yes! This is what we need!
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Am 11.08.22 um 19:11 schrieb Max Fillinger:
LibreSSL has added some of the functions that are defined here. However,
we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
Signed-off-by: Max Fillinger
---
src/openvpn/openssl_compat.h | 8
Signed-off-by: Frank Lichtenheld
---
src/openvpn/auth_token.h| 16 -
src/openvpn/block_dns.h | 16 -
src/openvpn/buffer.h| 7 ++--
src/openvpn/crypto.h| 18 --
src/openvpn/crypto_openssl.h| 3 +-
src/openvpn/dco_win.h
Signed-off-by: Frank Lichtenheld
---
dev-tools/uncrustify.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
index 325f3108..c73fba0c 100644
--- a/dev-tools/uncrustify.conf
+++ b/dev-tools/uncrustify.conf
@@ -40,6 +40,7 @@
Am 18.08.22 um 17:21 schrieb Juliusz Sosinowicz:
Hi Arne,
thank you for your report. In the future, please send reports to
supp...@wolfssl.com to guarantee the fastest possible response. This
also helps us track bug reports. I have forwarded this report for you.
Either I or someone else
Hi,
On Thu, Aug 18, 2022 at 12:09:53PM +0200, Antonio Quartulli wrote:
> At the moment dco-win doesn't support --persist-tun and --server,
> so check for these options at startup time.
>
> Signed-off-by: Antonio Quartulli
> Signed-off-by: Lev Stipakov
I was about to merge this (and thank you
Am 18.08.22 um 16:39 schrieb Heiko Hund:
Patch and thus series doesn't apply anymore, in addition to eventual changes
also please rebase.
On Freitag, 20. Mai 2022 23:32:47 CEST Arne Schwabe wrote:
+ If both server and client support sending this message using the control
+ channel, the
Am 18.08.22 um 16:38 schrieb Heiko Hund:
On Freitag, 1. Juli 2022 00:42:55 CEST Arne Schwabe wrote:
Basically if I had been a bit more forwarding looking we would now have
protocol-flags ekm cc-exit instead of key-derivation ekm and
protocol-flags cc-exit
Then maybe also add support for
I've stared at the code for a while... I'm not really happy with the
jumping back and forth between dco.c and tun.c (who is supposed to
understand that code flow in 6 weeks from now?). That said, the
"non windows" changes in this patch are harmless enough, and the
"windows bits" do look safe
Thanks. This was left hanging in the cold for some reason... merged
now. I've subjected it to the usual test for DCO related stuff (client
with no-dco kernel, client with dco, server with dco) and verified that
the same instances have DCO enabled that had before - glad for Arne's
GLOBAL_STATS
Hi,
On Thu, Aug 18, 2022 at 04:39:07PM +0200, Heiko Hund wrote:
> On Freitag, 20. Mai 2022 23:32:48 CEST Arne Schwabe wrote:
> > This simplifies the buffer handling in the method and adds a quick
> > return instead of wrapping the whole method in a if (pull) block
> >
> > Patch V2: remove
Hi Arne,
thank you for your report. In the future, please send reports to
supp...@wolfssl.com to guarantee the fastest possible response. This
also helps us track bug reports. I have forwarded this report for you.
Either I or someone else will investigate this and get back to you with
a
DEL_PEER events can be sent by ovpn-dco to userspace for various reasons.
We should trigger the ping timeout reaction only if the reason was
"peer has expired".
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
What Frank said, and the nitpick about this hunk which should be removed:
On Freitag, 20. Mai 2022 23:32:50 CEST Arne Schwabe wrote:
> @@ -1376,6 +1440,7 @@ verify_user_pass_plugin(struct tls_session *session,
> struct tls_multi *multi, /* call command */
> retval =
Patch and thus series doesn't apply anymore, in addition to eventual changes
also please rebase.
On Freitag, 20. Mai 2022 23:32:47 CEST Arne Schwabe wrote:
> + If both server and client support sending this message using the control
> + channel, the message will be sent as control-channel
On Freitag, 20. Mai 2022 23:32:49 CEST Arne Schwabe wrote:
> This allows a server to indicate a temporary problem on the server and
> allows the server to indicate how to proceed (i.e. move to the next server,
> retry the same server, wait a certain time,...)
>
> This adds options_utils.c/h to be
On Freitag, 1. Juli 2022 00:42:55 CEST Arne Schwabe wrote:
> Basically if I had been a bit more forwarding looking we would now have
> protocol-flags ekm cc-exit instead of key-derivation ekm and
> protocol-flags cc-exit
Then maybe also add support for handling ekm via --protocol-flags and
On Freitag, 20. Mai 2022 23:32:48 CEST Arne Schwabe wrote:
> This simplifies the buffer handling in the method and adds a quick
> return instead of wrapping the whole method in a if (pull) block
>
> Patch V2: remove uncessary ifdef/endif and unnecassary block
Acked-by: Heiko Hund
Acked-by: Gert Doering
Seems we need an uncrustify option to enforce this for new code
(*most* prototypes have the "all-in-one-line" approach, some follow
the "return type on previous line" as for functions).
Subject fixed, ssl_util, not ssh_util :-)
Your patch has been applied to the master
Acked-by: Gert Doering
Test compiled on Linux and FreeBSD, just to be sure.
Your patch has been applied to the master branch.
commit 329cb7ed2cb8503e99bed5bf3499f2194536d6ce
Author: Lev Stipakov
Date: Wed Aug 17 22:12:23 2022 +0200
dco.h: fix return type when DCO is not enabled
Hi,
On Mon, Aug 08, 2022 at 01:27:38PM +0200, Gert Doering wrote:
> If the inside packet is fragmented already, Linux kernel hands us
> packets with skb->ignore_df=0. Since this is applied to the encapsulated
> packet, the kernel will then refuse to fragment the resulting UDP/IPv6
> packet (for
Thanks a lot, will do!
On August 18, 2022, at 05:10, tincantech wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Magnus,
can you report this as an issue on github, please ?
https://github.com/OpenVPN/easy-rsa/issues
My first guess would be the version of openssl 3.0.1 is at fault.
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v102:
* remove platform defined log level and make check_options_ calls on
Windows explicit and document
Hi,
On Thu, Aug 18, 2022 at 11:26:38AM +0200, Antonio Quartulli wrote:
> -#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
> -o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o)
> -||
> !dco_check_startup_option_conflict(D_DCO, o);
>
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v101:
* rebased
* remove call to dco_check_option_ from verify() and reuse invocation
that was already
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Magnus,
can you report this as an issue on github, please ?
https://github.com/OpenVPN/easy-rsa/issues
My first guess would be the version of openssl 3.0.1 is at fault.
Thanks,
Richard
Sent with Proton Mail secure email.
--- Original
This patch is supposed to implement no function change.
The only change in behaviour that can be observed is the IV_/UV_ variables
being printed in different order compared to before applying this patch.
However, order does not matter, so we don't need to retain it.
What this change really does
Hi,
Typo, subject should probably be s/ssh_util/ssl_util
Regards,
Simon
> Function prototypes should have the return type on the same line as the
> function name itself. Fix this in ssl_util.h.
>
> Signed-off-by: Antonio Quartulli
> ---
> src/openvpn/ssl_util.h | 13 +
> 1 file
On Donnerstag, 17. Februar 2022 19:22:34 CEST Arne Schwabe wrote:
> @@ -590,6 +590,7 @@ init_query_passwords(const struct context *c)
> /* Auth user/pass input */
> if (c->options.auth_user_pass_file)
> {
> +enable_auth_user_pass();
> #ifdef ENABLE_MANAGEMENT
>
Function prototypes should have the return type on the same line as the
function name itself. Fix this in ssl_util.h.
Signed-off-by: Antonio Quartulli
---
src/openvpn/ssl_util.h | 13 +
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/openvpn/ssl_util.h
Hi,
On Sat, Aug 13, 2022 at 10:42:19PM +0200, Antonio Quartulli wrote:
> At the moment dco-win doesn't support --persist-tun and --server,
> so check for these options at startup time.
This needs rebasing anyway (due to the startup change), but while at it...
> +
> +if
Am 18.08.22 um 03:37 schrieb Magnus Larsson via Openvpn-devel:
Hi,
I just moved from Ubuntu 20.04 LTS (where the exact command works fine
and does not prompt for pass phrase) to Red Hat Enterprise Linux 9 and
installed Easy-RSA via EPEL.
Probably old keys with now unsupported RC4 encryption
Taking the ACK from Lev on 102, applying to 103 - which mostly has
"better wording". I have tested this on the DCO test rig, and it's
fine with the change.
I wouldn't be surprised to see more work in this area for "we need to
be able to send packets to not-yet-authenticated remotes in p2p mode",
Tested this on the Linux / DCO server test rig that found the issue
yesterday - the "no root" server now does no longer reject clients
on connect, so that problem is fixed. Thanks :-)
To verify that the startup function is actually used, I triggered
it with
- openvpn --mktun --dev tun99
-
Hi,
On Thu, Aug 18, 2022 at 12:40:09AM +0200, Arne Schwabe wrote:
> From 02d4c4d8444188bdf32a054171ea7e20cc7c12ff Mon Sep 17 00:00:00 2001
> From: Arne Schwabe
> Date: Thu, 11 Aug 2022 19:27:12 +0200
> Subject: [PATCH] Add wolfSSL to github actions
>
> I just want to see the world burn a little
36 matches
Mail list logo