Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On Tue, Oct 20, 2015 at 7:01 AM, Samuli Seppänen wrote: > > > On Tuesday 20 October 2015 10:15:22 Samuli Seppänen wrote: > Are you saying that the interactive service also doubles as a Windows > system service? If so, can it be configured to autostart selected > openvpn connection

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi Debbie, On Tue, Oct 20, 2015 at 5:06 PM, wrote: > ho hum > > > -Original Message- > > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > > Sent: Monday, October 19, 2015 3:01 PM > > To: Morris, Russell ; Heiko Hund > > ; sam...@openvpn.net > > Cc: openvpn-devel@lists.sour

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

On 21.10.2015 00:39, openvpn-devel-requ...@lists.sourceforge.net wrote: > From: ValdikSS > > By the way, there is an open-source SecurePoint VPN client > (https://sourceforge.net/projects/securepoint/) which handles current > versions of Windows very well. Hi, it seems that the current versio

[Openvpn-devel] [PATCH v2] Replace variable length array with malloc

Commit https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51 introduced a variable length array. Although C99 supports that, MSVS 2013 still requires size of array to be compiler time constant. As a fix, use malloc/free. v2: Replace OPENSSL_malloc with gc_malloc Si

Re: [Openvpn-devel] [PATCH] openssl: remove usage of OPENSSL_malloc() from show_available_curves

ACK from me. Less code is better. On 21.10.2015 01:39, Steffan Karger wrote: There is no need to use OPENSSL_malloc(), so use our own functions that automatically check for NULL and remove the now redundant NULL check. Signed-off-by: Steffan Karger --- src/openvpn/ssl_openssl.c | 33

Re: [Openvpn-devel] [PATCH] Fix memory leak in auth-pam plugin

ACK from me. My Clang static analyzer concurs. On 21.10.2015 01:38, Steffan Karger wrote: As it says on the tin. aresp would not be free'd nor returned by my_conv() on errors. Note that we never reach this code if allocation of aresp failed. Found with the Clang static analyzer. Signed-off-b

Re: [Openvpn-devel] [PATCH] hardening: add insurance to exit on a failed ASSERT()

Am 21.10.15 um 00:37 schrieb Steffan Karger: > The code behind our ASSERT() macro is pretty complex. Although it seems > to be correct, make it trivially clear we will never return from a failed > assert by adding an _exit(1) call. As was suggested by Sebastian Krahmer > of the SuSE security te

Re: [Openvpn-devel] [PATCH] Add option --push-suppress-ipv6 to stop sending IPv6 info to clients.

Am 21.10.15 um 00:50 schrieb David Sommerseth: >> > --push-filter ifconfig-ipv6 tun-ipv6 route-ipv6 >> > >> > which would do exactly what the current patch did, but is much more >> > flexible >> > depending on what exactly needs to be worked around with *this* client... >> > >> > (There's a t

[Openvpn-devel] [PATCH] hardening: add insurance to exit on a failed ASSERT()

The code behind our ASSERT() macro is pretty complex. Although it seems to be correct, make it trivially clear we will never return from a failed assert by adding an _exit(1) call. As was suggested by Sebastian Krahmer of the SuSE security team. To make sure they that tools like clang static ana

Re: [Openvpn-devel] [PATCH] hardening: add insurance to exit on a failed ASSERT()

ACK. Fine, whatever makes the analyzers happy. Arne Am 21.10.15 um 10:08 schrieb Steffan Karger: > The code behind our ASSERT() macro is pretty complex. Although it seems > to be correct, make it trivially clear we will never return from a failed > assert by adding an _exit(1) call. As was sugg

[Openvpn-devel] [PATCH applied] Re: hardening: add insurance to exit on a failed ASSERT()

ACK. Your patch has been applied to the master and release/2.3 branch. commit e8a9e3203bf00605dae000d31095076ae038491c (master) commit d03dd06e59dc98eb2afaaa49cb1f879cab9ce747 (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Wed Oct 21 10:08:06 2015 +02

Re: [Openvpn-devel] [PATCH 1/2] polarssl: fix --client-cert-not-required

Am 16.10.15 um 00:43 schrieb Steffan Karger: > PolarSSL 1.3 determines whether to use a client key/cert based on the > private key and/or certificate structs being allocated or not. We > previously would always allocate the structs in > tls_ctx_{client,server}_new(), which made polarssl clients

Re: [Openvpn-devel] Creating a Windows team for OpenVPN?

Hi, Lots of discussion on this - awesome to see! Perhaps a dumb question, but I can see a few different ways to go on this, as I see comments about services, applications, etc. ... so a couple thoughts, - is the intention to run a service (like NSSM?) that keeps openvpn.exe "alive" (restarting

Re: [Openvpn-devel] Fw: Easy-RSA3.0.0 Windows Version batch file missing

Hi // You must be - Original Message - From: "Eric Crist" To: Cc: Sent: Tuesday, September 22, 2015 1:05 PM Subject: Re: [Openvpn-devel] Fw: Easy-RSA3.0.0 Windows Version batch file missing http://sourceforge.net/p/openvpn/mailman/message/34480727/ https://forums.openvpn.net/topi

Re: [Openvpn-devel] Fw: Easy-RSA3.0.0 Windows Version batch file missing

Apologies for the "You must be" comment .. - Original Message - From: To: "Eric Crist" Cc: Sent: Wednesday, October 21, 2015 11:31 PM Subject: Re: [Openvpn-devel] Fw: Easy-RSA3.0.0 Windows Version batch file missing Hi // You must be - Original Message - From: "Eric Cr