feed back:
On 22/01/2021 07:02, Arne Schwabe wrote:
Am 21.01.21 um 14:39 schrieb Gert Doering:
Without this patch, if openpn is using a plugin that provides
OPENVPN_PLUGIN_ENABLE_PF but then fails (returns OPENVPN_PLUGIN_FUNC_ERROR),
OpenVPN will crash on a NULL pointer reference.
The
Am 21.01.21 um 14:39 schrieb Gert Doering:
> Without this patch, if openpn is using a plugin that provides
> OPENVPN_PLUGIN_ENABLE_PF but then fails (returns OPENVPN_PLUGIN_FUNC_ERROR),
> OpenVPN will crash on a NULL pointer reference.
>
> The underlying cause is (likely) the refactoring work
Hi,
On 07/09/2020 18:22, Arne Schwabe wrote:
> Modern TLS libraries might drop Blowfish by default or distributions
> might disable Blowfish in OpenSSL/mbed TLS. We still signal OCC
> options with BF-CBC compatible strings. To avoid requiring BF-CBC
> for this, special case this one usage of
On 30/09/2020 15:13, Arne Schwabe wrote:
Signed-off-by: Arne Schwabe
---
Changes.rst | 9 +
doc/man-sections/script-options.rst | 14 +++-
src/openvpn/ssl_verify.c| 56 -
3 files changed, 70 insertions(+), 9
On 30/09/2020 15:13, Arne Schwabe wrote:
Signed-off-by: Arne Schwabe
---
doc/man-sections/generic-options.rst | 3 +-
include/openvpn-plugin.h.in | 8 ++
src/openvpn/ssl.c| 2 +-
src/openvpn/ssl_common.h | 1 +
src/openvpn/ssl_verify.c
Am 21.01.21 um 18:25 schrieb Gert Doering:
> If we ship something that we consider a form of documentation
> "this is how to write an OpenVPN plugin" it should meet our standards
> for secure and modern code. This plugin did neither.
>
> - get rid of system() calls, especially those that
On 30/09/2020 15:13, Arne Schwabe wrote:
This is allows scripts and pluginsto parse/react to a
CR_RESPONSE message
Signed-off-by: Arne Schwabe
---
Changes.rst | 7
doc/man-sections/script-options.rst | 28 -
include/openvpn-plugin.h.in | 7
If we ship something that we consider a form of documentation
"this is how to write an OpenVPN plugin" it should meet our standards
for secure and modern code. This plugin did neither.
- get rid of system() calls, especially those that enabled a
remote-root exploit if this code was used
Hi,
Both new files have
> +}
> \ No newline at end of file
Can probably be fixed by the committer.
Stared at the come, compiled with MSVC.
No "brand new" code added, just existing one factored out
into a separate function and generalized.
Acked-by: Lev Stipakov
Acked with distinction for
Without this patch, if openpn is using a plugin that provides
OPENVPN_PLUGIN_ENABLE_PF but then fails (returns OPENVPN_PLUGIN_FUNC_ERROR),
OpenVPN will crash on a NULL pointer reference.
The underlying cause is (likely) the refactoring work regarding
CAS_SUCCEEDED etc., and that nobody adjusted
Hi,
> +platform_ret_code(int stat)
> +{
> +
> +if (stat >= 0 && stat < 255)
Unneeded line break.
> -/* interpret the status code returned by execve() */
> +/** interpret the status code returned by execve() */
> bool platform_system_ok(int stat);
>
> +/** Return a return code if valid and
Hi,
> +/**
> + * Reschedule tls_multi_process.
> + * NOTE: in multi-client mode, usually the below two statements are
I realize that this comment is copied from existing code, but
"below two statements" is bit misleading here in the context of
function definition. Maybe just "this function" ?
Stared at the code, compiled with MSVC.
Acked-by: Lev Stipakov
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
Note that I didn't manage to apply this patch on the latest master so
I had to apply commit from
https://github.com/schwabe/openvpn/commit/42ae41d812668c4c00badaf592825684fa387d9d
> +static bool
> +parse_kid(const char *str, unsigned int *kid)
> +&& parse_uint(timeout_str,
Hi,
OpenVPN has a built-in packet filter, which has a couple of issues
- it is IPv4 only (though IPv6 patches existed at some point, but nobody
reviewed them, so they did not get merged)
- it can only be configured by a plugin or the management interface
(so actually *using* it is not
15 matches
Mail list logo