Re: [Openvpn-devel] [PATCH v2] Add client-only support for peer-id.
ACK. Code is similar to the full-blown patch for master, and float works nicely. -Steffan On 23-11-14 20:17, Gert Doering wrote: > This is a reduced version of the peer-id patch from Lev Stipakov > implementing only the client side bits - send IV_PROTO=2, accept > "peer-id " as pushed option, support P_DATA_V2 packets. > > v2: remove addition of "struct tls_multi;" to options.h, not needed > > Signed-off-by: Gert Doering> --- > src/openvpn/init.c | 12 +++- > src/openvpn/options.c| 6 ++ > src/openvpn/options.h| 4 > src/openvpn/ssl.c| 40 +++- > src/openvpn/ssl.h| 3 ++- > src/openvpn/ssl_common.h | 4 > 6 files changed, 62 insertions(+), 7 deletions(-) > > diff --git a/src/openvpn/init.c b/src/openvpn/init.c > index 18f506c..4cfa132 100644 > --- a/src/openvpn/init.c > +++ b/src/openvpn/init.c > @@ -1711,7 +1711,8 @@ pull_permission_mask (const struct context *c) > | OPT_P_MESSAGES > | OPT_P_EXPLICIT_NOTIFY > | OPT_P_ECHO > -| OPT_P_PULL_MODE; > +| OPT_P_PULL_MODE > +| OPT_P_PEER_ID; > >if (!c->options.route_nopull) > flags |= (OPT_P_ROUTE | OPT_P_IPWIN32); > @@ -1790,6 +1791,15 @@ do_deferred_options (struct context *c, const unsigned > int found) > msg (D_PUSH, "OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options > modified"); >if (found & OPT_P_SETENV) > msg (D_PUSH, "OPTIONS IMPORT: environment modified"); > + > +#ifdef ENABLE_SSL > + if (found & OPT_P_PEER_ID) > +{ > + msg (D_PUSH, "OPTIONS IMPORT: peer-id set"); > + c->c2.tls_multi->use_peer_id = true; > + c->c2.tls_multi->peer_id = c->options.peer_id; > +} > +#endif > } > > /* > diff --git a/src/openvpn/options.c b/src/openvpn/options.c > index d91bb63..5bddca4 100644 > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -6996,6 +6996,12 @@ add_option (struct options *options, >options->persist_mode = 1; > } > #endif > + else if (streq (p[0], "peer-id")) > +{ > + VERIFY_PERMISSION (OPT_P_PEER_ID); > + options->use_peer_id = true; > + options->peer_id = atoi(p[1]); > +} >else > { >int i; > diff --git a/src/openvpn/options.h b/src/openvpn/options.h > index 2c18838..af9a47f 100644 > --- a/src/openvpn/options.h > +++ b/src/openvpn/options.h > @@ -594,6 +594,9 @@ struct options >bool show_net_up; >int route_method; > #endif > + > + bool use_peer_id; > + uint32_t peer_id; > }; > > #define streq(x, y) (!strcmp((x), (y))) > @@ -629,6 +632,7 @@ struct options > #define OPT_P_SOCKBUF (1<<25) > #define OPT_P_SOCKFLAGS (1<<26) > #define OPT_P_CONNECTION (1<<27) > +#define OPT_P_PEER_ID (1<<28) > > #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE)) > > diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c > index 281176e..2373582 100644 > --- a/src/openvpn/ssl.c > +++ b/src/openvpn/ssl.c > @@ -627,6 +627,8 @@ packet_opcode_name (int op) >return "P_ACK_V1"; > case P_DATA_V1: >return "P_DATA_V1"; > +case P_DATA_V2: > + return "P_DATA_V2"; > default: >return "P_???"; > } > @@ -1053,6 +1055,9 @@ tls_multi_init (struct tls_options *tls_options) >ret->key_scan[1] = >session[TM_ACTIVE].key[KS_LAME_DUCK]; >ret->key_scan[2] = >session[TM_LAME_DUCK].key[KS_LAME_DUCK]; > > + /* By default not use P_DATA_V2 */ > + ret->use_peer_id = false; > + >return ret; > } > > @@ -1828,6 +1833,8 @@ push_peer_info(struct buffer *buf, struct tls_session > *session) > #ifdef ENABLE_LZO_STUB >buf_printf (, "IV_LZO_STUB=1\n"); > #endif > + /* support for P_DATA_V2 */ > + buf_printf(, "IV_PROTO=2\n"); > >if (session->opt->push_peer_info_detail >= 2) > { > @@ -2777,8 +2784,9 @@ tls_pre_decrypt (struct tls_multi *multi, > key_id = c & P_KEY_ID_MASK; >} > > - if (op == P_DATA_V1) > - { /* data channel packet */ > + if ((op == P_DATA_V1) || (op == P_DATA_V2)) > + { > + /* data channel packet */ > for (i = 0; i < KEY_SCAN_SIZE; ++i) > { > struct key_state *ks = multi->key_scan[i]; > @@ -2810,7 +2818,19 @@ tls_pre_decrypt (struct tls_multi *multi, > opt->pid_persist = NULL; > opt->flags &= multi->opt.crypto_flags_and; > opt->flags |= multi->opt.crypto_flags_or; > + > ASSERT (buf_advance (buf, 1)); > + if (op == P_DATA_V2) > + { > + if (buf->len < 4) > + { > + msg (D_TLS_ERRORS, "Protocol error: received > P_DATA_V2 from %s but length is < 4", > + print_link_socket_actual (from, )); > + goto error; > + } > + ASSERT (buf_advance (buf, 3)); >
Re: [Openvpn-devel] [PATCH] configure.ac: fix default behavior
On Sat, Nov 22, 2014 at 12:57 PM, Gert Doeringwrote: > Hiya, > > On Sat, Nov 22, 2014 at 11:47:05AM +0100, Arne Schwabe wrote: >> Almost anybody always turns this feature on, at least all distribution >> have it on. > > Which is indeed a strong argument for removing the conditional... maybe > quickly discuss this ("anyone strongly opposed?") at the next meeting? Btw another mismatch: AC_ARG_ENABLE( [small], [AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=yes@:>@])], , [enable_small="no"] ) Yegor
[Openvpn-devel] [PATCH v2] Add client-only support for peer-id.
This is a reduced version of the peer-id patch from Lev Stipakov implementing only the client side bits - send IV_PROTO=2, accept "peer-id " as pushed option, support P_DATA_V2 packets. v2: remove addition of "struct tls_multi;" to options.h, not needed Signed-off-by: Gert Doering--- src/openvpn/init.c | 12 +++- src/openvpn/options.c| 6 ++ src/openvpn/options.h| 4 src/openvpn/ssl.c| 40 +++- src/openvpn/ssl.h| 3 ++- src/openvpn/ssl_common.h | 4 6 files changed, 62 insertions(+), 7 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 18f506c..4cfa132 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1711,7 +1711,8 @@ pull_permission_mask (const struct context *c) | OPT_P_MESSAGES | OPT_P_EXPLICIT_NOTIFY | OPT_P_ECHO -| OPT_P_PULL_MODE; +| OPT_P_PULL_MODE +| OPT_P_PEER_ID; if (!c->options.route_nopull) flags |= (OPT_P_ROUTE | OPT_P_IPWIN32); @@ -1790,6 +1791,15 @@ do_deferred_options (struct context *c, const unsigned int found) msg (D_PUSH, "OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified"); if (found & OPT_P_SETENV) msg (D_PUSH, "OPTIONS IMPORT: environment modified"); + +#ifdef ENABLE_SSL + if (found & OPT_P_PEER_ID) +{ + msg (D_PUSH, "OPTIONS IMPORT: peer-id set"); + c->c2.tls_multi->use_peer_id = true; + c->c2.tls_multi->peer_id = c->options.peer_id; +} +#endif } /* diff --git a/src/openvpn/options.c b/src/openvpn/options.c index d91bb63..5bddca4 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6996,6 +6996,12 @@ add_option (struct options *options, options->persist_mode = 1; } #endif + else if (streq (p[0], "peer-id")) +{ + VERIFY_PERMISSION (OPT_P_PEER_ID); + options->use_peer_id = true; + options->peer_id = atoi(p[1]); +} else { int i; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 2c18838..af9a47f 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -594,6 +594,9 @@ struct options bool show_net_up; int route_method; #endif + + bool use_peer_id; + uint32_t peer_id; }; #define streq(x, y) (!strcmp((x), (y))) @@ -629,6 +632,7 @@ struct options #define OPT_P_SOCKBUF (1<<25) #define OPT_P_SOCKFLAGS (1<<26) #define OPT_P_CONNECTION (1<<27) +#define OPT_P_PEER_ID (1<<28) #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE)) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 281176e..2373582 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -627,6 +627,8 @@ packet_opcode_name (int op) return "P_ACK_V1"; case P_DATA_V1: return "P_DATA_V1"; +case P_DATA_V2: + return "P_DATA_V2"; default: return "P_???"; } @@ -1053,6 +1055,9 @@ tls_multi_init (struct tls_options *tls_options) ret->key_scan[1] = >session[TM_ACTIVE].key[KS_LAME_DUCK]; ret->key_scan[2] = >session[TM_LAME_DUCK].key[KS_LAME_DUCK]; + /* By default not use P_DATA_V2 */ + ret->use_peer_id = false; + return ret; } @@ -1828,6 +1833,8 @@ push_peer_info(struct buffer *buf, struct tls_session *session) #ifdef ENABLE_LZO_STUB buf_printf (, "IV_LZO_STUB=1\n"); #endif + /* support for P_DATA_V2 */ + buf_printf(, "IV_PROTO=2\n"); if (session->opt->push_peer_info_detail >= 2) { @@ -2777,8 +2784,9 @@ tls_pre_decrypt (struct tls_multi *multi, key_id = c & P_KEY_ID_MASK; } - if (op == P_DATA_V1) - { /* data channel packet */ + if ((op == P_DATA_V1) || (op == P_DATA_V2)) + { + /* data channel packet */ for (i = 0; i < KEY_SCAN_SIZE; ++i) { struct key_state *ks = multi->key_scan[i]; @@ -2810,7 +2818,19 @@ tls_pre_decrypt (struct tls_multi *multi, opt->pid_persist = NULL; opt->flags &= multi->opt.crypto_flags_and; opt->flags |= multi->opt.crypto_flags_or; + ASSERT (buf_advance (buf, 1)); + if (op == P_DATA_V2) + { + if (buf->len < 4) + { + msg (D_TLS_ERRORS, "Protocol error: received P_DATA_V2 from %s but length is < 4", + print_link_socket_actual (from, )); + goto error; + } + ASSERT (buf_advance (buf, 3)); + } + ++ks->n_packets; ks->n_bytes += buf->len; dmsg (D_TLS_KEYSELECT, @@ -3375,14 +3395,24 @@ tls_post_encrypt (struct tls_multi *multi, struct buffer *buf) { struct key_state *ks; uint8_t *op; + uint32_t peer; ks = multi->save_ks; multi->save_ks = NULL; if (buf->len > 0) { ASSERT (ks); -
[Openvpn-devel] [PATCH applied] Re: Modernize sample keys and sample configs
ACK, thanks. Your patch has been applied to the release/2.3 branch. commit b77c27a1d945d740c7e7f6b64b1227d5d9077aa5 (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Thu Oct 23 00:14:29 2014 +0200 Modernize sample keys and sample configs Signed-off-by: Steffan KargerAcked-by: Gert Doering Message-Id: <54721611.4020...@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9271 Signed-off-by: Gert Doering -- kind regards, Gert Doering
Re: [Openvpn-devel] [PATCH] Peer-id patch v7
On 23-11-14 16:17, Lev Stipakov wrote: > Added new packet format P_DATA_V2, which includes peer-id. If server > supports, client sends all data packets in the new format. When data > packet arrives, server identifies peer by peer-id. If peer's ip/port has > changed, server assumes that client has floated, verifies HMAC and > updates ip/port in internal structs. ACK During the hackathon, the group decided that this indeed is a nice way to support floating clients. I did a code review, but no real testing (just 'make check', including t_client). Lev, Gert and Arne have however performed real-life tests with multiple iterations of this patch. A remaining issue is that the memory usage of a client increases for each 'float', because generate_prefix(mi) allocates memory on each call, which will only be free'd when the client disconnects. However, we agreed to fix that in a separate patch. -Steffan
Re: [Openvpn-devel] [PATCH applied] Modernize sample keys and sample configs
Attached the same patch, just cherry-picked to release/2.3, and resolved the merge conflict in the readme file. Since today the old certs expired, which will cause 'make check' to fail, this probably just got a bit more priority. -Steffan On 15-11-14 17:56, Gert Doering wrote: > Your patch has been applied to the master branch. > > commit 335bbe615a03dad9087d754c9dea330e801ee3c3 > Author: Steffan Karger > Date: Thu Oct 23 00:14:29 2014 +0200 > > Modernize sample keys and sample configs > > Signed-off-by: Steffan Karger> Acked-by: Samuli Seppänen > Message-Id: > > URL: http://article.gmane.org/gmane.network.openvpn.devel/9226 > Signed-off-by: Gert Doering > > > -- > kind regards, > > Gert Doering > >From 4b9e8da831755496c9e555e483d278d70171cf7a Mon Sep 17 00:00:00 2001 From: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Thu, 23 Oct 2014 00:14:29 +0200 Subject: [PATCH] Modernize sample keys and sample configs I kept most of the certificate properties equal to the old certs, since some people's test scripts might rely on them (and it does not require any creativity from my part). Changes: * Add script to generate fresh test/sample keys (but keep sample keys in git for simple testing) * Switch from 1024 to 4096 bits RSA CA * Switch from 1024 to 2048 bits client/server RSA keys * Switch from 1024 to 2048 bits Diffie-Hellman parameters * Generate EC client and server cert, but sign with RSA CA (lets us test EC <-> RSA interoperability) * Remove 3DES cipher from 'sample' config * Add 'remote-cert-tls server' to client config * Update config files to deprecate nsCertType in favour of the keyUsage and extendedKeyUsage extensions. * Make naming more consistent Signed-off-by: Steffan Karger --- sample/sample-config-files/client.conf | 17 ++-- sample/sample-config-files/loopback-client | 2 +- sample/sample-config-files/loopback-server | 3 +- sample/sample-config-files/server.conf | 6 +- sample/sample-config-files/tls-office.conf | 2 +- sample/sample-keys/.gitignore | 1 + sample/sample-keys/README | 21 +++-- sample/sample-keys/ca.crt | 48 ++ sample/sample-keys/ca.key | 67 ++ sample/sample-keys/client-ec.crt | 85 ++ sample/sample-keys/client-ec.key | 5 ++ sample/sample-keys/client-pass.key | 30 +++ sample/sample-keys/client.crt | 126 +- sample/sample-keys/client.key | 43 + sample/sample-keys/client.p12 | Bin 0 -> 4533 bytes sample/sample-keys/dh1024.pem | 5 -- sample/sample-keys/dh2048.pem | 8 ++ sample/sample-keys/gen-sample-keys.sh | 75 sample/sample-keys/openssl.cnf | 139 + sample/sample-keys/pass.crt| 65 -- sample/sample-keys/pass.key| 18 sample/sample-keys/pkcs12.p12 | Bin 2685 -> 0 bytes sample/sample-keys/server-ec.crt | 96 sample/sample-keys/server-ec.key | 5 ++ sample/sample-keys/server.crt | 130 ++- sample/sample-keys/server.key | 43 + 26 files changed, 781 insertions(+), 259 deletions(-) create mode 100644 sample/sample-keys/.gitignore create mode 100644 sample/sample-keys/client-ec.crt create mode 100644 sample/sample-keys/client-ec.key create mode 100644 sample/sample-keys/client-pass.key create mode 100644 sample/sample-keys/client.p12 delete mode 100644 sample/sample-keys/dh1024.pem create mode 100644 sample/sample-keys/dh2048.pem create mode 100755 sample/sample-keys/gen-sample-keys.sh create mode 100644 sample/sample-keys/openssl.cnf delete mode 100644 sample/sample-keys/pass.crt delete mode 100644 sample/sample-keys/pass.key delete mode 100644 sample/sample-keys/pkcs12.p12 create mode 100644 sample/sample-keys/server-ec.crt create mode 100644 sample/sample-keys/server-ec.key diff --git a/sample/sample-config-files/client.conf b/sample/sample-config-files/client.conf index 58b2038..050ef60 100644 --- a/sample/sample-config-files/client.conf +++ b/sample/sample-config-files/client.conf @@ -89,18 +89,19 @@ ca ca.crt cert client.crt key client.key -# Verify server certificate by checking -# that the certicate has the nsCertType -# field set to "server". This is an -# important precaution to protect against +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against # a potential attack discussed here: #
[Openvpn-devel] [PATCH] Peer-id patch v7
Added new packet format P_DATA_V2, which includes peer-id. If server supports, client sends all data packets in the new format. When data packet arrives, server identifies peer by peer-id. If peer's ip/port has changed, server assumes that client has floated, verifies HMAC and updates ip/port in internal structs. Changes in v7: A few nitpicks. Changes in v6: Fixed: Make sure float won't happen if hmac check failed (regression). Fixed: Access outside of bounds of array, which has caused memory corruption and crash. Various review fixes. Changes in v5: Protection agains replay attack by commiting float changes only after existing packet processing flow has completed. If peer floats to an address which is already taken by another active session, drop float packet, otherwise disconnect existing session. Changes in v4: Handles correctly float to an address which is used by another peer. This also has fixed crash on assert in multi_client_disconnect. Changes in v3: Bugfix: If float happens after TLS renegotiation and there are no data packets between reneg and float, server will not recognize floated client. --- src/openvpn/forward.c| 50 - src/openvpn/forward.h| 30 --- src/openvpn/init.c | 12 +- src/openvpn/mudp.c | 57 +--- src/openvpn/mudp.h | 2 +- src/openvpn/multi.c | 97 ++-- src/openvpn/multi.h | 19 ++ src/openvpn/options.c| 6 +++ src/openvpn/options.h| 4 ++ src/openvpn/push.c | 13 +++ src/openvpn/ssl.c| 74 src/openvpn/ssl.h| 15 +++- src/openvpn/ssl_common.h | 4 ++ 13 files changed, 332 insertions(+), 51 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 27b775f..b772d9a 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -722,20 +722,11 @@ read_incoming_link (struct context *c) perf_pop (); } -/* - * Input: c->c2.buf - * Output: c->c2.to_tun - */ - -void -process_incoming_link (struct context *c) +bool +process_incoming_link_part1 (struct context *c, struct link_socket_info *lsi, bool floated) { struct gc_arena gc = gc_new (); - bool decrypt_status; - struct link_socket_info *lsi = get_link_socket_info (c); - const uint8_t *orig_buf = c->c2.buf.data; - - perf_push (PERF_PROC_IN_LINK); + bool decrypt_status = false; if (c->c2.buf.len > 0) { @@ -805,7 +796,7 @@ process_incoming_link (struct context *c) * will load crypto_options with the correct encryption key * and return false. */ - if (tls_pre_decrypt (c->c2.tls_multi, >c2.from, >c2.buf, >c2.crypto_options)) + if (tls_pre_decrypt (c->c2.tls_multi, >c2.from, >c2.buf, >c2.crypto_options, floated)) { interval_action (>c2.tmp_int); @@ -832,11 +823,25 @@ process_incoming_link (struct context *c) /* decryption errors are fatal in TCP mode */ register_signal (c, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ msg (D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting"); - goto done; } - +#else /* ENABLE_CRYPTO */ + decrypt_status = true; #endif /* ENABLE_CRYPTO */ +} + else +{ + buf_reset (>c2.to_tun); +} + gc_free (); + return decrypt_status; +} + +void +process_incoming_link_part2 (struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf) +{ + if (c->c2.buf.len > 0) +{ #ifdef ENABLE_FRAGMENT if (c->c2.fragment) fragment_incoming (c->c2.fragment, >c2.buf, >c2.frame_fragment); @@ -903,9 +908,20 @@ process_incoming_link (struct context *c) { buf_reset (>c2.to_tun); } - done: +} + +void +process_incoming_link (struct context *c) +{ + perf_push (PERF_PROC_IN_LINK); + + struct link_socket_info *lsi = get_link_socket_info (c); + const uint8_t *orig_buf = c->c2.buf.data; + + process_incoming_link_part1(c, lsi, false); + process_incoming_link_part2(c, lsi, orig_buf); + perf_pop (); - gc_free (); } /* diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index 1830a00..eccbf36 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -127,12 +127,11 @@ void encrypt_sign (struct context *c, bool comp_frag); */ void read_incoming_link (struct context *c); - /** - * Process a packet read from the external network interface. + * Starts processing a packet read from the external network interface. * @ingroup external_multiplexer * - * This function controls the processing of a data channel packet which + * This function starts the processing of a data channel packet which * has come out of a VPN tunnel. It's high-level structure is as follows: * - Verify that a nonzero length packet has been received from a valid * source address for the given context \a
[Openvpn-devel] [PATCH applied] Re: polarssl: fix unreachable code
Your patch has been applied to the master branch. commit 98c5de769d6bcd4822b2fd81ae4f4b05edff5c0e Author: Yegor Yefremov List-Post: openvpn-devel@lists.sourceforge.net Date: Sun Nov 23 13:21:43 2014 +0100 polarssl: fix unreachable code Signed-off-by: Yegor YefremovAcked-by: Steffan Karger Message-Id: <1416745303-23641-1-git-send-email-yegorsli...@googlemail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/9266 Signed-off-by: Gert Doering -- kind regards, Gert Doering
Re: [Openvpn-devel] [PATCH] polarssl: fix unreachable code
ACK. Harmless, but definitely an oversight. -Steffan On 23-11-14 13:21, Yegor Yefremov wrote: > Found via cppcheck and compile-tested. > > Signed-off-by: Yegor Yefremov> --- > src/openvpn/ssl_polarssl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c > index b026a17..2036885 100644 > --- a/src/openvpn/ssl_polarssl.c > +++ b/src/openvpn/ssl_polarssl.c > @@ -846,8 +846,8 @@ key_state_write_plaintext (struct key_state_ssl *ks, > struct buffer *buf) > >if (0 == buf->len) > { > - return 0; >perf_pop (); > + return 0; > } > >retval = ssl_write(ks->ctx, BPTR(buf), buf->len); >
[Openvpn-devel] [PATCH applied] Re: socket: remove duplicate expression
ACK (obviously correct, Arne just beat me to it). Your patch has been applied to the master branch. commit d0ce829fbc2b3656c433e14f2c1c1b3db3b069c7 (master) Author: Yegor Yefremov List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Nov 22 21:13:35 2014 +0100 socket: remove duplicate expression Signed-off-by: Yegor YefremovAcked-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <1416687215-26904-1-git-send-email-yegorsli...@googlemail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/9263 Signed-off-by: Gert Doering -- kind regards, Gert Doering