has been discussed here:
<http://thread.gmane.org/gmane.network.openvpn.devel/2492>
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
init.c|1 +
options.c | 10 ++
options.h |1 +
ssl.c | 60
s has been discussed here:
<http://thread.gmane.org/gmane.network.openvpn.user/28622>
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
options.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/options.c b/options.c
index c5ca8b6..36b9913 10064
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 16:10, Eric F Crist wrote:
> ACK,
>
> It's not you, that's duplicate code.
>
ACK. I this is indeed duplicated.
David S.
> On Feb 28, 2010, at 09:05:46, Gert Doering wrote:
>
>> Hi,
>>
>> tun.c contains this code, in the
>>
>>
cripts that actually require bash are
contrib/pull-resolv-conf/client.{up,down} ; they use the ${!var} variable
indirection feature.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail=2040296_id=48978=454721>
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
721>
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkuK3zYACgkQDC186MBRfrr9qQCghRPXQ9qOkVn1OYJXdXxAqHgy
zEoAnjEUPrIjBXS3+hh1DuiY1p2HbVsk
=ri8p
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 23:14, Gert Doering wrote:
> Hi,
>
> On Sun, Feb 28, 2010 at 04:37:45PM +0100, David Sommerseth wrote:
>> On 28/02/10 16:10, Eric F Crist wrote:
>>> ACK,
>>>
>>> It's not you, that's duplicate cod
responds to the OpenVPN implementation. Having that said, it could
be better described in some comments that this plug-in is using
OpenVPN's packet filter implementation.
Anyhow, this topic do deserve a little discussion on the
#openvpn-discussion meeting on Thursdays@18:00 UTC with James.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 06:32, Karl O. Pinc wrote:
> On 02/28/2010 10:24:36 PM, Peter Stuge wrote:
>> David Sommerseth wrote:
>>> +++ b/options.c
>>> @@ -529,6 +529,9 @@ static const char usage_message[] =
>>>"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 12:03, Arne Schwabe wrote:
> On 01.03.2010 11:16, David Sommerseth wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 28/02/10 15:56, Arne Schwabe wrote:
>>> On 28.02.2010 14:22, Dav
d not be a
task just for the "hard core" OpenVPN developers (which I'm not, btw).
After all, the advantage is that the more people getting involved, the
quicker we can get patches included, and the more discussion the better
we can make OpenVPN together!
Thank you all for your time and effo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 15:28, Gert Doering wrote:
> Hi,
>
> On Sun, Feb 28, 2010 at 01:50:35PM +0100, David Sommerseth wrote:
>> There are commands in the management interface which require the cid. The
>> only way at the moment to get
e frankly, this discussion sounds to more belong to the
openvpn-us...@lists.sourceforge.net list and not the development list,
at this point.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Usin
g/cgi-bin/bugreport.cgi?bug=296133> for details.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail=2935611_id=48978=454721>
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
- ---
openvpn.8 | 1612
++
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 22:09, Bernhard Schmidt wrote:
> David Sommerseth <openvpn.l...@topphemmelig.net> wrote:
>
> Hi David,
>
>>> David, could you please pull my branch from Berni, and move that patch
>>> to wherever b
s", I believe that's what's happens
especially when cherry-picks are involved. Not sure how bad Gerts
history was though. But you might get an idea when using git log
- --graph ... then you see better which branch each commits belongs to.
kind regards,
David Sommerseth
-BE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 14:44, David Sommerseth wrote:
> From: Enrico Scholz <enrico.sch...@sigma-chemnitz.de>
>
> I am running a multihomed host where 'local ' must be specified
> for proper operation. Unfortunately, this implies 'lport
exit 1
fi
This patch has been modified by David Sommerseth, by fixing a few issues
which came up to during the code review process. The man page has been
updated and tmp_file in ssl.c is checked for not being NULL before calling
delete_file().
Signed-off-by: David Sommerseth <d...@users
e merged into allmerged.
Commit 87afefff8fe7b43b2c5cbba7a03a887fd9c02336
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkuNeP4ACgkQDC186MBRfrrpIACfeEixXYP4fBXRe1daBemh+Bcf
1FUAn0OWzEcrrsUjJ00+CIHJpJdI/+qv
=CGim
-END PGP SIGNATURE-
nal) arguments, as follows:
> +is executed two arguments are appended, as follows:
>
> .B cmd certificate_depth X509_NAME_oneline
>
Applied to the feat_misc branch, to be merged into allmerged.
Commit 87afefff8fe7b43b2c5cbba7a03a887fd9c02336
kind regards,
David Sommerseth
-BEGIN
. The first word of
> +whitespace separated arguments. The first word of
> .B cmd
> is the shell command to execute and the remaining words are its
> arguments.
Applied to the feat_misc branch, to be merged into allmerged.
Commit 87afefff8fe7b43b2c5cbba7a03a887fd9c02336
kin
; -.B cmd
> -can be a shell command with multiple arguments, in which
> -case all OpenVPN-generated arguments will be appended
> -to
> -.B cmd
> -to build a command line which will be passed to the script.
> .\"*
> .TP
&
tworkManager which haven't understood
another program modified it on purpose, and resets it back. Many
distroes now make use of the openresolv or similar packages to solve
this. But, this is a similar issue as the DHCP client issue as well,
which again favours doing the DHCP stuff via a fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/03/10 15:34, David Sommerseth wrote:
> From: Vladimir I. Kobylyanskiy <kentli...@users.sourceforge.net>
>
> We (Ltd. LISSI, http://www.lissi.ru, info at lissi.ru),
> are trying to use OpenVPN with stream ciphers,
> includin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/03/10 16:58, Karl O. Pinc wrote:
> On 03/09/2010 08:05:17 AM, David Sommerseth wrote:
>
>> On the other hand, ./configure
>> could try to detect which DHCP client the system got and could use
>> that
>> as a defa
From: David Sommerseth <d...@users.sourceforge.net>
This is to include peercred support on hosts where _GNU_SOURCE is not
defined by default. This issue has been found on Gentoo with glibc-2.8.
The solution was discussed on the IRC meeting March 4, 2010
in #openvpn-discussions.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/03/10 11:49, David Sommerseth wrote:
> From: David Sommerseth <d...@users.sourceforge.net>
>
> This is to include peercred support on hosts where _GNU_SOURCE is not
> defined by default. This issue has been found on Gen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 22:12, David Sommerseth wrote:
> From: Dan Nelson <dnel...@users.sourceforge.net>
>
> Many of the scripts in the openvpn source have their shell set to
> /bin/bash, but only two use bash features. The attached patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 00:26, Davide Brini wrote:
> On Sunday 28 February 2010, David Sommerseth wrote:
>> From: Dan Nelson <dnel...@users.sourceforge.net>
>>
>> Many of the scripts in the openvpn source have their shell set to
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/02/10 23:07, David Sommerseth wrote:
> From: Davide Guerri <dgue...@users.sourceforge.net>
>
> This patch makes it possible to use the --passtos option with 802.1Q tagged
> ethernet frames.
>
> sf.net tracker:
&g
ot had time to look at yet, which also will
do some updates here as well.
kind regards,
David Sommerseth
> On Wed, Mar 10, 2010 at 2:14 PM, David Sommerseth
> <openvpn.l...@topphemmelig.net> wrote:
>>
> On 10/03/10 11:49, David Sommerseth wrote:
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/03/10 18:03, Alon Bar-Lev wrote:
> On Wed, Mar 10, 2010 at 6:50 PM, David Sommerseth
> <openvpn.l...@topphemmelig.net> wrote:
>> I'm willing to accept patches with updates as long as it don't break the
>> oldest version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/03/10 18:26, Peter Stuge wrote:
> David Sommerseth wrote:
>> it's a requirement to be able to build OpenVPN on RHEL4.6.
>
> As Alon explained, building is not the problem. autotools are used
> when preparing git source for b
tml
> says:
>
> "Once the %prep script has gotten everything ready for the build, the %
> build script is usually somewhat anti-climactic — normally invoking
> make, maybe a configuration script, and little else.
It's %build which need to do the %configure. All patching must hap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/03/10 19:04, Karl O. Pinc wrote:
> On 03/10/2010 11:54:52 AM, David Sommerseth wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 10/03/10 18:39, Karl O. Pinc wrote:
>>> On 03/10/2010 11:
dered important by more people) to put distro specific stuff
into a separate folder in the OpenVPN source tree.
If it is possible to get some up/down scripts which are generic for the
vast majority of POSIX sh based distributions, that would be the
preferred approach. If not, then we are back
ng autotools packages installed:
autoconf-2.59-5
automake-1.9.2-3
libtool-1.5.6-4.EL4.2
It builds cleanly and 'make check' passes.
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
acinclude.m4 | 10 +-
configure.ac | 35 +--
2
t change the current behaviour for those not needing the
802.1Q feature.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkueA7IACgkQDC186MBRfrp3eACghq0gJkt/L8AU9pjdGhiQSzm
y else has more experience with 'oprofile' then please let me
> know how I can rerun these tests more effectively.
I have no experience with oprofile, so I'm not sure if callgraph is
available there. But I believe a callgraph would give some even better
clues.
Thanks a lot for you tests and analysis!
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkueXuwACgkQDC186MBRfrpDUQCfewiKGlGanhyoHlpvu2rL0pmr
xpcAoJ6d9jXWuzsBadSO9+3VFAdyIy+5
=L9W5
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/03/10 17:28, David Sommerseth wrote:
> This is a modified version of a patch sent to the sf.net
> patch tracker:
> <http://sourceforge.net/tracker/?func=detail=2491190_id=48978=454721>
>
> After having disucssed this p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/03/10 11:49, David Sommerseth wrote:
> From: David Sommerseth <d...@users.sourceforge.net>
>
> This is to include peercred support on hosts where _GNU_SOURCE is not
> defined by default. This issue has been found on Gen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/03/10 20:13, David Sommerseth wrote:
> From: Jan Brinkmann <the-luckyd...@users.sourceforge.net>
>
> There was a debian bugreport which was filed in 2005 . It was patched but
> it seems that nobody forwarded the patch to t
On 17/03/10 23:01, open...@rkmorris.us wrote:
> Hi,
>
> All very good questions! Some thoughts, below.
>
> Thanks for all your help!
> ... Russell
>
> On Wed, Mar 17, 2010 05:01 PM, David Sommerseth
> <openvpn.l...@topphemmelig.net> wrote:
>>
> On
ly needed.
kind regards,
David Sommerseth.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkunk+UACgkQDC186MBRfrp9DACgsBuyorBAsyOHSeXOj5wXMJPC
syoAniFZnjv9zCP4sRgaQSfncav4L1/F
=/NQX
-END PGP SIGNATURE-
6a9049d694294
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
Tested-by: Jan Just Keijser <janj...@nikhef.nl>
Tested-by: Pavel Shramov <shra...@mexmat.net>
Tested-by: Samuli Seppänen <sam...@openvpn.net>
It's no "official" ACK in this commit, but with th
.
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
Makefile.am |7 +++
configure_h.awk | 39 +++
configure_log.awk | 36
options.c |3 +++
4 files changed, 85 insertions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/12/09 00:05, David Sommerseth wrote:
> On 13/12/09 21:18, Daniel Johnson wrote:
>> David Sommerseth wrote:
>>> - - const char *return_value = NULL;
>>> + aresp[i].resp = NULL;
>
>>&g
ely and giving you a feature
branch. But I'm open for full inclusion!
Again, thanks you very much for your patches and I hope we will get
these them reviewed properly and soon. And keep us updated on the
progress with your patches!
kind regards,
David Sommerseth
> Fabian Knittel (9):
&
On 01/04/10 10:32, Fabian Knittel wrote:
> Hi David,
>
> David Sommerseth schrieb:
>> Thank you very much for your patches! I'll look into them soon.
>
> Thanks!
>
>> The
>> patches seems to apply nicely against the feat_passtos branch. I was
>> worr
quot;filtering" before sending data to the client).
I'm not sure if I saw this in code or not ... but if it is in place and
somebody could point me to the patch which does it, I would be happy.
kind regards,
David Sommerseth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is in response to a reported Debian bug, where the connection
counter overflows.
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576827>
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
- ---
ssl.c |3 ++-
ssl.h |
as I'm a bit more confident in
> the patches. (And ... assuming I don't forget adding the flag, like I
> did this time. :) )
>
> If you haven't had a thorough look at my previous patch-set yet, I
> strongly suggest you go through my individual patches from my git tree,
> a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 30/03/10 14:12, David Sommerseth wrote:
> This patch will create ./configure.h which will contain two new #define
> strings. CONFIGURE_DEFINES will contain all USE, ENABLED, DISABLED and
> DEPRECATED defines from ./config.h. CONFI
We are talking about one particular situation
here. This is for the openvpn-testing based drivers - meaning, the
"unstable" development version, aimed for testing primarily and not
production environments. In addition, this driver signing will only be
relevant for Windows environments fo
T(ro->metric, "default")
This should fix the issue in a better way.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvDEZcACgkQDC186MBRfrraggCfTQHa7ZhaAwbY8DfNz1+Jgent
4YoAnjX/DnQoPri0Q/Mu7ZBvNBxOnjx1
=YgdK
-END PGP SIGNATURE-
plemented
is less important.
But this feature will be important for us when we begin to receive
feedbacks on the openvpn-testing version.
kind regards,
David Sommerseth
[1] <http://thread.gmane.org/gmane.network.openvpn.devel/3143>
> On Thu, Apr 8, 2010 at 10:44 PM, David Somme
is distributed in binary.
If this configure line is not found, an empty string will be the result,
so no openvpn features are harmed. With the clean-up patches, it will
now also compile without any issues. And to my knowledge config.log
does not change after Make begins to compile the s
. If you give it an ACK, I'll add it
to the bugfix2.1 branch and you can pull it in this way via the git tree.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/04/10 10:08, Fabian Knittel wrote:
> Hi David,
>
> David Sommerseth schrieb:
>> As promised in the meeting today, a patch for hardening
>> create_temp_filename().
>
> Great! :)
>
>> I've added more
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/04/10 10:50, David Sommerseth wrote:
> On 16/04/10 10:08, Fabian Knittel wrote:
>> Hi David,
>
>> David Sommerseth schrieb:
>>> As promised in the meeting today, a patch for hardening
>>> create_temp_fil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/04/10 14:59, Fabian Knittel wrote:
> Hi David,
>
> David Sommerseth wrote:
> (BTW, I thought creat() took a flags parameter, but it only takes a mode
> param. My mistake. So you're correct in wanting to use open() ins
From: David Sommerseth <d...@users.sourceforge.net>
In a Debian bug report [1] there were worries that the --client-connect
script hook was prune to a "symlink" attack. Even though this can
be recognised if --tmp-dir is set to a world writable directory, it is not
considered s
From: David Sommerseth <d...@users.sourceforge.net>
As this function now creates the temp file, it is no longer
'not-yet-created', but 'freshly created'.
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
openvpn.8 |2 +-
1 files changed, 1 insertions(+), 1 deleti
From: David Sommerseth <d...@users.sourceforge.net>
By hardening the create_temp_filename() function to check if the generated
filename exists and to create the temp file with only S_IRUSR|S_IWUSR bit
files set before calling the script, it should become even more difficult to
e
From: David Sommerseth <d...@users.sourceforge.net>
All places where create_temp_filename() was called are now calling
create_temp_file(). Extra checks on the result of create_temp_file()
is added in addition.
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
in
From: David Sommerseth <d...@users.sourceforge.net>
Fabian Knittel noticed that this delete_file() calls should have been
removed in commit b963a17efc10512db442443234731a70b1f56f84
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
multi.c |1 -
1 files changed,
From: David Sommerseth <d...@users.sourceforge.net>
If create_temp_file() returns NULL, this strlen() check would cause
a SEGV.
Signed-off-by: David Sommerseth <d...@users.sourceforge.net>
---
ssl.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ssl.c b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/04/10 23:42, Fabian Knittel wrote:
> Hi David,
>
> David Sommerseth wrote:
>> +}
>> + while (attempts < 6);
>>
>> - return gen_path (directory, BSTR (), gc);
>> + msg (M_FATAL, "Fa
From: David Sommerseth <d...@users.sourceforge.net>
Avoids using M_FATAL, which will terminate the OpenVPN process,
except where it really is needed. It's considered needed when
the function fails after 5 attempts, as that most likely
indicates problem with getting enough rando
d as commit 38025abb47f74363c3ee87ca7265e99a4055459e to bugfix2.1
and merged into allmerged.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvLh1MACgkQDC186MBRfro4qw
fferent parts of the man page and tracking their
changes separately is cleaner when people try to figure out what was
discussed and which conclusions was made.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvLimsACgkQDC186MBRfrp0ZACgqcpehduZEOSPoyupKpa3u5qk
g6IAnA2/UzrstnF4nqKrm24aMCna6ftL
=Cdwn
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/04/10 11:19, Davide Brini wrote:
> On Sunday 18 Apr 2010 23:27:31 David Sommerseth wrote:
>
>> Added as commit 38025abb47f74363c3ee87ca7265e99a4055459e to bugfix2.1
>> and merged into allmerged.
>
> Thanks.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/03/10 22:41, Davide Brini wrote:
> On Wednesday 10 March 2010, David Sommerseth wrote:
>
>>> Well, I was actually going to write a patch, but shortly after starting I
>>> found out that it would end up being essentia
t all depends on how critical he is to patches in the
contrib/ directory. If not the first next release, then definitely a
future release. It seems to work fine, but I'm going to test it out
even further to be absolutely sure it is stable.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Ve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 19/04/10 23:37, Davide Brini wrote:
> On Monday 19 April 2010, David Sommerseth wrote:
>
>> I've done a quick test on one of my connections on Fedora 12 without any
>> resolvconf package (meaning it invokes the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22/04/10 10:15, Davide Brini wrote:
> On Thursday 22 Apr 2010 09:02:23 David Sommerseth wrote:
>
>> For future patches, would you mind adding a little bit more descriptive
>> text which can be used as commit log messages. I do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/04/10 15:49, David Sommerseth wrote:
[...snip...]
>
> I've attached three patches, which cleans up this feature further.
>
This is an enhanced patch, based on review comments from Gert Doering.
He mentioned that the configure_log.
d",
> ctx->error_depth);
> -setenv_int (opt->es, envname, serial);
> + setenv_str (opt->es, envname, serial);
> + BIO_free(bio);
> +}
>}
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvRcr4ACgkQDC186MBRfrqraQCggpyJ+DKcmzyK1uhmodj1cLIT
LEMAniCuXp1HZ5WM8lhrGZ9F+kyDrka7
=kgsa
-END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/04/10 12:56, Heikki Kallasjoki wrote:
> A minor nitpick, but...
>
> On Fri, Apr 23, 2010 at 11:35:05AM +0100, Davide Brini wrote:
>> On Friday 23 Apr 2010 11:13:21 David Sommerseth wrote:
>>> On 22/04/10 2
is most known on the Linux platform, and might
maybe be used on other platforms like Solaris or *BSD.
Piping syslog messages to a process will also be non-trivial, as you
need to support a broad setup of distributions, which might use
different syslog implementations with different config syntaxes.
dress" state is implemented and how that state is used when OpenVPN is
not assigning the VPN IP addresses.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYF
From: David Sommerseth <d...@users.sourceforge.net>
This is a first-cut of removing misleading warnings from the logs.
The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING
over and over again, in addition to not show this warning when it should not
be a p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/04/10 14:55, Davide Brini wrote:
> On Saturday 24 April 2010, David Sommerseth wrote:
>> From: David Sommerseth <d...@users.sourceforge.net>
>>
>> This is a first-cut of removing misleading warnings from th
From: David Sommerseth <d...@users.sourceforge.net>
The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING
over and over again, in addition to not show this warning when it should not
be a problem. This general warning should now only appear once, and only when
--
From: David Sommerseth <d...@users.sourceforge.net>
For OpenVPN clients with long living connections, this message is repeated
everytime the connection is renegotiated. This patch removes this behaviour
and will only show this warning once.
Signed-off-by: David Sommers
s well.
> + }
> +
> + openvpn_snprintf (envname, sizeof(envname), "tls_serial_%d",
> ctx->error_depth);
> + setenv_str (opt->es, envname, serial);
> + BIO_free(bio);
> +}
>}
>
>/* export current untrusted IP */
One
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/04/10 00:42, David Sommerseth wrote:
> From: David Sommerseth <d...@users.sourceforge.net>
>
> For OpenVPN clients with long living connections, this message is repeated
> everytime the connection is renegotiated.
From: David Sommerseth <d...@users.sourceforge.net>
For OpenVPN clients with long living connections, this message is repeated
everytime the connection is renegotiated. This patch removes this behaviour
and will only show this warning once.
Signed-off-by: David Sommers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/04/10 10:56, Davide Brini wrote:
> On Monday 26 Apr 2010 00:13:39 David Sommerseth wrote:
[...snip...]
>>> +# OCSP responder URL (mandatory)
>>> +ocsp_url="http://some.ocsp.server/;
>>> +#ocsp_u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/04/10 12:48, Davide Brini wrote:
> On Monday 26 Apr 2010 11:04:16 David Sommerseth wrote:
[...snip...]
> I have another (unrelated) question. The GIT master branch lacks the
> configure
> script, so how do you go about building it
quested? I'm not sure if this really is appropriate, but let's
consider it at least.
Or that when running ./configure on an identified OSX box, that it would
update the contrib/ Makefile so a user can just go into the contrib/
directory and run make to get a proper OSX package.
/me is just thinking
p://www.secure-computing.net/wiki/index.php/OpenVPN/Developer_documentation>
I can especially recommend the ProGit Book (there is a link on the
Developer docs page) It's a good starting point when you want to learn
and/or understand more about g
it would be nice to have some sort of channel to send errors
> to
> OpenVPN's main log from the children scripts or programs, so users could
> inspect it.)
>
This begins to look very good!
Just for the errors ... they are not captured if you write to stderr or
stdout from the script
ld be good to get into the tree together with this
patch when I've looked at it a bit better.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvVr+kACgkQDC186MBRfrrCZ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/04/10 17:55, Davide Brini wrote:
> On Monday 26 Apr 2010 16:19:20 David Sommerseth wrote:
>
>>> (I still think it would be nice to have some sort of channel to send
>>> errors to OpenVPN's main log from the children
ing necessary.
>
Just a little nitpick, when you run makensis, that's actually
compilation of the installer - even when you're doing it on Linux. You
get a Windows binary as the result.
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comm
_check/OCSP_check.sh
>
ACK! This is looking good! I've put it into my work queue and will try
to get time sometime this week to get it into the bugfix2.1 branch.
Thanks a lot for your hard work on this one!
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Ver
h
has those tags all from the beginning.
So I will leave it up to you now how you want it. But in the moment I
this branch gets merged into allmerged, its too late to change your
opinion. I will wait for your reply on which approach you would like.
When this is settled, the only missing thing is
trib/OCSP_check/OCSP_check.sh
>
This patch is now applied to the bugfix2.1 branch and merged into
allmerged. An updated tree is now available.
Commit fa47f0a36c2aeda972a94c93f8f83246306812a0
kind regards,
David Sommerseth
-BEGIN PGP
nd test run
works as expected as well.
That's basically all I had to comment so far. But thanks again for your
patch! Looking forward to hear from you again with further updates as well.
kind regards,
David Sommerseth
[1] <http://www.lrde.epita.fr/~adl/autotools.html>
[2] <http://sources.red
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/04/10 10:22, Fabian Knittel wrote:
> Hi David,
>
> David Sommerseth wrote:
>> I've finally found some time to dig into this again. After some
>> consideration, I decided to rebase your work on your feat_vlan_tagg
901 - 1000 of 2018 matches
Mail list logo
