On 03/12/17 22:45, Steffan Karger wrote:
> Hi,
>
> On 02-12-17 14:45, Antonio Quartulli wrote:
>> Now that ENABLE_CRYPTO has been removed, TLS_MODE is basically
>> a useless shortcut which does not really help the readability of the
>> code.
>
> So I don't really agree here. As we've just expe
The HTTP proxy credentials are stored in a static variable that is
possibly initialized before each connection attempt.
However, the variable is never "released" therefore get_user_pass()
refuses to overwrite its content and leaves it as it is.
Consequently, if the user config contains multiple co
The HTTP proxy credentials are stored in a static variable that is
possibly initialized before each connection attempt.
However, the variable is never "released" therefore get_user_pass()
refuses to overwrite its content and leaves it as it is.
Consequently, if the user config contains multiple co
Hi,
On 03/12/17 23:02, Steffan Karger wrote:
> Hi,
>
> Feature-ACK, but one implementation concern:
>
> On 03-12-17 14:16, Antonio Quartulli wrote:
>> The HTTP proxy credentials are stored in a static variable that is
>> possibly initialized before each connection attempt.
>>
>> However, the var
The crypto engine cannot be disabled anymore, therefore get
rid of all the related ifdefs in the code.
This change makes the code simpler and reduces our the
number of config combinations we have to test after a new
change is applied.
Signed-off-by: Antonio Quartulli
---
v3:
- revert accidental
Hi,
This looks good now.
The v1 of this patch and main review comments are in a different thread:
https://sourceforge.net/p/openvpn/mailman/openvpn-devel/
thread/20171010231130.6832-12-simon%40rozman.si/#msg36071613
On Sun, Dec 3, 2017 at 3:30 PM, Simon Rozman wrote:
> Data size arithmetic was
While openvpn.exe can run multiple concurrent processes, openvpnserv.exe
is usually only one single globally unique running process.
This patch extends openvpnserv.exe to support multiple service instances
in parallel allowing side-by-side OpenVPN installations.
Alternate instances must be instal
Data size arithmetic was reviewed according to 64-bit MSVC complaints.
The warnings were addressed by migrating to size_t, rewriting the code,
or silencing the warnings by an explicit cast where appropriate.
---
src/openvpnserv/automatic.c | 17 ++---
src/openvpnserv/interactive.c |
Data size arithmetic was reviewed according to 64-bit MSVC complaints.
The warnings were addressed by migrating to size_t, rewriting the code,
or silencing the warnings by an explicit cast where appropriate.
---
src/openvpnserv/automatic.c | 19 +++
src/openvpnserv/interactive.c
On Sun, Dec 3, 2017 at 1:54 PM, Gert Doering wrote:
> Hi,,
>
> On Sat, Dec 02, 2017 at 11:38:28PM -0500, Selva Nair wrote:
> > Responding to this old version just to be on record.
> >
> > I realized patch this was assigned to Gert on patchwork too late after
> > started responding on my own. Sorr
Hi,,
On Sat, Dec 02, 2017 at 11:38:28PM -0500, Selva Nair wrote:
> Responding to this old version just to be on record.
>
> I realized patch this was assigned to Gert on patchwork too late after
> started responding on my own. Sorry for jumping the gun. Have to make
> keeping an eye on patchwork
Hi,
On Thu, Nov 23, 2017 at 6:59 PM, Selva Nair wrote:
> Hi
>
> On Thu, Nov 23, 2017 at 1:34 PM, fragmentux wrote:
> >
> > Hi,
> >
> > I would like to suggest that, instead of having to run the GUI to
> > retrieve the help, like so:
> >
> > 'C:\Program Files\Openvpn\bin\openvpn-gui --help'
> >
Hi Simon,
Thanks. The v3 has just arrived in patchwork -- for some reason not in my
mailbox yet, probably its coming..
Looks like v3 is an exact copy of v2 -- no check for empty ext which was
the only change required.
Am I missing something?
Thanks,
Selva
On Sun, Dec 3, 2017 at 12:19 PM, Simo
Data size arithmetic was reviewed according to 64-bit MSVC complaints.
The warnings were addressed by migrating to size_t, rewriting the code,
or silencing the warnings by an explicit cast where appropriate.
---
src/openvpnserv/automatic.c | 20
src/openvpnserv/interactive.
Hi Simon,
And this one:
On Mon, Nov 13, 2017 at 11:26 AM, Selva wrote:
> Hi,
>
> Thanks for the v2
>
> On Mon, Nov 13, 2017 at 4:49 AM, Simon Rozman wrote:
>
>> Data size arithmetic was reviewed according to 64-bit MSVC complaints.
>>
>> The warnings were addressed by migrating to size_t, rewr
Hi,
On 03/12/17 22:12, Steffan Karger wrote:
> Hi,
>
> Thanks for v2. Some things went wrong with the s/CRYPTO_/ENABLE_CRYPTO/
> though:
>
> On 03-12-17 13:49, Antonio Quartulli wrote:
>> The crypto engine cannot be disabled anymore, therefore get
>> rid of all the related ifdefs in the code.
>
Hi Simon,
IIRC, this patch is waiting for a new version to take care of the static
const as
agreed below:
On Thu, Nov 9, 2017 at 11:12 AM, Selva wrote:
> Hi Simon,
>
> On Thu, Nov 9, 2017 at 3:33 AM, Simon Rozman wrote:
>
>> Hi,
>>
>> > But then making the variable static just to keep a valid
Hi Antonio,
Thanks for reviewing. If you donât mind, I'm going to answer your
comments and questions a bit out of order.
First, you suggested a series of coding-style changes and the removal of
extra whitespace. I have no comment about these. I'll make all the changes
you described and resubmi
Hi,
Feature-ACK, but one implementation concern:
On 03-12-17 14:16, Antonio Quartulli wrote:
> The HTTP proxy credentials are stored in a static variable that is
> possibly initialized before each connection attempt.
>
> However, the variable is never "released" therefore get_user_pass()
> refus
Hi,
On 02-12-17 14:45, Antonio Quartulli wrote:
> Now that ENABLE_CRYPTO has been removed, TLS_MODE is basically
> a useless shortcut which does not really help the readability of the
> code.
So I don't really agree here. As we've just experienced while
discussing this on IRC, the meaning of 'c-
On 02-12-17 14:45, Antonio Quartulli wrote:
> Apparently the MS5SUM macro is not used anywhere.
> Remove it.
>
> Signed-off-by: Antonio Quartulli
> ---
> src/openvpn/openvpn.h | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
> index d843c913
On 02-12-17 14:45, Antonio Quartulli wrote:
> Now that ENABLE_CRYPTO has been removed, CIPHER_ENABLED is basically
> a useless shortcut which does not really help the readability of the
> code.
>
> Remove it and use its expanded expression instead.
>
> Signed-off-by: Antonio Quartulli
> ---
>
Hi,
On 02-12-17 14:45, Antonio Quartulli wrote:
> SSL_LIB_VER_STR made sense only when ENABLE_CRYPTO also
> existed. It can now be removed and thus simplify the code.
>
> Signed-off-by: Antonio Quartulli
> ---
> src/openvpn/options.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
Hi,
On 02-12-17 14:45, Antonio Quartulli wrote:
> ENABLE_PUSH_PEER_INFO depended on ENABLE_CRYPTO that now does
> not exist anymore.
> Get rid of ENABLE_PUSH_PEER_INFO by assuming that it is always
> enabled and simplify the code.
>
> Signed-off-by: Antonio Quartulli
> ---
> src/openvpn/init.c
Hi,
On 03-12-17 13:49, Antonio Quartulli wrote:
> With this patch we remove the possibility to disable the crypto engine
> (ENABLE_CRYPTO define) at configuration time.
>
> [--disable-crypto has been removed from .travis.yml too]
>
> Signed-off-by: Antonio Quartulli
> ---
>
> v2:
> - .travis.y
Hi,
Thanks for v2. Some things went wrong with the s/CRYPTO_/ENABLE_CRYPTO/
though:
On 03-12-17 13:49, Antonio Quartulli wrote:
> The crypto engine cannot be disabled anymore, therefore get
> rid of all the related ifdefs in the code.
>
> This change makes the code simpler and reduces our the
>
[Discussion continues on openvpn-devel, please drop openvpn-users when
replying]
Hi Gert,
sorry for the late reply, real life currently causes lots of interrupts...
On Tue, Nov 28, 2017 at 03:08:27PM +0100, Gert Doering wrote:
> Short answer: shortcomings in the implementation, and nobody had ti
On 03/12/17 18:22, Илья Шипицин wrote:
> does it restart in your case ?
>
sorry but I don't have such testing env at hand, so I can't try right now.
Cheers,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
--
The HTTP proxy credentials are stored in a static variable that is
possibly initialized before each connection attempt.
However, the variable is never "released" therefore get_user_pass()
refuses to overwrite its content and leaves it as it is.
Consequently, if the user config contains multiple co
With this patch we remove the possibility to disable the crypto engine
(ENABLE_CRYPTO define) at configuration time.
[--disable-crypto has been removed from .travis.yml too]
Signed-off-by: Antonio Quartulli
---
v2:
- .travis.yml: move "make distcheck" to other entry in the matrix
- move to seco
The crypto engine cannot be disabled anymore, therefore get
rid of all the related ifdefs in the code.
This change makes the code simpler and reduces our the
number of config combinations we have to test after a new
change is applied.
[re-enable unit-tests that were previously disabled]
Signed-o
2017-12-03 15:06 GMT+05:00 Antonio Quartulli :
>
>
> On 03/12/17 17:57, Илья Шипицин wrote:
> > Hello,
> >
> > I noticed strange "TLS Auth Error: Auth Username/Password verification
> > failed for peer" when I restarted openvpn server.
> >
> > deeper digging into that discovered the following flow
On 03/12/17 17:57, Илья Шипицин wrote:
> Hello,
>
> I noticed strange "TLS Auth Error: Auth Username/Password verification
> failed for peer" when I restarted openvpn server.
>
> deeper digging into that discovered the following flow
>
> 1) client is authenticated via login/password --> auth t
Hi,
On 03/12/17 17:39, Steffan Karger wrote:
> Hi,
>
> Feature-ACK.
>
> As discussed on IRC, let's apply this patch after 2/7 (or merge with
> 2/7) to prevent having a commit in the tree that unconditionally
> disabled crypto.
thanks for the review!
>
> On 02-12-17 14:45, Antonio Quartulli wr
Hello,
I noticed strange "TLS Auth Error: Auth Username/Password verification
failed for peer" when I restarted openvpn server.
deeper digging into that discovered the following flow
1) client is authenticated via login/password --> auth token is assigned
2) reauth is done via username/token (to
Hi,
Feature-ACK.
As discussed on IRC, let's apply this patch after 2/7 (or merge with
2/7) to prevent having a commit in the tree that unconditionally
disabled crypto.
On 02-12-17 14:45, Antonio Quartulli wrote:
> With this patch we remove the possibility to disable the crypto engine
> (ENABLE_C
36 matches
Mail list logo