[Openvpn-devel] [PATCH applied] Re: Really fix '--cipher none' regression
ACK. Your patch has been applied to the master and release/2.3 branches. commit 98156e90e1e83133a6a6a020db8e7333ada6156b (master) commit 785838614afc20d362b64907b0212e9a779e2287 (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Tue Dec 2 21:42:00 2014 +0100 Really fix '--cipher none' regression Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <1417552920-31770-1-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9300 Signed-off-by: Gert Doering -- kind regards, Gert Doering
Re: [Openvpn-devel] [PATCH applied] Include systemd units in the source tarball (make dist)
From: David Sommerseth -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ACK. Tested with 'make dist' and the systemd unit files are included in the resulting tarball. Your patch has been applied to the master and release/2.3 branches. commit 6ece60c6dc7a3cda58f4dfea4e6cd3016023234f (master) commit d9953bde8e5ce0aabdeaf0893e2115919fc6 (release/2.3) Author: Mike Gilbert List-Post: openvpn-devel@lists.sourceforge.net Date: Tue Dec 2 14:34:22 2014 -0500 Include systemd units in the source tarball (make dist) Acked-by: David Sommerseth Message-Id: 1417548862-24990-1-git-send-email-flop...@gentoo.org URL: http://article.gmane.org/gmane.network.openvpn.devel/9299 Signed-off-by: David Sommerseth - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlR+JFUACgkQDC186MBRfrpSwwCfQBbGbyppwR1h11SBsHXFMDts tS4An0ueWgCsIjm2zKncBSc9dUUJ4Wdw =eK7S -END PGP SIGNATURE-
[Openvpn-devel] [PATCH] Really fix '--cipher none' regression
... by not incorrectly hinting to the compiler the function argument of
cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
case.
Verified the fix on Debian Wheezy, one of the platforms the reporter in
trac #473 mentions with a compiler that would optimize out the required
checks.
Also add a testcase for --cipher none to t_lpback, to prevent further
regressions.
Signed-off-by: Steffan Karger
---
src/openvpn/crypto_backend.h | 6 ++
tests/t_lpback.sh| 3 +++
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index 8749878..4e45df0 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt);
*
* @return true iff the cipher is a CBC mode cipher.
*/
-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
- __attribute__((nonnull));
+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
/**
* Check if the supplied cipher is a supported OFB or CFB mode cipher.
@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
*
* @return true iff the cipher is a OFB or CFB mode cipher.
*/
-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
- __attribute__((nonnull));
+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
/**
diff --git a/tests/t_lpback.sh b/tests/t_lpback.sh
index 8f88ad9..d7792cd 100755
--- a/tests/t_lpback.sh
+++ b/tests/t_lpback.sh
@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers
| \
# GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
+# Also test cipher 'none'
+CIPHERS=${CIPHERS}$(printf "\nnone")
+
"${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
set +e
--
1.9.1
[Openvpn-devel] [PATCH] Include systemd units in the source tarball (make dist)
--- distro/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/distro/Makefile.am b/distro/Makefile.am index 2dd6a6e..bd65b79 100644 --- a/distro/Makefile.am +++ b/distro/Makefile.am @@ -13,3 +13,5 @@ MAINTAINERCLEANFILES = \ $(srcdir)/Makefile.in SUBDIRS = rpm + +EXTRA_DIST = systemd/openvpn-client@.service systemd/openvpn-server@.service -- 2.1.3
Re: [Openvpn-devel] Default gateway can't be determined on illumos/solaris
Hi, On Tue, Dec 02, 2014 at 06:48:44PM +0300, Alexander Pyhalov wrote: > I've sent two patches (from apyha...@gmail.com address) against 2.3 and > master branch), correcting to the list, implementing > get_default_gateway() for Solaris / illumos platforms. Are there any > issues with them? Sorry for never replying to your mail. The patches are sitting in my to-be-reviewed-and-tested queue, but I got distracted by work, security related stuff, etc. Will handle. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpe4PnRxjUrO.pgp Description: PGP signature
Re: [Openvpn-devel] Default gateway can't be determined on illumos/solaris
On 10/13/2014 13:47, Alexander Pyhalov wrote: Hello. In openvpn 2.3.4 on illumos/Solaris clients gateway for client can't be determined, because default stub is used instead of get_default_gateway() function. This means that the following push route option in server config is not working: push "route remote_host 255.255.255.255 net_gateway" OpenVPN client says that it doesn't know net_gateway. The following patch mostly uses existing FreeBSD code to add get_default_gateway() implementation: https://github.com/pyhalov/oi-userland/blob/openvpn/components/openvpn/patches/get_default_gateway.patch . Hello. I've sent two patches (from apyha...@gmail.com address) against 2.3 and master branch), correcting to the list, implementing get_default_gateway() for Solaris / illumos platforms. Are there any issues with them? -- С уважением, Александр Пыхалов, программист отдела телекоммуникационной инфраструктуры управления информационно-коммуникационной инфраструктуры ЮФУ
