Re: [Openvpn-devel] [PATCH v2] Check for time_t overflow in event_timeout_trigger()

Hi, On Tue, Jan 2, 2018 at 5:28 PM, Steffan Karger wrote: > As reported in trac #922, the wakeup computation in > event_timeout_trigger() could overflow. Since time_t and int are signed > types, that is officially undefined behvaiour. > > On systems with a 64-bit signed

Re: [Openvpn-devel] [PATCH applied] Re: Don't throw fatal errors from create_temp_file()

Hi, Steffan asked me to pull this into 2.4, which makes sense - it's somewhere between "code cleanup" and "bugfix", basically avoiding an ASSERT() when we could more gracefully handle a failure on an incoming client (... in a somewhat unlikely chain of events, but still, ASSERT() on the server

[Openvpn-devel] [PATCH applied] Re: Support EC certificates with cryptoapicert

Compile-tested on OpenBSD 6.0 (no EC/LibreSSL hickup, good :-) ) and mingw / ubuntu 16.04. All well. Your patch has been applied to the master branch. (Is there a strong case for including it in 2.4?) commit a6f38bafbbbd291d57ecb3610c2844e7f7e01412 Author: Selva Nair Date: Sun Feb 25

[Openvpn-devel] [PATCH applied] Re: man: Add .TQ groff support macro

Acked-by: Gert Doering (Tested on FreeBSD 9, where .TQ is not available out of the box) Your patch has been applied to the master and release/2.4 branch. commit 5ed5ac5cf869c0284ffeedda358da23e201357cc (master) commit c5a63d5a6ea78bee069cc503e0a396decfbbaf0e (release/2.4)

[Openvpn-devel] [PATCH applied] Re: man: Reword --management to prefer unix sockets over TCP

Acked-by: Gert Doering as discussed on IRC this morning. Your patch has been applied to the master and release/2.4 branch. commit ec100d7e4ce7aaeb731c22b0d86826bf295df6cd (master) commit e5ee5121cbbeca6dcbee38dea5b40779e3f6da83 (release/2.4) Author: David Sommerseth Date:

Re: [Openvpn-devel] [PATCH 3/3] management: Warn if TCP port is used without password

Hi, On Wed, Feb 28, 2018 at 8:34 AM, Arne Schwabe wrote: > Am 28.02.18 um 14:19 schrieb David Sommerseth: >> It is not recommended to use --management on a TCP port without also >> adding a password authentication, as this can easily be abused by other >> users or processes

[Openvpn-devel] [PATCH] Make return code external tls key match docs

In tls_ctx_use_external_private_key, the return codes were inverted compared to what is documented in ssl_backend.h (and what can reasonably be expected). Internally the return code is never checked, so this did not directly result in any change of behavior. --- src/openvpn/ssl_mbedtls.c | 6

Re: [Openvpn-devel] [PATCH 3/3] management: Warn if TCP port is used without password

Am 28.02.18 um 14:19 schrieb David Sommerseth: > It is not recommended to use --management on a TCP port without also > adding a password authentication, as this can easily be abused by other > users or processes being able to connect to the managmement interface. > > Thus issue a warning that

[Openvpn-devel] [PATCH 1/3] man: Add .TQ groff support macro

This introduces the .TQ groff macro. Even though this can be found in newer groff versions, not all platforms we support carries this one. This macro makes it possible to have mulitple lines of options as headers before describing all of these options in the same segment. Signed-off-by: David

[Openvpn-devel] [PATCH 3/3] management: Warn if TCP port is used without password

It is not recommended to use --management on a TCP port without also adding a password authentication, as this can easily be abused by other users or processes being able to connect to the managmement interface. Thus issue a warning that this configuration is strongly discouraged. Signed-off-by: