Thanks for the review. Indent fixed, that was a that sneaked in.
Patch has been applied to the master branch.
commit b322690394b75a9d4987d4b27107ccb01bbcd90e
Author: Gert Doering
Date: Wed Sep 18 18:29:17 2024 +0200
make t_server_null 'server alive?' check more robust
o the master branch.
commit 2cc77debf0221fa0cef3ea470c1328d25397d021 (master)
Author: Frank Lichtenheld
Date: Wed Sep 18 22:48:44 2024 +0200
socket: Change return types of link_socket_write* to ssize_t
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
Messa
nheld
Acked-by: Gert Doering
Message-Id: <20240918204551.2530-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29321.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/740
This mail reflects revision 1 of this Change.
Acked-by according to Gerrit (reflected
dependency of other macros, but it is nicer to have it
explicitely as well.
- A few typo and whitespace fixes.
Change-Id: I7927a572611b7c1dc0b522fd6cdf05fd222a852d
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
- use "$RUN_SUDO kill -0 $pid" to test if a given process is running, not
"ps -p $pid" - the latter will not work if security.bsd.see_other_uids=0
is set
- produce proper error messages if pid files can not be found or are
empty at server shutdown time
---
tests/t_server_null_client.sh | 5
Lichtenheld
Date: Tue Sep 17 15:32:53 2024 +0200
configure: Handle libnl-genl and libcap-ng consistent with other libs
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
Message-Id: <20240917133253.19616-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/o
: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/724
This mail reflects revision 3 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering
abe
Acked-by: Frank Lichtenheld
Message-Id: <20240719131016.75042-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28941.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
__
chtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28290.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
6bee80eb42a473fbfde7de4362b0f (release/2.6)
Author: Ralf Lici
Date: Tue Sep 17 11:14:33 2024 +0200
Fix check_addr_clash argument order
Signed-off-by: Ralf Lici
Acked-by: Frank Lichtenheld
Message-Id: <20240917091433.24092-1-g...@greenie.muc.de>
URL:
https://www.mail-arch
From: Ralf Lici
In init_tun() make sure to pass the --local and --remote addresses in
the host order so that they can be compared to the --ifconfig addresses.
Change-Id: I5adbe0a79f078221c4bb5f3d39391a81b4d8adce
Signed-off-by: Ralf Lici
Acked-by: Frank Lichtenheld
---
This change was reviewed
d-off-by: Arne Schwabe
Acked-by: Gert Doering
Message-Id: <20240916133436.29943-1-g...@greenie.muc.de>
Signed-off-by: Gert Doering
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29249.html
--
kind regards,
G
From: Arne Schwabe
These functions are not used outside tun.c
Change-Id: I028634dba74a273c725b0beb16b674897b3c23fa
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL
-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/746
This mail reflects revision 1 of this Change.
Acked-by according to Gerrit (reflected
d-off-by: Frank Lichtenheld
Acked-by: Gert Doering
Message-Id: <20240912174910.21058-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29231.html
Signed-off-by: Gert Doering
--
kind r
From: Frank Lichtenheld
Change-Id: I86203b8f9a6d3cfc5e56d3ce9452af694fd11011
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c
receiving CMD_DEL_PEER
notification
Signed-off-by: Antonio Quartulli
Acked-by: Arne Schwabe
Message-Id: <20240912165339.21058-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29226.html
Signed-off-by: Gert D
From: Antonio Quartulli
some extra DCO calls may be made after receiving the DEL_PEER
notification (i.e. due to timeout), but this will result in
an error message due to the peer having disappeared already.
An extra call might be, for example, an explicit DEL_PEER
in the attempt of cleaning the
off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
d-off-by: Marco Baffo
Acked-by: Gert Doering
Message-Id: <20240912142421.703-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29217.html
Signed-off-by: Gert Doering
--
kind r
From: Marco Baffo
Removed superfluous calls to 'add_route_ipv6' for adding ipv6 routes after tun
opening in OpenBSD, NetBSD and Darwin.
Change-Id: I235891212b15277349810913c9c1763da5c48587
Signed-off-by: Marco Baffo
Acked-by: Gert Doering
---
This change was reviewed on Gerrit an
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29208.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.ne
From: Frank Lichtenheld
Requires submodule checkout.
Change-Id: I86ceceb4e1c716b33c6c6ec8853eca0fb4b394f1
Signed-off-by: Frank Lichtenheld
Acked-by: Arne Schwabe
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https:
Message-Id: <20240911104941.19429-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29187.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
O
8.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Selva Nair
OPENSSL_STORE_load() can error and return NULL even when the file or URI
still has readable objects left.
Fix by iterating until OPENSSL_STORE_eof(). Also clear such errors to avoid
misleading messages printed at the end by crypto_print_openssl_errors().
Change-Id: I2bfa9ffbd17
out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
From: Frank Lichtenheld
The previous code went through some hoops
to avoid compiler warnings. But there is
a much easier way by just telling it
exactly what you want to do.
Also fix typo in variable name while I'm
here.
Change-Id: Icc86334b26ba1fcc20f4cd03644018d1d16796e3
Signed-off-by: Frank L
From: Arne Schwabe
With DCO and possible future hardware assisted OpenVPN acceleration we
are approaching the point where 32 bit IVs are not cutting it any more.
To illustrate the problem, some back of the envelope math here:
If we want to keep the current 3600s renegotiation interval and have
...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29172.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://
From: Frank Lichtenheld
These are all fixes I considered "safe". They either
- Have sufficient checks/shifts for a cast to be safe
- Fix the type of a variable without requiring code changes
- Are in non-critical unittest code
v2:
- add min_size instead of abusing min_int
v6:
- remove change
Acked-by: Gert Doering
Thanks. Not tested beyond "does it compile", as the changes are very
straightforward :-)
Your patch has been applied to the master and released/2.6 branch.
commit aa1dd09b5fc196499c84d2ef9b0c254ebb1745d8 (master)
commit f9ab7edbebd6dfb3fd384b56626aabb3171ac0a
Thanks :-)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon
From: Lev Stipakov
Since version 1.4, dco-win drivere supports data_v3 features
such as:
- AEAD tag at the end
- 64bit pktid
We have to:
- check in runtime if driver supports data_v3 features (we might be
running with the older driver)
- if those features are negotiated, we pass them to
From: Marco Baffo
Removed superfluous calls to 'add_route_ipv6' for adding ipv6 routes after tun
opening in OpenBSD, NetBSD and Darwin.
Change-Id: I235891212b15277349810913c9c1763da5c48587
Signed-off-by: Marco Baffo
Acked-by: Frank Lichtenheld
---
This change was reviewed on Gerrit and appro
Hi,
On Mon, Sep 09, 2024 at 01:39:30PM +0200, Gert Doering wrote:
> Your patch has been applied to the master branch.
Note: while this is a bugfix, it does not need to go to 2.6 - there is
no mssfix support in-kernel for DCO v2, and the upcoming DCOv3-no-called-
"ovpn" wil
y: Gianmarco De Gregori
Acked-by: Lev Stipakov
Message-Id: <20240906145745.67596-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29086.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
__
ned-off-by: Frank Lichtenheld
Acked-by: Arne Schwabe
Message-Id: <20240906162514.78671-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29091.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
_
Lichtenheld
Message-Id: <20240708210912.566-6-chipits...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28882.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailin
ction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany
Signed-off-by: Ilia Shipitsin
Acked-by: Frank Lichtenheld
Message-Id: <20240708210912.566-3-chipits...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28886.html
Signed-off-by: Gert Doering
--
kind regards,
Gert D
Acked-by: Gert Doering
Taken the "patchset looks great" from Antonio as ACK, fixed the
"msg( M_FATAL," space on the go (trivial whitespace fixes are
acceptable).
Not tested beyond minimal compile test and stare-at-code.
Your patch has been applied to the ma
sage-Id: <20240719131407.75746-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28943.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Acked-by: Gert Doering
Thanks :-) (not much to test here)
Your patch has been applied to the master branch.
commit 67124dcf317460609860a2ea7cb7a55ceed4a4ce
Author: Selva Nair
Date: Sun Sep 8 18:42:20 2024 -0400
Initialize before use struct user_pass in ui_reader()
Signed-off-by
et/msg29076.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ists.sourceforge.net/msg29074.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
as URI
Signed-off-by: Selva Nair
Acked-by: Frank Lichtenheld
Message-Id: <20240906103734.36633-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29075.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doe
13:29:08 2024 +0200
Protect cached username, password and token on client
Signed-off-by: Selva Nair
Acked-by: Frank Lichtenheld
Message-Id: <20240906112908.1009-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg290
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29061.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
yt
Message-Id: <20240906160510.76387-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29090.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel m
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29087.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lis
sage-Id: <20240906172112.87148-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29092.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
From: Selva Nair
Keep the memory segment containing username and password in
"struct user_pass" encrypted. Works only on Windows.
Username and auth-token cached by the server are not covered
here.
v2: Encrypt username and password separately as it looks more
robust. We continue to depend on the
From: Selva Nair
Usage of credentials is a bit odd in this file.
Actually the copy of "struct user_pass" kept in p->up is not
required at all. It just defeats the purpose of auth-nocahe
as it never gets cleared.
Removing it is beyond the scope of this patch -- we just ensure
it's purged after u
mplement support for AEAD tag at the end
Signed-off-by: Arne Schwabe
Acked-by: Frank Lichtenheld
Message-Id: <20240214132719.3031492-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28239
e5a8ea36a0228c30cdbee8791d44a1f0fbaffa9f (master)
commit 41fe48585ebd005e65d191452c2860ab9c089c55 (release/2.6)
Author: Lev Stipakov
Date: Fri Aug 9 21:22:56 2024 +0200
Use a more robust way to get dco-win version
Signed-off-by: Lev Stipakov
Acked-by: Gert Doering
Message-Id: <20240809192257.24208-
Acked-by: Gert Doering
"explanation makes sense, man ftruncate clearly says 'fd is not modified'"
smoke tested ("make check") on linux with --enable-pkcs11
Your patch has been applied to the master branch.
Not applied to 2.6 because the code in question
n-dco-win/pull/76
This will be expecially handy later when checking which
features driver supports.
Change-Id: Ieb6f3a9d14d76000c1caf8ee1e959c6d0de832bf
Signed-off-by: Lev Stipakov
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to
console_systemd: rename query_user_exec to query_user_systemd
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
Message-Id: <20240726104032.2112-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28983.html
Signed-
: I379e1eb6dc57b9fe4bbdaefbd947a14326e7117a
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/670
This mail reflects revision 4 of this Change.
Acked-by
12248.21075-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28970.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openv
From: Heiko Hund
Incompatible changes to the --dns server address and --dns server
exclude-domains options were introduced after the code for handling them
was released. Add and send a new IV_PROTO flag, so servers which act on
the flags set can differentiate between clients which have implemente
Signed-off-by: Arne Schwabe
Acked-by: Frank Lichtenheld
Message-Id: <20240719131141.75324-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28942.html
Signed-off-by: Gert Doering
02346806adafd3c656f018a7a1b3fb2c585a1cea (release/2.6)
Author: Frank Lichtenheld
Date: Mon Jul 22 14:10:34 2024 +0200
Fix missing spaces in various messages
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
Message-Id: <20240722121034.10816-1-g...@greenie.muc.de>
URL:
https://ww
From: Frank Lichtenheld
These result from broken up literals where it
is easy to miss the missing space.
Change-Id: Ic27d84c74c1dd6ff7973ca6966d186f475c67e21
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer
6.190351-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28916.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourc
200
Allow trailing \r and \n in control channel message
Signed-off-by: Arne Schwabe
Acked-by: Frank Lichtenheld
Message-Id: <20240710140623.172829-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28910.html
Signed
Acked-by: Gert Doering
Thanks for the backport. Verified that it's the same change (without the
unit test, and having extract_command_buffer() in forward.c), and that
it gets the job done :-)
Your patch has been applied to the release/2.5 branch.
c
into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany
reenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28871.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists
From: Samuli Seppänen
- exit after a timeout if unable to kill servers
- use sudo or equivalent only for server stop/start
- use /bin/sh directly instead of through /usr/bin/env
- simplify sudo call in the sample rc file
- remove misleading and outdated documentation
- make it work on OpenBSD 7.5
Message-Id: <20240703174158.7137-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28865.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing li
From: Max Fillinger
Recent versions of mbedtls only support TLS 1.2. When the minimum
version is set to TLS 1.0 or 1.1, log a warning and use 1.2 as the
actual minimum version.
Change-Id: Ibc641388d8016533c94dfef3618376f6dfa91f4e
Signed-off-by: Max Fillinger
Acked-by: Arne Schwabe
---
This ch
Wed Jun 26 18:19:21 2024 +0200
configure: Try to detect LZO with pkg-config
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
Message-Id: <20240626161921.179301-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.n
4 +0200
Http-proxy: fix bug preventing proxy credentials caching
Signed-off-by: Gianmarco De Gregori
Acked-by: Gert Doering
Acked-by: Frank Lichtenheld
Message-Id: <20240623200551.20092-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-dev
from ssl has been added, by doing this
we're able to erase previous queried user credentials
to ensure correct operation.
Fixes: Trac #1187
Signed-off-by: Gianmarco De Gregori
Acked-by: Gert Doering
Change-Id: Ia3e06c0832c4ca0ab868c845279fb71c01a1a78a
---
This change was reviewed on Gerrit
orms", so in
it goes.
Your patch has been applied to the master branch.
commit 56355924b4945ec808500b18c714c111387697f9
Author: Frank Lichtenheld
Date: Thu Jun 20 16:42:30 2024 +0200
configure: Add -Wstrict-prototypes and -Wold-style-definition
Signed-off-by: Frank Lichtenheld
From: Frank Lichtenheld
These are not covered by -Wall (nor -Wextra) but we want
to enforce them.
Change-Id: I6e08920e4cf4762b9f14a7461a29fa77df15255c
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I
From: Frank Lichtenheld
These are not covered by -Wall (nor -Wextra) but we want
to enforce them.
Change-Id: I6e08920e4cf4762b9f14a7461a29fa77df15255c
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by at least one
developer. I
Seppänen
Message-Id: <20240620103749.7923-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28815.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel m
From: Frank Lichtenheld
The changes for POSIX shell compatibility and parallel
make compatibility broke actually failing the test
when a subtest fails.
Change-Id: I35f7cf84e035bc793d6f0f59e46edf1a2efe0391
Signed-off-by: Frank Lichtenheld
Acked-by: Samuli Seppänen
---
This change was reviewed
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28808.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/li
24 +0300
interactive.c: Improve access control for gui<->service pipe
Signed-off-by: Lev Stipakov
Acked-by: Selva Nair
Message-Id: <20240619134451.222-1-...@openvpn.net>
URL:
https://www.mail-archive.com/search?l=mi
nest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP s
>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28791.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/l
Hi,
On Wed, Jun 19, 2024 at 12:30:04PM +0200, Gert Doering wrote:
> From: Arne Schwabe
>
> This makes OpenVPN more picky in accepting control message in two aspects:
> - Characters are checked in the whole buffer and not until the first
> NUL byte
> - if the messag
From: Arne Schwabe
This makes OpenVPN more picky in accepting control message in two aspects:
- Characters are checked in the whole buffer and not until the first
NUL byte
- if the message contains invalid characters, we no longer continue
evaluating a fixed up version of the message but rath
.@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28408.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
/1.2 cause "something to get upset"
in the TLS version printer.
Sorry for not testing this more thoroughly before merging.
gert
On Tue, Jun 18, 2024 at 06:30:05PM +0200, Gert Doering wrote:
> Mildly tested via GHA builds.
>
> Not sure we want this in release/2.6 - I tend t
un 13 10:14:22 2024 +0200
Add t_server_null test suite
Signed-off-by: Samuli Seppänen
Acked-by: Frank Lichtenheld
Message-Id: <20240613081422.139493-1-fr...@lichtenheld.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28750.html
Signe
mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28772.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
et/msg28771.html
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ml
Signed-off-by: Gert Doering
--
kind regards,
Gert Doering
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Max Fillinger
Recent versions of mbedtls have dropped support for TLS 1.0 and 1.1.
Rather than checking which versions are supported, drop support for
everything before 1.2.
Change-Id: Ia3883a26ac26df6bbb5353fb074a2e0f814737be
Signed-off-by: Max Fillinger
Acked-by: Arne Schwabe
---
This
From: Frank Lichtenheld
This option is very old (from SVN days) and has been
used by Access Server for many years. I don't think it
makes sense to claim that it is "experimental" at this
point.
Change-Id: I913bb70c5e527e78e7cdb43110e23a8944f35a22
Signed-off-by: Frank Lichtenheld
Acked-by: Arne
From: rein.vanbaaren
This commit allows compiling OpenVPN with recent versions of mbed TLS
if MBEDTLS_DEPRECATED_REMOVED is defined.
Change-Id: If96c2ebd2af16b18ed34820e8c0531547e2076d9
Signed-off-by: Max Fillinger
Acked-by: Arne Schwabe
---
This change was reviewed on Gerrit and approved by
Hi,
if you think this is a useful security enhancement, and would like to have
it in a "short term" 2.6.x release, we need test results...
please!
gert
On Thu, Jun 06, 2024 at 02:23:33PM +0200, Gert Doering wrote:
> Hi,
>
> we have new code in master that helps with th
Hi,
On Thu, Jun 06, 2024 at 01:33:24PM +0200, Gert Doering wrote:
> As instructed I have removed the "and fallback requested" part
> from the comment where "fallback" was removed from the code.
>
> Your patch has been applied t
1 - 100 of 4851 matches
Mail list logo