Re: [Openvpn-devel] [PATCH] plugin-down-root: only include if system has it.

Hi, On Thu, Apr 30, 2015 at 03:02:40PM +0200, Gert Doering wrote: > down-root.c was missing an #ifdef HAVE_ERR_H around > (only relevant on AIX, it seems) Ignore that patch, please. While it makes the compile error go away, of course it will (sometimes... wtf?!) lead to a link error,

[Openvpn-devel] [PATCH applied] Re: Remove size limit for files inlined in config

+0200 Remove size limit for files inlined in config Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1430122342-11742-1-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.net

[Openvpn-devel] [PATCH] Add note about file permissions and --crl-verify to manpage.

Trac #522 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- doc/openvpn.8 | 5 + 1 file changed, 5 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 587b769..24f05bb 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5068,6 +5068,11 @@ is a directory containing files

[Openvpn-devel] [PATCH applied] Re: Add note about file permissions and --crl-verify to manpage.

Patch has been applied to the master and release/2.3 branch. commit d55be0fb8091ff03af1319a27f68401d31ce8571 (master) commit 755e12fddf32e6e2bbfce0157d9f17e8f1ff5eb5 (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Sat May 2 21:07:05 2015 +0200 Add

Re: [Openvpn-devel] [PATCH] polarssl: remove code duplication in key_state_write_plaintext{, _const}()

-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp2kWB0qhu9j.pgp Description: PGP signature

[Openvpn-devel] [PATCH applied] Re: polarssl: remove code duplication in key_state_write_plaintext{, _const}()

code duplication in key_state_write_plaintext{, _const}() Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1430654761-26563-2-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.net

Re: [Openvpn-devel] [PATCH] Use vfork() in openvpn_execve() instead of fork()

*not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpWOJM0LpgLx.pgp Description: PGP signature

[Openvpn-devel] [PATCH applied] Re: Properly escape dashes on the man-page

/gmane.network.openvpn.devel/9569 Signed-off-by: Samuli Seppänen <sam...@openvpn.net> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1430832589-9150-1-git-send-email-sam...@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/96

[Openvpn-devel] [PATCH applied] Re: Improve --tls-cipher and --show-tls man page description

<stef...@karger.me> Acked-by: Arne Schwabe <a...@rfc2549.org> Message-Id: <1430840857-6123-1-git-send-email-stef...@karger.me> L/gmane.network.openvpn.devel/9651 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

Re: [Openvpn-devel] [PATCH] polarssl: disable 1/n-1 record splitting

. commit d0f26fb524744a63615a1bf4e7ddcefcd102b328 (master) Author: Steffan Karger <stef...@karger.me> List-Post: openvpn-devel@lists.sourceforge.net Date: Mon May 4 21:06:38 2015 +0200 polarssl: disable 1/n-1 record splitting Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering

[Openvpn-devel] [PATCH applied] Re: Properly escape dashes on the man-page

<sam...@openvpn.net> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1431339554-20553-1-git-send-email-sam...@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9674 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

[Openvpn-devel] [PATCH applied] Re: Use OPENVPN_ETH_P_* so that is unecessary

igned-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

Re: [Openvpn-devel] OpenVPN argument parsing of most options ignores "extra" parameters

are just ignores stuff on the command line without at least telling you) - so all for "doing something about it". gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germa

[Openvpn-devel] [PATCH applied] Re: Updated manpage for --rport and --lport

+0200 Updated manpage for --rport and --lport Signed-off-by: Robert Fischer <ml-open...@trispace.org> Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1431976869-4948-1-git-send-email-stef..

Re: [Openvpn-devel] patch for bug #93: up-restart env vars

I wonder if more needs to be done? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@n

Re: [Openvpn-devel] patch for bug #93: up-restart env vars

Hi, On Thu, May 21, 2015 at 08:20:39PM +0200, Jan Just Keijser wrote: > On 21/05/15 20:14, Gert Doering wrote: > >On Wed, May 20, 2015 at 04:33:20AM +0200, Jan Just Keijser wrote: > >>here's my patch for bug #93: missing ifconfig_* env vars after > >>up-restart.

Re: [Openvpn-devel] patch for bug #93: up-restart env vars

SENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp9pJjzORIKs.pgp Description: PGP signature

Re: [Openvpn-devel] patch for bug #93: up-restart env vars

the documentation > split ;) ? Before, so we can close #93 and ship the change in 2.3.7 :-) I'll send a doc patch tonight. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doer

[Openvpn-devel] [PATCH] Document differences between --up-restart and --up in openvpn.8

See trac #93 and the discussion starting with <555bf270.3090...@nikhef.nl> on the openvpn-devel mailing list. Signed-off-by: Gert Doering <g...@greenie.muc.de> --- doc/openvpn.8 | 6 ++ 1 file changed, 6 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index b9eee0d..ef

[Openvpn-devel] [PATCH applied] Re: patch for bug #93: up-restart env vars

nvpn-devel@lists.sourceforge.net Date: Wed May 20 04:33:20 2015 +0200 patch for bug #93: up-restart env vars Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <555bf270.3090...@nikhef.nl> URL: http://article.gmane.org/gmane.network.openvpn.devel/9705

[Openvpn-devel] [PATCH] repair --dev null breakage caused by db950be85d37

"make check" self-test was broken after commit db950be85d37 due to do_ifconfig_setenv() not checking whether tt->did_ifconfig_setup was set (which isn't, for "dev null" type setups) Signed-off-by: Gert Doering <g...@greenie.muc.de> --- src/openvpn/tun.c | 24 +++

Re: [Openvpn-devel] [PATCH] repair --dev null breakage caused by db950be85d37

Hi, On Sat, May 23, 2015 at 08:01:38PM +0200, Gert Doering wrote: > "make check" self-test was broken after commit db950be85d37 due to > do_ifconfig_setenv() not checking whether tt->did_ifconfig_setup > was set (which isn't, for "dev null" type setups) Applied to

[Openvpn-devel] [PATCH applied] Re: cleanup: remove md5 helper functions

tef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1430665631-4022-1-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9642 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

[Openvpn-devel] [PATCH applied] Re: Re-read auth-user-pass file on (re)connect if required

+0200 Re-read auth-user-pass file on (re)connect if required Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1432386145-15045-1-git-send-email-stef...@karger.me> URL: http:/

[Openvpn-devel] [PATCH applied] Re: assume res_init() is always there.

ae9aff25c5a74e770a29a3a675f5b8f8dd8c5bf8 (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Apr 27 21:27:21 2015 +0200 assume res_init() is always there. Signed-off-by: Gert Doering <g...@greenie.muc.de> Acked-by: Gert Doering <g...@greenie.muc.de>

[Openvpn-devel] [PATCH applied] Re: Fix null pointer dereference in options.c

2015 -0400 Fix null pointer dereference in options.c Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <caesd45shoetahdvt95a+n-zmjrg4nh3qpxbzogpnh1pykjs...@mail.gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/9723 Signed-off-by: Ger

[Openvpn-devel] [PATCH] Correct note about DNS randomization in openvpn.8

Commit 4880739c17b502d00a removed DNS randomization, but this fact never made it into the man page. Trac #411 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- doc/openvpn.8 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 5

[Openvpn-devel] [PATCH (master)] Correct note about DNS randomization in openvpn.8

Commit 4880739c17b502d00a removed DNS randomization, and the dual-stack patches for 2.4 completely changed the getaddrinfo() result handling again, but neither fact ever made it into the man page. Trac #411 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- doc/openvpn.

[Openvpn-devel] [PATCH (master) v2] Correct note about DNS randomization in openvpn.8

Commit 4880739c17b502d00a removed DNS randomization, and the dual-stack patches for 2.4 completely changed the getaddrinfo() result handling again, but neither fact ever made it into the man page. Trac #411 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- doc/openvpn.8 | 8 +---

[Openvpn-devel] [PATCH applied] Re: Correct note about DNS randomization in openvpn.8

Your patch has been applied to the master branch. commit 0322510375b5c54f63f5302b9088972d58b32b76 Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Sun May 24 09:56:12 2015 +0200 Correct note about DNS randomization in openvpn.8 Signed-off-by: Gert Doering &l

[Openvpn-devel] [PATCH applied] Re: Clarify --capath option in manpage

tef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <55619dc4.2020...@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9732 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

[Openvpn-devel] [PATCH applied] Re: Clarify --capath option in manpage

tef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <55619dc4.2020...@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9732 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

[Openvpn-devel] [PATCH] Disallow usage of --server-poll-timeout in --secret key mode.

. Fix trac #373 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- doc/openvpn.8 | 4 src/openvpn/forward.c | 1 + src/openvpn/options.c | 1 + 3 files changed, 6 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index b1c2fab..3fff3f2 100644 --- a/doc/openvpn.8 +++

[Openvpn-devel] rfd: 'serial-tests' automake option

ssion and alternative suggestions on this. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpf96mT8EOTf.pgp Description: PGP signature

[Openvpn-devel] [PATCH applied] Re: Call daemon() before initializing crypto library

er) commit f025de005d719201a69ad0313d545a1ddd244752 (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Apr 27 16:28:57 2015 +0200 Call daemon() before initializing crypto library Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <

[Openvpn-devel] [PATCH] slightly enhance documentation about --cipher

point out that this is for "data channel" packets trac #463 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- doc/openvpn.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index b1c2fab..fb759cf 100644 --- a/doc/openvpn.8 +++

[Openvpn-devel] [PATCH applied] Re: slightly enhance documentation about --cipher

Patch has been applied to the master and release/2.3 branch. commit 0fe2498ef9326e301869c9e8a9e622a3996ae579 (master) commit 7327e46c922e3cfe6b797b1f20ea9cffd6e6b522 (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Tue May 26 23:01:03 2015 +0200

Re: [Openvpn-devel] rfd: 'serial-tests' automake option

; <https://www.gnu.org/software/automake/manual/html_node/Serial-Test-Harness.html> Thanks for this pointer - while the server seems to be down right now, I've included the URL in the commit. commit fc03ca9d13e35c40bdf1c3c676db2adf48c60223 (master) commit c196ea922755bb25f9837080d562ef4d3

Re: [Openvpn-devel] rfd: 'serial-tests' automake option

Hi, On Wed, May 27, 2015 at 08:41:25PM +0200, Gert Doering wrote: > On Wed, May 27, 2015 at 02:19:38PM +0200, David Sommerseth wrote: > > This makes a lot of sense to me. Our project doesn't really benefit in > > general of running our tests parallel. > > > > This g

Re: [Openvpn-devel] [PATCH] cert_data: fix memory leak

ns or buildbot instance running for OpenVPN? > > I'm monitoring some OSS projects with Jenkins and cppcheck plugin. Buildbot, yes. http://community.openvpn.net/openvpn/wiki/OpenVPN_QA gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-devel] [PATCH] cert_data: fix memory leak

on list (and preferrably, ACK on list as well :-) ). And occasional poking if nothing happens. Apologies. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

[Openvpn-devel] trac#261 / fix for --redirect-private

N gateway parameter (--route-gateway or --ifconfig) is missing", err); } -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie

[Openvpn-devel] [PATCH applied] Re: cert_data: fix memory leak

seg...@openwall.com> Message-Id: <1429540256-4906-1-git-send-email-yegorsli...@googlemail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/9600 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

[Openvpn-devel] [PATCH] Move res_init() call to inner openvpn_getaddrinfo() loop

umber" (master) on a BSD system. Linux glibc seems to stat() resolv.conf on calls to getaddrinfo() and pick up changes automatically. Trac #523 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- src/openvpn/socket.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --g

[Openvpn-devel] [PATCH] On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo().

, it would access just-free()ed memory, which on some platforms still worked and on others caused a crash. Also, ensure that *ai is also NULLed in the caller now. Signed-off-by: Gert Doering <g...@greenie.muc.de> --- src/openvpn/socket.c | 5 - 1 file changed, 4 insertions(+), 1 deletio

[Openvpn-devel] [PATCH applied] Re: On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo().

Patch has been applied to the master and release/2.3 branch. commit 5f6c01ea6172ed1d8ed04e31f9f6c3f8e4696109 (master) commit 38c9f980d4f7cb7061f9db3ed8645ab3404e533d (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Sun May 31 22:41:58 2015 +0200

[Openvpn-devel] [PATCH] Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo().

Windows has no EAI_SYSTEM (introduced by 5f6c01ea6172ed), but everyone has EAI_AGAIN - which also fits ("a temporary failure in name resolution"). Trac #276 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- src/openvpn/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 d

[Openvpn-devel] [PATCH] Use configure.ac hack to apply serial_test AM option only if supported.

Inspired by libguestfs' configure.ac hack - test automake version, and if 1.12 or newer, use m4 magic to pass "serial_tests" option to AM_INIT_AUTOMAKE(). https://www.redhat.com/archives/libguestfs/2013-February/msg00102.html Trac #427 Signed-off-by: Gert Doering <g...@g

[Openvpn-devel] [PATCH applied] Re: Use configure.ac hack to apply serial_test AM option only if supported.

t) commit c615835aa93701c764c23fc2579d97757c1a9970 (master) commit d378850ab70af4c967d099627f0a19ad42ecbdcb (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Jun 1 21:04:47 2015 +0200 Use configure.ac hack to apply serial_test AM option only if supported. Signed-of

[Openvpn-devel] [PATCH applied] Re: Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo().

Patch has been applied to the master and release/2.3 branch. commit 8ceb9619a26f8c507bafbc6d59aed3f65a30455d (master) commit 874ffde11255beb6873024b24c4231934460f485 (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Jun 1 19:15:14 2015 +0200 Use

[Openvpn-devel] [PATCH applied] Fix --redirect-gateway in --dev tap mode.

21:51:13 2015 +0200 Fix --redirect-private in --dev tap mode. Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <20150531120327.ge...@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9761 Signed-off-by: Gert Doering <g...@gre

[Openvpn-devel] [PATCH applied] Re: Move res_init() call to inner openvpn_getaddrinfo() loop

Patch has been applied to the master and release/2.3 branch. commit 288a819af7d3a6fab9e0b69ae8dbaac74b36307b (master) commit 4e7eb95e43f0daed79e25e0ad6a9a20705b57376 (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Sun May 31 15:59:09 2015 +0200

[Openvpn-devel] [PATCH applied] Re: Improve documentation in --script-security section of the man-page

+0300 Improve documentation in --script-security section of the man-page Signed-off-by: Samuli Seppänen <sam...@openvpn.net> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1433231982-24945-1-git-send-email-sam...@openvpn.net> URL: http:/

Re: [Openvpn-devel] How to create openvpn channel between multiple interface linux machines.

- OpenVPN does not care for "eth0/eth1", it will connect to an IP address of the remote host. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

[Openvpn-devel] [PATCH applied] Re: Fix FreeBSD ifconfig for topology subnet tunnels.

(release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Sun Apr 26 20:03:58 2015 +0200 Fix FreeBSD ifconfig for topology subnet tunnels. Signed-off-by: Gert Doering <g...@greenie.muc.de> Acked-by: Gert Doering <g...@greenie.muc.de>

Re: [Openvpn-devel] Regarding today's community meeting

so we actually have 2.4 material to discuss :) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

[Openvpn-devel] why is "route add failure" considered not an error?

ot* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpJ6tn0SWff6.pgp Description: PGP signature

Re: [Openvpn-devel] why is "route add failure" considered not an error?

estable interactive service soon - which would solve the permission issue on windows nicely :-) (Heiko: how does the iservice handle failure to install a route?) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/

[Openvpn-devel] [PATCH applied] Re: write pid file immediately after daemonizing

+0200 write pid file immediately after daemonizing Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1434665325-3225-1-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.network.

[Openvpn-devel] [PATCH applied] Re: Version 2: Fail if options have extra parameters

tp://article.gmane.org/gmane.network.openvpn.devel/9783 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

Re: [Openvpn-devel] why is "route add failure" considered not an error?

of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpRz7SalzvLs.pgp Description: PGP signature

Re: [Openvpn-devel] about client-cert-not-required

clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp12qP1HhNJd.pgp Description: PGP signature

Re: [Openvpn-devel] [PATCH] Del ipv6 addr on close of linux tun interface

o not touch it, otherwise, remove existing address and add new one" instead?) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@green

Re: [Openvpn-devel] [PATCH] Del ipv6 addr on close of linux tun interface

should* do for persistant tun interfaces... (and, now, why your tun ifs behave that way even if they are not actually persistant :) ). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpZqE6puZJkJ.pgp Description: PGP signature

Re: [Openvpn-devel] Windows build fix for CVE-2015-4000

not using X509_cmp_time()... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.info

Re: [Openvpn-devel] [PATCH] Del ipv6 addr on close of linux tun interface

Hi, On Fri, Jun 26, 2015 at 01:24:02PM +0200, Gert Doering wrote: > This is more wondering about what we *should* do for persistant tun > interfaces... (and, now, why your tun ifs behave that way even if they > are not actually persistant :) ). Mulling over this for a while, I think

Re: [Openvpn-devel] [PATCH] Del ipv6 addr on close of linux tun interface

why your setup triggers this issue, and mine doesn't. The only reason I can see (really!) is that tunX has been created outside OpenVPN... - which might actually make sense if a firewall is involved, so you can tie rules to the interface right away, which won't work if the interface does not exi

Re: [Openvpn-devel] [PATCH] Del ipv6 addr on close of linux tun interface

. Can you send me (private mail) a log with --verb 3? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax:

[Openvpn-devel] [PATCH applied] Re: Del ipv6 addr on close of linux tun interface

Kummert List-Post: openvpn-devel@lists.sourceforge.net Date: Thu Jun 25 18:01:20 2015 +0200 Del ipv6 addr on close of linux tun interface Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1435248080-12670-1-git-send-email-holger.kumm...@sophos.com>

[Openvpn-devel] [PATCH applied] Re: Report missing endtags of inline files as warnings

d8e4 (master) commit 19475259c92b4747c4c9d3a3d025bdeb170e859c (release/2.3) Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Jun 29 14:46:35 2015 +0200 Report missing endtags of inline files as warnings Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1435581995-11820-1-gi

Re: [Openvpn-devel] [PATCH] Increase control channel packet size for faster handshakes

way... ("upgrade Angry Birds?" - "yes!" - "ok, ready in 36 hours!") gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g..

Re: [Openvpn-devel] [PATCH] Increase control channel packet size for faster handshakes

Hi, On Tue, Jun 30, 2015 at 09:57:27AM +0200, Gert Doering wrote: > The option is there, the manpage description of the option "fits", we > just need to make it visible inside ssl.c... :-) - Steffan? ... and while I have the magic wand, another wish .-) - please log a messag

Re: [Openvpn-devel] Download 237 x64 i602 - 404 Not Found

ctly well... ("couple of days" is interesting, given that Samuli only released I602 about 44 hours ago...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-devel] OpenVPN 2.3.7-I602-x86_64.exe download 404 Error

ckable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp8dyrE_EOUN.pgp Description: PGP signature

[Openvpn-devel] [PATCH applied] Re: Increase control channel packet size for faster handshakes

> so, more investigation needed) commit fc91d4b0071178e298052078431fb86f03be84fc (master) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Tue Jun 30 21:44:56 2015 +0200 Increase control channel packet size for faster handshakes Signed-off-by: Steffan Karger <stef...@karger.me>

[Openvpn-devel] RfD: speed up PUSH_REQUEST...

reset_coarse_timers (c); } else -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

Re: [Openvpn-devel] OpenVPN 2.3.7-I602-x86_64.exe download 404 Error

//www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpkH97S7dIS5.pgp Description: PGP signature

[Openvpn-devel] [PATCH applied] Re: Make __func__ work with Visual Studio too

+0200 Make __func__ work with Visual Studio too Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <caa1abxkrpxnc1+pph4dqv1oksy_0t3ewqrnqvrjhzl+i2pb...@mail.gmail.com> URL: http:/

Re: [Openvpn-devel] [PATCH] Add TFTP and WPAD DHCP options

" inside write_dhcp_str()... (And we generally shouldn't set options that we do not have anything to say for :) ). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-devel] Adding routes on Windows using DHCP

t do IPv6, won't help us installing the /32 needed for "redirect-gateway", and (if my assumption above is true) won't give us more specific routes. So: nice finding, but not useful enough... gert -- USENET is *not* the non-clickable part of WWW!

Re: [Openvpn-devel] Adding routes on Windows using DHCP

OpenVPN is way more work than just getting the (already existing!) code from Heiko for the interactive service tested and merged... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-devel] Adding routes on Windows using DHCP

er into the tunnel, encapsulate, send to the VPN server, into the tunnel, encapsulate, ... *boom*) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany

Re: [Openvpn-devel] Adding routes on Windows using DHCP

is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpFknH1vqfBX.pgp Description: PGP signature

Re: [Openvpn-devel] Adding routes on Windows using DHCP

//www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpKmZfFzImCk.pgp Description: PGP signature

Re: [Openvpn-devel] OpenVPN 2.3.7-I602-x86_64.exe download 404 Error

ally, "leaving out older clients" is done to *improve* security)... funny this. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.m

[Openvpn-devel] [PATCH] Produce a meaningful error message if --daemon gets in the way of asking for passwords.

case, print a meaningful error message pointing to --askpass, and die. Trac #574 and #576 Signed-off-by: Gert Doering <g...@greenie.muc.de> --- src/openvpn/misc.c | 4 1 file changed, 4 insertions(+) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 4fdbf17..c4438b6 10064

[Openvpn-devel] [PATCH applied] Re: fix regression: query password before becoming daemon

fix regression: query password before becoming daemon Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1436477759-5884-1-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.network.

[Openvpn-devel] [PATCH applied] Re: Produce a meaningful error message if --daemon gets in the way of asking for passwords.

Patch has been applied to the master and release/2.3 branch. commit 079e5b9c13bf81d7afc6f932b5417d2f08f8e64b (master) commit b131c7b974d9d4d3f0a6ab3a81719af6f7ab2ad6 (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Jul 13 21:10:07 2015 +0200

[Openvpn-devel] [PATCH applied] Re: Fix --askpass not allowing for password input via stdin

: Tue Jan 8 17:52:57 2013 -0500 Fix --askpass not allowing for password input via stdin Signed-off-by: James Geboski <jgebo...@gmail.com> Acked-by: Steffan Karger <steffan.kar...@fox-it.com> Signed-off-by: Gert Doering <g...@greenie.muc.de> Message-

[Openvpn-devel] allow options for --plugin again

VERIFY_PERMISSION (OPT_P_PLUGIN); if (!options->plugin_list) -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025

Re: [Openvpn-devel] [PATCH applied] Re: Fix --askpass not allowing for password input via stdin

gh, we broke --askpass (stdin) in 2.3.2 and it did not *really* have an impact on people... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@gree

[Openvpn-devel] [PATCH applied] Re: options: fix option check for plugin

-by: Daniel Hahler <g...@thequod.de> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <20150721100836.gv...@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9932 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

Re: [Openvpn-devel] autoreconf: Unescaped left brace in regex is deprecated

s exactly? (The autoconf/automake warnings are perl warnings about the code in autoconf/automake, and totally unrelated to OpenVPN) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich

Re: [Openvpn-devel] Does Openvpn really support cryptodev hardware accelerators

is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpQ3tPmgJVwR.pgp Description

Re: [Openvpn-devel] autoreconf: Unescaped left brace in regex is deprecated

on-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpYx776W4TTx.pgp Description: PGP signature

Re: [Openvpn-devel] Docs or Bug: --push options no longer require double quotes

WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpKZS_SEITjn.pgp Description: PGP signature

[Openvpn-devel] [PATCH applied] Re: reintroduce md5_digest wrapper struct to fix gcc warnings

md5_digest wrapper struct to fix gcc warnings Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1437910039-30101-1-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.deve

[Openvpn-devel] [PATCH applied] Re: Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit

URL: http://article.gmane.org/gmane.network.openvpn.devel/9956 Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering

[Openvpn-devel] [PATCH applied] Re: Provide compile time OpenVPN version information to plug-ins

-by: David Sommerseth <dav...@redhat.com> Acked-by: Steffan Karger <steffan.kar...@fox-it.com> Message-Id: <1436534548-21507-2-git-send-email-openvpn.l...@topphemmelig.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9905 Signed-off-by: Gert Doering &l

[Openvpn-devel] [PATCH applied] Re: Provide OpenVPN runtime version information to plug-ins

-by: David Sommerseth <dav...@redhat.com> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <1436534548-21507-3-git-send-email-openvpn.l...@topphemmelig.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9904 Signed-off-by: Gert Doering &l

<    6   7   8   9   10   11   12   13   14   15   >