ACK. What we had was too strict in some cases, breaking people's
configs - with this change, we give users enough rope to hang themselves
if they insist to do so, but point out in the log file that this might
be a stupid idea...
(That this came up in the first place is a consequence of commit
86e
Hi,
On Mon, Feb 20, 2017 at 11:13:49AM -0500, Selva Nair wrote:
> > MS documentation for GetTokenInformation() suggests that group membership
> > tests should be done with "CheckTokenMembership()", which sounds more
> > convenient than "extract them all and walk the list" - so maybe this
> > is do
On Mon, Feb 20, 2017 at 7:18 AM, Gert Doering wrote:
> On Sat, Jan 14, 2017 at 04:16:29PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > Currently the username unqualified by the domain is used to validate
> > a user which fails for domain users. Instead authorize the user
> >
>
Christian Hesse on Mon, 2017/02/20 16:02:
> Emmanuel Deloget on Mon, 2017/02/20 15:52:
> > On Mon, Feb 20, 2017 at 2:53 PM, Emmanuel Deloget
> > wrote:
> > > Hi again,
> > >
> > > On Mon, Feb 20, 2017 at 2:33 PM, Emmanuel Deloget
> > > wrote:
> > >> Hi Christian,
> > >>
> > >> On Mon, Feb
Emmanuel Deloget on Mon, 2017/02/20 15:52:
> On Mon, Feb 20, 2017 at 2:53 PM, Emmanuel Deloget wrote:
> > Hi again,
> >
> > On Mon, Feb 20, 2017 at 2:33 PM, Emmanuel Deloget
> > wrote:
> >> Hi Christian,
> >>
> >> On Mon, Feb 20, 2017 at 1:29 PM, Christian Hesse wrote:
> >>> That matches my
On Mon, Feb 20, 2017 at 2:53 PM, Emmanuel Deloget wrote:
> Hi again,
>
> On Mon, Feb 20, 2017 at 2:33 PM, Emmanuel Deloget wrote:
>> Hi Christian,
>>
>> On Mon, Feb 20, 2017 at 1:29 PM, Christian Hesse wrote:
>>> That matches my findings. Built against openssl 1.1.0e (Arch Linux package
>>> open
OpenSSL 1.1 does not allow us to directly access the internal of
any data type, including EVP_PKEY. We have to use the defined
functions to do so.
Compatibility with OpenSSL 1.0 is kept by defining the corresponding
functions when they are not found in the library.
Signed-off-by: Emmanuel Deloget
The behavior of EVP_CipherInit() changed in OpenSSL 1.1 -- instead
of clearing the context when the cipher parameter was !NULL, it now
clears the context unconditionnaly. As a result, subsequent calls
to the function with additional information now fails.
The bulk work is done by EVP_CipherInit_ex
This (limited) series replaces a few patches on the v1 series, namely:
* "OpenSSL: don't use direct access to the internal of EVP_PKEY"
This version replaces the previous version and adds function
EVP_PKEY_id() which is present in 1.0.0 and later but not in
0.9.8.
* "OpenSSL: use EVP_Ciph
Hi again,
On Mon, Feb 20, 2017 at 2:33 PM, Emmanuel Deloget wrote:
> Hi Christian,
>
> On Mon, Feb 20, 2017 at 1:29 PM, Christian Hesse wrote:
>> That matches my findings. Built against openssl 1.1.0e (Arch Linux package
>> openssl 1.1.0.e-1 [0]) the build itself succeeds, but 'make check' repor
Hi,
On Mon, Feb 20, 2017 at 1:37 PM, Gert Doering wrote:
>
> Interesting. Anything useful in openvpn's logs?
>
Mon Feb 20 11:57:56 2017 us=371715 OpenSSL: error:0607B083:digital
envelope routines:EVP_CipherInit_ex:no cipher set
Mon Feb 20 11:57:56 2017 us=371746 EVP cipher init #2
I found the
Hi Christian,
On Mon, Feb 20, 2017 at 1:29 PM, Christian Hesse wrote:
> That matches my findings. Built against openssl 1.1.0e (Arch Linux package
> openssl 1.1.0.e-1 [0]) the build itself succeeds, but 'make check' reports
> lots of cipher failures.
>
> Are your patches available from a public g
Hi,
On Mon, Feb 20, 2017 at 02:13:20PM +0100, David Sommerseth wrote:
> > and ran it against a local copy of lz4 v131, and that produced the
> > expected result - no significant changes to compat-lz4.c/compat-lz4.h
> > (the "#ifdef HAVE_CONFIG_H" block moves to the top of the file, but
> > that i
On 20/02/17 14:03, Gert Doering wrote:
> Hi,
>
> On Wed, Jan 25, 2017 at 09:53:02PM +0100, David Sommerseth wrote:
>> This tool depends on a cloned upstream LZ4 git repository and a
>> checked out release tag. Then run the script like this:
>>
>>$ ./dev-tools/lz4-rebaser.sh /path/to/lz4.git
>
Hi,
On Wed, Jan 25, 2017 at 09:53:02PM +0100, David Sommerseth wrote:
> This tool depends on a cloned upstream LZ4 git repository and a
> checked out release tag. Then run the script like this:
>
>$ ./dev-tools/lz4-rebaser.sh /path/to/lz4.git
>
> To see the result before committing, use: gi
Hi,
On Mon, Feb 20, 2017 at 12:45:24PM +0100, Emmanuel Deloget wrote:
> * 0.9.8zh --> EVP_PKEY_id() is not defined. I'm adding this to
> openssl_compat.h and will provide a v2 patch with the change. Once
> added, OpenVPN compiled successfully and was able to connect to my
> /2.3 server.
If possib
ACK, based on "according to MSDN documentation these are the correct
functions and are called properly", and on the test results in #810.
I have only compile tested this (which succeeds).
Your patch has been applied to the master and release/2.4 branch.
commit e82733a1ab78062feca28578fe505b275a2
Emmanuel Deloget on Mon, 2017/02/20 12:45:
> Hello,
>
> On Sun, Feb 19, 2017 at 6:49 PM, Gert Doering wrote:
> > Hi,
> >
> > On Sun, Feb 19, 2017 at 01:03:45PM +0100, Steffan Karger wrote:
> >> Thank you very much. You approach looks good to me, and quite closely
> >> matches what I had in mi
HI,
On Sat, Jan 14, 2017 at 04:16:29PM -0500, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> Currently the username unqualified by the domain is used to validate
> a user which fails for domain users. Instead authorize the user
>
> (i) if the built-in admin group or ovpn_admin group is in t
Hello,
On Sun, Feb 19, 2017 at 6:49 PM, Gert Doering wrote:
> Hi,
>
> On Sun, Feb 19, 2017 at 01:03:45PM +0100, Steffan Karger wrote:
>> Thank you very much. You approach looks good to me, and quite closely
>> matches what I had in mind for when I would find the time to tackle
>> this. (Which m
20 matches
Mail list logo