Re: [Openvpn-devel] [PATCH v3] plugin: Extend the plug-in v3 API to identify the SSL implementation used

2013-06-20 Thread Gert Doering
Hi, On Thu, Jun 20, 2013 at 08:39:20PM +0200, David Sommerseth wrote: > From: David Sommerseth > > OpenVPN would segfault unexpectedly if it would be compiled against PolarSSL > and the plug-in would expect OpenSSL, or vice-versa. This segfault would > not appear before the plug-in would try to

Re: [Openvpn-devel] [Patch v6] Add support of utun devices under Mac OS X

2013-06-20 Thread Gert Doering
Hi, On Thu, Jun 20, 2013 at 04:38:43PM +0200, Arne Schwabe wrote: > Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" > utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do > not work together). James brought up a "we need a v7 here"... If you ca

[Openvpn-devel] [PATCH applied] Re: PATCHv3 Remove unused variables or put them to the defines they are being used in

2013-06-20 Thread Gert Doering
ACK. Lightly compile-tested with default options on Linux, but except for the last chunk, nothing seems to depend on #ifdefs, so if it indeed breaks some weird combination of options, buildbot will tell... Patch has been applied to the master branch. commit d0c4c442a44f85c18903b4edba9c1d726f6983

[Openvpn-devel] [PATCH v3] plugin: Extend the plug-in v3 API to identify the SSL implementation used

2013-06-20 Thread David Sommerseth
From: David Sommerseth OpenVPN would segfault unexpectedly if it would be compiled against PolarSSL and the plug-in would expect OpenSSL, or vice-versa. This segfault would not appear before the plug-in would try to access functions which would be available if the plug-in and OpenVPN uses the sa

Re: [Openvpn-devel] [PATCH v2] plugin: Extend the plug-in v3 API to identify the SSL implementation used

2013-06-20 Thread Gert Doering
Hi, On Wed, Jun 12, 2013 at 12:18:36PM +0200, David Sommerseth wrote: > v2 - add const ovpnSSLAPI ssl_api at the end of > struct openvpn_plugin_args_open_in and not in the "middle" NAK, because: > @@ -372,6 +372,7 @@ plugin_open_item (struct plugin *p, > */ >if (p->open3)

Re: [Openvpn-devel] [PATCH 3/3] autoconf: Fix typo

2013-06-20 Thread Gert Doering
Hi, On Fri, Jun 07, 2013 at 12:15:30PM +0200, David Sommerseth wrote: > From: David Sommerseth > > In config.h, it would state: > > /* Enable systemd support */ > #define ENABLE_PLUGIN 1 > > instead of > > /* Enable plug-in support */ > #define ENABLE_PLUGIN 1 Whereve

Re: [Openvpn-devel] [PATCH 1/3] man page: Update man page about the tls_digest_{n} environment variable

2013-06-20 Thread Gert Doering
Hi, On Fri, Jun 07, 2013 at 12:15:11PM +0200, David Sommerseth wrote: > From: David Sommerseth > > Signed-off-by: David Sommerseth ACK - 2.3.3 and 2.4. (If you put this in 2.3.3, but not the "removal of #ifdef EUREPHIA" patch, then it would need a note that this is only enabled if compiled wi

Re: [Openvpn-devel] [PATCH 2/3] Remove the --disable-eurephia configure option

2013-06-20 Thread Gert Doering
Hi, On Fri, Jun 07, 2013 at 12:15:23PM +0200, David Sommerseth wrote: > From: David Sommerseth > > This "feature" has been enabled since OpenVPN 2.2 without any reports that > this has been causing issues. All it does is to add an extra environment > variable 'tls_digest_{n}' with the certifica

Re: [Openvpn-devel] [Patch v6] Add support of utun devices under Mac OS X

2013-06-20 Thread Gert Doering
Hi, On Thu, Jun 20, 2013 at 01:44:04PM -0400, Jonathan K. Bullard wrote: > I am building now, but it will be a few hours before I can do all the > testing. I will report back to this thread. Cool, thanks in advance! gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-devel] [Patch v6] Add support of utun devices under Mac OS X

2013-06-20 Thread Jonathan K. Bullard
On Thu, Jun 20, 2013 at 1:28 PM, Gert Doering wrote: > > Hi, > > On Thu, Jun 20, 2013 at 04:38:43PM +0200, Arne Schwabe wrote: > > v6: add commit message change log, replace strstr with strncmp, move > > #includes to the top of the file > > > > This looks good to me. It would be great if Jonatha

Re: [Openvpn-devel] [Patch v6] Add support of utun devices under Mac OS X

2013-06-20 Thread Gert Doering
Hi, On Thu, Jun 20, 2013 at 04:38:43PM +0200, Arne Schwabe wrote: > v6: add commit message change log, replace strstr with strncmp, move > #includes to the top of the file > This looks good to me. It would be great if Jonathan could test this again to verify that all OSX versions are properly

[Openvpn-devel] [Patch v6] Add support of utun devices under Mac OS X

2013-06-20 Thread Arne Schwabe
Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do not work together). When OpenVPN is compiled with utun support it will if no dev-node is given first try to use utun and if that is not availabl

[Openvpn-devel] [Patch v5] Add support of utun devices under Mac OS X

2013-06-20 Thread Arne Schwabe
Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do not work together). When OpenVPN is compiled with utun support it will if no dev-node is given first try to use utun and if that is not availabl

[Openvpn-devel] [Patch v4] Add support of utun devices under Mac OS X

2013-06-20 Thread Arne Schwabe
Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do not work together). When OpenVPN is compiled with utun support it will if no dev-node is given first try to use utun and if that is not availabl

Re: [Openvpn-devel] [Patch v3.1] Add support of utun devices under Mac OS X

2013-06-20 Thread Arne Schwabe
Am 20.06.13 15:32, schrieb Jonathan K. Bullard: > A minor problem is that for each of the 255 attempts to get a utun > device (device #0 through device #254), it generates the following > warning message: > Opening utun (ioctl(CTLIOCGINFO)): No such file or directory > It's ugly, but cosmetic.

Re: [Openvpn-devel] [Patch v3.1] Add support of utun devices under Mac OS X

2013-06-20 Thread Jonathan K. Bullard
On Thu, Jun 20, 2013 at 4:58 AM, Arne Schwabe wrote: > I have a OS X 10.6 VM with Xcode 3.2.6 installed and this VM has the > if/utun.h header. I probably was added somewhere between 10.6.0 and 10.6.8. Ah. Thanks for mentioning this. That makes sense. > I changed the M_ERR to M_WARN. It should

Re: [Openvpn-devel] [PATCH] Always load intermediate certificates from a PKCS#12 file

2013-06-20 Thread Adriaan de Jong
Hi Heikki, I haven't run the patch, or tried to compile it as I haven't got my dev-setup handy. It looks good though. Featurewise it gets an ack from me, as sending intermediate certs is encouraged in the TLS standard. One minor nit-picky point: there's a bit of whitespace fixing in there with

[Openvpn-devel] [PATCH] Always load intermediate certificates from a PKCS#12 file

2013-06-20 Thread Heikki Hannikainen
Hi, This one supersedes my previous patch (http://thread.gmane.org/gmane.network.openvpn.devel/7599) which added an extra option to load trusted CA certs from both PKCS#12 and the --ca PEM file. This new patch enables loading of extra intermediate certs from PKCS#12 even when --ca is set, wh

[Openvpn-devel] [Patch v3.1] Add support of utun devices under Mac OS X

2013-06-20 Thread Arne Schwabe
Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do not work together). When OpenVPN is compiled with utun support it will if no dev-node is given first try to use utun and if that is not availabl

Re: [Openvpn-devel] [Patch v2] Add support of utun devices under Mac OS X

2013-06-20 Thread Arne Schwabe
Am 20.06.13 05:17, schrieb Jonathan K. Bullard: > On Tue, Jun 18, 2013 at 1:23 AM, Arne Schwabe wrote: >> Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" >> utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do >> not work together). >> >> When Op

[Openvpn-devel] [Patch v3] Add support of utun devices under Mac OS X

2013-06-20 Thread Arne Schwabe
Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do not work together). When OpenVPN is compiled with utun support it will if no dev-node is given first try to use utun and if that is not availabl

Re: [Openvpn-devel] OpenVPN Versioning

2013-06-20 Thread Joachim Schipper
>From James Yonan : > On 18/06/2013 01:41, Joachim Schipper wrote: > > From James Yonan : > >> On 14/06/2013 02:47, Joachim Schipper wrote: > >>> >From James Yonan : > TLS Protocol > > > Since day 1, OpenVPN has used TLS 1.0 as a control channel and key > excha

[Openvpn-devel] Topics for today's community meeting

2013-06-20 Thread Samuli Seppänen
Hi, We're having an IRC meeting today, starting at 18:00 UTC on #openvpn-de...@irc.freenode.net. Current topic list is here: If you have any other things you'd like to bring up, respond to this mail, send me mail privately or add the

Re: [Openvpn-devel] [Patch v2] Add support of utun devices under Mac OS X

2013-06-20 Thread Jonathan K. Bullard
On Tue, Jun 18, 2013 at 1:23 AM, Arne Schwabe wrote: > > Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" > utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do > not work together). > > When OpenVPN is compiled with utun support it will if no dev