[Openvpn-devel] [PATCH] sitnl: fix TUN/TAP confusion in error messages

2020-04-17 Thread Antonio Quartulli
The is_tun_p2p() function can return false for both TAP or TUN interfaces (under certain conditions), therefore we should not assume any TUN/TAP type when printing related messages. Remove reference to TUN/TAP when printing messages under conditions based on is_tun_p2p(). Signed-off-by: Antonio

Re: [Openvpn-devel] OpenVPN 2.4.9 released

2020-04-17 Thread Antonio Quartulli
Hi, On 18/04/2020 00:41, Jonathan K. Bullard wrote: > Hi, > > On Fri, Apr 17, 2020 at 5:35 PM Gert Doering wrote: >> >> ... the new subkeys are just a few weeks old, so we need to publish >> a new key bundle with the new subkeys. > > So until a new security-keys-2020.asc (or whatever you will

[Openvpn-devel] [PATCH] sitnl: fix failure reporting by keeping error negative

2020-04-17 Thread Antonio Quartulli
The err->errno value reported by netlink is already negative. Prepending ierr->errno with '-' when forwarding it to the caller results in a positive value and thus not detected as error. Fix error handling in sitnl by not negating the sign of the value returned by sitnl_send() in case of generic

Re: [Openvpn-devel] OpenVPN 2.4.9 released

2020-04-17 Thread Jonathan K. Bullard
Hi, On Fri, Apr 17, 2020 at 5:35 PM Gert Doering wrote: > > ... the new subkeys are just a few weeks old, so we need to publish > a new key bundle with the new subkeys. So until a new security-keys-2020.asc (or whatever you will call it) is published on the OpenVPN website, I can't verify the

Re: [Openvpn-devel] OpenVPN 2.4.9 released

2020-04-17 Thread Christian Hesse
"Jonathan K. Bullard" on Fri, 2020/04/17 17:16: > IHi, > > On Fri, Apr 17, 2020 at 8:47 AM Samuli Seppänen wrote: > > > > The OpenVPN community project team is proud to release OpenVPN 2.4.9. It > > can be downloaded from here: > > > > > > I'm

[Openvpn-devel] OpenVPN Connect Client 3.1.0 (890) - DNS Issues

2020-04-17 Thread David Kincade
I work for a small company and I am running OpenVPN Connect Client 3.1.0 (890) on Mac OS Catalina 10.15.4. I have the following issue: When I connect to the company VPN (OpenVPN but I don't know version info) I lose my DNS information from my normal network and I also do not get any DNS

Re: [Openvpn-devel] OpenVPN 2.4.9 released

2020-04-17 Thread Gert Doering
Hi, On Fri, Apr 17, 2020 at 05:16:56PM -0400, Jonathan K. Bullard wrote: > On Fri, Apr 17, 2020 at 8:47 AM Samuli Seppänen wrote: > > > > The OpenVPN community project team is proud to release OpenVPN 2.4.9. It > > can be downloaded from here: > > > > >

Re: [Openvpn-devel] OpenVPN 2.4.9 released

2020-04-17 Thread Jonathan K. Bullard
IHi, On Fri, Apr 17, 2020 at 8:47 AM Samuli Seppänen wrote: > > The OpenVPN community project team is proud to release OpenVPN 2.4.9. It > can be downloaded from here: > > I'm having trouble verifying 2.4.9.tar.gz with GPG. I'm pretty clueless about

Re: [Openvpn-devel] [PATCH v2 1/3] Use crypto library functions for const time memcmp when possible

2020-04-17 Thread Gert Doering
Hi, On Fri, Apr 17, 2020 at 03:42:49PM +0200, Antonio Quartulli wrote: > >> -static inline int > >> -memcmp_constant_time(const void *a, const void *b, size_t size) > >> -{ > > > > Not sure I understand the motivation for this change. "Just so uncrustify > > stops trying to change this" is not

Re: [Openvpn-devel] [PATCH v2 3/3] After the last big formatting patch a number of changes have been commited that do not conform with our style/uncrustify config. This has lead to the problem that ru

2020-04-17 Thread Antonio Quartulli
Hi, On 16/04/2020 13:39, Arne Schwabe wrote: [CUT] > diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c > index 49864c0a..195941ca 100644 > --- a/src/openvpn/manage.c > +++ b/src/openvpn/manage.c > @@ -3660,9 +3660,9 @@ management_query_pk_sig(struct management *man, const > char

Re: [Openvpn-devel] [PATCH v2 2/3] Minor style change to improve code style

2020-04-17 Thread Antonio Quartulli
Hi, On 16/04/2020 13:39, Arne Schwabe wrote: > These are small manual changes that are done to improve the code > style and also make the result of uncrustify better without mixing > manual changes/automatic changes into a single commit. > > - Make prototype and function identical for

Re: [Openvpn-devel] [PATCH v2 1/3] Use crypto library functions for const time memcmp when possible

2020-04-17 Thread Antonio Quartulli
On 17/04/2020 10:51, Gert Doering wrote: > Hi, > > On Thu, Apr 16, 2020 at 01:39:28PM +0200, Arne Schwabe wrote: >> index 18a86ceb..dadf0a90 100644 >> --- a/src/openvpn/crypto.h >> +++ b/src/openvpn/crypto.h >> @@ -528,21 +528,7 @@ void crypto_read_openvpn_key(const struct key_type >>

[Openvpn-devel] OpenVPN 2.4.9 released

2020-04-17 Thread Samuli Seppänen
The OpenVPN community project team is proud to release OpenVPN 2.4.9. It can be downloaded from here: This is primarily a maintenance release with bugfixes and improvements. This release also fixes a security issue (CVE-2020-11810, trac #1272) which

Re: [Openvpn-devel] [PATCH v2 1/3] Use crypto library functions for const time memcmp when possible

2020-04-17 Thread Gert Doering
Hi, On Thu, Apr 16, 2020 at 01:39:28PM +0200, Arne Schwabe wrote: > index 18a86ceb..dadf0a90 100644 > --- a/src/openvpn/crypto.h > +++ b/src/openvpn/crypto.h > @@ -528,21 +528,7 @@ void crypto_read_openvpn_key(const struct key_type > *key_type, > * As memcmp(), but constant-time. > * Returns

Re: [Openvpn-devel] [PATCH 3/3] Implement tls-groups option to specify eliptic curves/groups

2020-04-17 Thread Antonio Quartulli
Hi, On 17/04/2020 09:47, Arne Schwabe wrote: > Am 16.04.20 um 00:31 schrieb Antonio Quartulli: >> is it really important to clone "groups" ? why just not chopping it ? >> It shouldn't be re-used any more I think. > > Maybe but modifying a parameter as side effect does not feel right. I > rather

[Openvpn-devel] [PATCH v2 1/3] Use crypto library functions for const time memcmp when possible

2020-04-17 Thread Arne Schwabe
Signed-off-by: Arne Schwabe --- src/openvpn/crypto.h | 16 +--- src/openvpn/crypto_mbedtls.c | 20 src/openvpn/crypto_openssl.c | 5 + 3 files changed, 26 insertions(+), 15 deletions(-) diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index

Re: [Openvpn-devel] [PATCH 3/3] Implement tls-groups option to specify eliptic curves/groups

2020-04-17 Thread Arne Schwabe
Am 16.04.20 um 00:31 schrieb Antonio Quartulli: > is it really important to clone "groups" ? why just not chopping it ? > It shouldn't be re-used any more I think. Maybe but modifying a parameter as side effect does not feel right. I rather have a clean API here instead of this unintended side

[Openvpn-devel] [PATCH] Add README.wolfssl documentating the state of WolfSSL in OpenVPN

2020-04-17 Thread Arne Schwabe
--- README.wolfssl | 29 + 1 file changed, 29 insertions(+) create mode 100644 README.wolfssl diff --git a/README.wolfssl b/README.wolfssl new file mode 100644 index ..d417807b --- /dev/null +++ b/README.wolfssl @@ -0,0 +1,29 @@ +Support for WolfSSL is