Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Am 28.11.15 um 18:25 schrieb Selva Nair: > Hi, > > On Sat, Nov 28, 2015 at 10:08 AM, ValdikSS > wrote: > > Hi! > > You have the point, note is confusing on XP. Changed it to "…on > Windows Vista or later". > > > That doesn't

[Openvpn-devel] [PATCH] Fix openssl builds with custom-built library: specify most-dependent first

Libraries should be specified from left-to-right as most-dependent to least-dependent. Thus, -lssl comes first, then -lcrypto. (This does not fail when pkg-config finds your libraries for you, since we tell it '-lssl needs -lcrypto' and we then end up with "-lcrypto -lssl -lcrypto", which is not

[Openvpn-devel] [PATCH] Un-break compilation on *BSD

Commit 2191c47165 introduced code to handle IP address query on multihoming hosts for IP_PKTINFO-supporting OSes, but all the BSDs need the "#elsif IP_RECVDSTADDR" variant... add code equivalent to what we have in socket.c/print_link_socket_actual_ex() Tested on FreeBSD 9.3/sparc64

Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi, On Sat, Nov 28, 2015 at 10:08 AM, ValdikSS wrote: > Hi! > > You have the point, note is confusing on XP. Changed it to "…on Windows > Vista or later". > That doesn't make it any less confusing. If I run a generic 2.3 (i.e no wfp) build on on windows 7. I'll get that

[Openvpn-devel] [PATCH v6-2.3] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 0 src/openvpn/options.c | 16

[Openvpn-devel] [PATCH v6-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

This option blocks all out-of-tunnel communication on TCP/UDP port 53 (except for OpenVPN itself), preventing DNS Leaks on Windows 8.1 and 10. --- doc/openvpn.8 | 12 ++- src/openvpn/Makefile.am | 2 +- src/openvpn/init.c | 17 src/openvpn/openvpn.vcxproj | 4

Re: [Openvpn-devel] [PATCH v5-master] Add Windows DNS Leak fix using WFP ('block-outside-dns')

Hi! You have the point, note is confusing on XP. Changed it to "…on Windows Vista or later". Non-fatal note message is intended to have one config file on various platforms without any modifications. On the other hand, you probably would still use ignore-unknown-option to comply with outdated

Re: [Openvpn-devel] [PATCH applied] Re: extend management interface command state

hi, On Sat, Nov 28, 2015 at 02:41:44PM +0100, Gert Doering wrote: > Your patch has been applied to the master branch. > > commit 2191c4716537b3d3e81b0e746f666dd365b65abd > Author: Heiko Hund > Date: Wed Nov 25 13:57:00 2015 +0100 ... and while it works nicely on Linux, it blows off all the

[Openvpn-devel] [PATCH applied] Re: extend management interface command state

Your patch has been applied to the master branch. commit 2191c4716537b3d3e81b0e746f666dd365b65abd Author: Heiko Hund List-Post: openvpn-devel@lists.sourceforge.net Date: Wed Nov 25 13:57:00 2015 +0100 extend management interface command state Signed-off-by: Heiko Hund

[Openvpn-devel] [PATCH applied] Re: Fix rand_bytes return value checking

ACK2. Your patch has been applied to the master and release/2.3 branch. commit 5a73356ae5d0bf94ec81a33c7dcda6a41651ca6c (master) commit 2a15e74dd2669fd25bb0a77f4f52918713665ce6 (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Nov 28 11:38:25 2015

[Openvpn-devel] [PATCH applied] Re: openssl: properly check return value of RAND_bytes()

ACK2. Your patch has been applied to the master and release/2.3 branch. Note: crypto_msg() was changed to msg() for 2.3 commit 756602e7da11362f25be04743cd09f798b6f528a (master) commit ee714263892068171181e683aef9bc5e9dcac54a (release/2.3) Author: Steffan Karger List-Post:

Re: [Openvpn-devel] [PATCH 1/2] openssl: properly check return value of RAND_bytes()

Am 28.11.15 um 11:38 schrieb Steffan Karger: > This patch is in response to an off-list report by Sebastian Krahmer of > the SuSE security team. Sebastian noticed we do not check the return > value of RAND_bytes() correctly. > > The RAND_bytes() man page first says "RAND_bytes() returns 1 on

Re: [Openvpn-devel] [PATCH 2/2] Fix rand_bytes return value checking

Am 28.11.15 um 11:38 schrieb Steffan Karger: > This patch is in response to an off-list report by Sebastian Krahmer of > the SuSE security team. Sebastian noticed we do not check the return > value of rand_bytes() in prng_bytes(), which we really should. ACK. Asserting on failed random seem

[Openvpn-devel] [PATCH 2/2] Fix rand_bytes return value checking

This patch is in response to an off-list report by Sebastian Krahmer of the SuSE security team. Sebastian noticed we do not check the return value of rand_bytes() in prng_bytes(), which we really should. Failing to check the return value occurs if no prng is used (i.e. in static key mode, or

[Openvpn-devel] [PATCH 1/2] openssl: properly check return value of RAND_bytes()

This patch is in response to an off-list report by Sebastian Krahmer of the SuSE security team. Sebastian noticed we do not check the return value of RAND_bytes() correctly. The RAND_bytes() man page first says "RAND_bytes() returns 1 on success, 0 otherwise.", but then a bit later "Both

[Openvpn-devel] [PATCH] Support duplicate x509 field values in environment

As reported in trac #387, an x509 DN can contain duplicate fields. Previously, we would overwrite any previous field value with a new one if we would process a second same-name field. Now, instead, append _$N, starting at N=1 to the name for each consequent field to export all fields to the