Hello,
if nobody minds, I can send several patches that eliminates comparison of
OPENSSL_VERSION, for example
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 49698e4b..316cca6f 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -51,7
Hi,
On Tue, Mar 09, 2021 at 04:54:13PM +0500, ?? wrote:
> if nobody minds, I can send several patches that eliminates comparison of
> OPENSSL_VERSION, for example
We do mind. They are coded this way on purpose - so when we drop support
for OpenSSL before 1.1.0, it is clear
вт, 9 мар. 2021 г. в 17:47, Gert Doering :
> Hi,
>
> On Tue, Mar 09, 2021 at 04:54:13PM +0500, ?? wrote:
> > if nobody minds, I can send several patches that eliminates comparison of
> > OPENSSL_VERSION, for example
>
> We do mind. They are coded this way on purpose - so
Hi,
On Tue, Mar 09, 2021 at 05:52:12PM +0500, ?? wrote:
> > On Tue, Mar 09, 2021 at 04:54:13PM +0500, ?? wrote:
> > > if nobody minds, I can send several patches that eliminates comparison of
> > > OPENSSL_VERSION, for example
> >
> > We do mind. They
Hi,
On 08/03/2021 15:21, Arne Schwabe wrote:
[cut]
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 0eb049d8..6d908e15 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -5883,6 +5883,12 @@ add_option(struct options *options,
> {
>
we may keep combo.
both #ifdef EVP_PKEY_TLS1_PRF and comment related to supported openssl
versions (to drop support if we decide)
вт, 9 мар. 2021 г. в 17:56, Gert Doering :
> Hi,
>
> On Tue, Mar 09, 2021 at 05:52:12PM +0500, ?? wrote:
> > > On Tue, Mar 09, 2021 at 04:54:13PM
Hi,
On Tue, Mar 09, 2021 at 06:26:08PM +0500, ?? wrote:
> we may keep combo.
> both #ifdef EVP_PKEY_TLS1_PRF and comment related to supported openssl
> versions (to drop support if we decide)
We could, but we won't.
(I can see the benefits, but I'm not the one maintaining
Am 09.03.21 um 12:54 schrieb Илья Шипицин:
> Hello,
>
> if nobody minds, I can send several patches that eliminates comparison
> of OPENSSL_VERSION, for example
>
>
> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
> index 49698e4b..316cca6f 100644
> ---
On 09/03/2021 14:28, Gert Doering wrote:
Hi,
On Tue, Mar 09, 2021 at 06:26:08PM +0500, ?? wrote:
we may keep combo.
both #ifdef EVP_PKEY_TLS1_PRF and comment related to supported openssl
versions (to drop support if we decide)
We could, but we won't.
(I can see the
On 08/03/2021 14:45, tincanteksup wrote:
On 08/03/2021 08:06, Arne Schwabe wrote:
Looking at this feature from today's perspective, it feels like one of
OpenVPN's boutique features. Was probably useful at some point but
doesn't really make much sense today anymore. Esepcially with what is
I won't claim to understand what this stuff is doing in the grand scheme
of things (as far as I can see, all it does is "it introduces a timeout
variable all over the place, which then gets sent to the client") but
the changes look safe enough :-)
I have subjected this to client-side and server
On 09/03/2021 18:52, David Sommerseth wrote:
On 08/03/2021 14:45, tincanteksup wrote:
On 08/03/2021 08:06, Arne Schwabe wrote:
Looking at this feature from today's perspective, it feels like one of
OpenVPN's boutique features. Was probably useful at some point but
doesn't really make
On 07/03/2021 19:44, Gert Doering wrote:
Hi,
On Sun, Mar 07, 2021 at 01:36:03PM -0500, Selva Nair wrote:
"I'm not sure", TBH. rlimit handling in unix is a bit of an unknown
territory for me.
What I understand is that root can *increment* the rlimit at will, but
I'd assume that the rlimit
On 09/03/2021 20:53, David Sommerseth wrote:
On 09/03/2021 21:04, tincanteksup wrote:
>
I have swapping issues all the time and I can't add more RAM.
I don't want system wide disk encryption.
And I don't want an SSD either.
I do not have the money to keep up with modern hardware.
Having
Hi,
On Mon, Mar 08, 2021 at 09:06:10AM +0100, Arne Schwabe wrote:
> That being said I am against your patch, I am just wondering if that is
> a feature we need to keep at all.
Just for clarification: is there a "not" missing in that sentence?
(Code-wise, mlock / *rlimit is just ~40-50 lines of
Hi,
On Mon, Mar 8, 2021 at 2:11 AM Gert Doering wrote:
> If --mlock is used, the amount of memory OpenVPN can use is guarded
> by the RLIMIT_MEMLOCK value (see mlockall(2)). The OS default for this
> is usually 64 Kbyte, which is enough for OpenVPN to initialize, but
> as soon as the first TLS
On 09/03/2021 21:04, tincanteksup wrote:
>
I have swapping issues all the time and I can't add more RAM.
I don't want system wide disk encryption.
And I don't want an SSD either.
I do not have the money to keep up with modern hardware.
Having openvpn --mlock is exactly the right choice for my
Am 09.03.21 um 10:09 schrieb Antonio Quartulli:
> Hi,
>
> On 08/03/2021 15:21, Arne Schwabe wrote:
> [cut]
>
>> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
>> index 0eb049d8..6d908e15 100644
>> --- a/src/openvpn/options.c
>> +++ b/src/openvpn/options.c
>> @@ -5883,6 +5883,12 @@
18 matches
Mail list logo