On 19/10/18 17:56, David Sommerseth wrote:
> From: Heiko Hund
>
> With the private gc_arena we do not have to allocate the strings
> found during parsing again, since we know the arena they are
> allocated in is valid as long as the argv vector is.
>
> Signed-off-by: Hei
On 19/10/18 17:56, David Sommerseth wrote:
> From: Heiko Hund
>
> Prevent the re-allocations of memory when the internal argv grows
> beyond 2 and 4 arguments by initially allocating argv to hold up to
> 7 (+ trailing NULL) pointers.
>
> While at it rename argv_reset to
On 19/10/18 17:56, David Sommerseth wrote:
> From: Heiko Hund
>
> The previous implementation had the problem that it was not fully
> compatible with printf() and could only detect % format directives
> following a space character (0x20).
>
> It modifies the format str
Added doxygen comments for all the functions in argv.c.
There are some slight refactoring, renaming a few variables to make
their use case more obvious and ensure lines do not break our 80-chars
per line coding style limit.
Signed-off-by: David Sommerseth
---
src/openvpn/argv.c | 246
From: Heiko Hund
With the private gc_arena we do not have to allocate the strings
found during parsing again, since we know the arena they are
allocated in is valid as long as the argv vector is.
Signed-off-by: Heiko Hund
---
src/openvpn/argv.c | 44
on the coding
style.
--
kind regards,
David Sommerseth
OpenVPN Inc
David Sommerseth (1):
Documented all the argv related code with minor refactoring
Heiko Hund (3):
re-implement argv_printf_*()
argv: do fewer memory re-allocations
Add gc_arena to struct argv to save allocations
src
From: Heiko Hund
Prevent the re-allocations of memory when the internal argv grows
beyond 2 and 4 arguments by initially allocating argv to hold up to
7 (+ trailing NULL) pointers.
While at it rename argv_reset to argv_free to actually express
what's going on. Redo the argv_reset functionality
t actually is
the ASCII "group separator" control character, which fits its
purpose).
This commit has been updated by David Sommerseth based on his feedback
on the mailing list discussions earlier on.
Signed-off-by: Heiko Hund
Signed-off-by: David Sommerseth
---
src/openvpn/argv.c
at this yesterday, but since the contributor was
a new person and changing details in code paths I'm not that deep into, I
wanted to have a much closer look before applying it - luckily I didn't have
enough brainpower yesterday to dive into this one. And since you had ACKed
it, I considered it g
TLS external key with non RSA certificates
Signed-off-by: Arne Schwabe
Acked-by: Steffan Karger
Message-Id: <20181008214123.10819-1-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17671.html
Signed-off-by: David Somm
David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJbxkvkAAoJEIbPlEyWcf3yQyQP/0ma0zLPpOiURA7rOYR5oMqz
eYAAxghzyxQh+8q8nZl6UDddVjZ5g1yYydeNGV2ZenRZFMXvVFT8DfEakj028piU
48OtrZp//e/oGYCbvFcET5LUYmZ4gs/3fr
-devel@lists.sourceforge.net/msg16105.html
Signed-off-by: David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJbxkuoAAoJEIbPlEyWcf3ypgoQAIpeS0Ick75HV61SgxyM5PCb
v3EbcoHCV+ihWKVRg+Q4RhkPz7VTzoMVfPJEj0seZ4RFOJni8XLZLSb62M
g17701.html
Signed-off-by: David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJbxktfAAoJEIbPlEyWcf3yfxAQAJz1fbqVuJ7paqYuj8Fk6smD
HBQ8AcmF08AOt6yN9uWRtYH+558mBYmnv7DxNigJb2InMbmF7stJoLMmJi
6560b4
had brought in. So that shouldn't really be the cause of this error.
And for reference:
$ rpm -q cmake
cmake-2.8.12.2-2.el7.x86_64
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel
function only available in OpenSSL 1.1.1 and newer? Or am I
missing a fine detail here?
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
upportedVersions
Just clarifying this. We will drop OpenSSL 1.0.1 support in favour of OpenSSL
1.0.2 for OpenVPN 2.5 (now, git master). For OpenVPN 2.4, we will keep
OpenSSL 1.0.1 support.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: Open
: Lately you've often forgotten to add -s to git commit. Please double
check your patches in this regard.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net
console_systemd.c: In function ‘get_console_input_systemd’:
console_systemd.c:75:5: warning: implicit declaration of function
‘openvpn_popen’ [-Wimplicit-function-declaration]
if ((std_out = openvpn_popen(, NULL)) < 0)
Signed-off-by: David Sommerseth
---
src/openvpn/console_systemd.c
This fixes this compile warning:
platform.c: In function ‘platform_create_temp_file’:
platform.c:355:31: warning: implicit declaration of function ‘get_random’
[-Wimplicit-function-declaration]
prefix, (unsigned long) get_random(),
Signed-off-by: David
ng BOOL.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
le.
But ... are you saying Windows C compilers we use/support does not support
stdbool.h? Even with -std=c99?
I would prefer we switch over to using standard types instead of our own
"workaround" solutions wherever possible.
--
kind regards,
David Sommerseth
OpenVPN Inc
signa
served both via GitHub and an openvpn.net
domain is just duplication and a seed of confusion; especially if these files
then begins to differ for various reasons.
So, no, we will not change this.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.a
ey do on the official web pages:
<https://tls.mbed.org/>
Seems pretty consistent there.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourc
ould have interpreted this as the local side where this warning
occurs. So this could be clearer.
I also think this should be mentioned in the man page as well.
And a little nitpick ... the version reference should be either "OpenVPN
2.3.6" or "v2.3.6", as discussed here:
&l
xx"
Sorry for pestering about this, but good commit messages can really be time
savers in the future.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-dev
we don't have packages for Ubuntu 18.04 yet. So using the
> packaging files from Ubuntu's repositories makes perfect sense there and
> can't break anything.
Yes! Latest and greatest from our own sources. Always. ;-) And do not ship
openvpn.service and openvpn@.s
UID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
> CAP_AUDIT_WRITE
> LimitNPROC=10
> DeviceAllow=/dev/null rw
> DeviceAllow=/dev/net/tun rw
>
Acked-By: David Sommerseth
(The discussion is in a sub-thread, but keeping the ACK close to the patch for
sim
/Ubuntu but probably also
> some other distributions would benefit from adding CAP_AUDIT_WRITE
> Does this suffice as explanation why/how this is needed?
Partially. I think there must be a difference in how PAM is configured on
Deb/Ubu, where not being able to log to the audit is not considered
as around PAM
version 0.99.
My Debian test VM uses pam-1.1.8-3.6, RHEL-7 pam-1.1.8-22 and Fedora 28
pam-1.3.1-1.
Since both my Debian VM and my RHEL-7 install uses essentially quite similar
PAM releases Debian must be doing something different ... but what? I
even verified that all distro
ost likely need to prepare a D-Bus policy for dnsmasq though, to allow the
openvpn user (or whatever user who will execute this script) access to the
uk.org.thekelleys.ClearCache D-Bus method.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
--
On 27/08/18 14:46, David Sommerseth wrote:
> Wrong. We have those #ifdefs already, it just needs to be reverted and add an
> additional logic in configure.ac to "unlock" unsafe features. Look for
> ENABLE_LZO and ENABLE_LZ4 in the code.
Meh ... Just to clarify ... It ne
have your compression
feature and the core of OpenVPN itself can be without compression. I will not
object to such an approach.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
-
ibution at all
enabling this by default ... then this opening goes away.
Default behaviour should be: Never send compressed packets but accept
compressed packets from the remote - until we can finally just whack sending
compressed packets too in a further future release.
--
kind regards,
Davi
-push. This adds
inotify support, which reworks the polling model to be a notification based
push model instead (iirc). But this I think makes sense to have as it is
today for the time being. We might want to consider flipping it to be enabled
by default, though.
--
kind regards,
David
at the code quickly of
this last v3 patch, so it just needs to be well tested before we add it to git
master.
Next cool thing to get added would be dynamic challenge, but that will require
quite some extensions in the plug-in API as well. Use case:
thub.com/OpenVPN/openvpn3-linux>
[4] <https://gitlab.com/openvpn/openvpn3-linux>
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant te
e versa - some configuration files might not
even work across Linux distributions even. So let the OpenVPN configuration
files be as generic as possible, focusing on getting a connection to a remote
server. And configure the rest outside of the OpenVPN configuration profile.
--
kind regards
t and --user/--group?
--
kind regards,
David Sommerseth
OpenVPN Inc
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.l
how suitable this task is as a
full blown open "development" process. But I am definitely keen on getting a
few more persons willing to be involved in moving this RFC forward. So if you
are interested, please get in touch with me and we'll figure out the path
forward.
--
kind regards,
D
> +if (!(opt->flags & COMP_F_NOWARN))
> +{
> + msg(M_INFO, "WARNING: Compression enabled, might be insure. "
Did you mean /insecure/?
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital
y be used for
ECDH TLS-ciphers.
This option is not supported in mbed TLS
builds of OpenVPN.
Is this still unclear?
- --
kind regards,
David Sommerseth
OpenVPN Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (
by
> a CA, you only trust only those certifcates of which have hashes. A
> certificate pinning of an unknown CA is exactly the same. Since you
> cannot verify that certificate you add a one off certificate in your
> list of trusted certificates.
Correct me if I'm wrong, but thi
possible. Which is why we have interactive service and why
we're working on a NETLINK integration on Linux. And OpenVPN 3 on Linux takes
a very different approach to this as well, and there is work in the pipe to
reduce the privileged footprint even further.
--
kind regards,
David Sommerse
ince OpenVPN 2.2, we have had RHEL 5 as the oldest supported Linux
distribution, which was based on kernel 2.6.18. With OpenVPN 2.4, that moved
up to RHEL 6 (kernel 2.6.32 baseline).
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digit
index f2916bdd..f52fdbfb 100644
> --- a/src/openvpn/comp-lz4.c
> +++ b/src/openvpn/comp-lz4.c
> @@ -35,7 +35,7 @@
> #if defined(NEED_COMPAT_LZ4)
> #include "compat-lz4.h"
> #else
> -#include "lz4.h"
> +#include
> #endif
May I ask what the rational
n argument to the script. This role
would need to also be used when creating the [Service] section too.
Thoughts?
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
--
output when pulling the patch from patchwork:
<https://patchwork.openvpn.net/patch/290/>
So I believe your GMail setup has corrupted this patch - and I see it is sent
both as text/plain and text/html.
Please try to resend it via 'git send-email' instead, that
On 04/04/18 16:24, Selva Nair wrote:
> Hi,
>
> On Wed, Apr 4, 2018 at 8:13 AM, David Sommerseth <dav...@openvpn.net> wrote:
>> Be more explicit that --auth-gen-token is to be considered a workaround
>> for authentication scripts/plug-ins not supporting --auth-token.
Be more explicit that --auth-gen-token is to be considered a workaround
for authentication scripts/plug-ins not supporting --auth-token.
Also be more explicit that invalidated --auth-token values will result
in the client disconnecting.
Signed-off-by: David Sommerseth <dav...@openvpn.
ests and see
what happens.
[1] With "the community" it is meant: Patch from a sender _not_ carrying an
@openvpn.net address with at least one "Approved-by: " tag-line with an
@openvpn.net address. Both addresses needs to be well known OpenVPN Inc
employees.
--
kind regar
On 08/03/18 15:18, Arne Schwabe wrote:
> Am 31.10.16 um 13:51 schrieb David Sommerseth:
>> This refactors the call chain of tls_multi_process(), tls_process()
>> and key_method_2_read() so the the latter function have access
>> to the struct context object.
>&g
clients for Windows and macOS too. Plus Arne is also poking at
using OpenVPN 3 in his Android client. Many of them will definitely connect
against OpenVPN 2.x based servers; so OpenVPN 2 and OpenVPN 3 need to be well
aligned.
(With that said, I'm not saying OpenVPN 3 supports all OpenVP
als again -
which I believe should resolve the current issues ... Or have I missed
something?
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant
client as well. Everything seems
to work as expected, including 'make check'. And since James didn't
have any objections to this approach, I consider this safe to go.
Acked-by: David Sommerseth <dav...@openvpn.net>
Your patch has been applied to the following branches
y, just wanted to give this
quick feedback before its too late.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the w
This introduces the .TQ groff macro. Even though this can be found
in newer groff versions, not all platforms we support carries this one.
This macro makes it possible to have mulitple lines of options as
headers before describing all of these options in the same segment.
Signed-off-by: David
-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/options.c | 8
1 file changed, 8 insertions(+)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 41a42cf2..e0c0894b 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2170,6 +2
letion will work
for most of the options and arguments in openvpn3.
And yes, you can do all this as an unprivileged user.
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital sig
On 08/02/18 04:36, Antonio Quartulli wrote:
>
>
> On 08/02/18 04:41, David Sommerseth wrote:
>> On 07/02/18 21:21, Selva Nair wrote:
>>
>>> In my view auth-token handling in openvpn.exe is broken at multiple levels:
>>>
>>> Client process
o
>>> auth fail (saved password is forgotten),
>
> That reads as if introduction of auth-token broke reconnect. It did
> not. Only those users who have 2-factor turned on and use
> --gen-auth-token on the server are affected
users, they confirmed they do not use Reconnect.
This is no good argument for me. This is one specific setup with 1000 users.
It would be more valuable with 50 different setups having 20 users each. Your
conclusion is based on a very homogeneous environment.
--
kind regards,
David Sommerseth
Ope
t; documented where the conclusion can be reviewed?
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
e
t does not officially support it. I'd be in
favour of supporting only Win7 and newer.
Also compare this to our Linux support strategies. We dropped RHEL5 support
once Red Hat dropped the support officially too.
--
kind regards,
conf-archive".
For RHEL-6, no such package exists and I could also not find any other
packages which provides that .m4 file.
We could check this on other platforms as well (*BSD, Solaris, AIX) to see how
they handle this. But if there's a similar situation there, I thi
The autumn of 2017, OpenVPN Technologies, Inc changed name to just
OpenVPN Inc. Otherwise, extend the copyright to cover 2018 as well.
With the exception of the company name change, all changes have been
performed by the dev-tools/update-copyright.sh script.
Signed-off-by: David Sommerseth <
I will follow-up with this change as well. I don't see any value of splitting
it out in a separate patch, as it is essentially just the change in options.c
which is affecting real (executable) code. The rest is documentation or
comments.
--
kind regards,
David Sommerseth
Op
net/openvpn/wiki/SupportedVersions>
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world'
this feature".
Another alternative is to extend an already longer error log entry, by
mentioning "also ensure that your management interface front-end supports
version 2."
--
kind regards,
David Somme
access to a
maintained distribution of that particular OpenSSL version. Otherwise, we're
deluding OpenVPN users it is safe to use openssl-0.9.8.
So if we don't have really strong arguments keeping support for this old
version, we should carefully consider our options.
--
kind regar
en we are
sure PK_SIGN works well and has seen deployment elsewhere start a deprecation
process if the legacy version 1. But we're not put in a situation where
anything changes suddenly and abruptly.
Any thoughts?
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: Ope
yet). I expect Tunnelblick and macOS
users to use a far newer OpenSSL library too.
I would rather see us moving to officially drop 0.9.8 unless there are really
strong arguments and evidence of someone maintaining openssl-0.9.8 with
security backports.
--
kind regards,
David Sommers
code paths yet (except of the patch itself) ... but
how will this affect a server config with a bit of load? Like some hundred
connected clients or more? Will these other clients notice that a client gets
rescheduled instantly? And as well, what if more clients trigger this
behaviour approximately in the
leaks in plug-ins.
There might be better checks, granted. But not sure how well they will play
with plug-ins. The valgrind type works fine. Not sure how well the other
--with-mem-check alternatives (dmalloc, ssl) works, so can't speak for them.
If they don't buil
es *MUST* go to this mailing list.
Enjoy! And Merry Christmas!
--
kind regards,
David Sommerseth
davids .{at}. openvpn.net
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant te
(release/2.4)
Author: Antonio Quartulli
Date: Wed Dec 6 23:43:56 2017 +0800
Allow learning iroutes with network made up of all 0s (only if netbits < 8)
Trac: #726
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
Acked-by: David Sommerseth <dav...@openvpn.net&g
800
reload HTTP proxy credentials when moving to the next connection profile
Trac: #836
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
Acked-by: Steffan Karger <stef...@karger.me>
Acked-by: David Sommerseth <dav...@openvpn.net>
Tested-by:
strict as you say. But it might be other
distributions have gone through the compliance certification on a different
version.
For OpenVPN's part, I don't think we should enforce any strict versions. It
is up to admin to ensure a compliant OpenSSL library is installed and the
system is configured
On 19/11/17 22:21, Selva wrote:
> Hi David,
>
> On Fri, May 5, 2017 at 5:46 PM, David Sommerseth <dav...@openvpn.net
> <mailto:dav...@openvpn.net>> wrote:
>
> This patch builds on the "Export secure_memzero() to plug-ins" patch and
&g
the maintenance gets
too annoying.
--
kind regards,
David Sommerseth
OpenVPN, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's m
On 14/11/17 09:31, Gert Doering wrote:
> Hi,
>
> On Mon, Nov 13, 2017 at 01:16:46PM +0100, David Sommerseth wrote:
>> But we should consider if we want to make use of a JSON library
>> producing the JSON streams. The reason is to ensure the output is
>> acc
On 13/11/17 14:44, François Kooman wrote:
> On 11/13/2017 01:16 PM, David Sommerseth wrote:
[...snip...]
>> But we should consider if we want to make use of a JSON library
>> producing the JSON streams. The reason is to ensure the output is
>> according to the specificat
ing__argc_correct(void **state)
> {
> struct argv a = argv_new();
> @@ -233,6 +255,7 @@ main(void)
> cmocka_unit_test(argv_printf__group_sep_in_arg__fail_no_ouput),
>
> cmocka_unit_test(argv_printf__combined_path_with_spaces__argc_correct),
>
inline. But I'm still not really convinced we really
need
it; as the usage is limited to within the argv.c code base.
Otherwise, this looks good. Once we have figured out these two comments, this
is
fairly straight-forward to include.
--
kind regards,
David Sommerseth
OpenVPN, Inc
signat
roper. Imagine if someone puts a double-quote into the
CN field of a certificate?
CN="} Lets explode things, O=Hacktivist0
Or other characters which needs escaping.
I also see the proposed patch adds "END" at the very end. To me that
makes more sense in text/plain representations t
f(, "%s %s %s %s", PATH1, "", "", PARAM1);
> +assert_int_equal(a.argc, 4);
> +
> +argv_printf(, "%s %s", "", PARAM1);
> +assert_int_equal(a.argc, 2);
> +
> +argv_free();
This gives another warning:
est_argv.c: In funct
a
completely different discussion.
I need to spend a bit more time to fully grasp the UI get/set calls and
the related implementation. But what is done in regards to password
retrieving in ui_read() makes sense to me.
--
kind regards,
David Sommerseth
OpenVPN, Inc
signature.asc
Description: Open
erywhere. If it silences
compiler warnings and don't add "anything else" (behavioural changes or
warnings) elsewhere (both code and platform wise), then I'm fairly
positive to it.
--
kind regards,
David Sommerseth
OpenVP
ems we did not fix this issue in v2.3 at all, it
only have a partial fix but is lacking a backport of commit 3322c558fa7)
We might actually consider to remove the >PASSWORD: response in the future.
I can give this patch an ACK if we just remove the line about "replacing
the local password&quo
good commit messages here, as this
blog post covers it very well: <https://chris.beams.io/posts/git-commit/>
For this particular patch, I hope Selva or Heiko get a chance to chime
in with their technical review.
--
kind regards,
David Sommerseth
OpenVPN, Inc
On 11/10/17 01:
t to use UDP), the client
will also disconnect when the TCP socket gets closed. This is not
possible with UDP sockets, and is why why have --explicit-exit-notify
for UDP connections, to simulate the TCP FIN behaviour.
I hope this makes sense.
--
On 06/10/17 11:37, Илья Шипицин wrote:
>
>
> 2017-10-06 14:11 GMT+05:00 David Sommerseth
> <open...@sf.lists.topphemmelig.net
> <mailto:open...@sf.lists.topphemmelig.net>>:
>
> On 06/10/17 11:02, Илья Шипицин wrote:
> >
> >
>
On 06/10/17 11:02, Илья Шипицин wrote:
>
>
> 2017-10-06 13:43 GMT+05:00 David Sommerseth
> <open...@sf.lists.topphemmelig.net
> <mailto:open...@sf.lists.topphemmelig.net>>:
>
> On 06/10/17 08:58, Илья Шипицин wrote:
> > Hello,
> >
>
ely should not give a too fine grained explanation. IMO, only a
"Invalid certificate" message should be considered.
--
kind regards,
David Sommerseth
OpenVPN, Inc
signature.asc
Description: OpenPGP digital signature
--
The --proto options changed a bit in OpenVPN v2.4. This tries to
expand this section, explaining the new variants and how they
related to older OpenVPN versions.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
doc/openvpn.8 | 37 ++---
1 file chang
In commit 59e7e9fce8de6ea90d13baeaede83adc0b594e22 the contrib/keychain-mcd
code was completely removed. But it was not removed from Changes.rst.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
Changes.rst | 4
1 file changed, 4 deletions(-)
diff --git a/Changes.rst b/Chang
e this /could/ be a big win.
BUT! That requires more people to step up and get involved and be
active in maintenance of these plug-ins. Until that happens contrib/ is
currently the best location.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP dig
by explicitly setting LZ4_LIBS to contain -llz4
if pkg-config test was run and failed verifying the installed lz4 version
number. This also ensures that LZ4_LIBS will not be overwritten if it
has been provided on the ./configure command line.
Signed-off-by: David Sommerseth <dav...@openvpn.
ed-off-by: David Sommerseth <dav...@openvpn.net>
Tested-by: Richard Bonhomme <fragmen...@gmail.com>
---
configure.ac | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index 74443353..394f5b09 100644
--- a/configure.ac
+++ b/confi
From: David Sommerseth <d...@eurephia.org>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Your patch has been applied to the wip branch
commit c41c677c36a105325728a6749885060e3095e845
Author: Antonio Quartulli
Date: Tue Sep 19 17:03:10 2017 +0800
Fix short-option overl
On 22/09/17 23:25, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 03:16:45PM +0200, David Sommerseth wrote:
>> So the RestartForceExitStatus/RestartPreventExitStatus is not going to
>> be helpful if all graceful errors results in 1, which is the most common
>>
401 - 500 of 2019 matches
Mail list logo