o (OpneSSL -> OpenSSL)
- Improve a few comments
Signed-off-by: David Sommerseth
---
configure.ac | 28
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index acea060..2b98375 100644
--- a/configure.ac
+++ b/configure.ac
@@ -
/space issues in modified lines
v2 - Don't use try to simplify the version matching, use the full
OPENSSL_VERSION_NUMBER
- Fixed typo (OpneSSL -> OpenSSL)
- Improve a few comments
Signed-off-by: David Sommerseth
---
configure.ac | 26 +++---
1 file cha
On 17/04/17 22:36, Steffan Karger wrote:
> Hi,
> On 17-04-17 11:01, David Sommerseth wrote:
>> [..]
>>
>> We should anyway in this case have a better check of OpenSSL version
>> available. So in the case pkg-config fails, it will run an additional
>> test looki
full
OPENSSL_VERSION_NUMBER
- Fixed typo (OpneSSL -> OpenSSL)
- Improve a few comments
Signed-off-by: David Sommerseth
---
configure.ac | 24 +++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index acea060..cdd7847 1006
On 15/04/17 11:16, Gert Doering wrote:
> Hi,
>
> On Thu, Apr 13, 2017 at 07:26:09PM +0200, David Sommerseth wrote:
>> +/* Strip out some of the version information we don't care about */
>> +#define OSSLVER OPENSSL_VERSION_NUMBER >> 12
>> +#if OSSLVE
On 14/04/17 11:16, Steffan Karger wrote:
> Hi,
>
> On 13-04-17 18:40, David Sommerseth wrote:
>> On 13/04/17 15:37, Steffan Karger wrote:
>>> On 13-04-17 15:09, David Sommerseth wrote:
>>>> On a more generic note to this patch. I wonder if we should keep
&
./configure
script, the pkg-config will not be run. But this patch ensures that the
OpenSSL version is also checked in this situation.
This patch have been tested on Scientic Linux 7.3 (RHEL clone) and
FreeBSD 10.3-RELEASE-p11.
Signed-off-by: David Sommerseth
---
configure.ac | 24
On 13/04/17 15:37, Steffan Karger wrote:
> On 13-04-17 15:09, David Sommerseth wrote:
>> I'm however a bit puzzled of the "non-changes" (well, the indenting is
>> changing, unless I'm blind to other changes) to --remote-cert-cu,
>> --remote-cert-tls and
d be, but that's an entirely different story (and mail thread). As
long as the Fedora builds need to be built with mbed TLS, I will need to
ensure 'legacy' is the default there for a while. For the coming Fedora
Rawhide (which will be F28), I can make some
On 12/04/17 06:58, Simon Matter wrote:
>> Hi,
>>
>> On 11-04-17 19:31, David Sommerseth wrote:
>>> As RHEL 5 has reached EOL, we no longer need to support OpenSSL v0.9.8.
>>> This also makes it possible to remove a few workaronds which was
>>> needed ea
On 12/04/17 03:06, Matthias Andree wrote:
> Am 11.04.2017 um 23:56 schrieb David Sommerseth:
>> On 11/04/17 23:20, Steffan Karger wrote:
>>> For release/2.4: I wonder whether we need to keep 0.9.8 support, as
>>> SLES11 still ships with 0.9.8h, and has general support
le declaration and enabling it seems to be
very much aligned. (on a side note, I have already added a default
profile for "legacy" in Fedora, as many users complained about OpenVPN
breaking on Fedora 26 and newer, which also looks fairly recognisable to
what is done here).
I will run some re
On 11/04/17 23:20, Steffan Karger wrote:
> Hi,
>
> On 11-04-17 19:31, David Sommerseth wrote:
>> As RHEL 5 has reached EOL, we no longer need to support OpenSSL v0.9.8.
>> This also makes it possible to remove a few workaronds which was
>> needed earlier, as well as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Your patch has been applied to the master branch.
commit 039a89c331e9b7998d8047ec72144097f7c5826a
Author: David Sommerseth
Date: Tue Apr 11 19:31:33 2017 +0200
Require minimum OpenSSL 1.0.1
Signed-off-by: David Sommerseth
Acked
tested on RHEL7.3 and RHEL6.7 (mock chroot build), both shipping
openssl-1.0.1e.
Signed-off-by: David Sommerseth
---
configure.ac | 6 +++---
doc/openvpn.8 | 1 -
.../keying-material-exporter-demo
)
commit 32b5cb60e354f486c98408e6870af3a9c03ff865 (release/2.3)
Author: David Sommerseth
Date: Tue Apr 11 00:28:28 2017 +0200
Make --cipher/--auth none more explicit on the risks
Signed-off-by: David Sommerseth
Acked-by: Steffan Karger
Message-Id: <20170410222828.23612-1-
> that.
>>
>> While at it, also break up the long source lines.
>>
>> Signed-off-by: David Sommerseth
>> ---
>> src/openvpn/crypto.c | 11 +--
>> src/openvpn/init.c | 5 -
>> 2 files changed, 13 insertions(+), 3 deletions(-)
>&g
The warning provided to --cipher and --auth using the 'none' setting may
not have been too clearly understandable to non-developers or people not
fully understanding encryption and cryptography. This tries to improve
that.
While at it, also break up the long source lines.
Signed-off
perhaps consider to sign up for that too can be a good idea?
<http://lerner.co.il/newsletter/>
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
-
t some have needed to also add --multihome in the OpenVPN to
make this work.
For most of our OpenVPN users, only open up the OpenVPN port on specific
interfaces/IP addresses in the firewall is more than good enough from a
security perspective, and really simple to achieve without too much
troubles.
t this point in time, things
will start to spread out.
But I emphasize again, --reneg-sec have never tried to solve randomizing
of the _initial_ connect step.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenP
o make even more noise about that now.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world&
not have any randomness.
With the 1 hour default, not setting --reneg-sec gives a time window of
6 minutes with 10%. That is a reasonable default unless explicitly
overridden by either --reneg-sec 3600 (no randomness) or --reneg-sec
3000 4000 (with a 1000 seconds large time
On 06/04/17 06:08, Илья Шипицин wrote:
>
>
> 2017-04-06 3:26 GMT+05:00 David Sommerseth
> <mailto:open...@sf.lists.topphemmelig.net>>:
>
> On 05/04/17 23:43, Илья Шипицин wrote:
> > hello!
> >
> > just curious how renegotiat
esn't really matter much for the
end-user. Regardless of 2FA or not.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant
On 05/04/17 23:57, debbie10t wrote:
> Hi,
>
> On 05/04/17 22:39, David Sommerseth wrote:
>> On 05/04/17 23:13, debbie10t wrote:
>>> I don't believe there is any need to specify "max" because that would be
>>> --reneg-sec as is. Otherwise specify a
ake use of the TLS renegotiation possibility at
all. So a renegotiation in OpenVPN actually results in a completely new
and fresh TLS session, not related to previous TLS sessions at all.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
> 2017-04-06 2:39 GMT+05:
s:
--reneg-sec max
A renegotiation happens within 'max' seconds, but with a 10%-ish
randomness
--reneg-sec min max
A renegotiation happens within 'min' and 'max' seconds, fully
controllable
So using --reneg-sec 3600 3600, effectively removes th
using only min/max values instead of a
percentage value as well.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one
On 05/04/17 17:53, David Sommerseth wrote:
> On 05/04/17 16:42, debbie10t wrote:
>>
>>
>> On 05/04/17 05:34, Simon Matter wrote:
>>>>> Hi,
>>>>>
>>>>> On Tue, Apr 04, 2017 at 08:29:49AM +0200, Simon Matter wrote:
>&g
t approach could be like so:
>
> --reneg-sec 3600
> --reneg-sec-1sttime-rand 1|0 (The name here for detail)
Too complicated ;-)
--reneg-sec # 60 minutes, with X % in randomness
--reneg-sec 1800 # 30 minutes, with X % in randomness
(X is what we figure is reasonable by default; between
onfigurations (corporate or
private servers, fpr exampe), using a commercial VPN provider to avoid
Geo-blocking (or whatever reason they have) - this assumption might not
be equally true.
Plus it would break lots of already existing configurations. We could
discuss making it a NOP on the cl
have
today) which can be used to further open or close this time window.
Larger sites will most likely want a larger time window than smaller ones.
Btw ... is --reneg-sec pushable? (Too lazy to check the code, man page
says "no"). If not, it would probably be a good id
.2:
<http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/?h=f25>
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant
On 03/04/17 16:12, Jan Just Keijser wrote:
> Hi Samuli,
>
> On 03/04/17 15:53, Samuli Seppänen wrote:
>> On 02/04/2017 10:57, Steffan Karger wrote:
>>> Hi,
>>>
>>> On 31-03-17 22:34, David Sommerseth wrote:
>>>> On 31/03/17 10:56, Илья
gainst.
Secondly, updating the key length from 1024 bits to at least 2048 should
not cause any issues at all. Many users (myself included) often use
4096 bits keys without any issues.
Swapping RSA for DSA is an issue of a completely different league. And
DSA is by OpenSSH
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Your patch has been applied to the following branches
commit 9636196d5efb719cf1011397a360d46bccb3fe29 (master)
commit 8731dfa7caaf8b6d8757492f331e0b4c79851412 (release/2.4)
Author: David Sommerseth
Date: Wed Mar 29 11:49:25 2017 +0200
/2.4)
Author: David Sommerseth
Date: Tue Mar 28 22:53:46 2017 +0200
auth-token: Ensure tokens are always wiped on de-auth
Signed-off-by: David Sommerseth
Acked-by: Steffan Karger
Message-Id: <20170328205346.18844-1-dav...@openvpn.net>
URL:
https://www.mail-archi
This is just a typo mistake in the .B formatting, missing a trailing
space.
Signed-off-by: David Sommerseth
---
doc/openvpn.8 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index f29b72f..a9f5db7 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn
On 28/03/17 22:24, Steffan Karger wrote:
> Hi,
>
> On 28-03-17 21:19, David Sommerseth wrote:
>> If tls_deauthenticate() was called, it could in some scenarios leave the
>> authentication token for a session in memory. This change just ensures
>> auth-tokens are al
If tls_deauthenticate() was called, it could in some scenarios leave the
authentication token for a session in memory. This change just ensures
auth-tokens are always wiped as soon as a TLS session is considered
broken.
Signed-off-by: David Sommerseth
---
The wipe_auth_token() function is
ving it, pointers to
more information and other types of important notes related to this.
The "Deprecated" and "Removed" columns could also point at the git
commit containing the deprecation/removal.
Of course, this wiki-page will require some maintenance ... and I hope
this ma
If tls_deauthenticate() was called, it could in some scenarios leave the
authentication token for a session in memory. This change just ensures
auth-tokens are always wiped as soon as a TLS session is considered
broken.
Signed-off-by: David Sommerseth
---
The wipe_auth_token() function is
On 28/03/17 14:47, Gert Doering wrote:
> Hi,
>
> On Tue, Mar 28, 2017 at 02:35:59PM +0200, David Sommerseth wrote:
>> On 28/03/17 14:21, Gert Doering wrote:
>>> On Tue, Mar 28, 2017 at 02:11:26PM +0200, David Sommerseth wrote:
>>>>> That's great!
sarily provide the only sane truth, as most of
them is incapable of understanding the broader context. I do not say
such analysers are useless or pointless, merely that each warning must
first be thoroughly reviewed and considered before just jumping into
changing things.
--
kind regards,
David
On 28/03/17 14:21, Gert Doering wrote:
> Hi,
>
> On Tue, Mar 28, 2017 at 02:11:26PM +0200, David Sommerseth wrote:
>>> That's great! This way, 2.4 does not have to change it's behaviour.
>>> Still, I think it makes sense to deprecate --ns-cert-type, and rem
ining loudly in the log files and get in touch
with at least NetworkManager guys to ensure they have time to implement
a solution when this goes away. So I think 2.6 is more realistic.
--
kind regards,
David Sommerseth
This new README file describes how to use the new
openvpn-client@.service and openvpn-server@.service unit files properly.
The purpose of this file is primarily for all systemd based
distributions to have a common set of documentation.
Signed-off-by: David Sommerseth
---
distro/systemd
ter must be a
pointer to unsigned int."
And stdint.h declares: typedef unsigned char uint8_t;
AFAIR, char is defined as 8 bits (hence uint*8*), while unsigned int are
32 bits on my system.
--
kind regards,
David Sommerseth
Op
On 23/03/17 08:52, Samuli Seppänen wrote:
> Hi,
>
> On 23/03/2017 05:11, Antonio Quartulli wrote:
>> On Wed, Mar 22, 2017 at 02:11:56PM +0100, David Sommerseth wrote:
[...snip...]
>>> Currently we do not have anything providing a guaranteed match between
>>>
ied the
committish will change, thus there will be a mismatch between the branch
committis and the commit the tag points at. In fact, if you do a git
checkout using the tag name, you will most likely get the correct commit
checked out and not the manipulated one.
Of course, the git commits can al
re-run by looking at
config.log ... you'll see '--no-create --no-recursion' in the command
line "copy".
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
will be somewhat different too. And we can actually point at OpenSSL
and explain why it broke, which is not something we could do with
the --tls-remote option.
Just my way too many cents . :)
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
D
ds a bit too static to me, that is not something
which changes much. So in 5 or 10 years from now, "standard" may just
as much be "legacy". Hence my suggestion for "preferred"; this is what
we
tions.
Normal builds should generally not be built with ENABLE_DEBUG, that is a
intended as a "developer mode".
We should generally avoid '#if 0' or even '#if 1' as much as possible in
the code.
--
kind regards,
David Sommerseth
OpenVPN Te
does the final code review and ACK/NAK it. I'm
not able to be objective on this patch.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index dc63475..3603c36 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1253,6
r() calls setenv_str_ex() which checks if the pointer
to a struct set_env is NULL or not. If it is NULL, it stops. And these
two functions ends up calling setenv_str_ex() with
struct env_set *es = NULL;
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
> 2017-02-25 7:02 GMT+05
The env_set_add_to_environmenti() and env_set_remove_from_environment()
functions where not used in the code at all and they would cause an
ASSERT() in setenv_str_ex() later on, as it would not allow the
struct env_set *es pointer to be NULL (misc.c:807).
Signed-off-by: David Sommerseth
---
src
On 22/02/17 10:54, Antonio Quartulli wrote:
> On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote:
>> On 22-02-17 08:39, Gert Doering wrote:
>>> On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote:
>>>>>> >From d97f526a2ddbf2abe60a6
On 13/02/17 21:16, David Sommerseth wrote:
> On 13/02/17 20:50, Christian Hesse wrote:
>> And a lot more has to be done... There's a long list of packages to be
>> fixed. Sadly openssl developers do not care about ABI and API stability
>> or compatibility. :(
>
>
relaxed to the SoB when it comes to
documentation and text snippets (unless it is a massive contribution).
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
-
This rebase is done using the new lz4-rebaser.sh tool
The lz4 v1.7.5 is based on commit 7bb64ff2b69a9f8367 in
git://github.com/lz4/lz4
Signed-off-by: David Sommerseth
---
src/compat/compat-lz4.c | 830 +++-
src/compat/compat-lz4.h | 377
The HAVE_CONFIG_H block which gets added to compat-lz4.c was
missing a # before the first ifdef statement.
Signed-off-by: David Sommerseth
---
dev-tools/lz4-rebaser.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev-tools/lz4-rebaser.sh b/dev-tools/lz4-rebaser.sh
index
From: Christian Hesse
The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler
gives warning:
warning: ‘LZ4_compress_limitedOutput’ is deprecated: use
LZ4_compress_default() instead
The new function LZ4_compress_default() appeared in r129 (1.7.0), so
replace the function there.
Si
git-send-email-dav...@openvpn.net>
<http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13576.html>
Christian Hesse (1):
Replace deprecated LZ4 function
David Sommerseth (2):
dev-tools: lz4-rebaser tool carried a typo
lz4: Rebase compat-lz4 against upstream v1.7.5
addition you can use 'git verify-commit' to
verify specific commits.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJYrFVyAAoJEIbPlEyWcf3yQQYP/2I2IhT3fXhSZCAKjrfZfKah
1ymuSGfJMeef+P
On 20/02/17 14:03, Gert Doering wrote:
> Hi,
>
> On Wed, Jan 25, 2017 at 09:53:02PM +0100, David Sommerseth wrote:
>> This tool depends on a cloned upstream LZ4 git repository and a
>> checked out release tag. Then run the script like this:
>>
>>$ ./dev-tool
On 19/02/17 05:48, Илья Шипицин wrote:
>
>
> 2017-02-19 4:16 GMT+05:00 David Sommerseth
> <mailto:open...@sf.lists.topphemmelig.net>>:
>
> On 18/02/17 08:34, Илья Шипицин wrote:
> > I added openssl-1.0.1e to test matrix (do not pay attention to
>
ell just work, or otherwise just needs some minor tweaking.
RHEL6 ships with OpenSSL 1.0.1e. We don't need anything older for git
master, and I would even argue release/2.4.
RHEL5 (which goes EOL by end of next month) ships with OpenSSL 0.9.8e.
So I vote for ditching 0.9.8e now.
--
kind rega
ger on RHEL 6 though.
So unless your travis script is clever enough to only test OpenSSL
v1.0.1e on RHEL, CentOS or ScientificLinux *or* build OpenSSL using the
CentOS source RPM ... then I am not surprised things may fail. Red Hat
may very well have fixed some bugs which we're hitting.
to avoid
holding anything back.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
eng
gotten
fairly clear signals that TLSv1.3 from openssl-1.1 will not be
backported, as the code has changed too much since the 1.0.1 baseline.
But I would be surprised if a future RHEL 8 does not ship with openssl-1.1.x
--
kind regards,
David
f January this year, I'll
try to dig up the slides from Tomas Mraz who had the talk. It was quite
informative why it was needed to break several APIs in v1.1.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: O
mpletely with non-sense, we
can handle a few misfires ;-)
> I've created my share of weird git e-mails in the past :-) - so what I've
> started to do is "send the mail to myself" (if possible, on a different
> account) an
. Many calls this process the
"personal hygiene step". It's a fairly good description of the
importance of doing so.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Descr
y message text.
And it just takes a quick look at our git log to see that we try to stay
beyond that limit. We do sometimes exceed 50 characters, and we let
that pass silently. But more than 3 times longer, then something must
be done.
--
kind regards,
David Sommerset
I will even have much to say for the future in this
regards.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one
ntributor related information
Acked-by: David Sommerseth
Message-Id: <1486364115-9801-1-git-send-email-chipits...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14010.html
Signed-off-by: David Sommerseth
- --
kind regards,
D
On 02/02/17 09:27, Samuli Seppänen wrote:
> On 31/01/2017 15:49, David Sommerseth wrote:
>> On 30/01/17 13:34, Samuli Seppänen wrote:
>>> I agree with you on keeping the pull request template minimal and having
>>> the more fine-grained information in Trac.
>>&g
entation are too easily ignored.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
> On 30/01/2017 08:48, Илья Шипицин wrote:
>> can we merge it ?
>> @mattock ?
>>
>> 2017-01-21 13:47 GMT+05:00 Илья Шипицин > <mailto:chipits...@gmail.com>>:
&g
several travis-ci issues
Acked-by: Selva Nair
Message-Id: <1485673091-7600-1-git-send-email-chipits...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13983.html
Signed-off-by: David Sommerseth
- --
kind regards,
David Somm
verything to ease lazy committers' work :-) )
Weee! I realize I will need to read the man pages again ... I was
neither aware of -v :) Thanks for the hint, Antonio!
Recently updated to git-2.11 (from v1.8) ... and discover new things the
whole time now ...
--
kind regards,
David Sommer
On 27/01/17 17:58, Selva Nair wrote:
>
> On Fri, Jan 27, 2017 at 10:08 AM, David Sommerseth
> <mailto:open...@sf.lists.topphemmelig.net>> wrote:
>
> On 27/01/17 14:56, Илья Шипицин wrote:
> >
>
> >
> > may I ask you something
nowledge when we provide some pointers. We
don't like to do spoon feeding ;-)
And a git trick, which you can instantly benefit from ... when doing git
commit ... add the -s argument ;-)
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP dig
Hesse
Acked-by: Gert Doering
Message-Id: <20170127084927.21040-1-l...@eworm.de>
URL:
http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13966.html
Signed-off-by: David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Ver
l --plugin option.
Signed-off-by: David Sommerseth
---
doc/openvpn.8| 28
src/openvpn/plugin.c | 18 +-
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index e3d603e..a8d06f3 100644
--- a/doc/openvpn.8
.4)
Author: Christian Hesse
Date: Wed Jan 25 21:19:47 2017 +0100
Clean up plugin path handling
Signed-off-by: Christian Hesse
Acked-by: David Sommerseth
Message-Id: <20170125201947.17197-1-l...@eworm.de>
URL:
http://www.mail-archive.com/search?l=mid&q=2017
This tool depends on a cloned upstream LZ4 git repository and a
checked out release tag. Then run the script like this:
$ ./dev-tools/lz4-rebaser.sh /path/to/lz4.git
To see the result before committing, use: git diff --cached
Signed-off-by: David Sommerseth
---
dev-tools/lz4-rebaser.sh
gt; https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13843.html
That approach got rejected and we went for this [2] approach instead,
will that change anything in regards to the changes in this patch?
[2]
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13
units
Signed-off-by: Christian Hesse
Acked-by: David Sommerseth
Message-Id: <20161227221832.610-1-l...@eworm.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13743.html
Signed-off-by: David Sommerseth
- --
kind regards,
David
stian Hesse
Date: Tue Jan 24 15:39:47 2017 +0100
systemd: Do not race on RuntimeDirectory
Signed-off-by: Christian Hesse
Acked-by: David Sommerseth
Message-Id: <20170124143947.27385-2-l...@eworm.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sour
ommit ca5b4c2aad2370be7862660d274b7485f2d0af71 (master)
commit a125229f509b593dff7ecc24e21b3de384b3fa98 (release/2.4)
Author: Christian Hesse
Date: Tue Jan 24 15:39:46 2017 +0100
systemd: Use automake tools to install unit files
Signed-off-by: Christian Hesse
Acked-by: David Sommerseth
Messa
041fd6488434b5df01f86dd873b536a2b690ee13 (release/2.4)
Author: David Sommerseth
Date: Wed Jan 25 00:23:44 2017 +0100
systemd: Move the READY=1 signalling to an earlier point
Trac: #827, #801
Signed-off-by: David Sommerseth
Acked-by: Gert Doering
Acked-by: Christian Hesse
Message-Id
recvmmsg() only. But I think you can gain even
more performance if looking into sendmmsg() as well.
I'll try to play a bit with this patch and see how things go on my side
though.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital sign
.c/.h file. Does this block even make sense to enable at all?
So, as this patch got "clean-up" and "plugin path handling" in the
subject, lets cover a few more aspects of this clean-up :)
--
kind regards,
David So
cate we're in a good
state - even though that update will still not be visible
if --chroot is used (as before this patch).
Trac: #827, #801
Signed-off-by: David Sommerseth
---
src/openvpn/init.c | 29 ++---
1 file changed, 10 insertions(+), 19 deletions(-)
diff --git a
this
Makefile.am is so small and isolated it is good enough for me.
If we regret it later on, it's an easy move into a tmpfiles.d subdir.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
On 24/01/17 15:36, Christian Hesse wrote:
> David Sommerseth on Fri, 2017/01/20 21:55:
>> On 27/12/16 23:15, Christian Hesse wrote:
>>> From: Christian Hesse
>>>
>>> Different unit instances create and destroy the same RuntimeDirectory.
>>> This lea
On 23/01/17 01:23, David Sommerseth wrote:
> Your patch has been applied to the following branches
>
> commit d14b3c60c7796736e07bc3cddb0ab3a58475793e (master)
> commit 61da0031b2a0036680d9e0f822619ecc116f1178 (release/2.3)
> commit 2a7c994ca5b1583bc0f78c46be5b3a827f970b9
Use SHA256 for the internal digest, instead of MD5
Signed-off-by: Steffan Karger
Acked-by: David Sommerseth
Message-Id: <1485101081-9784-1-git-send-email-stef...@karger.me>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13926.html
Signed-
701 - 800 of 2287 matches
Mail list logo
