Hi Russel,
Long time !
On Wed, Jun 27, 2018 at 8:54 PM, Morris, Russell
wrote:
> Hi,
>
>
> This may be by design – if so just say that and I’ll go away … 😉. But
> that said – it seems I have to run the OpenVPN GUI (manually) as an
> administrator, for routes to be set / added as directed by the
Hi,
On Sat, Jun 23, 2018 at 3:15 PM, Gert Doering wrote:
> Some basic integer tests to verify signed, unsigned and
> long unsigned (1L) printing.
>
> Signed-off-by: Gert Doering
> --
> v2: test %lu with "1" as windows and linux/i386 do not have 64 bit long
> v3: fix 2^33 in commit message, use
Hi,
This is good enough, but (there is always a but :)
On Sat, Jun 23, 2018 at 2:15 PM, Gert Doering wrote:
> Some basic integer tests to verify signed, unsigned and
> long unsigned (2^33) printing.
>
That 2^33 still lurking in the commit message could go..
>
> Signed-off-by: Gert Doering
>
Hi,
On Sat, Jun 23, 2018 at 1:31 PM, Gert Doering wrote:
> Hi,
>
> On Sat, Jun 23, 2018 at 02:15:03PM +0200, Gert Doering wrote:
> > Some basic integer tests to verify signed, unsigned and
> > long unsigned (2^33) printing.
>
> Ditch that patch... this only works on 64bit systems.
>
Most 64 bit
Hi,
On Fri, Jun 22, 2018 at 10:07 PM, Antonio Quartulli wrote:
> Hi,
>
> On 23/06/18 02:27, Gert Doering wrote:
>> Hi,
>>
>> On Fri, Jun 22, 2018 at 02:12:24PM -0400, Selva Nair wrote:
>>> My tap adapter has a link local address (169.254.98.86) on it possibl
On Fri, Jun 22, 2018 at 2:27 PM, Gert Doering wrote:
> Hi,
>
> On Fri, Jun 22, 2018 at 02:12:24PM -0400, Selva Nair wrote:
>> My tap adapter has a link local address (169.254.98.86) on it possibly due
>> to a previous dhcp failure. May be I need to get rid of that (how?) to
Hi,
On Fri, Jun 22, 2018 at 5:49 AM, Antonio Quartulli wrote:
> Hi,
>
> On 22/06/18 17:46, Gert Doering wrote:
> > Hi,
> >
> > On Fri, Jun 22, 2018 at 03:27:02PM +0800, Antonio Quartulli wrote:
> >> Fri Jun 22 13:43:51 2018 us=116232 PUSH: Received control message:
> 'PUSH_REPLY,redirect-gateway
Hi,
On Fri, Jun 22, 2018 at 10:48 AM, Antonio Quartulli wrote:
> Hi,
>
> On 22/06/18 22:45, Selva Nair wrote:
> [cut]
> >> --- a/src/openvpn/route.c
> >> +++ b/src/openvpn/route.c
> >> @@ -1616,7 +1616,7 @@ add_route(struct route_ipv4 *r, const stru
Hi,
On Fri, Jun 22, 2018 at 6:21 AM, Antonio Quartulli wrote:
> %lu is not supported by our tiny argv_printf implementation and will
> trigger an ASSERT() when parsing it. Even though this particular
> ASSERT() is not critical as it happens during shutdown, we still have to
> fix it.
>
> Since in
Hi,
On Wed, Jun 20, 2018 at 11:53 AM, Gert Doering wrote:
> Hi,
>
> On Wed, Jun 13, 2018 at 10:12:13PM +0800, Antonio Quartulli wrote:
>> From: Antonio Quartulli
>>
>> This patch ensures that the TAP driver on a windows host is still
>> configured, even though no IPv4 has been provided.
>>
>> In
Hi,
> Thanks for clarifying that it is NOT an --up script in this case ..
>
The comment about --up script was quoted from "Gert's email referred
to there" and the advantage of running GUI up script was added later (
a few months ago).
> The document you are looking for can also be found here:
>
On Mon, Jun 18, 2018 at 2:40 PM, Gert Doering wrote:
>
> Hi,
>
> On Wed, Jun 13, 2018 at 10:12:13PM +0800, Antonio Quartulli wrote:
> > From: Antonio Quartulli
> >
> > This patch ensures that the TAP driver on a windows host is still
> > configured, even though no IPv4 has been provided.
> >
> >
Hi,
On Mon, Jun 18, 2018 at 1:10 PM, tincanteksup
wrote:
> Hi Selva,
>
> just a note that:
>
>
> - ``--up`` scripts are run by openvpn.exe itself, which is running as user
> *joe*, all privileges are nicely in place.
>
> - Scripts run by the GUI will run as user *joe*, so that automated tasks
On Tue, Jun 12, 2018 at 12:39 PM, Selva Nair wrote:
> Hi,
>
>
>>> However, Trac supports RST natively:
>>>
>>> {{{#!rst
>>> RST-formatted contents go in here
>>> }}}
>>>
>>
>>> For details see
>>&g
Hi,
On Mon, Jun 11, 2018 at 11:32 AM, Selva Nair wrote:
> Hi
>
> On Mon, Jun 11, 2018 at 2:49 AM, Samuli Seppänen
> wrote:
>
>> Hi,
>>
>> Trac has its own Wiki syntax which is somewhat similar to Mediawiki, but
>> not at all the same.
>>
>>
Hi
On Mon, Jun 11, 2018 at 2:49 AM, Samuli Seppänen wrote:
> Hi,
>
> Trac has its own Wiki syntax which is somewhat similar to Mediawiki, but
> not at all the same.
>
> However, Trac supports RST natively:
>
> {{{#!rst
> RST-formatted contents go in here
> }}}
>
> For details see
>
> https://tr
Hi,
I thought of updating the docs
https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService
with Simon's vastly expanded version in doc/interactive-service-notes.rst
See commit 62b1cc161c53d900b6fe56f6924ef2ec1c1b8a00 (master)
Tried this using rst converted to mediawiki format (usi
Hi,
On Thu, Apr 19, 2018 at 7:23 AM, Simon Rozman wrote:
> The OpenVPN Interactive Service documentation from
> https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService was
> upgraded with a description of the client-service communication flow,
> service registry configuration, and no
Hi,
On Fri, Jun 8, 2018 at 10:01 AM Gert Doering wrote:
>
> Hi,
>
> On Tue, Jun 05, 2018 at 04:06:10PM -0400, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > M_DEBUG only indicates the type of the message and will print even
> > at verb 0. Use D_LOW
Hi,
> > [*] Topology subnet uses ip, nework and netmask, while net30 passes in
> the
> > second IP of the /30 in network as "netmask". The two ioctls interprets
> > their parameters differently such that in the end only valid ARP packets
> > get a response from the driver !
>
> Is ARP still to be
Hi,
On Thu, Jun 7, 2018 at 1:29 PM Antonio Quartulli wrote:
> On 08/06/18 01:05, Selva Nair wrote:
> > Hi,
> >
> > On Thu, Jun 7, 2018 at 12:57 PM, Gert Doering
> wrote:
> >> Hi,
> >>
> >> On Thu, Jun 07, 2018 at 12:14:51PM -0400, Selva Nai
Hi,
On Thu, Jun 7, 2018 at 12:57 PM, Gert Doering wrote:
> Hi,
>
> On Thu, Jun 07, 2018 at 12:14:51PM -0400, Selva Nair wrote:
>> Note: All that said, I can't seem to connect to the server via ipv6
>> when there is no v4 address. tracert fails before the first hop.
>
Hi,
Failed to respond to some other points in the last reply:
>>
>> Did some quick tests and this seems to work quite well (but see the
>> note at the bottom):
>>
>> - v4 routes via tun just fail with a warning which is good (our route
>> errors not being FATAL pays off here)
>> - v4 routes via n
Hi,
>
>> Note: All that said, I can't seem to connect to the server via ipv6
>> when there is no v4 address. tracert fails before the first hop.
>> v6 does work when ifconfig is not filtered out.
>>
>> One difference from my earlier test using your previous
>> version with the minor change to allo
Hi,
On Thu, Jun 7, 2018 at 1:51 AM, Antonio Quartulli wrote:
>
> Hi Selva,
>
> I have tried to account most of your comments, but something might still
> be off. Building openvpn for Windows might need some time here as I
> don't have the entire environment ready yet.
>
> Would you mind giving my
Hi
On Wed, Jun 6, 2018 at 11:40 AM, Selva Nair wrote:
> Hi,
>
> On Wed, Jun 6, 2018 at 7:33 AM, Antonio Quartulli wrote:
>> Hi,
>>
>> On 06/06/18 04:30, Selva Nair wrote:
..
>>
>> I am not sure why you get those 2 routes. Do you have a more extensive
Hi
On Wed, Jun 6, 2018 at 12:02 PM, Antonio Quartulli wrote:
> Hi,
>
> On 06/06/18 23:40, Selva Nair wrote:
>>> I am not sure why you get those 2 routes. Do you have a more extensive
>>> log to show? It may help clearing up some doubts.
>>
..
>>
>>
Hi,
On Wed, Jun 6, 2018 at 7:33 AM, Antonio Quartulli wrote:
> Hi,
>
> On 06/06/18 04:30, Selva Nair wrote:
>>>> However, even with !ipv4, redirect-gateway ipv6 appears to error out
>>>> -- it fails with
>>>>
>>>> "TEST ROUTES: 0/2 su
Hi
On Tue, Jun 5, 2018 at 10:30 PM, Antonio Quartulli wrote:
> Hi,
>
> On 06/06/18 03:38, Selva Nair wrote:
>> Here is the diff of what I did for the Windows build run:
>>
>> diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
>> index 2e33880..75336a9 100644
&g
Hi,
On Tue, Jun 5, 2018 at 3:59 PM, Gert Doering wrote:
> Hi,
>
> On Tue, Jun 05, 2018 at 03:38:44PM -0400, Selva Nair wrote:
>> FWIW, I did a quick test --- looking into tap-windows sources it seems
>> the address is used only for ARP so passing some random address to
From: Selva Nair
M_DEBUG only indicates the type of the message and will print even
at verb 0. Use D_LOW which is M_DEBUG combined with verb = 4 and
a mute level.
---
Moving towards what the man page says:
verb 0 means "No output except fatal errors."
M_WARN also needs replacemen
Hi,
On Tue, Jun 5, 2018 at 2:53 PM, Gert Doering wrote:
> Hi,
>
> On Tue, Jun 05, 2018 at 01:30:35PM -0400, Selva Nair wrote:
>> How to work around that depends on what the tap driver expects in the
>> v4 address. Ideally, we should patch the driver to work wi
Hi,
On Tue, Jun 5, 2018 at 12:22 PM, Antonio Quartulli wrote:
> Hi,
>
> On 05/06/18 23:54, Selva Nair wrote:
> [cut]
>>> ACK on the feature, but NAK on "we can do this more nicely" reasons :-)
>>>
>>> First, I'd leave off the bits about &q
Hi,
On Tue, Jun 5, 2018 at 10:36 AM, Gert Doering wrote:
>
> Hi,
>
> Prelimiaries: I think this whole series should only go to 2.5, as it
> has the potential to be fairly intrusive and uncover hidden bugs - I've
> discussed this with Antonio already (and we're in agreement) but for
> the sake of
Hi,
On Mon, Jun 4, 2018 at 2:23 PM, wrote:
> On 5/31/18 10:33 PM, Selva Nair wrote:
> > OpenVPN still supports openssl 1.0 and you can't build with api
> > restricted to 1.1. At least not yet. So it will build only if you use
> > the "default build" of Op
Hi,
On Sun, Jun 3, 2018 at 6:11 AM, Steffan Karger wrote:
> Can be suppressed by adding a "nowarn" flag to the compress options, for
> those that are really sure that compression is fine for their use case.
>
> Signed-off-by: Steffan Karger
> ---
> This patch is also meant to discuss how far we
Hi,
>
> No, OpenSSL 1.1.0 is configured with
>
> --api=1.1.0 \
>
> as it should be to NOT have/use deprecated compat interfaces,
I think that is identical to setting -DOPENSSL_API_COMPAT to 1.1 and
will not work.
OpenVPN still supports openssl 1.0 and you can't build with api
restricted to 1
Hi,
It builds fine even with the openssl 1.1.1 dev branch:
$ openvpn --version:
OpenVPN 2.5_git [git:master/1394192b210cb3c6] x86_64-unknown-linux-gnu
[SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 31 2018
library versions: OpenSSL 1.1.1-dev xx XXX
>
> When
Hi,
On Fri, May 25, 2018 at 9:51 AM, Jan Just Keijser wrote:
> Hi,
>
> On 25/05/18 03:41, Simon Rozman wrote:
Private and public key are still used. The patch stil uses
certificates and TLS, it only replaces the check certificate of the
peer's certificate against the CA with a
Hi,
On Wed, May 2, 2018 at 2:30 PM, Steffan Karger wrote:
> Hi,
>
> On 26-03-18 18:36, Ning Wei via Openvpn-devel wrote:
>> Both of key_method_2_write and key_method_2_read take
>> TLS_Channel_Bug_Size as buffer size. The current size, 2048 is not
>> enough to read/write a long password response
From: Selva Nair
In case of TLS 1.2 signatures, the callback rsa_priv_enc() gets
the hash with the DigestInfo prepended. Signing this using
NCryptSignHash() with hash algorithm id set to NULL works in most cases.
But when using some hardware tokens, the data gets interpreted as the pre
TLS 1.2
Hi
Thanks for the patch.This feature (and a similar support for plugins)
is something very nice to have
But this implementation is inadequate.
The main problem is that multi->client_reason is sent back to the client only
during the initial auth not during reauth (renegotiations). So this will wo
From: Selva Nair
The driver version (taken from the INF) and the file version of
tap0901.sys file (from its resource) will now display like
9.22.1.601.
The driver details tab will continue to show the text form of
the version as "major.minor.revision major/minor".
Eg., "9.22.1 9/
Hi,
On Tue, Apr 24, 2018 at 4:16 PM, Christian Hesse wrote:
> Antonio Quartulli on Tue, 2018/04/24 23:08:
>> OTOH I understand that there are people that don't care about having a
>> working tunnel reconfiguration and are fine with starting openvpn as
>> root (and then dropping privileges).
>>
>
Hi,
On Wed, Apr 25, 2018 at 3:04 AM, Samuli Seppänen wrote:
> Feature-ACK, but I have not tested this yet. I think we should increment
> version to 9.22.2 (a.k.a. 9,22,2,601) though. The current release is 9.22.1.
Treating this like any other patch, I think version bump should not be
a part of i
On Sat, Apr 14, 2018 at 3:26 AM, Gert Doering wrote:
> Malformed input data on the service pipe towards the OpenVPN interactive
> service (normally used by the OpenVPN GUI to request openvpn instances
> from the service) can result in a double free() in the error handling code.
>
> This usually o
From: Selva Nair
The driver version (taken from the INF) and the file version of
tap0901.sys file (from its resource) will now display like
9.22.1.601.
The driver details tab will continue to show the text form of
the version as "major.minor.revision (major/minor)".
Eg., "9.22.1
Hi
On Fri, Apr 20, 2018 at 4:00 AM, Gert Doering wrote:
> Hi,
>
> On Fri, Apr 20, 2018 at 03:20:26PM +1000, Eric Thorpe wrote:
>> This patch allows for a client reason to be returned from an auth plugin
>> and sent to the connecting client on an auth fail. This change is
>> backwards compatible w
Hi,
Looks good now except for an error introduced by my sloppy comment. See below:
On Fri, Apr 13, 2018 at 10:24 AM, Simon Rozman wrote:
> The OpenVPN Interactive Service documentation from
> https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService was
> upgraded with a description o
Hi,
On Tue, Apr 17, 2018 at 3:01 AM, Samuli Seppänen wrote:
>
>
> Excellent and thanks for testing! This gives me a lot more confidence in
> the Authenticode signature.
>
I don't want to question that as none of my Windows hosts complains about
the signature. But the driver details tab shows th
Hi,
On Wed, Apr 18, 2018 at 2:58 AM, Gert Doering wrote:
> On Tue, Apr 17, 2018 at 09:45:24PM -0400, Selva Nair wrote:
> > (ii) The driver version shows up as 9.0.0.21 -- this is apparently taken
> > from the inf file. Why is it not 9.21.3? The file version is 9.21.3 9/21
&g
Hi,
A couple of things I noticed
(i) On a slightly outdated Windows 7 box (last update in Sep 2017),
previously running 2.4.5, the install appeared to succeed but the tap
adapter was no longer usable -- openvpn errors out with CreateFile()
failure when opening the adapter. Reinstalling or recreat
Hi,
On Thu, Apr 12, 2018 at 2:48 PM, Simon Rozman wrote:
Moving up the most important part:
Hi,
> I'm back. :)
>
Welcome back!
> I took the short Interactive Service introduction found at
> https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService and
> extended it with my experie
Hi,
On Thu, Apr 12, 2018 at 10:50 AM, Gert Doering wrote:
> Hi,
>
> On Thu, Apr 12, 2018 at 10:27:08AM -0400, Selva Nair wrote:
> > > > This change was made not because of any actual performance gains, but
> > > > because of user reports that certain firewall or
Hi,
On Thu, Apr 12, 2018 at 4:26 AM, Gert Doering wrote:
> Hi Eric,
>
> On Thu, Mar 22, 2018 at 02:25:56PM +1100, Eric Thorpe wrote:
> > One of the Viscosity developers here. The TAP driver used by Viscosity
> > is based on the OpenVPN TAP-Windows driver. We're surprised to hear of
> > any perfo
Hi,
On Wed, Apr 4, 2018 at 8:13 AM, David Sommerseth wrote:
> Be more explicit that --auth-gen-token is to be considered a workaround
> for authentication scripts/plug-ins not supporting --auth-token.
>
> Also be more explicit that invalidated --auth-token values will result
> in the client disco
From: Selva Nair
Currently when the certificate is specified as "SUBJ:foo", the
string foo is assumed to be ascii. Change that and interpret
it as utf-8, convert to a wide string, and flag it as unicode
in CertFindCertifcateInStore().
Signed-off-by: Selva Nair
---
v2: rebased to v2
From: Selva Nair
Have the cryptoapicert option find the first matching certificate
in store that is valid at the present time. Currently the first
found item, even if expired, is returned.
This makes it possible to update certifiates in store without having
to delete old ones. As a side effect
Hi,
This one applies cleanly on top of master.
On Mon, Apr 2, 2018 at 7:44 AM, Steffan Karger wrote:
>
> Check the return values of management_query_cert() and
> tls_ctx_use_external_private_key(), and error out with a more descriptive
> error message. To do so, we make the openssl-backed imple
Hi,
Thanks for looking at this.
On Mon, Apr 2, 2018 at 8:37 AM, Steffan Karger wrote:
>
> Hi,
>
> One comment based on stare-at-code only:
>
> On 12-03-18 02:17, selva.n...@gmail.com wrote:
> > @@ -636,6 +640,8 @@ find_certificate_in_store(const char *cert_prop,
> > HCERTSTORE cert_store)
> >
Hi,
On Sun, Apr 1, 2018 at 2:30 AM, Gert Doering wrote:
> As discussed in trac #208 and on IRC with Antonio, OpenVPN 2.5 will
> be IPv6-only. Removal of IPv4-related code and options will dramatically
> reduce code complexity, confusing options, bugs and user questions.
>
> Add deprecation warn
Hi,
On Thu, Mar 22, 2018 at 12:16 PM, Jan Just Keijser wrote:
> Hi Eric, all,
>
> On 22/03/18 04:25, Eric Thorpe wrote:
>
> Hi All,
>
> One of the Viscosity developers here. The TAP driver used by Viscosity is
> based on the OpenVPN TAP-Windows driver. We're surprised to hear of any
> performance
e didn't make sense to me.
>
> "Further, even a TLS_CHANNEL_BUF_SIZE of 4096 does not support a
> password that long as there are other things like username, key-source,
> local-options that have to fit into the buffer (see key_method_2_write). So
> what's the logic
From: Selva Nair
(i) Let the management-client predictably cycle through remote entries. This
is done by not aborting after two cycles. The client can abort or restart
the connection using signals (USR/HUP/TERM) as necessary.
In the current behaviour, the daemon can unexpectedly exit when the
From: Selva Nair
Currently this prompt is only output once, not re-written to the
management interface when the management client connects. It is thus
not seen by a client that connects after the prompt is output or one that
disconnects and reconnects. This leads to a deadlock: the daemon
Hi,
Apologies in advance if I'm misreading the intent of this patch.
On Fri, Mar 16, 2018 at 12:40 PM, Ning Wei via Openvpn-devel
wrote:
> Increase TLS_CHANNEL_BUF_SIZE to 4096. When the build is enabled with
> ENABLE_PKCS11, the password field can be 4096. The old size of
> TLS_CHANNEL_BUF_SIZ
Hi,
On Wed, Mar 14, 2018 at 3:32 AM, Jiří Engelthaler wrote:
> Hi.
> You right. Disabled dhcp media sense can be set as global for all
> interfaces or in adapter specific setting if it supports it (TAP supports
> it).
> But for must users is the global settings hidden deep in the system and for
Hi,
On Tue, Mar 13, 2018 at 7:36 AM, Jiří Engelthaler wrote:
>
> Any discussion / opinions ? Here
> https://github.com/OpenVPN/openvpn/pull/97#issuecomment-372530059
> one user reported, that this patch were useful for him.
Though I agree that checking for whether media sense is globally
disabl
Hi,
On Mon, Mar 12, 2018 at 4:21 AM, Gert Doering wrote:
>
> Hi Selva,
>
> On Sun, Mar 11, 2018 at 09:17:58PM -0400, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > Have the cryptoapicert option find the first matching certificate
> > in sto
From: Selva Nair
Have the cryptoapicert option find the first matching certificate
in store that is valid at the present time. Currently the first
found item, even if expired, is returned.
This makes it possible to update certifiates in store without having
to delete old ones. As a side effect
From: Selva Nair
Currently when the certificate is specified as "SUBJ:foo", the
string foo is assumed to be ascii. Change that and interpret
it as utf-8, convert to a wide string, and flag it as unicode
in CertFindCertifcateInStore().
Signed-off-by: Selva Nair
---
src/openvpn/crypto
Hi,
I wanted to give this a quick test, but it doesn't apply.
It seems you have patch 116 (Antonio's "inline-tag changed to bool"
patch) in your local repo.
By the way, the M_FATAL after management_query_cert() looks like a
regression. One problem with these FATAL exits is that it makes it
hard
Hi,
On Wed, Mar 7, 2018 at 6:52 PM, David Sommerseth
wrote:
> On 08/03/18 00:22, Selva Nair wrote:
>> Hi,
>>
>> ...some good stuff snipped...
>>
>>>
>>> I'll admit I might see this with a bit too narrow perspective. But how I
>>>
Hi,
...some good stuff snipped...
>
> I'll admit I might see this with a bit too narrow perspective. But how I have
> understood this issue is that OpenVPN 2.x does not behave correctly as it
> doesn't understand *why* the authentication failed. If the client side would
> understand why auth fa
Hi,
On Wed, Mar 7, 2018 at 6:52 AM, Arne Schwabe wrote:
> Am 06.03.18 um 22:04 schrieb Selva Nair:
>
..
>> I want to stress this point: when the server sends back AUTH_FAILED,
>> the client does behave somewhat sanely, but not otherwise. And on that
>> count this pat
Hi,
On Sun, Mar 4, 2018 at 6:17 AM, Steffan Karger wrote:
> Check the return values of management_query_cert() and
> tls_ctx_use_external_private_key(), and error out with a more descriptive
> error message. To do so, we make the openssl-backed implementation of
> tls_ctx_use_external_private_ke
Hi,
Based on the commit message this appears to cover all that is wrong
with current auth-token implementation. I haven't carefully reviewed the
code or tested it, but some initial remarks that looks relevant.
On Mon, Mar 5, 2018 at 10:50 AM, Arne Schwabe wrote:
> Auth-token is documented as a t
From: Selva Nair
Time interval arithmetic can overflow especially when user
defined intervals are involved. E.g., see Trac #922.
Avoid this by reordering the arithmetic operation in
event_timeout_trigger(). Also avoid unnecessary casting of time
variable to int.
Time until wakeup is now
From: Selva Nair
Signed-off-by: Selva Nair
---
src/openvpn/options.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index f7995c6..c5bce9f 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2171,7 +2171,8
Hi,
On Sun, Mar 4, 2018 at 6:22 PM, Steffan Karger wrote:
>
> On 05-03-18 00:13, Jeremie Courreges-Anglas wrote:
>> On Sun, Mar 04 2018, Selva Nair wrote:
>> --8<--
>> [...]. OpenSSL itself only provided said setters (since 2015)[2]. The
>> getters were ad
Hi,
On Sun, Mar 4, 2018 at 1:48 PM, Jeremie Courreges-Anglas
wrote:
> On Sun, Mar 04 2018, selva.n...@gmail.com wrote:
>> From: Selva Nair
>>
>> Openssl docs do not explicitly state these to be macros although they
>> are currently defined as such.
>
> Actually
Hi,
On Sun, Mar 4, 2018 at 11:47 AM, Jeremie Courreges-Anglas
wrote:
> On Sun, Mar 04 2018, Gert Doering wrote:
>
> [...]
>
>> "Please note that LibreSSL is not a supported crypto backend. We
>> accept patches and we do test on OpenBSD 6.0 which comes with
>> LibreSSL, but if newer versions of
From: Selva Nair
Openssl docs do not explicitly state these to be macros although they
are currently defined as such. Use AC_CHECK_DECLS to test for these so that
both function and macro forms could be detected.
Signed-off-by: Selva Nair
---
Though not meant as a fixup for libressl, as a side
Hi,
These days many (all?) trac tickets appears with an owner set. When I
see an owner it gives the impression that person is looking into it
and makes me less inclined to investigate.
But it looks like this is automatically assigned and in many cases the
so-called owner is MIA. It only gives a w
From: Selva Nair
This was missing on Windows when interactive service is in use.
v3: Mar 1, 2017: avoid code repetition and rebase to master
Signed-off-by: Selva Nair
---
src/openvpn/tun.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/tun.c b/src
Hi,
On Thu, Mar 1, 2018 at 12:51 PM, Gert Doering wrote:
> Hi,
>
> On Thu, Mar 01, 2018 at 11:09:32AM -0500, Selva Nair wrote:
>> This one is too old to cleanly apply, but still sending again
>> just to get it into patchwork.
>
> Oh, completely fell of my radar. But n
t 2d705accea3e538a555631ef7c39eb4bc4fd4acf cherry-picked
> from f8a92a4393a was not fully ripe..
>
> As we do not support Windows build using pre 1.0 openssl, this is the
> only change needed. So ACK, assuming a commit message and Author: may
> be slapped on during merge.
>
> Ack
This one is too old to cleanly apply, but still sending again
just to get it into patchwork.
(For some reason bouncing to patchwork somehow never works for me, else
this could have beaten the oldest pending patch record :)
-- Forwarded message --
From: Selva Nair
Date: Thu, Nov
nly change needed. So ACK, assuming a commit message and Author: may
be slapped on during merge.
Acked-by: Selva Nair
Selva
--
Check out the vibrant tech community on one of the world's most
engaging tech sites,
Hi,
On Tue, Jan 2, 2018 at 5:28 PM, Steffan Karger wrote:
> As reported in trac #922, the wakeup computation in
> event_timeout_trigger() could overflow. Since time_t and int are signed
> types, that is officially undefined behvaiour.
>
> On systems with a 64-bit signed time_t (most if not all 6
Hi,
On Wed, Feb 28, 2018 at 8:34 AM, Arne Schwabe wrote:
> Am 28.02.18 um 14:19 schrieb David Sommerseth:
>> It is not recommended to use --management on a TCP port without also
>> adding a password authentication, as this can easily be abused by other
>> users or processes being able to connect
Hi,
On Wed, Feb 21, 2018 at 2:42 AM, Gert Doering wrote:
> Hi,
>
> On Tue, Feb 20, 2018 at 06:33:35PM -0500, Selva Nair wrote:
>> > (It does happen for my own binary and for the installers Samuli builds,
>> > so it's not "my build environment" - theor
Hi,
On Wed, Feb 21, 2018 at 8:20 AM, Selva Nair wrote:
> Hi,
>
> On Wed, Feb 21, 2018 at 2:42 AM, Gert Doering wrote:
>> Hi,
>>
>> On Tue, Feb 20, 2018 at 06:33:35PM -0500, Selva Nair wrote:
>>> > (It does happen for my own binary and for the installe
Hi,
On Wed, Feb 21, 2018 at 2:36 AM, Gert Doering wrote:
> Hi,
>
> On Wed, Feb 21, 2018 at 02:07:03AM -0500, Selva Nair wrote:
>> >> *This* one breaks LibreSSL compilation (namely, the OpenBSD buildbot),
>> >> because
> [..]
>> Tested using the fre
Hi,
On Tue, Feb 20, 2018 at 2:59 PM, Gert Doering wrote:
> Hi,
>
> On Tue, Feb 20, 2018 at 11:19:23AM -0500, Selva Nair wrote:
>> Hmm.. I thought I had tested the patch.. Looking at it right now -- hold on
>> :)
>
> Missed you on IRC...
>
> 18:21 < selvanair&
Hi,
Sourceforge keeps rejecting my attempts to send a patch through
gmail.com as smtp server. Something like "this message scored x.y.
Congratulations!" is the response from mx.sourceforge.net. Tripping
some spam filter? I had to send it via another server to get through.
This started only a coup
From: Selva Nair
Requires openssl 1.1.0 or higher
Signed-off-by: Selva Nair
---
v3 changes:
- check return value of ECDSA_SIG_set0
- ensure buffer size needed by i2d_ECDSA_SIG does not exceed the expected
capacity of the sig buffer
- Fix a typo and add contextual info to a debug message
Hi,
On Tue, Feb 20, 2018 at 8:07 AM, Gert Doering wrote:
> Your patch has been applied to the master and release/2.4 branch.
>
> commit 437be780996501becb18f0d34c256ab9c9fe27af (master)
> commit b7aea67aa11b73417eeff595d13b0e2a7b9c925c (release/2.4)
> Author: Ilya Shipitsin
> Date: Mon Jan 15 1
On Sat, Feb 24, 2018 at 3:57 PM, wrote:
> From: Selva Nair
>
> Requires openssl 1.1.0 or higher
>
> Signed-off-by: Selva Nair
> ---
> v3 changes:
> - check return value of ECDSA_SIG_set0
> - ensure buffer size needed by i2d_ECDSA_SIG does not exceed the expect
From: Selva Nair
Requires openssl 1.1.0 or higher
Signed-off-by: Selva Nair
---
v3 changes:
- check return value of ECDSA_SIG_set0
- ensure buffer size needed by i2d_ECDSA_SIG does not exceed the expected
capacity of the sig buffer
- Fix a typo and add contextual info to a debug message
701 - 800 of 1452 matches
Mail list logo
