[Openvpn-devel] [PATCH 3/3] Fix too-deep indentation.

Fix the indentation on the code block that got moved out of an unneeded "if". --- src/openvpn/misc.c | 116 ++--- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index e0aa5f9..517a2eb 100644

[Openvpn-devel] [PATCH 2/3] Move 2 prompt buffers into deeper blocks.

Two buffers used for username/password prompting can be moved into a deeper block so that they don't get set if they are not going to be used. --- src/openvpn/misc.c | 17 + 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index

[Openvpn-devel] [PATCH 1/3] Fix CR prompting when user & pass are read from a file.

The code that reads the challenge response (both dynamic & static) will not prompt the user if the username and password information was read from a file. In the latest code this can be fixed by simply removing the "if (username_from_stdin || password_from_stdin)" condition because all the deeper

Re: [Openvpn-devel] [PATCH] Warn user if their certificate has expired

On Tue, Dec 15, 2015 at 10:41 PM, Jan Just Keijser wrote: > On 15/12/15 08:53, Gert Doering wrote: >> On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote: >>> Just tried to build openvpn on one of my laptops (Scientific Linux 7.1, >>> openssl-1.0.1e-42.el7). And

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

Hi, > > My original comment about this to an early version of valdikSS' patch > > was on a different level -- if the user want DNS blocked, failure to > block > > should be FATAL. But not respecting ignore-unknown-option only on > > some platforms doesn't look right. > > Well, it is not an

Re: [Openvpn-devel] [PATCH] Warn user if their certificate has expired

Hi, On 15/12/15 08:53, Gert Doering wrote: Hi, On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote: Just tried to build openvpn on one of my laptops (Scientific Linux 7.1, openssl-1.0.1e-42.el7). And it explodes when reaching the SSL_CTX_get0_certificate(), it seems that support

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

Hi, On Tue, Dec 15, 2015 at 04:12:25PM -0500, Selva Nair wrote: > > Make that "setenv opt block-outside-dns". ignore-unknown-option will > > *not* help here, as it is not "unknown", but just "not working". > > You are right, ignore-unknown .. would have worked with valdikSS patch, > but not any

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

Hi, On Tue, Dec 15, 2015 at 3:54 PM, Gert Doering wrote: > Hi, > > On Tue, Dec 15, 2015 at 12:25:23PM -0500, Selva Nair wrote: > > > 2. release/2.3 (and upcoming 2.3.9) > > - May be built for target = winxp > > (this is the default target in openvpn-build if release/2.3

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

Hi, On Tue, Dec 15, 2015 at 12:25:23PM -0500, Selva Nair wrote: > 1. git_master: > - May be built with target = vista and will run correctly only on vista > and above > (this is the default target in openvpn-build if git-master source is > used) > - Will support --block-outside-dns when

Re: [Openvpn-devel] [PATCH] Improve stdin prompting section, fixing CR prompting.

Hi, On Mon, Dec 14, 2015 at 4:10 PM, Selva Nair wrote: > >> I took a quick look and it seems a simplified patch that addresses the >> most critical-sounding issue (challenge/reponse not prompted for >> from stdin) may be more useful. >> > > > That's exactly what that patch

Re: [Openvpn-devel] [PATCHv2] Implement the compression V2 data format for stub and lz4.

Hi Arne, Some comments after a first review: On Thu, Dec 10, 2015 at 1:39 PM, Arne Schwabe wrote: > V2: Fix an unintended change in the old lz4 decompress code. > > [..snip...] > > +static void > +lz4_compress (struct buffer *buf, struct buffer work, > + struct

Re: [Openvpn-devel] [PATCH] Use example.com to improve clarity of documentation

Hi, On Tue, Dec 15, 2015 at 08:54:23PM +0100, Steffan Karger wrote: > Ooh, I like using alice and bob! +1 I'm fine with using example.com, but "host1" and "host2" just didn't ring true (but I was too busy to spell this out). gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-devel] [PATCH] Use example.com to improve clarity of documentation

On Tue, Dec 15, 2015 at 2:54 PM, Steffan Karger wrote: > On Tue, Dec 15, 2015 at 8:46 PM, David Sommerseth > wrote: > > On 30/11/15 04:03, Phillip Smith wrote: > >> This patch uses the generic "host1.example.com" and "host2.example.com" > to

Re: [Openvpn-devel] [PATCH] Use example.com to improve clarity of documentation

On 30/11/15 04:03, Phillip Smith wrote: > This patch uses the generic "host1.example.com" and "host2.example.com" to > replace the current "may" and "june" hostname examples. Generic names chosen > rather than other names like "server"/"client" or > "head-office"/"remote-office" > etc which may

Re: [Openvpn-devel] [PATCH] Use example.com to improve clarity of documentation

Hi Philip, On Mon, Nov 30, 2015 at 4:03 AM, Phillip Smith wrote: > This patch uses the generic "host1.example.com" and "host2.example.com" to > replace the current "may" and "june" hostname examples. Generic names chosen > rather than other names like "server"/"client" or >

Re: [Openvpn-devel] [PATCH] Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.0.2

Hi, On Tue, Dec 15, 2015 at 6:24 PM, Jan Just Keijser wrote: > ah well, in that case I would simply write out get0_certificate again: the > code for that function actually is: > > 3011 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) > 3012 { > 3013 if (ctx->cert !=

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

- Original Message - From: "Gert Doering" To: Cc: Sent: Tuesday, December 15, 2015 5:10 PM Subject: Re: [Openvpn-devel] [PATCH] Updates to Changes.rst This is a bug in the mingw header files. You need

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

On Tue, Dec 15, 2015 at 11:29 AM, wrote: > Any clarity on what to expect of the --block-outside-dns option > and what windows version it is/will be support would help. > 1. git_master: - May be built with target = vista and will run correctly only on vista and above

Re: [Openvpn-devel] [PATCH] Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.0.2

Hi, On 15/12/15 13:21, Steffan Karger wrote: The SSL_CTX_get0_certificate() function I used in 091edd8e is available in OpenSSL 1.0.2+ only. Older versions seem to not have a useful alternative. The remaining option would then be to create a cache for our parsed certificate, but that would

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

Hi, On Tue, Dec 15, 2015 at 04:29:21PM -, debbie...@gmail.com wrote: > > From: Samuli Seppänen > > > > This patch is for the release/2.3 branch [..] > > -Peer ID support > > +Windows DNS leak fix > > +This feature allows blocking all out-of-tunnel communication on >

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

Hi, On Tue, Dec 15, 2015 at 04:40:32PM +0200, sam...@openvpn.net wrote: > From: Samuli Seppänen > > This patch is for the "master" branch This one does not apply to my "master" branch... Applying: Updates to Changes.rst error: patch failed: Changes.rst:34 error:

[Openvpn-devel] [PATCH applied] Re: Updates to Changes.rst

ACK, and thanks for getting this started. Your patch has been applied to the release/2.3 branch. (I have added a bit more to it, some of the user-visible changes were missing) commit 3b1fa7f6ebe5d4bedfe66aac33222e7e1e3e420a Author: Samuli Seppänen List-Post: openvpn-devel@lists.sourceforge.net

Re: [Openvpn-devel] [PATCH] Updates to Changes.rst

Hi - Original Message - From: To: Sent: Tuesday, December 15, 2015 3:00 PM Subject: [Openvpn-devel] [PATCH] Updates to Changes.rst From: Samuli Seppänen This patch is for the release/2.3 branch

[Openvpn-devel] [PATCH] Updates to Changes.rst

From: Samuli Seppänen This patch is for the release/2.3 branch Signed-off-by: Samuli Seppänen --- Changes.rst | 390 ++-- 1 file changed, 383 insertions(+), 7 deletions(-) diff --git a/Changes.rst

[Openvpn-devel] [PATCH] Updates to Changes.rst

From: Samuli Seppänen This patch is for the "master" branch Signed-off-by: Samuli Seppänen --- Changes.rst | 21 +++-- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/Changes.rst b/Changes.rst index 41629bd..61e1e59

Re: [Openvpn-devel] [PATCH] Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.0.2

Hi, On 15/12/15 10:12, Steffan Karger wrote: Hi, On Tue, Dec 15, 2015 at 9:42 AM, Jan Just Keijser wrote: On 14/12/15 23:14, Steffan Karger wrote: The SSL_CTX_get0_certificate() function I used in 091edd8e is available in OpenSSL 1.0.2+ only. Older versions seem to not

Re: [Openvpn-devel] [PATCH] Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.0.2

Hi, On Tue, Dec 15, 2015 at 9:42 AM, Jan Just Keijser wrote: > On 14/12/15 23:14, Steffan Karger wrote: >> The SSL_CTX_get0_certificate() function I used in 091edd8e is available in >> OpenSSL 1.0.2+ only. Older versions seem to not have a useful >> alternative. >> The

Re: [Openvpn-devel] [PATCH] Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.0.2

Hi, On 14/12/15 23:14, Steffan Karger wrote: The SSL_CTX_get0_certificate() function I used in 091edd8e is available in OpenSSL 1.0.2+ only. Older versions seem to not have a useful alternative. The remaining option would then be to create a cache for our parsed certificate, but that would

[Openvpn-devel] [PATCH applied] Re: Fix VS2013 compilation

ACK, as this is basically the "2.3" parts of commit 123092a7a95. Thanks. Your patch has been applied to the release/2.3 branch. commit 723c7c3d3a95f04a233449efd3ccd647eb0e1bf6 (release/2.3) Author: Lev Stipakov List-Post: openvpn-devel@lists.sourceforge.net Date: Tue Dec 15 10:18:22 2015

[Openvpn-devel] [PATCH 2.3] Fix VS2013 compilation

Update toolset, define __attribute__. Signed-off-by: Lev Stipakov --- src/compat/compat.vcxproj | 4 +++- src/openvpn/openvpn.vcxproj | 6 -- src/openvpn/syshead.h | 1 + src/openvpnserv/openvpnserv.vcxproj | 4 +++- 4 files changed, 11

Re: [Openvpn-devel] [PATCH] Warn user if their certificate has expired

Hi, On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote: > Just tried to build openvpn on one of my laptops (Scientific Linux 7.1, > openssl-1.0.1e-42.el7). And it explodes when reaching the > SSL_CTX_get0_certificate(), it seems that support arrived in OpenSSL 1.0.2? > Could that

[Openvpn-devel] [PATCH applied] Re: Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.0.2

ACK (grumble...) Your patch has been applied to the master branch. commit 644f2cdd13f49cd374aebc1fc506474104aac372 Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Dec 14 23:14:45 2015 +0100 Disable certificate notBefore/notAfter sanity check on OpenSSL <

Re: [Openvpn-devel] [PATCH] Improve stdin prompting section, fixing CR prompting.

On Mon, Dec 14, 2015 at 4:10 PM, Selva Nair wrote: > I took a quick look and it seems a simplified patch that addresses the > most critical-sounding issue (challenge/reponse not prompted for > from stdin) may be more useful. > That's exactly what that patch is. >From the

Re: [Openvpn-devel] [PATCH] Warn user if their certificate has expired

On 14/12/15 21:09, Steffan Karger wrote: > Previously, client certificate expiry warnings would only visible in the > server log, and server certificate expiry warnings in the client log. > Both after a (failed) connection attempt. This patch adds a warning to > log when a users own certificate

Re: [Openvpn-devel] Topics for today's (Monday, 14th Dec 2015) community meeting

Hi, On Mon, Dec 14, 2015 at 4:45 PM, Samuli Seppänen wrote: Discussed OpenVPN 2.3.9 release. Here is the release plan: > [..] > In addition: > > > - - the initial windows installers will not have the openvpn-gui changes > - - mattock will provide test installers with the

Re: [Openvpn-devel] [PATCH] Improve stdin prompting section, fixing CR prompting.

Hi, On Mon, Dec 14, 2015 at 4:56 PM, Wayne Davison wrote: > > On Thu, Dec 10, 2015 at 8:57 AM, Wayne Davison > wrote: > >> src/openvpn/misc.c | 119 >> + >> 1 file changed, 57 insertions(+), 62