: David Sommerseth
Date: Fri Jan 20 22:04:57 2017 +0100
git: Merge .gitignore files into a single file
Signed-off-by: David Sommerseth
Acked-by: Steffan Karger
Message-Id: <20170120210457.3383-1-dav...@openvpn.net>
URL:
https://www.mail-archive.com/openvpn
mp;c->c2.pulled_options_state, &buf_orig,
> - &c->options);
> +push_update_digest(&c->c2.pulled_options_state, &buf_orig);
And this too is also a revert of the same commit as above.
Had it been just a simple rebase,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/01/17 21:38, Selva Nair wrote:
>
> On Fri, Jan 20, 2017 at 1:16 PM, David Sommerseth
> mailto:dav...@openvpn.net>> wrote:
>
> Your patch has been applied to the following branches
>
> commit f91ab283a407e25c4b32ae
changes needs
to be done.
Signed-off-by: David Sommerseth
---
.gitignore| 5 +
sample/sample-keys/.gitignore | 1 -
tests/unit_tests/.gitignore | 1 -
vendor/.gitignore | 2 --
4 files changed, 5 insertions(+), 4 deletions(-)
delete mode 100644 sample/sample
sers might more
see this as a sample configuration for OpenVPN and be even more confused.
I propose ... either rename this file to tmpfiles.d--openvpn.conf or
move this openvpn.conf inside a tmpfiles.d/ subdirectory
ndex b9b4dba..a270982 100644
> --- a/distro/systemd/openvpn-server@.service
> +++ b/distro/systemd/openvpn-ser...@.service.in
> @@ -12,7 +12,7 @@ PrivateTmp=true
> RuntimeDirectory=openvpn-server
> RuntimeDirectoryMode=0710
> WorkingDirectory=/etc/openvpn/server
> -ExecStart=/
t new patches
should go into the master branch primarily, unless it is fixing a bug or
another issue which is only relevant for specific release branches?
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
)
commit 2f5f1d8fffcba26d21d47cbcb1e99e0e1c313568 (release/2.4)
Author: Selva Nair
Date: Wed Jan 18 15:42:52 2017 -0500
Add a check for -Wl, --wrap support in linker
Signed-off-by: Selva Nair
Acked-by: Gert Doering
Acked-by: David Sommerseth
Message-Id: <1484772172-1975
On 19/01/17 16:32, Selva Nair wrote:
> Hi,
>
> Thanks for the comments.
>
> On Thu, Jan 19, 2017 at 9:41 AM, David Sommerseth
> <mailto:open...@sf.lists.topphemmelig.net>> wrote:
>
> Any reason to have this AC_DEFINE? That puts HAVE_LD_WRAP_SUPPORT into
&g
tch by EOB tomorrow (Friday Jan 20).
If I don't hear any objects by then, I am going to give this an ACK
without the AC_DEFINE line (unless good arguments having this in
config.h surfaces).
Selva, if you don't mind ... I can use this patch and just take out the
AC_DEFINE line at comm
ed-off-by: David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJYf8qpAAoJEIbPlEyWcf3yitwQAMZbK+6pQ062y2lnIEusYAR/
PPi44E2fjG83abu+ImFZwNNOIjlSg/XgkxkrQzs0IRrxihuhLl3qOPgsqoyxQD+a
ZiFYcWm4R384KxfImGcAgjfDRS
er)
commit 6204fccb2441b5bae8b3f6e0b31a4a0b232fc8e6 (release/2.4)
Author: Christian Hesse
Date: Wed Dec 28 08:54:20 2016 +0100
man: fix formatting for alternative option
Signed-off-by: Christian Hesse
Acked-by: David Sommerseth
Message-Id: <20161228075420.348-1-l...@eworm
hm, which most commonly is MD* or SHA*
variants (there are a few exceptions).
And as I understand the code, the RSA-* stuff is just ignored, as that
is not used by by HMAC functions in our code. So using --auth SHA512
would provide the same result.
- --
kind regards,
David Sommerseth
On 15/01/17 14:52, Pavel Raiskup wrote:
> On Sunday, January 15, 2017 11:08:38 AM CET David Sommerseth wrote:
>> On 15/01/17 07:17, Pavel Raiskup wrote:
>>> Adding a new --with-ca-bundle configure option. It's argument is
>>> used as default CA file when no --ca op
ers. This is a VERY BAD idea! We
should help users configure OpenVPN in a secure way by default. Not the
opposite.
[1] <https://bugzilla.redhat.com/show_bug.cgi?id=1413343>
--
kind regards,
David Sommerseth
OpenVPN Techno
-in. I'll probably
get nightmares this night due to all the potential security issues
related to this. Neither should any of the script-hooks be possible to
inline.
> If not, you don't need to add the is_inline argument to
> plugin_option_list_add(), but just add a 'false' wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the following branches
commit 7b02cc2aa8318dc8f2677064dadcbec295b2f937 (master)
commit 977f0b9ff4b600212b603279153ff1b1b10cf527 (release/2.4)
Author: David Sommerseth
Date: Tue Jan 10 21:34:33 2017 +0100
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the following branches
commit e81f313a71e548638d9e9679226ee84b3b614f13 (master)
commit a853cd060eb61df77055cbb92e97ad7f245f2316 (release/2.4)
Author: David Sommerseth
Date: Tue Jan 10 21:34:32 2017 +0100
man: fix formatting for alternative option
Signed-off-by: Christian Hesse
Acked-by: David Sommerseth
Message-Id: <20161228075420.348-1-l...@eworm.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13747.html
Signed-off-by: David Somm
t; *src)
> }
>
> /* The cases all fall through. */
> -switch (extraBytes) {
> +switch (extraBytes)
> +{
> case 5: ch += *usrc++; ch <<= 6;
>
> case 4: ch += *usrc++; ch <<= 6;
There is no utf8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/01/17 20:50, Selva Nair wrote:
>
> On Tue, Jan 10, 2017 at 2:12 PM, David Sommerseth
> <mailto:open...@sf.lists.topphemmelig.net>> wrote:
>
> The attached patch is cleaning up this a bit, avoiding some of the
>
Bascially removes two independent #ifdef ENABLE_MANAGEMENT blocks into
a single block, which makes the logic flow more easy to read.
Signed-off-by: David Sommerseth
Cc: Selva Nair
---
src/openvpn/init.c | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/openvpn/init.c
style cleanup, breaking up too long lines, adding
some air here and there to improve the readability.
Signed-off-by: David Sommerseth
Cc: Selva Nair
---
src/openvpn/init.c | 33 ++---
1 file changed, 22 insertions(+), 11 deletions(-)
diff --git a/src/openvpn/ini
ht. See commit
54561af63699e7408 and doc/management-notes.txt (look for 'remote ') for
more info. Once we have a confirmation on the fix, I can produce a
proper patch.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
[1] <https://gitlab.com/dazo/misc-git-tools/tree/master>
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the following branches
commit 7fb22ea0bc483b5a128bcc23ce9a156c8fadac3a (master)
commit b83ff52a594ce1e8ff2d63533819206f67aa5dea (release/2.4)
Author: David Sommerseth
Date: Tue Dec 27 11:52:24 2016 +0100
build
org/wiki/Systemd#Adoption_and_reception>
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's m
Signed-off-by: David Sommerseth
---
Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile.am b/Makefile.am
index d1a72da..1197aad 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -60,6 +60,7 @@ dist_doc_DATA = \
README \
README.IPv6 \
README.polarssl
applied to the following branches
commit f38942d1440575e23d9f8713db435b434381486e (master)
commit 1fd40c781882426c4ed0770725a58d043c000816 (release/2.4)
Author: Steffan Karger
Date: Mon Dec 26 20:15:43 2016 +0100
Textual fixes for Changes.rst
Signed-off-by: Steffan Karger
A
morrow. I don't dare to
add anything which is not absolutely strictly needed for the comming
release. I'm just waiting for a the final Windows test results from
Samuli before pushing out the final release. Then Samuli will publish
all source tarballs, Windows installers a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the following branches
commit 4ba943b02aa728aa077a0b3be79626b0f20ea8a7 (master)
commit febeb485a2e9c5ca67705c95b088f70e3e5d5fdc (release/2.4)
Author: David Sommerseth
Date: Mon Dec 26 13:26:43 2016 +0100
man
Commit 554504c5e2692c3e6cfd3f removed the IV_RGI6 peer-info singaling
but forgot to update the man page. Removing this reference as well.
Signed-off-by: David Sommerseth
---
doc/openvpn.8 | 4
1 file changed, 4 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index eb85d23
uthor: Gert Doering
Date: Sun Dec 25 11:59:19 2016 +0100
Remove IV_RGI6=1 peer-info signalling.
Signed-off-by: Gert Doering
Acked-by: Steffan Karger
Acked-by: David Sommerseth
Message-Id: <20161225105919.25792-1-g...@greenie.muc.de>
URL:
https://www.mail-
Date: Sun Dec 25 23:02:14 2016 +0100
man: encourage user to read on about --tls-crypt
Trac: #790
Signed-off-by: Steffan Karger
Acked-by: David Sommerseth
Message-Id: <1482703334-18949-1-git-send-email-stef...@karger.me>
URL:
https://www.mail-archive.com/o
4.html
Signed-off-by: David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJYYQq6AAoJEIbPlEyWcf3ydS8P/iZDyUGQdlOu+05vZlKY8xTo
jK4SkBXud7aleJvTUncQ3YCWBccNfYOlD2iVNKQSmwxsFB5aGunvvpujT99e9ZQk
TpWXImER
2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2
$ echo "test" | sha256sum
f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2 -
And from the earliest openssl RPM changelog entry where 0.9.8 is
mentioned, I see this:
* Wed Nov 09 2005 Tomas Mraz 0.9.8a-1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the following branches
commit a256aee8e70ceb7059b9da69bc3e7cccbd094916 (master)
commit 203d7c8b1fdab065aa0b2a522abe00dc39fa433a (release/2.4)
Author: David Sommerseth
Date: Fri Dec 23 17:07:44 2016 +0100
docs
On 21/12/16 23:03, Steffan Karger wrote:
> Hi,
>
> On 21 December 2016 at 22:09, David Sommerseth
> wrote:
>> On 18/12/16 19:26, Steffan Karger wrote:
>>> Now that we have touched each and every file anyway, I decided to go over
>>> the code I regularly wo
The git master/2.4 code lacked some useful information about
the changes to --reneg-bytes, SWEET32 and weak ciphers (less
than 128-bits cipher blocks)
v2 - Fixed a couple of grammar/typo issues
Signed-off-by: David Sommerseth
---
Changes.rst | 6 ++
doc/openvpn.8 | 13 ++---
2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the release/2.3 branch
commit 49e6ce5b9dea9b7beadb9a6e2586770090c5556b
Author: David Sommerseth
Date: Wed Dec 21 21:54:50 2016 +0100
docs: Further improve --reneg-bytes and SWEET32 information
Signed-off
On 21/12/16 22:48, Christian Hesse wrote:
> David Sommerseth on Wed, 2016/12/21 21:00:
>> Signed-off-by: David Sommerseth
>
> As we will (hopefully) see a release in 2016... Does it make sense to update
> to 2017?
Yes, we think so. The 2.4.0 release will happen just a few d
ut I'm not too happy that uncrustify seems to disagree slightly ...
See the attached patch what happened after applying your patch and then
running:
$ uncrustify --no-backup -l C $files
We should either see if our uncrustify config is correct or need slight
adjustments (without needing
: David Sommerseth
Message-Id: <1482079095-14880-1-git-send-email-stef...@karger.me>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13619.html
Signed-off-by: David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
V
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the release/2.3 branch.
commit 782c95330b630c3823418a7867fcc1763d3f103f
Author: David Sommerseth
Date: Wed Dec 21 21:00:53 2016 +0100
Update copyrights
Signed-off-by: David Sommerseth
Acked-by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch.
commit 58716979640b5d8850b39820f91da616964398cc
Author: David Sommerseth
Date: Wed Dec 21 21:00:52 2016 +0100
Update copyrights
Signed-off-by: David Sommerseth
Acked-by: Steffan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the release/2.4 branch.
commit a0006fa431d2109a55ecc741a34510aea00dd608
Author: David Sommerseth
Date: Wed Dec 21 21:00:54 2016 +0100
Update copyrights
Signed-off-by: David Sommerseth
Acked-by
make it a bit less surprising.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one
The git master/2.4 code lacked some useful information about
the changes to --reneg-bytes, SWEET32 and weak ciphers (less
than 128-bits cipher blocks)
Signed-off-by: David Sommerseth
---
Changes.rst | 6 ++
doc/openvpn.8 | 13 ++---
2 files changed, 16 insertions(+), 3 deletions
There are still some support tickets related to SWEET32 and
our defult enforced --reneg-bytes 64 when using weaker ciphers
(less than 128-bits cipher blocks). Try to clarify this even
more.
Also fix a few mistakes, saying less than 128-bits and not 128-bits
and less.
Signed-off-by: David
Signed-off-by: David Sommerseth
---
COPYING| 2 +-
ChangeLog | 2 +-
Makefile.am| 2 +-
PORTS | 2 +-
build/Makefile.am | 2 +-
build/msvc/Makefile.am
Signed-off-by: David Sommerseth
---
COPYING | 2 +-
ChangeLog | 2 +-
Makefile.am | 2 +-
PORTS
These patches updates the copyright lines with an updated year. The
result is generated by the ./dev-tools/update-copyright.sh script.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
--
Developer Access
Signed-off-by: David Sommerseth
---
COPYING | 2 +-
ChangeLog | 2 +-
Makefile.am | 2 +-
PORTS
.4)
commit 9e2bbbc7bc9bb126ed1061cf0c2ee2fb5ffc919d (release/2.3)
Author: David Sommerseth
Date: Mon Dec 19 19:52:12 2016 +0100
dev-tools: Added script for updating copyright years in files
Signed-off-by: David Sommerseth
Acked-by: Steffan Karger
Message-Id: <1482173532-25132-1-git-send-email-dav..
updated to cover more owners. See the
UPDATE_COPYRIGHT_LINES line in the script for the currently set owners.
Signed-off-by: David Sommerseth
---
dev-tools/update-copyright.sh | 50 +++
1 file changed, 50 insertions(+)
create mode 100755 dev-tools/update
On 19/12/16 14:59, Илья Шипицин wrote:
>
>
> 2016-12-19 18:49 GMT+05:00 Samuli Seppänen <mailto:sam...@openvpn.net>>:
>
> Il 19/12/2016 15:44, David Sommerseth ha scritto:
>
> On 19/12/16 11:01, Samuli Seppänen wrote:
> [...snip...]
>
lar project needs to be tied to the NetworkManager
team
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one o
This is indeed a NetworkManager project. The
NetworkManager-openvpn plugin is developed and maintained by the
NetworkManager team.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
---
Allow the user to select if cmocka tests are run or not
Try to avoid adding more options ... rather try to have some reasonable
defaults which is auto-detected based on reasonable triggers (such as
distro/platform)
--
kind regards,
David Sommerseth
OpenVPN Tech
On 16/12/16 20:09, Christian Hesse wrote:
> David Sommerseth on Fri, 2016/12/16 19:14:
>> On 16/12/16 16:57, Christian Hesse wrote:
>>> From: Christian Hesse
>>>
>>> Different unit instances create and destroy the same RuntimeDirectory.
>>> This lea
robably fill out more details in the various test cases he used. We
should probably document those tests in our wiki though.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch
commit 5d4cabff18718981a66ab9066b49297e42cb22b4
Author: David Sommerseth
Date: Fri Dec 16 11:25:07 2016 +0100
auth-gen-token: Hardening memory cleanup on auth-token failuers
Signed-off-by
+0100
Don't reopen tun if cipher changes
Trac: #761
Signed-off-by: Steffan Karger
Acked-by: David Sommerseth
Message-Id: <1481838366-32335-1-git-send-email-stef...@karger.me>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/ms
Further improve the memory management when a clients --auth-token
fails the server side token authentication enabled via --auth-gen-token.
v2 - Add ASSERT() if base64 encoding of token fails
v3 - Use proper boolean logic in ASSERT()
v4 - Rebase against The Great Reformatting
Signed-off-by: David
Further improve the memory management when a clients --auth-token
fails the server side token authentication enabled via --auth-gen-token.
v2 - Add ASSERT() if base64 encoding of token fails
v3 - Use proper boolean logic in ASSERT()
Signed-off-by: David Sommerseth
---
src/openvpn/ssl_verify.c
[lets try unencrypted this time.]
On 15/12/16 22:52, Steffan Karger wrote:
> Hi,
>
> On 15 December 2016 at 13:22, David Sommerseth wrote:
>> Further improve the memory management when a clients --auth-token
>> fails the server side token authentication enabled via --aut
Rebase process is based on description in commit 46e4b6639a950c56.
The lz4 v1.7.4.2 is based on commit 018ddf799917ee5c68b5 in
git://github.com/lz4/lz4
Signed-off-by: David Sommerseth
---
src/compat/compat-lz4.c | 820 ++--
src/compat/compat-lz4.h
the proper function pointers are set up, pointing at the LZ4
version we prefer - either our own compat-lz4 or the system wide liblz4. But
I am far from convinced this is a good or reasonable approach for this part
of the code.
Christian Hesse (1):
replace deprecated LZ4 function
David Som
From: Christian Hesse
The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler
gives warning:
warning: ‘LZ4_compress_limitedOutput’ is deprecated: use
LZ4_compress_default() instead
The new function LZ4_compress_default() appeared in r129 (1.7.0), so
replace the function there.
Si
... strncmp(line, "peer-id ", 8) would provide a match
though.
> {
> -md_ctx_update(ctx, (const uint8_t *) line, strlen(line));
> +continue;
> }
> -}
> +if (strcmp(line, "cipher ") == 0 && !opt->ce.tun_mtu_defined)
Same as above.
{
>
This makes sense. But I think we should do this in relation to an
update of the compat-lz4 library we also ship in OpenVPN. I'm running
some tests now, and will submit a new mail thread which includes this
patch together with the compat-lz4.[ch] update.
This will be handled post
On 15/12/16 06:09, Selva Nair wrote:
>
> On Wed, Dec 14, 2016 at 4:18 PM, David Sommerseth
> <mailto:open...@sf.lists.topphemmelig.net>> wrote:
>
> On 13/12/16 22:42, David Sommerseth wrote:
> >
> > Hi all,
> >
> > So the fir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Reformatting merge complete.
commit 1f004b2f06e987d73e48f7fd7b96b0b248274f58
Merge: 2417d55 81d882d
Author: David Sommerseth
Date: Thu Dec 15 13:45:06 2016 +0100
Merge 'reformatting' branch into master
This concludes
Further improve the memory management when a clients --auth-token
fails the server side token authentication enabled via --auth-gen-token.
v2 - Add ASSERT() if base64 encoding of token fails
Signed-off-by: David Sommerseth
---
src/openvpn/ssl_verify.c | 45
in
openvpn_base64_encode(). But I agree, ASSERT() is probably more
reasonable here.
I'll send a v2 patch with assert here instead.
Side track the malloc() size calculation in base64.c:66 is, well,
interesting:
p = s = (char *) malloc(size * 4 / 3 + 4);
--
kind regards,
David So
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Did a quick change at commit time, changing from bash to sh
Your patch has been applied to the master branch.
commit 2417d55c4945d491e528dd0e4cf24047da5ceae9
Author: David Sommerseth
Date: Wed Dec 14 22:05:00 2016 +0100
dev-tools: Add
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/12/16 22:42, David Sommerseth wrote:
>
> Hi all,
>
> So the first phase of the great reformatting is on its way. I have
> just pushed out a reformatting branch to the following
> repositories:
>
> https://github
und)
Signed-off-by: David Sommerseth
---
dev-tools/reformat-all.sh | 136 +
.../after_include_openvpn-plugin.h.in.patch| 13 ++
.../before_include_openvpn-plugin.h.in.patch | 13 ++
dev-tools/special-files.lst| 4 +
restriction for The Great Reformatting
Update the script with improvements by krzee
Signed-off-by: David Sommerseth
---
dev-tools/reformat-all.sh | 136 +
.../after_include_openvpn-plugin.h.in.patch| 13 ++
.../before_include_openvpn
On 14/12/16 17:23, Steffan Karger wrote:
> On 14-12-16 16:39, David Sommerseth wrote:
>> On 14/12/16 10:09, Gert Doering wrote:
>>> Hi,
>>
>>> On Wed, Dec 14, 2016 at 10:51:18AM +0200, Lev Stipakov wrote:
>>>> +/* + * Disable async-push if plugins are d
burden in the future, which I will not accept lightly.
Yes, I see the short-term convenience to solve that specific Trac
ticket. But it really isn't the right long-term solution.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuP
Further improve the memory management when a clients --auth-token
fails the server side token authentication enabled via --auth-gen-token.
Signed-off-by: David Sommerseth
---
src/openvpn/ssl_verify.c | 22 ++
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/src
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch
commit a7acb6b48e31c5b83983f7eb9caf308adb7b76f1
Author: David Sommerseth
Date: Tue Dec 13 13:16:56 2016 +0100
Changes.rst: Mainatiner update on C99
Acked-by: Gert Doering
Message-Id
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch
commit 1a8f6b9159708a943ebdb64404de4c5fc887303b
Author: David Sommerseth
Date: Wed Dec 14 13:23:30 2016 +0100
Further enhance async-push feature description
Signed-off-by: David
: #789
Signed-off-by: Steffan Karger
Acked-by: David Sommerseth
Message-Id: <1481658672-5110-1-git-send-email-stef...@karger.me>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13523.html
Signed-off-by: David Sommerseth
- --
kind regards,
: Steffan Karger
Message-Id: <1481645498-22043-1-git-send-email-selva.n...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13520.html
Signed-off-by: David Sommerseth
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
V
Signed-off-by: David Sommerseth
---
Changes.rst | 9 +
configure.ac | 2 +-
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/Changes.rst b/Changes.rst
index a5002dd..7da1119 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -148,10 +148,11 @@ Control channel encryption
.
Have fun and report back.
Btw. The reformatting commit is PGP signed using the same key this
mail is signed with.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJYUGs0AAoJEIbPlEyWcf3yLMAP
On 13/12/16 22:05, Selva Nair wrote:
>
> On Tue, Dec 13, 2016 at 3:56 PM, David Sommerseth
> <mailto:open...@sf.lists.topphemmelig.net>> wrote:
>
> Already at it. Written a script to do everything in a consistent way,
> added the cmt_cpp_to_c=true (and sp_
>> pos_bool=lead
>
> What does this do exactly? The description "The position of boolean
> operators in wrapped expressions" from --show-config doesn't ring a bell
If it breaks a boolean expression over more lines, the operator come
On 13/12/16 19:55, Steffan Karger wrote:
>
> On 09-12-16 22:44, Selva Nair wrote:
>> On Fri, Dec 9, 2016 at 4:39 PM, David Sommerseth
>> > <mailto:open...@sf.lists.topphemmelig.net>> wrote:
>>
>> On 09/12/16 22:27, Steffan Karger wrote:
>>
Mention for maintainers that we've moved to build with -std=c99 by
default. Also document that 32-bit RHEL5 builds will need -std=gnu99
to be buildable.
---
Changes.rst | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Changes.rst b/Changes.rst
index a5002dd..056bcec 100644
--- a/Changes.
On 13/12/16 09:33, Gert Doering wrote:
> Hi,
>
> On Tue, Dec 13, 2016 at 01:15:03AM +0100, David Sommerseth wrote:
>> But I am wondering if it would be better to just do this in syshead.h
>> instead:
>>
>> #if !defined(ENABLE_PLUGIN) && defined(ENABLE_
ly think this makes sense too, as if you have any
state or log files, they should be placed under /var/log, {/var,}/run or
/var/lib.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
-
re's no real point of screaming about missing
--enable-plugins if you have added --enable-auth-push. If you build
without plugins support, --plugin in configurations won't work
regardless. I think it is more likely that those adding
--disable-plugins (it is enabled by default) believe --enable-async-
ries which complies with the SELinux policies in
regards to read/write privileges, we should be fine. And restricting
which directories OpenVPN can write to is quite sane. All those plenty
of blogs putting runtime status
On 10/12/16 13:08, Christian Hesse wrote:
> David Sommerseth on Sat, 2016/12/10 01:03:
>> On 10/12/16 00:19, Christian Hesse wrote:
>>> From: Christian Hesse
>>>
>>> sd_notify() uses a socket to communicate with systemd. Communication
>>> fails if
platform_chroot()
which is called from init.c. Where it will just call chroot() on
non-systemd and non-Windows systems. When systemd is enabled and
detected detected it will prepare the bind mount, drop capabilities and
then call chroot().
Is that a reasonable approach? Or would you prefer t
sg_va()
[error.c:251] ... there might be better examples too, I'm just not able
to remember them now :) buffer.[ch] keeps most of these functions.
The reason for this is basically to use the same well tested
infrastructure. And with gc_arena, only a single gc_free() is required,
r
On 09/12/16 22:54, Christian Hesse wrote:
> David Sommerseth on Fri, 2016/12/09 22:37:
>> On 29/11/16 12:07, Christian Hesse wrote:
>>> From: Christian Hesse
>>>
>>> Drop --with-plugindir, instead use an environment variable PLUGINDIR
>>> to spec
801 - 900 of 2287 matches
Mail list logo