2017-02-17 23:17 GMT+05:00 Илья Шипицин :
>
> Пт, 17 февр. 2017 г. в 22:21, David Sommerseth topphemmelig.net>:
>
>> On 17/02/17 17:35, Emmanuel Deloget wrote:
>> >
>> > Now, I have a question which is related to this. The way I'm doing
>> > things, I will make sure that the new code is compatibl
On 17/02/17 22:59, Emmanuel Deloget wrote:
> I'm not targetting 2.4 -- my work is done on the current master. Adding
> hundreds of lines to the current 2.4 for the purpose of supporting a library
> which is not yet present on the user systems does not make much sense :)
Currently, master and relea
Hello Gert,
2017-02-16 8:47 GMT+01:00 Gert Doering :
> Your patch has been applied to the master and release/2.4 branch.
>
> Not sure if it is something we want in release/2.3, but it wouldn't apply
> with "git cherry-pick" - too much formatting changes, so one would need
> to do it manually ("but
Hello Antonio,
2017-02-16 3:34 GMT+01:00 Antonio Quartulli :
>
> You need to put an empty line between the subject and the body.
> For example:
>
>
> my commit message
>
> this is the body and can be multiline
> random text here...
> and here...
Thanks, I'll remember for a next time.
Best Regard
Hello all,
I wrote this back in the openvpn-2.2-beta3 days and always wanted to
submit the code but never got to it---so here it is! I used it with a
userspace slirp-stdio implementation to get a tunnel without root
priveleges.
--dev-pipe /usr/local/bin/some_script arg1 arg2 ... arg15
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including HMAC_CTX. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed
From: Emmanuel Deloget
OpenSSL 1.1 changed the SSLv3 API and removed many SSL_L_SSL3_*
constants. Moreover, new code might use different function
code for the same error.
Thus, we extract the error reason from the error code before
we compare it instead of trying to rebuild an error code
that mi
From: Emmanuel Deloget
Although it is required by BIO_new() to have a non-const object,
this is merely an OpenSSL interface accident. Newer versions of
OpenSSL (i.e. OpenSSL 1.1) have are a bit better w.r.t. constification
and changed this.
As a result, we can safely constify the BIO_METHOD para
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including EVP_MD_CTX. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Sign
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including X509_STORE_CTX. We have to use the defined
functions to do so.
Fortunately, these functions have existed since the dawn of time so
we don't have any compatibility issue here.
Signed-
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including RSA_METHOD. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Sign
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including SSL_CTX. We have to use the defined functions
to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-
From: Emmanuel Deloget
The old symbols do not exist anymore but the library gained new
equivalent symbols (OSSL). Use them instead of the old ones
Signed-off-by: Emmanuel Deloget
---
src/openvpn/openssl_compat.h | 5 +
src/openvpn/ssl_openssl.c| 2 +-
2 files changed, 6 insertions(+),
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including X509_OBJECT. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Sig
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including EVP_CIPHER_CTX. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including X509. We have to use the defined
functions to do so.
In x509_verify_ns_cert_type() in particular, this means that we
cannot directly check for the extended flags to find whether the
c
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including RSA. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including DSA. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including EVP_PKEY. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed
From: Emmanuel Deloget
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including X509_STORE. We have to use the defined functions
to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Sign
From: Emmanuel Deloget
The purpose of this RFC series is to make the latest master of OpenVPN
(2.5-git) linkable with OpenSSL v1.1.x. It may not be complete (I may
have missed something due to my work environment, but any missing pieces
will be added next week) so be a bit cautious with this. The
Hello,
On Fri, Feb 17, 2017 at 6:42 PM, Gert Doering wrote:
> Hi,
>
> On Fri, Feb 17, 2017 at 06:37:04PM +0100, Emmanuel Deloget wrote:
>> I guess the answer to the riddle is: "how long will the 2.4 branch
>> live?". v2.3 shipped in May 2013. If we assume that v2.4 will be the
>> stable branch fo
Пт, 17 февр. 2017 г. в 22:21, David Sommerseth <
open...@sf.lists.topphemmelig.net>:
> On 17/02/17 17:35, Emmanuel Deloget wrote:
> >
> > Now, I have a question which is related to this. The way I'm doing
> > things, I will make sure that the new code is compatible with both
> > OpenSSL 1.0.x and
Am 17.02.2017 um 17:35 schrieb Emmanuel Deloget:
> I understand that I'm the new guy in town, but can you allow me to
> make the formal request to ditch OpenSSL 0.9.8, 1.0.0 and 1.0.1 and
> require at least version 1.0.2?
1.0.1 has also gone out of support, and I propose to let the distros
sort ou
Hi,
On Fri, Feb 17, 2017 at 06:37:04PM +0100, Emmanuel Deloget wrote:
> I guess the answer to the riddle is: "how long will the 2.4 branch
> live?". v2.3 shipped in May 2013. If we assume that v2.4 will be the
> stable branch for two more years (I cannot find any roadmap, so this
> is pure specula
Hello,
On Fri, Feb 17, 2017 at 5:41 PM, Gert Doering wrote:
> Hi,
>
> On Fri, Feb 17, 2017 at 05:35:04PM +0100, Emmanuel Deloget wrote:
>> I understand that I'm the new guy in town, but can you allow me to
>> make the formal request to ditch OpenSSL 0.9.8, 1.0.0 and 1.0.1 and
>> require at least
On 17/02/17 17:35, Emmanuel Deloget wrote:
>
> Now, I have a question which is related to this. The way I'm doing
> things, I will make sure that the new code is compatible with both
> OpenSSL 1.0.x and OpenSSL 1.1. There is a good chance that it will be
> compatible with version 0.9.8 as well, ye
Hi,
On Fri, Feb 17, 2017 at 05:35:04PM +0100, Emmanuel Deloget wrote:
> I understand that I'm the new guy in town, but can you allow me to
> make the formal request to ditch OpenSSL 0.9.8, 1.0.0 and 1.0.1 and
> require at least version 1.0.2?
I'm not going to make a call on any of these versions,
Hello,
First, sorry for the inconvenience: this message is not attached to
the remaining of the discussion (I just joined the ML so I cannot
answer to a one week old message). That being said:
On Mon, Feb 13, 2017 at 08:17:58PM +0100, Christian Hesse wrote:
> Arch Linux is about to upgrade openss
As described in msg <374a7eb7-f539-5231-623b-41f208ed8...@belkam.com> on
openvpn-devel@lists.sourceforge.net, clients that are compiled with
--disable-occ (included in --enable-small) won't send an options string.
Without the options string, the 2.4 server doesn't know which cipher to
use for poor
Hi David,
Thanks for the comments.
On 25-01-17 18:25, David Sommerseth wrote:
> First of all, not all kernels carry these system calls, I believe they
> were added in some of the 3.x kernels - but, IIRC, it has been
> backported to at least the RHEL6 2.6.32 kernels. My memory is scarce
> about t
31 matches
Mail list logo
