Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

чт, 18 мая 2023 г. в 09:10, Илья Шипицин : > > > чт, 18 мая 2023 г. в 08:47, Gert Doering : > >> Hi, >> >> On Wed, May 17, 2023 at 04:43:01PM -0400, Kristof Provost wrote: >> > Fwiw: I usually don???t bother handling malloc failure in userspace, >> >

Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

чт, 18 мая 2023 г. в 08:47, Gert Doering : > Hi, > > On Wed, May 17, 2023 at 04:43:01PM -0400, Kristof Provost wrote: > > Fwiw: I usually don???t bother handling malloc failure in userspace, > > because modern systems all overallocate anyway, so the first thing > > you know about lack of memory

Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

ср, 17 мая 2023 г. в 23:04, Kristof Provost : > On 17 May 2023, at 16:58, Илья Шипицин wrote: > > ср, 17 мая 2023 г. в 22:43, Kristof Provost : > > > >> On 17 May 2023, at 16:01, Ilya Shipitsin wrote: > >>> malloc was not checked against NULL, I was able >

Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

ср, 17 мая 2023 г. в 22:47, Antonio Quartulli : > Hi, > > On 17/05/2023 22:01, Ilya Shipitsin wrote: > > malloc was not checked against NULL, I was able > > to get core dump in case of failure > > > > Signed-off-by: Ilya Shipitsin > > --- > > src/openvpn/dco_freebsd.c | 5 + > > 1 file

Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

ср, 17 мая 2023 г. в 22:43, Kristof Provost : > On 17 May 2023, at 16:01, Ilya Shipitsin wrote: > > malloc was not checked against NULL, I was able > > to get core dump in case of failure > > > > Signed-off-by: Ilya Shipitsin > > --- > > src/openvpn/dco_freebsd.c | 5 + > > 1 file changed,

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

вс, 15 янв. 2023 г. в 22:29, Gert Doering : > HI, > > On Sun, Jan 15, 2023 at 10:12:03PM +0600, ?? wrote: > > 1) distributing openssl dll for windows installer is illegal > > 2) distributing openssl/libressl with tunnelblick is illegal > > Neither, because we do have an

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

that means 1) distributing openssl dll for windows installer is illegal 2) distributing openssl/libressl with tunnelblick is illegal ? вс, 15 янв. 2023 г. в 22:09, Arne Schwabe : > Am 15.01.23 um 17:07 schrieb Илья Шипицин: > > just curious, is linking against LibreSSL allow

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

just curious, is linking against LibreSSL allowed ? os x Tunnelblick is shipped with both LibreSSL and OpenSSL builds, but neither of them is "system" lib as far as I know. вс, 15 янв. 2023 г. в 21:35, Arne Schwabe : > Am 15.01.23 um 16:22 schrieb James Bottomley: > > On Sun, 2023-01-15 at 15:22

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

вс, 15 янв. 2023 г. в 19:09, Arne Schwabe : > Am 15.01.23 um 13:52 schrieb Илья Шипицин: > > subject says "allow mbed TLS 3.x linking". > > is OpenSSL currently restrictive as well ? > > > > Yes that is what the subject says but OpenSSL 3 also uses Apache

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

subject says "allow mbed TLS 3.x linking". is OpenSSL currently restrictive as well ? вс, 15 янв. 2023 г. в 18:24, Arne Schwabe : > Am 15.01.23 um 13:21 schrieb Илья Шипицин: > > I am fine with dropping MBED TLS for good > > > > Please read the full mail. This also

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

I am fine with dropping MBED TLS for good On Sat, Jan 14, 2023, 11:30 PM Arne Schwabe wrote: > Hey, > > This is the first round and will be only to the openvpn-devel list. > After that I will also write to individuals email addresses but I want > to start with sending this to the devel list. >

Re: [Openvpn-devel] Multiple Openvpn servers using same port + Nginx

I apologise for suggesting unmaintaned project. сб, 1 окт. 2022 г. в 14:43, Daniel Lando : > Seems the project is unmaintained BTW. > > Any other suggestions? > > --- > > *Daniel* > > On 1 Oct 2022, at 06:07, Илья Шипицин wrote: > >  > there's brilliant pie

Re: [Openvpn-devel] Multiple Openvpn servers using same port + Nginx

there's brilliant piece of software: https://github.com/StreisandEffect/streisand among other ideas, there's openvpn port sharing. пт, 30 сент. 2022 г. в 20:22, Daniel Lando : > Hi everyone, > > As described in this > >

Re: [Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

I am fine with adding lib64 to 1.1.1 On Wed, Aug 24, 2022, 6:01 PM Arne Schwabe wrote: > Am 24.08.22 um 14:36 schrieb Илья Шипицин: > > It reverts 3.0 behaviour to 1.1.1 > > However --libdir is available for 1.1.1 as well > > I understand. What I am missing is *why* reverti

Re: [Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

It reverts 3.0 behaviour to 1.1.1 However --libdir is available for 1.1.1 as well On Wed, Aug 24, 2022, 5:27 PM Arne Schwabe wrote: > Am 24.08.22 um 13:26 schrieb Илья Шипицин: > > if this is not too late, can we add --libdir=mingw/opt/lib to keep > > cu

Re: [Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

if this is not too late, can we add --libdir=mingw/opt/lib to keep current behaviour ? + # OpenSSL 3.0.5 installs itself into mingw/opt/lib64 instead of + # mingw/opt/lib, so we include both dirs in the following steps + # (pkcs11-helper and OpenVPN) so the libraries will be found

Re: [Openvpn-devel] [PATCH] fix GitHub workflow working directories in MinGW builds

I recall that link " https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz; becomes broken as soon as new version is released. that is the way how openssl warns you to update. "old" links are immutable. пн, 25 апр. 2022 г. в 00:27, Marc Becker : > replace hardcoded directory names

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

: > Reply to both of them with the line (remove ">"): > > > Acked-by: Ilya Shipitsin > > if you think that you could ack both of those patches. > > ma 21. helmik. 2022 klo 13.17 Илья Шипицин (chipits...@gmail.com) > kirjoitti: > > > > Lev, I s

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Lev, I see two new messages in this thread. Please clarify what do you want me to do? пн, 21 февр. 2022 г. в 13:59, Lev Stipakov : > Let's start from the beginning. > > I'll start two new threads (master and 2.5) and Ilya could ack them. > > Ilya, to ack please reply on those threads with

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

There is ack from me earlier in this thread. Lev, I did all things you asked me to do. Please follow up. I do not catch what else left On Sun, Feb 20, 2022, 7:38 PM Gert Doering wrote: > Hi, > > On Sun, Feb 20, 2022 at 07:29:24PM +0500, ?? wrote: > > Lev, I'm lost here.

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Lev, I'm lost here. Can you please follow up? On Sun, Feb 20, 2022, 7:18 PM Gert Doering wrote: > Hi, > > On Sun, Feb 20, 2022 at 07:15:33PM +0500, ?? wrote: > > It is applied to master. > > The "adjust build options to harden binaries" has no ACK for master. > > This is

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

It is applied to master. git id: https://github.com/OpenVPN/openvpn/commit/9da733751ce80b2226ef19923365bd3102cfbd47 On Sun, Feb 20, 2022, 7:10 PM Gert Doering wrote: > Hi, > > On Sun, Feb 20, 2022 at 07:07:15PM +0500, ?? wrote: > > pdb patch > > Whatever that is... a

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

pdb patch On Sun, Feb 20, 2022, 7:04 PM Gert Doering wrote: > Hi, > > On Thu, Feb 17, 2022 at 01:55:35PM +0200, Lev Stipakov wrote: > > > can you please apply "pdb" patch to your branch ? > > > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 > > > > Done!

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Ack from me. чт, 17 февр. 2022 г. в 16:55, Lev Stipakov : > Hi, > > > can you please apply "pdb" patch to your branch ? > > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 > > Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > > > BinSkim uses pdb for

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

чт, 17 февр. 2022 г. в 13:53, Lev Stipakov : > Hi, > > Thanks for testing. > > > original patch does not apply > > Indeed it doesn't apply anymore since recent changes to vcxproj files. > I have rebased it. > > > minor build issues still there: test · chipitsine/openvpn@eeff765 ( > github.com) >

Re: [Openvpn-devel] [PATCH v2 release/2.5] msvc: adjust build options to harden binaries

I've missed that patch [Openvpn-devel] [PATCH v2 4/5] tapctl: Resolve MSVC C4996 warnings (mail-archive.com) I'll test updated patch soon. чт, 17 февр. 2022 г. в 14:03, Lev Stipakov : > From: Lev Stipakov > > -

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

ocus=true> also, I have a question on true, in your patch it is not applied to all configurations, but to few of them. is it on purpose ? ср, 9 февр. 2022 г. в 15:16, Илья Шипицин : > Sorry, I did not catch that you have been waiting for me. > I'll have a look in couple of days > > с

Re: [Openvpn-devel] [PATCH] Add warning about mbed TLS licensing problem

+Support for mbed TLS is likely to be removed in OpenVPN 2.17. 2.7 ? ср, 16 февр. 2022 г. в 19:13, Max Fillinger < maximilian.fillin...@foxcrypto.com>: > Signed-off-by: Max Fillinger > --- > README.mbedtls | 17 + > 1 file changed, 17 insertions(+) > > diff --git

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Sorry, I did not catch that you have been waiting for me. I'll have a look in couple of days ср, 9 февр. 2022 г. в 15:07, Lev Stipakov : > Hi Ilja, > > Is there any chance you could have a look at this patch? > > > pe 7. tammik. 2022 klo 16.54 Lev Stipakov (lstipa...@gmail.com) kirjoitti: > > >

Re: [Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation

For the record https://github.com/microsoft/binskim/issues/508 On Fri, Dec 31, 2021, 8:35 PM Илья Шипицин wrote: > CETCOMPAT is not supported for ARM. > Regarding other arch I do not have particular opinion, I'm fine with > either props or vcxproj approach > > On Fri, Dec 31, 20

Re: [Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation

nabled this via > Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files > got modified. > > 2) I think we could enable it for all binaries > (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release > configurations. > > -Lev > > ma 27. jouluk

Re: [Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation

gentle ping сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin : > found by BinSkim, more details: > > https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 > > Signed-off-by: Ilya Shipitsin > --- > src/compat/Debug.props | 10 ++ >

Re: [Openvpn-devel] [PATCH v2] BUILD: enable CFG and Spectre mitigation for MSVC

: > Since we're preparing the next 2.5 release, let's take this in. The > performance numbers, reported in different thread, look good. > > ma 27. syysk. 2021 klo 13.06 Илья Шипицин (chipits...@gmail.com) > kirjoitti: > > > > I'll setup test stand similar to this one >

Re: [Openvpn-devel] [PATCH v2] BUILD: enable CFG and Spectre mitigation for MSVC

I'll setup test stand similar to this one https://community.openvpn.net/openvpn/wiki/PerformanceTestingOpenVPN hopefully in next 1-2 weeks I also believe that spectre mitigation is neglectable, but it is good to have numbers пн, 27 сент. 2021 г. в 12:58, Lev Stipakov : > I didn't, but here > >

Re: [Openvpn-devel] [PATCH] BUILD: enable CFG and Spectre mitigation for MSVC

thanks, I'll recheck and will send v2 soon вт, 21 сент. 2021 г. в 16:49, Lev Stipakov : > Hi, > > Sorry for the delay. > > I got "command line error D8016: '/ZI' and '/guard:cf' command-line > options are incompatible" errors for Debug configuration, > Release works fine. Looks like "Debug

Re: [Openvpn-devel] [PATCH] CI: github actions: keep "pdb" in artifacts

Sorry, I missed "signed off by". Please add during commit On Thu, Aug 26, 2021, 3:20 PM Lev Stipakov wrote: > Patch is missing SOB line, but I guess this can be fixed by the > committer, if needed? > > Checked https://github.com/chipitsine/openvpn/actions/runs/1108264158 > so that PDBs are

Re: [Openvpn-devel] is this expected when using "--dev null" ?

I tried 2.4.7: Sat Jun 26 07:36:39 2021 /sbin/ip link set dev null up mtu 1500 Cannot find device "null" Sat Jun 26 07:36:39 2021 Linux ip link set failed: external program exited with error status: 1 сб, 26 июн. 2021 г. в 12:34, Илья Шипицин : > Hello, > > I'm using

[Openvpn-devel] is this expected when using "--dev null" ?

Hello, I'm using "null" for testing (to avoid modifiyng routes and interfaces). current master tells me 2021-06-26 07:27:03 net_iface_mtu_set: rtnl: cannot get ifindex for null: No such device (errno=19) 2021-06-26 07:27:03 Linux can't set mtu (1500) on null 2021-06-26 07:27:03 Exiting due to

Re: [Openvpn-devel] [PATCH] Add github actions

вт, 8 июн. 2021 г. в 20:26, Arne Schwabe : > dummy0 gives strange errors on the Ubuntu 16 runner on github actions > because > dummy already exist, so use a more unique ovpn-dummy0 name instead. > > Github actions are a good alternative to travis-ci, which futrure is > questionable > at the

Re: [Openvpn-devel] [PATCH applied] Re: build: Remove compat-lz4

this probably will break windows cross compile (it uses lz4 bundle). Samuli, can you please keep any eye on it (new test installer maybe) ? чт, 18 мар. 2021 г. в 12:45, Gert Doering : > Acked-by: Gert Doering > > I have tested compilation "with default options" on FreeBSD with lz4 > (works),

Re: [Openvpn-devel] using openssl feature wherever possible

we may keep combo. both #ifdef EVP_PKEY_TLS1_PRF and comment related to supported openssl versions (to drop support if we decide) вт, 9 мар. 2021 г. в 17:56, Gert Doering : > Hi, > > On Tue, Mar 09, 2021 at 05:52:12PM +0500, ?? wrote: > > > On Tue, Mar 09, 2021 at 04:54:13PM

Re: [Openvpn-devel] using openssl feature wherever possible

вт, 9 мар. 2021 г. в 17:47, Gert Doering : > Hi, > > On Tue, Mar 09, 2021 at 04:54:13PM +0500, ?? wrote: > > if nobody minds, I can send several patches that eliminates comparison of > > OPENSSL_VERSION, for example > > We do mind. They are coded this way on purpose - so

[Openvpn-devel] using openssl feature wherever possible

Hello, if nobody minds, I can send several patches that eliminates comparison of OPENSSL_VERSION, for example diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 49698e4b..316cca6f 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -51,7

[Openvpn-devel] new coverity release

Hello, how are coverity builds scheduled ? shouldn't we start new one ? https://community.synopsys.com/s/question/0D52H5NeWJfSAN/announcement-upcoming-coverity-scan-upgrade-to-coverity-202009-release Ilya ___ Openvpn-devel mailing list

Re: [Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

ср, 13 янв. 2021 г. в 22:01, Jan Just Keijser : > Hi, > > On 13/01/21 17:20, Илья Шипицин wrote: > > Hello, > > > > if user save password, it might be stolen from well known location > > (there are popular password stealers). > > > > in t

[Openvpn-devel] is it possible to store saved password in tpm instead of registry ?

Hello, if user save password, it might be stolen from well known location (there are popular password stealers). in theory, is it possible to keep password in tpm ? will it prevent password from being stolen ? Ilya ___ Openvpn-devel mailing list

Re: [Openvpn-devel] Travis-ci is changing billing

we can move to Github Actions. or to Azure Pipelines both support amd64 linux / osx / windows, very versatile setup. unfortunately, no support for s390, arm64, ppc64le (unless own build agents attached) чт, 24 дек. 2020 г. в 06:42, tincanteksup : > > > On 23/12/2020 18:03, Илья Шипи

Re: [Openvpn-devel] Travis-ci is changing billing

On Wed, Dec 23, 2020, 10:42 PM Gert Doering wrote: > Hi, > > On Wed, Dec 23, 2020 at 04:06:26PM +, tincanteksup wrote: > > This may help shed some light: > > > > https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing > > I'm more confused than before. So is what we do still free? Do

[Openvpn-devel] Travis-ci is changing billing

https://news.ycombinator.com/item?id=25338983 Actually, not many choices, either to drop Travis or to pay for it. Ilya ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] wanted: mechanism to send text messages to client

пн, 21 дек. 2020 г. в 23:26, Greg Cox : > On Mon, Dec 21, 2020 at 7:57 AM Илья Шипицин wrote: > >> that's interesting point. >> being dependent on whether users logs or not does not look very good. >> > > We only go to their logs when they come to us with issues.

Re: [Openvpn-devel] wanted: mechanism to send text messages to client

пн, 21 дек. 2020 г. в 03:37, Greg Cox : > tl;dr - anything that lets me selectively put a message in front of my > users is great. Yes please. > > > The number one problem my users come across is expired certs. Nobody > reads logs until they're forced to. > that's interesting point. being

Re: [Openvpn-devel] [PATCH] compat/lz4: Update to v1.9.2

пт, 2 окт. 2020 г. в 13:51, Arne Schwabe : > Am 01.10.20 um 17:46 schrieb David Sommerseth: > > It's a long while since the bundled lz4 library has received an update. > > It pulls in a lot of various fixes and enhancements, some of the changes > > fixes compiler warnings and hardens the code a

Re: [Openvpn-devel] New man-section pages format

I thought of using autogen. No time yet On Fri, Sep 4, 2020, 4:23 PM tincanteksup wrote: > Hi, > > this is just something to chew-over.. > > See: > > https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/generic-options.rst > > I noticed that generally the option names, eg:

Re: [Openvpn-devel] MSI Installer: Add .ovpn file

Hello, we used to put *.ovpn files on special dedicated website (some guide + installer downloads + ovpn). works as charm чт, 30 июл. 2020 г. в 13:37, Robert Grätz : > Hello, > > I am very happy that 2.5 will be hopefully soon released. > > I want to integrate my config file inside the msi

Re: [Openvpn-devel] Summary of the community meeting (24th June 2020)

there's quite an interesting patchset https://patchwork.openvpn.net/project/openvpn2/list/?series=230 is it scheduled for 2.5 release ? or I've missed something and all patches are scheduled for 2.5 ? ср, 24 июн. 2020 г. в 16:11, Samuli Seppänen : > Hi, > > Here's the summary of the IRC

Re: [Openvpn-devel] [PATCH applied] Re: Add unit tests for engine keys

ср, 24 июн. 2020 г. в 00:37, Gert Doering : > Hi, > > On Tue, Jun 23, 2020 at 12:32:42PM -0700, James Bottomley wrote: > > > James, are you triggering on specific openvpn messages? "--enable- > > > small" > > > changes these (trimming some warnings and help texts). Can you test > > > with > > >

Re: [Openvpn-devel] [PATCH applied] Re: Add unit tests for engine keys

вт, 23 июн. 2020 г. в 23:17, James Bottomley < james.bottom...@hansenpartnership.com>: > On Tue, 2020-06-23 at 21:43 +0500, Илья Шипицин wrote: > > as far as I understand, openssl-1.0.2 does not support engines ? > > No, it does. Engines were a pre 0.9.8 thing. I support o

Re: [Openvpn-devel] [PATCH applied] Re: Add unit tests for engine keys

as far as I understand, openssl-1.0.2 does not support engines ? вт, 23 июн. 2020 г. в 21:42, Илья Шипицин : > apparently, it fails for some build on travis > https://travis-ci.org/github/OpenVPN/openvpn/jobs/701158156 > > вт, 23 июн. 2020 г. в 18:07, James Bottomley <

Re: [Openvpn-devel] [PATCH applied] Re: Add unit tests for engine keys

apparently, it fails for some build on travis https://travis-ci.org/github/OpenVPN/openvpn/jobs/701158156 вт, 23 июн. 2020 г. в 18:07, James Bottomley < james.bottom...@hansenpartnership.com>: > On Tue, 2020-06-23 at 09:21 +0200, Gert Doering wrote: > > Hi, > > > > On Tue, Jun 23, 2020 at

Re: [Openvpn-devel] [PATCH v6 2/3] crypto_openssl: add initialization to pick up local configuration

пн, 8 июн. 2020 г. в 15:06, Arne Schwabe : > > > > > Sorry about that. Best guess is it's missing an include for > > openssl/conf.h. You don't need that today because pretty much every > > other openssl header includes it, but that may not always have been so. > > > > Does the below patch fix

Re: [Openvpn-devel] is anybody running tests on Fedora ?

пн, 4 мая 2020 г. в 16:41, Samuli Seppänen : > Hi, > > We do have a Fedora 30 buildslave and run fping tests there. It also > seems to run t_client IPv6 ping tests. > can you please run the following dnf whatprovides fping6 ? > > Samuli > > Il 03/05/20 23:

[Openvpn-devel] is anybody running tests on Fedora ?

Hello, t_client.sh requires "fping6" binary, which is not available on Fedora. on Fedora "fping" is capable of running ipv6 pings. shall we adopt test ? Cheers, Ilya Shipitcin ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net

Re: [Openvpn-devel] Possible memory alignment Problem in 2.4 ?

вт, 24 мар. 2020 г. в 22:19, Michael Kress : > Am Tue, 24 Mar 2020 11:21:56 +0100 > schrieb Arne Schwabe : > > > Am 23.03.20 um 17:11 schrieb Michael Kress: > > > Hello list, > > > > > > There seems to be some kind of alignment problem in OpenVPN 2.4 > > > versions on ARMv4 based machines (32

Re: [Openvpn-devel] [PATCH v3] travis-ci: add arm64, s390x builds.

sometimes, arm64 build fails https://travis-ci.org/github/OpenVPN/openvpn/jobs/666389482?utm_medium=notification_source=github_status if that will become often, we will mark it as "allowed failures" thanks to everyone, we have cmocka tests back! вт, 24 мар. 2020 г. в 14:04, Ил

Re: [Openvpn-devel] [PATCH v3] travis-ci: add arm64, s390x builds.

I guess nobody yet reported that issue. Maybe, I'll report. вт, 24 мар. 2020 г. в 14:03, Lev Stipakov : > Yes, I agree that with name is looks much better. > > I wonder why displaying arch requires you to be logged in. > ___ Openvpn-devel mailing list

Re: [Openvpn-devel] Possible memory alignment Problem in 2.4 ?

thank you for wonderful investigation. however, are there reasons for using lzo ? it consumes too much cpu (comparing to lz4). also, it highly depends on traffic itself, many application already compress their bytes themselves. if you are stick to lzo, because it is propagated to all configs,

Re: [Openvpn-devel] [PATCH v3] travis-ci: add arm64, s390x builds.

sorry, I sent it twice. the last one is good, please ignore previous "v2" I've managed to resolve "travis_wait" issue. it was non trivial output redirection issue. the rest is just fine. patch itself is important it re-enables cmocka tests in travis (they are not running now, after cmocka git

Re: [Openvpn-devel] [PATCH] Fix float comparisons of OPENVPN_VERSION_NUMBER

чт, 20 февр. 2020 г. в 13:44, Arne Schwabe : > Am 20.02.20 um 09:38 schrieb Arne Schwabe: > > These checks are probably the result of copying a > > check from the LibreSSL and modifying it to be > > a OpenSSL check. For some arcane reason LibreSSL decided > > that its version number should be a

Re: [Openvpn-devel] [PATCH v4 2/2] Add unit tests for engine keys

сб, 15 февр. 2020 г. в 19:59, James Bottomley < james.bottom...@hansenpartnership.com>: > On Fri, 2020-02-14 at 18:33 +0500, Илья Шипицин wrote: > > пт, 14 февр. 2020 г. в 18:05, James Bottomley < > > james.bottom...@hansenpartnership.com>: > > > > &g

Re: [Openvpn-devel] [PATCH v4 2/2] Add unit tests for engine keys

пт, 14 февр. 2020 г. в 18:05, James Bottomley < james.bottom...@hansenpartnership.com>: > On Thu, 2020-02-13 at 19:18 +0100, Arne Schwabe wrote: > > Am 10.02.18 um 23:50 schrieb James Bottomley: > > > Testing engines is problematic, so one of the prerequisites built > > > for the tests is a

Re: [Openvpn-devel] [PATCH v2] travis-ci: add arm64, s390x builds.

пн, 3 февр. 2020 г. в 14:51, Steffan Karger : > On 03-02-2020 09:04, Илья Шипицин wrote: > > also, ARM64 builds are flaky. maybe we should add them as allow_failures. > > What is flaky about the ARM64 builds? Is it our build? Is it the travis > infra? > in travis-ci term

Re: [Openvpn-devel] [PATCH v2] travis-ci: add arm64, s390x builds.

also, ARM64 builds are flaky. maybe we should add them as allow_failures. пн, 3 февр. 2020 г. в 12:49, Илья Шипицин : > https://travis-ci.org/chipitsine/openvpn/jobs/645173717#L62 > > I expected it to be 30 minutes wait. > > пн, 3 февр. 2020 г. в 12:48, Илья Шипицин : > >>

Re: [Openvpn-devel] [PATCH v2] travis-ci: add arm64, s390x builds.

https://travis-ci.org/chipitsine/openvpn/jobs/645173717#L62 I expected it to be 30 minutes wait. пн, 3 февр. 2020 г. в 12:48, Илья Шипицин : > > > пн, 3 февр. 2020 г. в 12:40, Lev Stipakov : > >> Hi, >> >> Could you provide a link to a travis build with your ch

Re: [Openvpn-devel] [PATCH v2] travis-ci: add arm64, s390x builds.

пн, 3 февр. 2020 г. в 12:40, Lev Stipakov : > Hi, > > Could you provide a link to a travis build with your changes? > https://travis-ci.org/chipitsine/openvpn/builds/645173716 there's at least issue regarding "travis_wait 30", as I can see, windows builds waits for 10 minutes. I'll fix it in

[Openvpn-devel] linux arm64 tests fail

Hello, https://travis-ci.org/chipitsine/openvpn/jobs/644745481?utm_medium=notification_source=github_status it indicates "ERROR" when running tests, however tests are ok after all. [ RUN ] tls_crypt_v2_wrap_too_long_metadata ERROR: could not crypt: insufficient space in dst [ OK ]

Re: [Openvpn-devel] [PATCH] Fix ACL_CHECK_ADD_COMPILE_FLAGS to work with clang

Thank you for your efforts. As you are touching this, can you try "dist: bionic" ? It might bring newer compilers On Thu, Nov 14, 2019, 8:41 PM wrote: > From: Selva Nair > > Some compilers (e.g., clang) only issue a warning for > unsupported options unless additional flags such > as -Werror

Re: [Openvpn-devel] using arm64 on travis ?

пт, 8 нояб. 2019 г. в 14:02, Gert Doering : > Hi, > > On Fri, Nov 08, 2019 at 12:39:00PM +0500, ?? wrote: > > https://docs.travis-ci.com/user/multi-cpu-architectures > > > > we can switch some builds to arm64. any suggestions ? > > Sounds good. Right now we only have i386

[Openvpn-devel] using arm64 on travis ?

hello, https://docs.travis-ci.com/user/multi-cpu-architectures we can switch some builds to arm64. any suggestions ? Cheers, Ilya Shipitsin ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net

Re: [Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files to VS2019

чт, 7 нояб. 2019 г. в 22:49, Lev Stipakov : > From: Lev Stipakov > > Signed-off-by: Lev Stipakov > --- > src/compat/compat.vcxproj | 12 ++-- > src/openvpn/openvpn.vcxproj | 12 ++-- > src/openvpnmsica/openvpnmsica.vcxproj | 14 +++--- >

Re: [Openvpn-devel] [PATCH] msvc: OpenSSL 1.1.0 support

it sounds strange (it does not make a lot of sense), but we can build openssl without TLS1.3 support чт, 17 окт. 2019 г. в 19:27, Selva Nair : > On Thu, Oct 17, 2019 at 8:11 AM Lev Stipakov wrote: > > > > Hi François, > > > > François Kooman kirjoitti 17.10.2019 klo 13.39: > > > > > "Version

Re: [Openvpn-devel] [PATCH applied] Re: travis-ci: fix osx builds

вт, 2 июл. 2019 г. в 12:11, Gert Doering : > Hi, > > On Tue, Jul 02, 2019 at 12:09:48PM +0500, ?? wrote: > > , 2 ??. 2019 ??. ?? 12:07, Gert Doering : > > > > > Acked-by: Gert Doering > > > > > > (I have no idea what this does, specifically, but it is not a code > >

Re: [Openvpn-devel] [PATCH applied] Re: travis-ci: fix osx builds

вт, 2 июл. 2019 г. в 12:07, Gert Doering : > Acked-by: Gert Doering > > (I have no idea what this does, specifically, but it is not a code > change and if it fixes our Travis builds, I'm happy - and the explanation > given says "it will fix things") > > Your patch has been applied to the master

Re: [Openvpn-devel] [bui...@travis-ci.org: Still Failing: OpenVPN/openvpn#874 (master - 7473f32)]

Documentation lacks. The reason of failure is caching homebrew. It is not common practice, we should either drop cache or enforce update On Sun, Jun 30, 2019, 12:46 PM Gert Doering wrote: > Hi, > > On Sun, Jun 30, 2019 at 02:53:18AM +0500, ?? wrote: > > I submitted a fix >

Re: [Openvpn-devel] [bui...@travis-ci.org: Still Failing: OpenVPN/openvpn#874 (master - 7473f32)]

I submitted a fix https://patchwork.openvpn.net/project/openvpn2/list/?series=506 пн, 24 июн. 2019 г. в 11:17, Илья Шипицин : > Thank you for the investigation, Gert. > I'll have a look soon > > On Sun, Jun 23, 2019, 11:55 PM Gert Doering wrote: > >> Hi, >> >>

Re: [Openvpn-devel] [PATCH] Insert client connection data into PAM environment

Do not pay attention to osx. I will fix it soon On Fri, Jun 28, 2019, 4:29 PM Paolo wrote: > Hi, > > after rebasing my fork on current master, the are no conflicts with > current source code. Travis error on osx are not releated to my code, > they are errors about configuration peace not

Re: [Openvpn-devel] how to migrate users to "no compression" config

пт, 28 июн. 2019 г. в 12:49, Gert Doering : > Hi, > > On Fri, Jun 28, 2019 at 12:14:40PM +0500, ?? wrote: > > by "high level" compression doc I mean something like that > > > > a) road warrior scenario (remote access for enterprise users) - should we > > enable compression ?

Re: [Openvpn-devel] how to migrate users to "no compression" config

by "high level" compression doc I mean something like that a) road warrior scenario (remote access for enterprise users) - should we enable compression ? or traffic usually is compressed ? RDP is compressed ? any way to estimate compression (like $gzip_ratio in nginx) b) lz4, lzo, ... which one

Re: [Openvpn-devel] how to migrate users to "no compression" config

Should we add some high level documentation on compression? On Wed, Jun 26, 2019, 5:05 PM Arne Schwabe wrote: > Am 26.06.19 um 08:35 schrieb Gert Doering: > > Hi, > > > > On Wed, Jun 26, 2019 at 01:48:34AM +0500, ?? wrote: > >> 2) use push "compress empty" (if there's such

[Openvpn-devel] how to migrate users to "no compression" config

Hello, for example, let us imagine we provisioned a lot of users with config files containing "comp-lzo" and we want to migrate them to server without compression. I see two options 1) set up new server (actually, new udp/tcp ports on the same server) and send new config to users 2) use push

Re: [Openvpn-devel] Summary of the community meeting (20th June 2019)

пн, 24 июн. 2019 г. в 23:14, Samuli Seppänen : > Hi, > > Il 24/06/19 14:33, Samuli Seppänen ha scritto: > > Hi Simon, > > > > Thanks for the info again! > > > > Il 21/06/19 18:59, Simon Rozman ha scritto: > >> (21:04:58) mattock: assuming Microsoft's systems are happy with the > test submission

Re: [Openvpn-devel] [bui...@travis-ci.org: Still Failing: OpenVPN/openvpn#874 (master - 7473f32)]

Thank you for the investigation, Gert. I'll have a look soon On Sun, Jun 23, 2019, 11:55 PM Gert Doering wrote: > Hi, > > travis CI builds for MacOS fail (and have failed for quite some time, > it seems) because LZO is not installed as pre-requisite - the configure > run in the log below ends

Re: [Openvpn-devel] state of sitnl patchset ?

пн, 10 июн. 2019 г. в 02:11, Gert Doering : > Hi, > > On Mon, Jun 10, 2019 at 02:06:47AM +0500, ?? wrote: > > > On Mon, Jun 10, 2019 at 12:05:52AM +0500, ?? > wrote: > > > > https://patchwork.openvpn.net/project/openvpn2/list/?series=428 says > > > "new"

Re: [Openvpn-devel] state of sitnl patchset ?

пн, 10 июн. 2019 г. в 01:37, Gert Doering : > Hi, > > On Mon, Jun 10, 2019 at 12:05:52AM +0500, ?? wrote: > > https://patchwork.openvpn.net/project/openvpn2/list/?series=428 says > "new" > > however, I see patchset is applied (and travis-ci is somewhat broken) > > > > are all

[Openvpn-devel] state of sitnl patchset ?

Hello, https://patchwork.openvpn.net/project/openvpn2/list/?series=428 says "new" however, I see patchset is applied (and travis-ci is somewhat broken) are all paches applied already ? cheers, Ilya Shipitsin ___ Openvpn-devel mailing list

Re: [Openvpn-devel] Wintun performance results

it will most probably get lost in mailing list. can we add it to https://openvpn.net website ? something like "performance testing" with full configs provided ? ср, 15 мая 2019 г. в 18:49, Lev Stipakov : > Hi guys, > > I made openvpn3 (required changes will be incorporated into main branch at >

Re: [Openvpn-devel] cirrus-ci: freebsd builds ?

ср, 17 апр. 2019 г. в 14:45, Steffan Karger : > On Thu, 11 Apr 2019 at 00:54, Илья Шипицин wrote: > > 1) error when built with mbedtls-2.16.0 (surprizingly, build does not > fail) > > > > [ OK ] tls_crypt_v2_wrap_unwrap_no_metadata > > [ RUN ] tls_cry

Re: [Openvpn-devel] cirrus-ci: freebsd builds ?

ср, 17 апр. 2019 г. в 14:45, Steffan Karger : > On Thu, 11 Apr 2019 at 00:54, Илья Шипицин wrote: > > 1) error when built with mbedtls-2.16.0 (surprizingly, build does not > fail) > > > > [ OK ] tls_crypt_v2_wrap_unwrap_no_metadata > > [ RUN ] tls_cry

Re: [Openvpn-devel] cirrus-ci: freebsd builds ?

Testing tls-crypt-v2 key generation (max length metadata)/t_lpback.sh: base64: not found OK PASS: t_lpback.sh ср, 10 апр. 2019 г. в 23:44, Илья Шипицин : > hello, > > I have implemented cirrus-ci support (with freebsd fix), > please have a look > > https://github.com/Open

[Openvpn-devel] cirrus-ci: freebsd builds ?

hello, I have implemented cirrus-ci support (with freebsd fix), please have a look https://github.com/OpenVPN/openvpn/pull/125 builds: https://cirrus-ci.com/task/6511771119517696 https://cirrus-ci.com/task/5385871212675072 thoughts ? suggestions ?

[Openvpn-devel] missing cover letter for "modernize travis-ci" patchset

Hello, somehow cover letter was lost for no reason (it was delivered during test git send-email). the rationale behind switching to xenial is trusty EOL coming on 30 Apr 2019. also, it is good time to refresh few more things like building on new arch "linux-ppc64le" and simplify osx brew

  1   2   3   4   5   >