[Openvpn-devel] [PATCH applied] Re: Remove unused function cipher_var_key_size

Acked-by: Gert Doering Easy enough. Your patch has been applied to the master branch. commit 9cfe02039f00ea1ff026967497695d4cc35b1706 Author: Arne Schwabe Date: Thu Feb 17 19:19:43 2022 +0100 Remove unused function cipher_var_key_size Acked-by: Gert Doering Message-Id:

[Openvpn-devel] [PATCH v3] Fix OpenVPN querying user/password if auth-token with user expires

The problematic behaviour happens when start a profile without auth-user-pass and connect to a server that pushes auth-token When the auth token expires OpenVPN asks for auth User and password again. The problem is that the auth_user_pass_setup sets auth_user_pass_enabled = true; This function is

[Openvpn-devel] [PATCH] Remove unused function cipher_var_key_size

This function has been accidentially not been deleted during the removal of last bits of variable key size. --- src/openvpn/crypto_openssl.c | 9 - 1 file changed, 9 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 8bc41792..1c99db0f 100644 ---

[Openvpn-devel] [PATCH v3] crypto: unify key_type creation code

At the moment we have tls_crypt_kt() and auth_token_kt that basically do the same thing, but with different algorithms used to initialise the structure. In order to avoid code duplication and copy/paste errors, unify code and make it parametric, so that it can be re-used in various places.

Re: [Openvpn-devel] [PATCH v2] crypto: unify key_type creation code

Hi, On Thu, Feb 17, 2022 at 03:32:41PM +0100, Antonio Quartulli wrote: > At the moment we have tls_crypt_kt() and auth_token_kt that basically do > the same thing, but with different algorithms used to inizialise the > structure. > > In order to avoid code duplication and copy/paste errors,

Re: [Openvpn-devel] [PATCH v2] crypto: unify key_type creation code

Am 17.02.22 um 15:32 schrieb Antonio Quartulli: At the moment we have tls_crypt_kt() and auth_token_kt that basically do the same thing, but with different algorithms used to inizialise the structure. Should be initialise or initialize depending on your dialect. In order to avoid code

[Openvpn-devel] [PATCH applied] Re: Add warning about mbed TLS licensing problem

Acked-by: Gert Doering "Raising awareness", without putting in any hard dates / versions. Your patch has been applied to the master branch. commit 110eee0288cff0720952a2cf16c4fb191d0bd616 Author: Max Fillinger Date: Thu Feb 17 15:27:56 2022 +0100 Add warning about mbed TLS licensing

[Openvpn-devel] [PATCH applied] Re: vcpkg: link lzo statically

Acked-by: Gert Doering That came out of the "shouldn't we simplify our build scripts to make lz4 dynamic"... turns out that dynamic libs used by a single binary only are particulary inefficient here. Thus, going the other way :) I have not tested this, just looked at it, and it looks

[Openvpn-devel] [PATCH v2] crypto: unify key_type creation code

At the moment we have tls_crypt_kt() and auth_token_kt that basically do the same thing, but with different algorithms used to inizialise the structure. In order to avoid code duplication and copy/paste errors, unify code and make it parametric, so that it can be re-used in various places.

[Openvpn-devel] [PATCH v3] Add warning about mbed TLS licensing problem

Signed-off-by: Max Fillinger --- README.mbedtls | 18 ++ 1 file changed, 18 insertions(+) diff --git a/README.mbedtls b/README.mbedtls index 4875822d..d3466fa9 100644 --- a/README.mbedtls +++ b/README.mbedtls @@ -11,6 +11,24 @@ This version depends on mbed TLS 2.0 (and requires

[Openvpn-devel] [PATCH] crypto: unify key_type creation code

At the moment we have tls_crypt_kt() and auth_token_kt that basically do the same thing, but with different algorithms used to inizialise the structure. In order to avoid code duplication and copy/paste errors, unify code and make it parametric, so that it can be re-used in various places.

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Ack from me. чт, 17 февр. 2022 г. в 16:55, Lev Stipakov : > Hi, > > > can you please apply "pdb" patch to your branch ? > > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 > > Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > > > BinSkim uses pdb for

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Hi, > can you please apply "pdb" patch to your branch ? > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > BinSkim uses pdb for analysis. > > probably, it makes sense to apply this patch to release/2.5

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

чт, 17 февр. 2022 г. в 13:53, Lev Stipakov : > Hi, > > Thanks for testing. > > > original patch does not apply > > Indeed it doesn't apply anymore since recent changes to vcxproj files. > I have rebased it. > > > minor build issues still there: test · chipitsine/openvpn@eeff765 ( > github.com) >

Re: [Openvpn-devel] [PATCH v2 release/2.5] msvc: adjust build options to harden binaries

I've missed that patch [Openvpn-devel] [PATCH v2 4/5] tapctl: Resolve MSVC C4996 warnings (mail-archive.com) I'll test updated patch soon. чт, 17 февр. 2022 г. в 14:03, Lev Stipakov : > From: Lev Stipakov > > -

[Openvpn-devel] [PATCH v2] msvc: adjust build options to harden binaries

From: Lev Stipakov - enable hardware-enforced stack protection on compatible hardware/software (/CETCOMPAT linker option) - hash object files with SHA256 (/ZH:SHA_256 compiler option) - enable SDL. The required to add _CRT_NONSTDC_NO_DEPRECATE _CRT_SECURE_NO_WARNINGS

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Hi, Thanks for testing. > original patch does not apply Indeed it doesn't apply anymore since recent changes to vcxproj files. I have rebased it. > minor build issues still there: test · chipitsine/openvpn@eeff765 (github.com) Those are likely because this was not applied

[Openvpn-devel] DCO for FreeBSD

Hi, I’m working on adding OpenVPN DCO support on FreeBSD (primarily for use in pfSense). I have a few questions, mostly around what’s planned for DCO in OpenVPN 2. I’m currently working based on https://github.com/schwabe/openvpn.git but intend to rebase to