Hi,
On Mon, Oct 8, 2018 at 5:50 PM Arne Schwabe wrote:
> For TLS 1.0 to 1.2 OpenSSL calls us and requires a PKCS1 padded
> response, for TLS 1.3 it requires to an unpadded response. Since we
> can PCKS1 pad an unpadded response, we prefer to always query for
> an unpadded response from the
These defines are always defined when management is enabled.
We still have --disable-management as configure option, so we need
to replace these with ENABLE_MANAGEMENT in some cases.
Signed-off-by: Arne Schwabe
---
src/openvpn/init.c| 4 ++--
src/openvpn/manage.c | 38
Although mbed TLS does not have a TLS 1.3 API yet and we do not really
know how mbed TLS will handle querying for TLS 1.3 signatures, being
able to use the same API with OpenSSL and mbed TLS is a nice feature.
Since mbed TLS does not expose a way to do pkcs1 padding, copy the
trimmed down version
For TLS 1.0 to 1.2 OpenSSL calls us and requires a PKCS1 padded
response, for TLS 1.3 it requires to an unpadded response. Since we
can PCKS1 pad an unpadded response, we prefer to always query for
an unpadded response from the management interface and add the PCKS1
padding ourselves when needed.
The current API that we use (mbedtls_pk_setup_rsa_alt) only allows
using RSA keys with the external API. Using an EC, mbed TLS and external
key in OpenVPN will fail very late with a rather obscure error message.
Instead fail early and provide a clear message that only RSA keys are
supported.
Am 08.10.18 um 21:37 schrieb Gert Doering:
> Hi,
>
> On Mon, Oct 08, 2018 at 08:16:16PM +0200, Arne Schwabe wrote:
>> There is no user facing way to enable this feature and way that feature
>> works (username build from MAC of primary net device) is questionable.
>>
>> It also does not compile
(Side note: I do work for Microsoft, but I don't speak for Microsoft, don't
know the networking stack well, and am not an NDIS dev.)
I don't know what causes this (the TAP driver?) but hopefully others may
chime in with some clue.
>>> I wonder if this will be addressed by adding the
Acked-by: Gert Doering
For the reasons given - it's code that has not been activated anywhere
in the last 5+ years, there is no way to turn it on by configure, and
it's likely not working right on half the platforms. And less #ifdef!
I had to whack the patch to make it apply - no changes to
Hi,
On Mon, Oct 08, 2018 at 08:16:16PM +0200, Arne Schwabe wrote:
> There is no user facing way to enable this feature and way that feature
> works (username build from MAC of primary net device) is questionable.
>
> It also does not compile anymore.
Feature-ACK, but the patch itself puzzles
There is no user facing way to enable this feature and way that feature
works (username build from MAC of primary net device) is questionable.
It also does not compile anymore.
---
src/openvpn/errlevel.h | 1 -
src/openvpn/misc.c | 45 --
For TLS 1.0 to 1.2 OpenSSL calls us and requires a PKCS1 padded
response, for TLS 1.3 it requires to an unpadded response. Since we
can PCKS1 pad an unpadded response, we prefer to always query for
an unpadded response from the management interface and add the PCKS1
padding ourselves when needed.
Although mbed TLS does not have a TLS 1.3 API yet and we do not really
know how mbed TLS will handle querying for TLS 1.3 signatures, being
able to use the same API with OpenSSL and mbed TLS is a nice feature.
Since mbed TLS does not expose a way to do pkcs1 padding, copy the
trimmed down version
From: Lev Stipakov
In function netsh_dns_cmd() it is possible to jump on a label and
call free() on uninitialized pointer. Move pointer initialization
above jump.
To fix a few warnings which are treated as errors with SDL enabled,
initialize pointers with NULL.
Signed-off-by: Lev Stipakov
---
Acked-by: Gert Doering
Your patch has been applied to the master branch.
commit 02b392a2ca1e94b0d87c8f643ee887f1b34558ed
Author: David Sommerseth
Date: Mon Oct 8 21:00:17 2018 +0300
build: Fix another compile warning in console_systemd.c
Signed-off-by: David Sommerseth
Dear Jon and Selva,
Is there any update on this?
Сб, 6 жовт. 2018 07:24 користувач Selva Nair пише:
> Hi
>
> On Fri, Oct 5, 2018 at 8:41 PM Jon Kunkee wrote:
>
>> > I don't know what causes this (the TAP driver?) but hopefully others
>> may chime in with some clue.
>>
>> I wonder if this will
console_systemd.c: In function ‘get_console_input_systemd’:
console_systemd.c:75:5: warning: implicit declaration of function
‘openvpn_popen’ [-Wimplicit-function-declaration]
if ((std_out = openvpn_popen(, NULL)) < 0)
Signed-off-by: David Sommerseth
---
src/openvpn/console_systemd.c | 1
Am 08.10.18 um 20:56 schrieb Gert Doering:
> Hi,
>
> On Mon, Oct 08, 2018 at 07:50:44PM +0200, Arne Schwabe wrote:
>> src/openvpn/push.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/src/openvpn/push.c b/src/openvpn/push.c
>> index 9075d63b..af6d44f7 100644
>> ---
Hi,
On Mon, Oct 08, 2018 at 07:50:44PM +0200, Arne Schwabe wrote:
> src/openvpn/push.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/openvpn/push.c b/src/openvpn/push.c
> index 9075d63b..af6d44f7 100644
> --- a/src/openvpn/push.c
> +++ b/src/openvpn/push.c
> @@
Hi,
On Mon, Oct 08, 2018 at 07:35:54PM +0300, Lev Stipakov wrote:
> @@ -1350,7 +1354,7 @@ RunOpenvpn(LPVOID p)
> {
> HANDLE pipe = p;
> HANDLE ovpn_pipe, svc_pipe;
> -PTOKEN_USER svc_user, ovpn_user;
> +PTOKEN_USER svc_user = NULL, ovpn_user = NULL;
> HANDLE svc_token =
---
src/openvpn/push.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 9075d63b..af6d44f7 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -177,7 +177,6 @@ server_pushed_signal(struct context *c, const struct buffer
Hi,
On 09/10/18 01:31, Gert Doering wrote:
> Hi,
>
> On Mon, Oct 08, 2018 at 07:35:54PM +0300, Lev Stipakov wrote:
>> out:
>> -free(cmdline);
>> +if (cmdline)
>> +{
>> +free(cmdline);
>> +}
>
> Do we have something in our styleguides related to these constructs?
>
>
Hi,
On Mon, Oct 08, 2018 at 07:35:54PM +0300, Lev Stipakov wrote:
> out:
> -free(cmdline);
> +if (cmdline)
> +{
> +free(cmdline);
> +}
Do we have something in our styleguides related to these constructs?
Since free(NULL) is well-defined and valid(!), the if() check is
Acked-by: Gert Doering
Your patch has been applied to the master branch.
commit 674b16640a19569c35045f18021e25df5e85dc1d
Author: David Sommerseth
Date: Mon Oct 8 19:56:48 2018 +0300
build: Fix build warnings related to get_random()
Signed-off-by: David Sommerseth
Acked-by:
This fixes this compile warning:
platform.c: In function ‘platform_create_temp_file’:
platform.c:355:31: warning: implicit declaration of function ‘get_random’
[-Wimplicit-function-declaration]
prefix, (unsigned long) get_random(),
Signed-off-by: David
From: Lev Stipakov
In Visual Studio when unary minus is applied to unsigned,
result is still unsigned. This means that when we use result
as function formal parameter, we pass incorrect value.
Fix by adding explicit cast to signed type.
Since GCC doesn't complain (and users too :), it probably
Acked-by: Gert Doering
Indeed, the current wording is bad. Your change makes it much better.
Your patch has been applied to the master and release/2.4 branch (bugfix).
commit f6bac113bcde4e342caf16d88e0a3a8e71085c90 (master)
commit d6637316d25bddea65767151a57203cd6dc6f619 (release/2.4)
As for the other XML project patch, I trust you, Lev and Selva to know
what you are doing :-)
Your patch has been applied to the master branch.
commit 279aa11978f07494a3b665a619fa74c9d4b1485b
Author: Simon Rozman
Date: Mon Oct 8 11:45:59 2018 +0200
msvc: Unify Unicode/MultiByte string
Your patch has been applied to the master branch.
I have done a cursory stare-at code and it matches the grumblings given
on the way to dinner ("check not only for GCM but accept all save ciphers
using this API", IIRC). My current test rig is too old to do a full
client-server test easily, but
Acked-by: Gert Doering
"that was an easy one" :-) - as the message says: nothing of that
name appears anywhere else.
Your patch has been applied to the master branch.
commit 8475ef0aeea30889188c6e0fd93a8cf4c0eb215a
Author: Lev Stipakov
Date: Mon Oct 8 17:19:26 2018 +0300
crypto.h:
Your patch has been applied to the master branch.
(I assume that you and Lev know what you're doing there as I can't test
it, and reading too much XML makes my head hurt...)
As a side note, please do not forget to use "git commit -s" to add the
signed-off-by: line that we use in this project.
From: Lev Stipakov
This removes declaration of function which has no definition and usage.
Signed-off-by: Lev Stipakov
---
src/openvpn/crypto.h | 5 -
1 file changed, 5 deletions(-)
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index f4b3dca..263725d 100644
---
"The XML looks reasonable and it does not affect anything else" :-)
Your patch has been applied to the master branch.
commit 354dd0e04228b813a1753da0f38836198c09f68b
Author: Simon Rozman
Date: Mon Oct 8 12:03:23 2018 +0200
Reference msvc-generate from compat to assure correct build order
On Mon, Oct 8, 2018 at 6:42 AM Lev Stipakov wrote:
> Hi,
>
> Makes sense. Tested on VS2017.
>
> Acked-by: Lev Stipakov
>
> Since in MinGW/VS we only build openvpnserv with unicode I wonder if we
> should get rid of #if(n)def UNICODE ?
>
In fact the non-unicode build is its unlikely to work
Hi,
Congratulations! 518 left to go.
Acked-by: Simon Rozman
I believe MSVC warning level 3 is a bit too high for a code that was not
developed in MSVC or even with MSVC in mind. I lowered it to level 1, and about
8 of interesting warnings remained out of all the warning noise. Maybe we
Hi,
It would make the code cleaner, I agree.
Since in MinGW/VS we only build openvpnserv with unicode I wonder if we should
get rid of #if(n)def UNICODE ?
smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Acked-by: Lev Stipakov
ma 8. lokak. 2018 klo 13.05 Simon Rozman (si...@rozman.si) kirjoitti:
> Single-process builds start building compat project first and they fail,
> since the referenced config-msvc-version.h is not available yet. Multi-
> process rebuilds also tends to fail if the compat
Hi,
Looks good, removed lots of duplicates. Tested on VS2017.
Acked-by: Lev Stipakov
ma 8. lokak. 2018 klo 12.47 Simon Rozman (si...@rozman.si) kirjoitti:
> The Visual Studio 2017 project files were refactored by migrating all
> repeating common settings into three property sheets:
From: Lev Stipakov
This patch fixes "unused variable/unreferenced format parameter"
warnings in different places, kudos to Visual Studio compiler
for discoveing some of those.
Signed-off-by: Lev Stipakov
---
src/openvpn/forward.c | 2 +-
src/openvpn/init.c| 2 +-
src/openvpn/init.h|
Hi,
Makes sense. Tested on VS2017.
Acked-by: Lev Stipakov
Since in MinGW/VS we only build openvpnserv with unicode I wonder if we
should get rid of #if(n)def UNICODE ?
-Lev
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
Single-process builds start building compat project first and they fail,
since the referenced config-msvc-version.h is not available yet. Multi-
process rebuilds also tends to fail if the compat project is built
faster than msvc-generate is able to produce the required output files.
Adding a
The openvpnserv.vcxproj source code is Windows API Unicode compliant
with only Debug|x64 set to Unicode, while other cfg|plat pairs were set
to MultiByte.
---
src/openvpnserv/openvpnserv.vcxproj | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git
The Visual Studio 2017 project files were refactored by migrating all
repeating common settings into three property sheets: Debug.props,
Release.props and the existing PropertySheet.props.
This simplifies configuration management while providing uniformity
across projects, configurations and
Hi,
see below:
On 08/10/18 06:30, Steffan Karger wrote:
[CUT]
> diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
> index 0c39eccc..54ac1893 100644
> --- a/src/openvpn/crypto_mbedtls.c
> +++ b/src/openvpn/crypto_mbedtls.c
> @@ -140,26 +140,6 @@ const cipher_name_pair
Hi,
thanks for fixing the ifdef condition!
Tested again and it works as expected between two clients when disabling
NCP and setting CHACHA20-POLY1305 as cipher:
Mon Oct 8 17:11:36 2018 us=670345 127.0.0.1 Outgoing Data Channel:
Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
Mon Oct 8
44 matches
Mail list logo