Re: [Openvpn-devel] windows client tests needed

ed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de s

Re: [Openvpn-devel] windows client tests needed

Hi, On Thu, Jun 06, 2024 at 02:23:33PM +0200, Gert Doering wrote: > Now - this code has been merged into "git master", and installers > are here: > >https://github.com/OpenVPN/openvpn-build/actions/runs/9391365526?pr=641 > > (bottom of the page, "Artifact

[Openvpn-devel] windows client tests needed

er" etc - still works) 3. redirect-gateway def1 block-local (ONLY VPN works) and report back to us. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I

[Openvpn-devel] [PATCH applied] Re: Implement Windows CA template match for Crypto-API selector

for Crypto-API selector Signed-off-by: Heiko Wundram Signed-off-by: Hannes Domani Acked-by: Selva Nair Message-Id: <20240606103441.26598-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28726.html Signe

[Openvpn-devel] [PATCH v2] Implement Windows CA template match for Crypto-API selector

From: Heiko Wundram The certificate selection process for the Crypto API certificates is currently fixed to match on subject or identifier. Especially if certificates that are used for OpenVPN are managed by a Windows CA, it is appropriate to select the certificate to use by the template that it

[Openvpn-devel] [PATCH applied] Re: Windows: enforce 'block-local' with WFP filters

Acked-by: Gert Doering Lev has tested it and confirms that it works, I have stared long and hard at v5 of the patch, and the diffs v5->v6. The main difference v5->v6 is to make it error clean (add a "= 0") *and* that it also blocks DNS going out of the loopback interface - so

[Openvpn-devel] [PATCH v6] Windows: enforce 'block-local' with WFP filters

Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/489 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): Ge

[Openvpn-devel] [PATCH applied] Re: test_user_pass: Fix building with --enable-systemd

s. commit 7dfff75659e6c06abe500f5b8716d9712aa41bcc (master) Author: Frank Lichtenheld Date: Wed Jun 5 13:10:12 2024 +0200 test_user_pass: Fix building with --enable-systemd Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240605111012.3023-1-g...@greenie.muc.de> URL:

[Openvpn-devel] [PATCH applied] Re: LZO: do not use lzoutils.h macros

Jun 4 23:17:08 2024 +0200 LZO: do not use lzoutils.h macros Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240604211708.32315-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28705.html S

[Openvpn-devel] [PATCH v1] test_user_pass: Fix building with --enable-systemd

From: Frank Lichtenheld Need to make sure that ENABLE_SYSTEMD is really disabled. Change-Id: Ic33c210f06e173a450534aa0969c57f140086655 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it

[Openvpn-devel] [PATCH v2] LZO: do not use lzoutils.h macros

From: Frank Lichtenheld Instead of lzo_{free,malloc} we can just use the free and malloc as the lzoutils.h header itself suggests. Change-Id: I32ee28fde5d38d736f753c782d88a81de7fe2980 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved b

[Openvpn-devel] [PATCH applied] Re: Allow to set ifmode for existing DCO interfaces in FreeBSD

Acked-by: Gert Doering Thanks for the patch, and the explanation on IRC. This is FreeBSD/DCO specific, and makes the case ifconfig ovpn3 create openvpn --dev ovpn3 --dev-type tun --topology subnet ... work correctly (without it, p2p ifconfig claims to work but ipv6 route addition fails as

[Openvpn-devel] [PATCH applied] Re: Allow the TLS session to send out TLS alerts

f-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240408124933.243991-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28540.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___

[Openvpn-devel] [PATCH applied] Re: Only schedule_exit() once

s.sourceforge.net/msg28679.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3] Only schedule_exit() once

From: Reynir Björnsson If an exit has already been scheduled we should not schedule it again. Otherwise, the exit signal is never emitted if the peer reschedules the exit before the timeout occurs. schedule_exit() now only takes the context as argument. The signal is hard coded to SIGTERM, and t

[Openvpn-devel] [PATCH applied] Re: Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL

ba42 Author: Arne Schwabe Date: Wed May 15 12:01:15 2024 +0200 Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240515100115.11056-1-g...@greenie.muc.de> URL: https://www.mail-a

[Openvpn-devel] [PATCH v5] Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL

, they should expose the functionality as well. Change-Id: I5bfa3630ad4dff2807705658bc877c4a429a39ce Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

[Openvpn-devel] [PATCH applied] Re: Remove OpenSSL 1.0.2 support

c96d8e0e23 Author: Arne Schwabe Date: Tue May 14 16:15:50 2024 +0200 Remove OpenSSL 1.0.2 support Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240514141550.17544-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists

[Openvpn-devel] [PATCH v9] Remove OpenSSL 1.0.2 support

-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/559 This mail reflects revision 9 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering

[Openvpn-devel] [PATCH applied] Re: Workaround issue in LibreSSL crashing when enumerating digests/ciphers

e Schwabe Date: Thu May 9 00:05:40 2024 +0200 Workaround issue in LibreSSL crashing when enumerating digests/ciphers Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240508220540.12554-1-g...@greenie.muc.de> URL: https://www.mail-archi

[Openvpn-devel] [PATCH applied] Re: Support OpenBSD with cmake

Acked-by: Frank Lichtenheld Message-Id: <20240508220512.12362-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28648.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH v1] Workaround issue in LibreSSL crashing when enumerating digests/ciphers

library. Change-Id: Ia08a9697d0ff41721fb0acf17ccb4cfa23cb3934 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/586 This mail reflects

[Openvpn-devel] [PATCH v1] Support OpenBSD with cmake

From: Arne Schwabe Change-Id: I85d4d27333773e8df109e42b1fa56ccf57994e57 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/58

[Openvpn-devel] [PATCH applied] Re: configure: update old copy of pkg.m4

ned-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240506160413.7189-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28631.html Signed-off-by: Gert Doering -- kind regard

[Openvpn-devel] [PATCH v2] configure: update old copy of pkg.m4

From: Frank Lichtenheld If we copy this code, let's at least make sure we update it every decade ;) I also considered removing it. However, then autoconf can't be run on systems without pkg-config installed anymore. While that is very unusual, didn't see a good reason to break that. Change-Id:

[Openvpn-devel] [PATCH applied] Re: Only run coverity scan in OpenVPN/OpenVPN repository

repository Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240506155831.3524-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28627.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH v1] Only run coverity scan in OpenVPN/OpenVPN repository

From: Arne Schwabe This avoids the error message triggering every night that the run failed in forked repositories Change-Id: Id95e0124d943912439c6ec6f562c0eb40d434163 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one d

[Openvpn-devel] [PATCH applied] Re: Repeat the unknown command in errors from management interface

g28621.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Remove openvpn_snprintf and similar functions

n May 6 12:27:10 2024 +0200 Remove openvpn_snprintf and similar functions Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240506102710.8976-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28617.ht

[Openvpn-devel] [PATCH v1] Repeat the unknown command in errors from management interface

From: Arne Schwabe This help pinpointing errors in logs from my app Change-Id: Ie2b62bc95371daf7e1eb58e0323835f169399910 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Ger

[Openvpn-devel] [PATCH v5] Remove openvpn_snprintf and similar functions

From: Arne Schwabe Old Microsoft versions did strange behaviour but according to the newly added unit test and https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating this is now standard conforming and we can use the normal snprintf method. Microsoft own documentation to

[Openvpn-devel] [PATCH applied] Re: Fix 'binary or' vs 'boolean or' related to server_bridge_proxy_dhcp

ated to server_bridge_proxy_dhcp Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240502095322.9433-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28601.html Signed-off

[Openvpn-devel] [PATCH applied] Re: Replace macos11 with macos14 in github runners

2231.672-1-g...@greenie.muc.de Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] Replace macos11 with macos14 in github runners

From: Arne Schwabe Github's documentation states: macos-11 label has been deprecated and will no longer be available after 6/28/2024. Add macos14 which is nowadays supported instead. The github macos-14 runner is using the M1 platform with ARM, so this requires a bit more adjustment of paths.

[Openvpn-devel] [PATCH v1] Fix "binary or" vs "boolean or" related to server_bridge_proxy_dhcp

From: Frank Lichtenheld Both values are boolean so there is no reason to use "|" and it just confuses the reader whether there is something more going on here. Change-Id: Ie61fa6a78875ecbaa9d3d8e7a50603d77c9ce09e Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This

[Openvpn-devel] [PATCH applied] Re: Use topology default of subnet only for server mode

f-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240501124254.29114-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28592.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___

[Openvpn-devel] [PATCH applied] Re: Add missing EVP_KDF_CTX_free in ssl_tls1_PRF

penvpn-devel@lists.sourceforge.net/msg28591.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] Use topology default of "subnet" only for server mode

From: Frank Lichtenheld The setting of --topology changes the syntax of --ifconfig. So changing the default of --topology breaks all existing configs that use --ifconfig but not --topology. For P2P setups that is probably a signification percentage. For server setups the percentage is hopefully

[Openvpn-devel] [PATCH v1] Add missing EVP_KDF_CTX_free in ssl_tls1_PRF

From: Arne Schwabe This is just missing in the function. Found by clang+ASAN. Change-Id: I5d70198f6adbee8add619ee8a0bd6b5b1f61e506 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to ma

[Openvpn-devel] [PATCH v2] Remove openvpn_snprintf and similar functions

From: Arne Schwabe Old Microsoft versions did strange behaviour but according to the newly added unit test and https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating this is now standard conforming and we can use the normal snprintf method. Microsoft own documentation to

[Openvpn-devel] [PATCH applied] Re: Change default of topology to subnet

/www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: forked-test-driver: Show test output always

ld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28133.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: tests: fork default automake test-driver

.@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28132.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https

[Openvpn-devel] [PATCH applied] Re: Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex

6f353eaa22b0a803fd74f4 Author: Arne Schwabe Date: Tue Apr 2 15:49:09 2024 +0200 Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240402134909.6340-1-g...@greenie.muc.de> URL: h

[Openvpn-devel] [PATCH v3] Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex

/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450 basically the same as 1.0.2. Just that method names have been changed. Change-Id: I911e25949a8647b567fd4178683534d4404ab469 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH v2] Remove redundant call of EVP_CipherInit before EVP_CipherInit_Ex

basically the same as 1.0.2. Just that method names have been changed. Change-Id: I911e25949a8647b567fd4178683534d4404ab469 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL

[Openvpn-devel] [PATCH applied] Re: Match ifdef for get_sigtype function with if ifdef of caller

aster) Author: Arne Schwabe Date: Tue Apr 2 08:36:46 2024 +0200 Match ifdef for get_sigtype function with if ifdef of caller Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240402063646.25490-1-g...@greenie.muc.de> URL: https://www.mail-archive.

[Openvpn-devel] [PATCH v1] Match ifdef for get_sigtype function with if ifdef of caller

From: Arne Schwabe These two ifdef needs to be the same otherwise the compiler will break with a undefined function. Change-Id: I5b14bf90bb07935f0bb84373ec4e62352752c03f Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH applied] Re: crypto_backend: fix type of enc parameter

Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240327162621.1792414-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28498.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: misc.c: remove unused code

g28503.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] misc.c: remove unused code

From: Lev Stipakov Commit 3a4fb1 "Ensure --auth-nocache is handled during renegotiation" has changed the behavior of set_auth_token(), but left unused parameter struct user_pass *up Remove this parameter and amend comments accordingly. Also remove unused function definition from misc.h.

[Openvpn-devel] [PATCH applied] Re: script-options.rst: Update ifconfig_* variables

Acked-by: Gert Doering We're so bad at times at updating documentation... verified that the newly documented options exist and do what it says. Confusing code... Your patch has been applied to the master and release/2.6 branch (doc). commit a94226cdc8ed037a6763675aa47e6c821983f174 (m

[Openvpn-devel] [PATCH applied] Re: Add bracket in fingerprint message and do not warn about missing verification

g28474.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Fix snprintf/swnprintf related compiler warnings

Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240326104101.531291-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28475.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: phase2_tcp_server: fix Coverity issue 'Dereference after null check'

3-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28452.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net

[Openvpn-devel] [PATCH applied] Re: Use snprintf instead of sprintf for get_ssl_library_version

y: Frank Lichtenheld Message-Id: <20240325125052.14135-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28458.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___

[Openvpn-devel] [PATCH applied] Re: documentation: make section levels consistent

consistent Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240325071520.12513-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28453.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: samples: Update sample configurations

t; URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28451.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforg

[Openvpn-devel] [PATCH v1] Use snprintf instead of sprintf for get_ssl_library_version

From: Arne Schwabe This is avoid a warning/error (when using -Werror) under current macOS of sprintf: __deprecated_msg("This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprint

[Openvpn-devel] [PATCH v1] Remove openvpn_snprintf and similar functions

From: Arne Schwabe Old Microsoft versions did strange behaviour but according to the newly added unit test and https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating this is now standard conforming and we can use the normal snprintf method. Microsoft own documentation to

[Openvpn-devel] [PATCH v2] documentation: make section levels consistent

From: Frank Lichtenheld Previously the sections "Encryption Options" and "Data channel cipher negotiation" were on the same level as "OPTIONS", which makes no sense. Instead move them and their subsections one level down. Use ` since that was already in use in section "Virtual Routing and Forwar

[Openvpn-devel] [PATCH v2] phase2_tcp_server: fix Coverity issue "Dereference after null check"

From: Frank Lichtenheld As Coverity says: Either the check against null is unnecessary, or there may be a null pointer dereference. In phase2_tcp_server: Pointer is checked against null but then dereferenced anyway There is only one caller (link_socket_init_phase2) and it already has an ASSERT(s

[Openvpn-devel] [PATCH v4] samples: Update sample configurations

From: Frank Lichtenheld - Remove compression settings. Not recommended anymore. - Remove old cipher setting. Replaced by data-ciphers negotiation. - Add comment how to set data-ciphers for very old clients. - Remove/reword some old comments. e.g. no need to reference OpenVPN 1.x anymore. - Ment

Re: [Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

est figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP si

[Openvpn-devel] [PATCH applied] Re: interactive.c: Fix potential stack overflow issue

Acked-by: Gert Doering Verified that this is the same conceptual patch as we have in master and release/2.6, just the lines look a bit different because the 2.5 code is different - the union has less members, and there is ring_buffer related stuff in the context that was changed for 2.6 Test

[Openvpn-devel] [PATCH applied] Re: Disable DCO if proxy is set via management

w.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28415.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/o

[Openvpn-devel] [PATCH applied] Re: interactive.c: Fix potential stack overflow issue

ve.c: Fix potential stack overflow issue Signed-off-by: Lev Stipakov Acked-by: Heiko Hund Message-Id: <20240319152803.1801-2-...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28420.

[Openvpn-devel] [PATCH applied] Re: interactive.c: Fix potential stack overflow issue

ve.c: Fix potential stack overflow issue Signed-off-by: Lev Stipakov Acked-by: Heiko Hund Message-Id: <20240319152803.1801-2-...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28420.

[Openvpn-devel] [PATCH applied] Re: interactive.c: disable remote access to the service pipe

36-2-...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28419.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lis

[Openvpn-devel] [PATCH applied] Re: GHA: general update March 2024

0319154456.2967716-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28422.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@l

[Openvpn-devel] [PATCH applied] Re: win32: Enforce loading of plugins from a trusted directory

a5df2c613ba2a47d3 (release/2.5) Author: Lev Stipakov Date: Tue Mar 19 15:53:45 2024 +0200 win32: Enforce loading of plugins from a trusted directory Signed-off-by: Lev Stipakov Acked-by: Selva Nair Message-Id: <20240319135355.1279-2-...@openvpn.net> URL: https://www.m

[Openvpn-devel] [PATCH v1] Disable DCO if proxy is set via management

From: Lev Stipakov Commit 45a1cb2a ("Disable DCO if proxy is set via management") attempted to disable DCO when proxy is set via management interface. However, at least on Windows this doesn't work, since: - setting tuntap_options->disable_dco to true is not enough to disable DCO - at th

[Openvpn-devel] [PATCH applied] Re: Update Copyright statements to 2024

Acked-by: Gert Doering Like Christmas... happens every year :-) - verified that this, indeed, only affects copyright lines ("git show -I '^ \* Copyright') - I guess it was produced by update-copyright.sh anyway, but review is what I do... The only actual code change is the msg

[Openvpn-devel] [PATCH applied] Re: Remove license warning from README.mbedtls

README.mbedtls Signed-off-by: Max Fillinger Acked-by: Gert Doering Message-Id: <20240314185527.26803-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28400.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH v1] Remove license warning from README.mbedtls

From: Max Fillinger The licenses are compatible now, so we can remove the warning. Change-Id: I1879c893ed19b165fd086728fb97951eac251681 Signed-off-by: Max Fillinger Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to

Re: [Openvpn-devel] [PATCH applied] Re: t_client.sh: Allow to skip tests

Hi, On Mon, Mar 11, 2024 at 12:44:20PM +0100, Frank Lichtenheld wrote: > On Fri, Mar 08, 2024 at 12:51:33PM +0100, Gert Doering wrote: > [...] > > Your patch has been applied to the master branch. > > Could we please cherry-pick this to release/2.6 as well? > > Would ma

[Openvpn-devel] [PATCH applied] Re: Update documentation references in systemd unit files

unit files Signed-off-by: Christoph Schug Acked-by: Frank Lichtenheld Message-Id: <20240308140346.4058419-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28369.html Signed-off-by: Gert Doering -- kind regards,

[Openvpn-devel] [PATCH applied] Re: remove repetitive words in documentation and comments

> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28368.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourcefor

[Openvpn-devel] [PATCH applied] Re: gerrit-send-mail: add missing Signed-off-by

Your patch has been applied to the master branch. commit bea088cf8ae3382aeed420da2a39f2a9f52df4cd Author: Frank Lichtenheld Date: Fri Mar 8 13:05:57 2024 +0100 gerrit-send-mail: add missing Signed-off-by Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id

[Openvpn-devel] [PATCH v1] gerrit-send-mail: add missing Signed-off-by

From: Frank Lichtenheld Our development documentation says we add this automatically when it is missing. So let's do that here as well. Change-Id: If9cb7d66f079fe1c87fcb5b4e59bc887533d77fa Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerri

[Openvpn-devel] [PATCH applied] Re: t_client.sh: Allow to skip tests

it users) Your patch has been applied to the master branch. commit 0c7cf0694ee6f878168330e9a084c255c51a9e8b Author: Frank Lichtenheld Date: Fri Mar 8 11:28:18 2024 +0100 t_client.sh: Allow to skip tests Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-I

[Openvpn-devel] [PATCH applied] Re: Minor fix to process_ip_header

/openvpn-devel@lists.sourceforge.net/msg28345.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: check_compression_settings_valid: Do not test for LZ4 in LZO check

Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v5] t_client.sh: Allow to skip tests

-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/521 This mail reflects revision 5 of this Change. Acked-by according to Gerrit

[Openvpn-devel] [PATCH applied] Re: Persist-key: enable persist-key option by default

Message-Id: <20240307140355.32644-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28347.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing li

[Openvpn-devel] [PATCH v5] Persist-key: enable persist-key option by default

From: Gianmarco De Gregori Change the default behavior of the OpenVPN configuration by enabling the persist-key option by default. This means that all the keys will be kept in memory across restart. Fixes: Trac #1405 Change-Id: I57f1c2ed42bd9dfd43577238749a9b7f4c1419ff Signed-off-by: Gianmarco

[Openvpn-devel] [PATCH v5] Minor fix to process_ip_header

From: Gianmarco De Gregori Removed if-guard checking if any feature is enabled before performing per-feature check. It doesn't save us much but instead introduces uneeded complexity. While at it, fixed a typo IMCP -> ICMP for defined PIPV6_ICMP_NOHOST_CLIENT and PIPV6_ICMP_NOHOST_SERVER macros.

[Openvpn-devel] [PATCH v3] Persist-key: enable persist-key option by default

From: itsGiaan Change the default behavior of the OpenVPN configuration by enabling the persist-key option by default. This means that all the keys will be kept in memory across restart. Fixes: Trac #1405 Change-Id: I57f1c2ed42bd9dfd43577238749a9b7f4c1419ff Signed-off-by: Gianmarco De Gregori

[Openvpn-devel] [PATCH applied] Re: openvpn-[client|server].service: Remove syslog.target

ned-off-by: Frank Lichtenheld Message-Id: <20240304163313.2326923-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28318.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___

[Openvpn-devel] [PATCH applied] Re: samples: Remove tls-*.conf

com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28316.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourcefor

[Openvpn-devel] [PATCH applied] Re: Fix typo --data-cipher-fallback

Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] Fix typo --data-cipher-fallback

From: Frank Lichtenheld Change-Id: I38e70cb74c10848ab2981efc4c4c8863c5c8785d Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH applied] Re: Document that auth-user-pass may be inlined

4.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Document that auth-user-pass may be inlined

Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature

Re: [Openvpn-devel] [S] Change in openvpn[master]: Minor fix to process_ip_header

Hi, On Mon, Feb 19, 2024 at 02:23:08PM +0100, Antonio Quartulli wrote: > On 19/02/2024 14:12, Gert Doering wrote: > > Maybe that would be a more reasonable approach here... get rid of the > > umbrella if(), and check individual bits inside. It seems to be a > > micro-op

Re: [Openvpn-devel] [S] Change in openvpn[master]: Minor fix to process_ip_header

Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://l

Re: [Openvpn-devel] IRC community meeting summary (Feb 14th)

t -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Mo

Re: [Openvpn-devel] [S] Change in openvpn[master]: Minor fix to process_ip_header

ubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature __

[Openvpn-devel] [PATCH applied] Re: Change include order for tests

hwabe Message-Id: <20240212132522.125903-1-juli...@wolfssl.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28229.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel m

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert

<    1   2   3   4   5   6   7   8   9   10   >