This patch is supposed to implement no function change.
The only change in behaviour that can be observed is the IV_/UV_ variables
being printed in different order compared to before applying this patch.
However, order does not matter, so we don't need to retain it.
What this change really does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Magnus,
can you report this as an issue on github, please ?
https://github.com/OpenVPN/easy-rsa/issues
My first guess would be the version of openssl 3.0.1 is at fault.
Thanks,
Richard
Sent with Proton Mail secure email.
--- Original
Thanks a lot, will do!
On August 18, 2022, at 05:10, tincantech wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Magnus,
can you report this as an issue on github, please ?
https://github.com/OpenVPN/easy-rsa/issues
My first guess would be the version of openssl 3.0.1 is at fault.
Hi,
Typo, subject should probably be s/ssh_util/ssl_util
Regards,
Simon
> Function prototypes should have the return type on the same line as the
> function name itself. Fix this in ssl_util.h.
>
> Signed-off-by: Antonio Quartulli
> ---
> src/openvpn/ssl_util.h | 13 +
> 1 file
Hi,
On Mon, Aug 08, 2022 at 01:27:38PM +0200, Gert Doering wrote:
> If the inside packet is fragmented already, Linux kernel hands us
> packets with skb->ignore_df=0. Since this is applied to the encapsulated
> packet, the kernel will then refuse to fragment the resulting UDP/IPv6
> packet (for
Acked-by: Gert Doering
Seems we need an uncrustify option to enforce this for new code
(*most* prototypes have the "all-in-one-line" approach, some follow
the "return type on previous line" as for functions).
Subject fixed, ssl_util, not ssh_util :-)
Your patch has been applied to the master
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v101:
* rebased
* remove call to dco_check_option_ from verify() and reuse invocation
that was already
Hi,
On Thu, Aug 18, 2022 at 11:26:38AM +0200, Antonio Quartulli wrote:
> -#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
> -o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o)
> -||
> !dco_check_startup_option_conflict(D_DCO, o);
>
Acked-by: Gert Doering
Test compiled on Linux and FreeBSD, just to be sure.
Your patch has been applied to the master branch.
commit 329cb7ed2cb8503e99bed5bf3499f2194536d6ce
Author: Lev Stipakov
Date: Wed Aug 17 22:12:23 2022 +0200
dco.h: fix return type when DCO is not enabled
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v102:
* remove platform defined log level and make check_options_ calls on
Windows explicit and document
Patch and thus series doesn't apply anymore, in addition to eventual changes
also please rebase.
On Freitag, 20. Mai 2022 23:32:47 CEST Arne Schwabe wrote:
> + If both server and client support sending this message using the control
> + channel, the message will be sent as control-channel
What Frank said, and the nitpick about this hunk which should be removed:
On Freitag, 20. Mai 2022 23:32:50 CEST Arne Schwabe wrote:
> @@ -1376,6 +1440,7 @@ verify_user_pass_plugin(struct tls_session *session,
> struct tls_multi *multi, /* call command */
> retval =
Hi Arne,
thank you for your report. In the future, please send reports to
supp...@wolfssl.com to guarantee the fastest possible response. This
also helps us track bug reports. I have forwarded this report for you.
Either I or someone else will investigate this and get back to you with
a
On Freitag, 20. Mai 2022 23:32:49 CEST Arne Schwabe wrote:
> This allows a server to indicate a temporary problem on the server and
> allows the server to indicate how to proceed (i.e. move to the next server,
> retry the same server, wait a certain time,...)
>
> This adds options_utils.c/h to be
On Freitag, 20. Mai 2022 23:32:48 CEST Arne Schwabe wrote:
> This simplifies the buffer handling in the method and adds a quick
> return instead of wrapping the whole method in a if (pull) block
>
> Patch V2: remove uncessary ifdef/endif and unnecassary block
Acked-by: Heiko Hund
On Freitag, 1. Juli 2022 00:42:55 CEST Arne Schwabe wrote:
> Basically if I had been a bit more forwarding looking we would now have
> protocol-flags ekm cc-exit instead of key-derivation ekm and
> protocol-flags cc-exit
Then maybe also add support for handling ekm via --protocol-flags and
Hi,
On Thu, Aug 18, 2022 at 04:39:07PM +0200, Heiko Hund wrote:
> On Freitag, 20. Mai 2022 23:32:48 CEST Arne Schwabe wrote:
> > This simplifies the buffer handling in the method and adds a quick
> > return instead of wrapping the whole method in a if (pull) block
> >
> > Patch V2: remove
DEL_PEER events can be sent by ovpn-dco to userspace for various reasons.
We should trigger the ping timeout reaction only if the reason was
"peer has expired".
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
Thanks. This was left hanging in the cold for some reason... merged
now. I've subjected it to the usual test for DCO related stuff (client
with no-dco kernel, client with dco, server with dco) and verified that
the same instances have DCO enabled that had before - glad for Arne's
GLOBAL_STATS
Am 18.08.22 um 16:38 schrieb Heiko Hund:
On Freitag, 1. Juli 2022 00:42:55 CEST Arne Schwabe wrote:
Basically if I had been a bit more forwarding looking we would now have
protocol-flags ekm cc-exit instead of key-derivation ekm and
protocol-flags cc-exit
Then maybe also add support for
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
I've stared at the code for a while... I'm not really happy with the
jumping back and forth between dco.c and tun.c (who is supposed to
understand that code flow in 6 weeks from now?). That said, the
"non windows" changes in this patch are harmless enough, and the
"windows bits" do look safe
Am 18.08.22 um 16:39 schrieb Heiko Hund:
Patch and thus series doesn't apply anymore, in addition to eventual changes
also please rebase.
On Freitag, 20. Mai 2022 23:32:47 CEST Arne Schwabe wrote:
+ If both server and client support sending this message using the control
+ channel, the
Am 18.08.22 um 17:21 schrieb Juliusz Sosinowicz:
Hi Arne,
thank you for your report. In the future, please send reports to
supp...@wolfssl.com to guarantee the fastest possible response. This
also helps us track bug reports. I have forwarded this report for you.
Either I or someone else
Hi,
On Thu, Aug 18, 2022 at 12:09:53PM +0200, Antonio Quartulli wrote:
> At the moment dco-win doesn't support --persist-tun and --server,
> so check for these options at startup time.
>
> Signed-off-by: Antonio Quartulli
> Signed-off-by: Lev Stipakov
I was about to merge this (and thank you
Am 11.08.22 um 19:11 schrieb Max Fillinger:
LibreSSL has added some of the functions that are defined here. However,
we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
Signed-off-by: Max Fillinger
---
src/openvpn/openssl_compat.h | 8
yes! This is what we need!
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Signed-off-by: Frank Lichtenheld
---
src/openvpn/auth_token.h| 16 -
src/openvpn/block_dns.h | 16 -
src/openvpn/buffer.h| 7 ++--
src/openvpn/crypto.h| 18 --
src/openvpn/crypto_openssl.h| 3 +-
src/openvpn/dco_win.h
Signed-off-by: Frank Lichtenheld
---
dev-tools/uncrustify.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
index 325f3108..c73fba0c 100644
--- a/dev-tools/uncrustify.conf
+++ b/dev-tools/uncrustify.conf
@@ -40,6 +40,7 @@
Hi,
On Thu, Aug 18, 2022 at 12:40:09AM +0200, Arne Schwabe wrote:
> From 02d4c4d8444188bdf32a054171ea7e20cc7c12ff Mon Sep 17 00:00:00 2001
> From: Arne Schwabe
> Date: Thu, 11 Aug 2022 19:27:12 +0200
> Subject: [PATCH] Add wolfSSL to github actions
>
> I just want to see the world burn a little
Tested this on the Linux / DCO server test rig that found the issue
yesterday - the "no root" server now does no longer reject clients
on connect, so that problem is fixed. Thanks :-)
To verify that the startup function is actually used, I triggered
it with
- openvpn --mktun --dev tun99
-
Taking the ACK from Lev on 102, applying to 103 - which mostly has
"better wording". I have tested this on the DCO test rig, and it's
fine with the change.
I wouldn't be surprised to see more work in this area for "we need to
be able to send packets to not-yet-authenticated remotes in p2p mode",
Am 18.08.22 um 03:37 schrieb Magnus Larsson via Openvpn-devel:
Hi,
I just moved from Ubuntu 20.04 LTS (where the exact command works fine
and does not prompt for pass phrase) to Red Hat Enterprise Linux 9 and
installed Easy-RSA via EPEL.
Probably old keys with now unsupported RC4 encryption
Hi,
On Sat, Aug 13, 2022 at 10:42:19PM +0200, Antonio Quartulli wrote:
> At the moment dco-win doesn't support --persist-tun and --server,
> so check for these options at startup time.
This needs rebasing anyway (due to the startup change), but while at it...
> +
> +if
Function prototypes should have the return type on the same line as the
function name itself. Fix this in ssl_util.h.
Signed-off-by: Antonio Quartulli
---
src/openvpn/ssl_util.h | 13 +
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/openvpn/ssl_util.h
On Donnerstag, 17. Februar 2022 19:22:34 CEST Arne Schwabe wrote:
> @@ -590,6 +590,7 @@ init_query_passwords(const struct context *c)
> /* Auth user/pass input */
> if (c->options.auth_user_pass_file)
> {
> +enable_auth_user_pass();
> #ifdef ENABLE_MANAGEMENT
>
36 matches
Mail list logo