Re: [Openvpn-devel] [PATCH] OCSP_check.sh: new check logic

On Wednesday 28 April 2010, David Sommerseth wrote: > > +status=$(openssl ocsp -issuer "$issuer" \ > > +"$nonce" \ > > +-CAfile "$verify" \ > > +-url "$ocsp_url" \ > > +-serial "0x${serial}" 2>/dev/null) > > + > >

[Openvpn-devel] [PATCH] OCSP_check.sh: new check logic

contrib/OCSP_check/OCSP_check.sh: I discovered that, quite surprisingly, the exit status of "openssl ocsp" is 0 even if the certificate status is "revoked". This means that the logic of the script needs to be rewritten so that it parses the output returned by the query and explicitly looks

Re: [Openvpn-devel] Building the TAP drivers from source and then signing them (possible?)

Jon Onstott wrote: > I would like to go ahead and compile and sign the TAP drivers > myself. Does anyone know which certificate would be best to > purchase? There was some discussion about this on the libusb mailinglist just the other day. It seems there may be a good deal to be had with

Re: [Openvpn-devel] Building the TAP drivers from source and then signing them (possible?)

Hello, I would like to go ahead and compile and sign the TAP drivers myself. Does anyone know which certificate would be best to purchase? Thanks, -Jon On Fri, Dec 11, 2009 at 4:37 PM, James Yonan wrote: > Jon Onstott wrote: > >> Hello, >> >> I am compiling OpenVPN and the

Re: [Openvpn-devel] Unpackaged Windows binaries (Was: Re: [Openvpn-users] [ANN] OS X packages - OpenVPN 2.1.1)

On 04/27/2010 05:58:43 AM, Peter Stuge wrote: > Karl O. Pinc wrote: > > IMO OpenVPN is encouraging bad practices by supplying packages for > > distros that include OpenVPN. > > Ideally the package for that distro as made by OpenVPN is always > equivalent to the one made by the distributor. I'm

Re: [Openvpn-devel] [PATCH 3/6] vlan: slightly clean-up buf_filter_incoming_vlan_tags()

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/04/10 16:55, Fabian Knittel wrote: > This patch changes buf_filter_incoming_vlan_tags() to use a less nested > code-style. It also improves documentation of the function. > > In addition, the function is made static, as it is only used

[Openvpn-devel] [PATCH 6/6] vlan: move htons / ntohs into vlanhdr_get/_set functions

The vlanhdr_set_*() family of methods expected the passed values to be in network byte order. Therefore all invocations used htons() on the parameter. The vlanhdr_get_*() family of methods returned the values in network byte order. Therefore all invocations used ntohs() on the return value.

[Openvpn-devel] [PATCH 2/6] vlan: use uint16_t for storage of the VID where possible

This patch switches from signed to unsigned short integers for storage of the VID. The change attempts to clarify, that the VID can't ever be negative. The only place where the patch doesn't use unsigned int is for the return value of remove_vlan_tag(): The function indicates errors by returning

[Openvpn-devel] [PATCH 4/6] vlan: Improve documentation of remove_vlan_tag()

This patch improves the comments that document the remove_vlan_tag() function. It clarifies what is meant by "priority-tagged frames" and documents the parameters and return value. Signed-off-by: Fabian Knittel --- multi.c |9 +++-- 1 files changed, 7

[Openvpn-devel] [PATCH 5/6] vlan: is_ipv4: fix position of variable definition

To avoid difficulties on older / stricter C compilers, this patch moves the variable definition to the beginning of the block in is_ipv4(). Found by Peter Stuge. Signed-off-by: Fabian Knittel --- proto.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-)

[Openvpn-devel] [PATCH 1/6] vlan: Mention 802.1Q in configuration descriptions

To clarify that the tagging/untagging is based on the 802.1Q standard, this patch adds "802.1Q-based" to a few descriptive strings. The improvement was suggested by Peter Stuge. Signed-off-by: Fabian Knittel --- configure.ac |4 ++-- options.c|2 +- 2

[Openvpn-devel] [PATCH 3/6] vlan: slightly clean-up buf_filter_incoming_vlan_tags()

This patch changes buf_filter_incoming_vlan_tags() to use a less nested code-style. It also improves documentation of the function. In addition, the function is made static, as it is only used locally. Code based on a snippet by Peter Stuge. Signed-off-by: Fabian Knittel

Re: [Openvpn-devel] Any volunteer Windows devs to change OpenVPN proxying code to use "new" InternetQueryOption API?

On Wednesday 28 April 2010 16:24:31 Alon Bar-Lev wrote: > The IE API is user specific. > As OpenVPN runs as a service using own user or system account, IE API > is not suitable. Sadly I haven't found the WinHttpGetProxyForUrl API in MinGW W32API. So, use of this might rather be a long-term goal

Re: [Openvpn-devel] Any volunteer Windows devs to change OpenVPN proxying code to use "new" InternetQueryOption API?

Hi Samuli, Very interesting timing! Just last night I was poking about about this a bit, and I'm not so sure that the proxy approach noted so far is the best / right way to do this. Rather, to be able to handle dynamic (not just static) proxy configurations the WinHTTP API looks to me to be

[Openvpn-devel] Topics for tomorrow's meeting

Hi, Here are some topics for tomorrow's meeting (18:00 UTC, #openvpn-de...@irc.freenode.net). Please add things you think are still missing. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock

[Openvpn-devel] Any volunteer Windows devs to change OpenVPN proxying code to use "new" InternetQueryOption API?

Hi all, A while back a user noticed that OpenVPN still uses old IE4 API to detect proxy settings (e.g. in proxy.c and ieproxy.c). This apparently causes problems with IE's proxy detection on some Windows installations. A "new" InternetQueryOption API was introduced in IE5, so this part of

Re: [Openvpn-devel] [PULL-REQUEST v3] VLAN-Tagging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you Peter, for going so thoroughly through these patches! More comments below ... On 28/04/10 01:07, Peter Stuge wrote: > Fabian Knittel wrote: [...snip...] >> @@ -2033,10 +2062,27 @@ multi_process_incoming_link (struct multi_context >> *m,

Re: [Openvpn-devel] [PULL-REQUEST v3] VLAN-Tagging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/04/10 10:22, Fabian Knittel wrote: > Hi David, > > David Sommerseth wrote: >> I've finally found some time to dig into this again. After some >> consideration, I decided to rebase your work on your feat_vlan_tagging >> branch against the

[Openvpn-devel] List of projects related to OpenVPN now in Trac

Hi, There's now a list of projects related to OpenVPN in our Trac wiki: Please let me know if some project is not listed (which is likely). All the best, -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode

Re: [Openvpn-devel] [PULL-REQUEST v3] VLAN-Tagging

Hi David, David Sommerseth wrote: > I've finally found some time to dig into this again. After some > consideration, I decided to rebase your work on your feat_vlan_tagging > branch against the openvpn-testing.git feat_vlan_tagging branch. > > This means that your earlier patches without

Re: [Openvpn-devel] [PATCH] Mac OSX Keychain certificate support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/04/10 07:17, Brian Raderman wrote: > Hello, > > This patch adds support for using certificates stored in the Mac OSX Keychain > to authenticate with the OpenVPN server. This works with certificates stored > on the computer as well as

[Openvpn-devel] [PATCH] Mac OSX Keychain certificate support

Hello, This patch adds support for using certificates stored in the Mac OSX Keychain to authenticate with the OpenVPN server. This works with certificates stored on the computer as well as certificates on hardware tokens that support Apple's tokend interface. It has been tested with an

Re: [Openvpn-devel] [PULL-REQUEST v3] VLAN-Tagging

Fabian Knittel wrote: > I've attached a diff containing all changes introduced by the > current patch-set. Thanks for doing this. It makes review so much easier. > +++ b/configure.ac > @@ -212,6 +212,12 @@ AC_ARG_ENABLE(selinux, > [SELINUX="yes"] > ) > > +AC_ARG_ENABLE(vlan-tagging, > +

[Openvpn-als-devel] UNSUBSCRIBE

Please unsubscribe me from this list. regards, Praveen - Original Message From: samuli.seppa...@gmail.com samuli.seppa...@gmail.com To: openvpn-als-devel@lists.sourceforge.net Sent: Thu, 15 April, 2010 11:01:29 PM Subject: Re: [Openvpn-als-devel] [openvpn-als - Open Discussion] Future