96d22f8514
Gerrit-Change-Number: 479
Gerrit-PatchSet: 7
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Thu, 25 Jan 2024 10:32:47 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: tests: fork default automake test-driver

2024-01-25 Thread plaisthos (Code Review) 
Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/478?usp=email )

Change subject: tests: fork default automake test-driver
..


Patch Set 6: Code-Review+2


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/478?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I67d461afbcc9c06b1fc5ab4477141d7b8bd9ba8e
Gerrit-Change-Number: 478
Gerrit-PatchSet: 6
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Thu, 25 Jan 2024 10:32:06 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: test_user_pass: add basic tests for static/dynamic challenges

2024-01-25 Thread plaisthos (Code Review) 
Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/475?usp=email )

Change subject: test_user_pass: add basic tests for static/dynamic challenges
..


Patch Set 7: Code-Review+2

(1 comment)

Patchset:

PS7:
Still essentially same patch. Centos7 build failure is unrelated to this patch.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/475?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a
Gerrit-Change-Number: 475
Gerrit-PatchSet: 7
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Thu, 25 Jan 2024 10:30:52 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel