Re: [Openvpn-devel] Question regarding easy-rsa

Since this was sent to three separate lists: I am active and review the reported bugs. I recently completed my second book on OpenVPN and should shortly have an opportunity to work more actively on the project. Eric Crist > On May 19, 2017, at 5:52 PM, Mahawar, Sunil

Re: [Openvpn-devel] [Openvpn-users] question about easy-rsa

Thrice: I am active and review the reported bugs. I recently completed my second book on OpenVPN and should shortly have an opportunity to work more actively on the project. Eric Crist > On May 19, 2017, at 5:41 PM, Mahawar, Sunil wrote: > > Hi, > I loved

Re: [Openvpn-devel] Question about easy-rsa

On 19/05/17 23:56, David Sommerseth wrote: > On 20/05/17 00:45, Mahawar, Sunil wrote: >> Hi, >> >> I loved easy-rsa tool and its user friendly interface. I am using >> this tool for one of my project for OpenHPC (http://openhpc.community ). >> However one my colleague pointed out that

Re: [Openvpn-devel] Question about easy-rsa

On 20/05/17 00:45, Mahawar, Sunil wrote: > Hi, > > I loved easy-rsa tool and its user friendly interface. I am using > this tool for one of my project for OpenHPC (http://openhpc.community ). > However one my colleague pointed out that easy-rsa project is not an > active project, its last

[Openvpn-devel] Question regarding easy-rsa

Hello Eric, I loved easy-rsa tool and its user friendly interface. I am using this utility for one of my project for OpenHPC (http://openhpc.community ). However one of my colleague pointed out that easy-rsa project is not an active project, its last release was 2 year

[Openvpn-devel] Question about easy-rsa

Hi, I loved easy-rsa tool and its user friendly interface. I am using this tool for one of my project for OpenHPC (http://openhpc.community ). However one my colleague pointed out that easy-rsa project is not an active project, its last release was 2 year back, last commit was June 2016,

Re: [Openvpn-devel] Problem with sig for 2.3.16?

On 19/05/17 21:23, Jonathan K. Bullard wrote: [...snip...] >> Right now the signature situation is a bit confusing, as 2.4.2 is still >> signed with my new key, and 2.3.16 is using the secur...@openvpn.net >> key. That is all documented here, though: >> >>

Re: [Openvpn-devel] Please check the 2.3.15 downloads

Am 19.05.2017 um 10:47 schrieb Gert Doering: > > Apologies for the 2.3.15 mishap (and thanks to Mathias Andree for raising > this issue yesterday already). I just spread the word, originator of the information was Renato Botelho aka. garga@ in the FreeBSD project.

Re: [Openvpn-devel] Problem with sig for 2.3.16?

On Fri, May 19, 2017 at 1:44 PM, Samuli Seppänen wrote: > On 19/05/2017 17:50, David Sommerseth wrote: >> On 19/05/17 16:28, Jonathan K. Bullard wrote: >>> When I try to verify the signature on openvpn-2.3.16.tar.gz (using >>> openvpn-2.3.16.tar.gz.asc) from the "Downloads"

Re: [Openvpn-devel] security/openvpn23 tarball size mismatch

Hi, (let's see if I can actually mail to the folks and lists on CC: or not :) ) On Thu, May 18, 2017 at 09:27:04AM +0200, Matthias Andree wrote: > Upstream maintainers will need to talk about this and may need to > release 2.3.16 to resolve any uncertainties. Which is what we did. Rounded up a

Re: [Openvpn-devel] Problem with sig for 2.3.16?

On 19/05/2017 17:50, David Sommerseth wrote: > On 19/05/17 16:28, Jonathan K. Bullard wrote: >> When I try to verify the signature on openvpn-2.3.16.tar.gz (using >> openvpn-2.3.16.tar.gz.asc) from the "Downloads" page [1], I get the >> following: >> >> gpg: assuming signed data in

[Openvpn-devel] Problem with sig for 2.3.16?

When I try to verify the signature on openvpn-2.3.16.tar.gz (using openvpn-2.3.16.tar.gz.asc) from the "Downloads" page [1], I get the following: gpg: assuming signed data in `XXX/openvpn-2.3.16.tar.gz' gpg: Signature made Thu May 18 16:56:48 2017 EDT using RSA key ID 8CC2B034 gpg:

Re: [Openvpn-devel] OpenVPN 2.3.16 released

On 19/05/2017 13:46, Jonathan K. Bullard wrote: > On Fri, May 19, 2017 at 5:29 AM, Samuli Seppänen wrote: >> >> The OpenVPN community project team is proud to release OpenVPN 2.3.16. >> It can be downloaded from here: >> >>

Re: [Openvpn-devel] OpenSSL 1.1 patch set - status?

Hi, On Fri, May 19, 2017 at 12:37:17PM +0200, Emmanuel Deloget wrote: > > I'm wondering where this got stuck - are you waiting for us to move > > forward (like, missing review of parts of the patch set), or are we > > waiting for you, and you've been busy? > > Problem is that I'm working in a

Re: [Openvpn-devel] OpenVPN 2.3.16 released

On Fri, May 19, 2017 at 5:29 AM, Samuli Seppänen wrote: > > The OpenVPN community project team is proud to release OpenVPN 2.3.16. > It can be downloaded from here: > > > > This is a minor release that fixes a few bugs.

[Openvpn-devel] [PATCH 6/7] OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX

OpenSSL 1.1 does not allow us to directly access the internal of any data type, including EVP_CIPHER_CTX. We have to use the defined functions to do so. Compatibility with OpenSSL 1.0 is kept by defining the corresponding functions when they are not found in the library. Signed-off-by: Emmanuel

[Openvpn-devel] [PATCH 3/7] OpenSSL: don't use direct access to the internal of RSA

OpenSSL 1.1 does not allow us to directly access the internal of any data type, including RSA. We have to use the defined functions to do so. Compatibility with OpenSSL 1.0 is kept by defining the corresponding functions when they are not found in the library. Signed-off-by: Emmanuel Deloget

[Openvpn-devel] [PATCH 1/7] OpenSSL: don't use direct access to the internal of X509

OpenSSL 1.1 does not allow us to directly access the internal of any data type, including X509. We have to use the defined functions to do so. In x509_verify_ns_cert_type() in particular, this means that we cannot directly check for the extended flags to find whether the certificate should be

[Openvpn-devel] [PATCH 7/7] OpenSSL: don't use direct access to the internal of HMAC_CTX

OpenSSL 1.1 does not allow us to directly access the internal of any data type, including HMAC_CTX. We have to use the defined functions to do so. Compatibility with OpenSSL 1.0 is kept by defining the corresponding functions when they are not found in the library. Signed-off-by: Emmanuel

[Openvpn-devel] [PATCH 5/7] OpenSSL: don't use direct access to the internal of EVP_MD_CTX

OpenSSL 1.1 does not allow us to directly access the internal of any data type, including EVP_MD_CTX. We have to use the defined functions to do so. Compatibility with OpenSSL 1.0 is kept by defining the corresponding functions when they are not found in the library. Signed-off-by: Emmanuel

[Openvpn-devel] [PATCH 2/7] OpenSSL: don't use direct access to the internal of EVP_PKEY

OpenSSL 1.1 does not allow us to directly access the internal of any data type, including EVP_PKEY. We have to use the defined functions to do so. Compatibility with OpenSSL 1.0 is kept by defining the corresponding functions when they are not found in the library. Signed-off-by: Emmanuel

[Openvpn-devel] [PATCH 4/7] OpenSSL: don't use direct access to the internal of DSA

OpenSSL 1.1 does not allow us to directly access the internal of any data type, including DSA. We have to use the defined functions to do so. Compatibility with OpenSSL 1.0 is kept by defining the corresponding functions when they are not found in the library. Signed-off-by: Emmanuel Deloget

Re: [Openvpn-devel] OpenSSL 1.1 patch set - status?

Hi Gert, On Thu, May 18, 2017 at 10:49 PM, Gert Doering wrote: > > Hi Emmanuel, > > On Mon, Mar 27, 2017 at 05:49:48PM +0200, Emmanuel Deloget wrote: > > I'll post my new patches as soon as I get over every issues > > that have been talked on the ML (is that even a valid >

[Openvpn-devel] OpenVPN 2.3.16 released

The OpenVPN community project team is proud to release OpenVPN 2.3.16. It can be downloaded from here: This is a minor release that fixes a few bugs. This release was made primarily because CloudFlare managed to serve obsolete pre-release

Re: [Openvpn-devel] Please check the 2.3.15 downloads

Hi, On Fri, May 19, 2017 at 10:22:24AM +0200, Simon Matter wrote: > I'm not sure what the correct 2.3.15 tarball is. > > The one available from > https://openvpn.net/index.php/open-source/downloads.html doesn't have the > CVE-2017-7478 included. > > Isn't there still something wrong there?

[Openvpn-devel] Please check the 2.3.15 downloads

Hi, I'm not sure what the correct 2.3.15 tarball is. The one available from https://openvpn.net/index.php/open-source/downloads.html doesn't have the CVE-2017-7478 included. Isn't there still something wrong there? Thanks, Simon