this is too strict as some
distros (namely NixOS) may have the 'include' directory with
a differently named parent. Thus this change minimizes the
hardcoded part of the path to make it more flexible.
Signed-off-by: Petr Portnov
Thanks a lot
ly.
I've seen your patch, and it makes total sense. It's in my pipe to get
merged as soon as I have cleaned up a bunch of other changes as well.
Again, sorry for the slow response.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Op
8, 9
- Ubuntu: 20.04, 22.04, 24.04
Installation and getting started instructions can be found here:
<https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux>
Debian 11, Red Hat Enterprise Linux 7 and Ubuntu 23.10 are EOL and
is no longer supported.
--
kind
Enterprise Linux 7 and
Ubuntu 23.10 will go EOL in just a few days or weeks and will no longer
be supported.
[3] Fedora Copr development snapshots:
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn3-devsnapshots/>
--
kind regards
On 22/11/2023 22:51, Gert Doering wrote:
Hi,
On Wed, Nov 22, 2023 at 03:31:10PM +0100, David Sommerseth wrote:
From: David Sommerseth
As OpenVPN 2.6+ is doing some adoptions to the license text, all
prior contributors need to accept this new text. Unfortunately, Mathieu
Giannecchini who
From: David Sommerseth
After removing --tls-export-cert, this function was left in the code
base with no other users. This was an oversight in the previous
change. Removing it to avoid leaving dead code behind.
Signed-off-by: David Sommerseth
---
src/openvpn/ssl_verify_backend.h | 11
From: David Sommerseth
After removing --tls-export-cert, this function was left in the code
base with no other users. This was an oversight in the previous
change. Removing it to avoid leaving dead code behind.
Signed-off-by: David Sommerseth
---
src/openvpn/ssl_verify_backend.h | 11
From: David Sommerseth
As OpenVPN 2.6+ is doing some adoptions to the license text, all
prior contributors need to accept this new text. Unfortunately, Mathieu
Giannecchini who implemented the --tls-export-cert feature did not
respond at all. Without an explicit acceptance we need to remove
From: David Sommerseth
As OpenVPN 2.6+ is doing some adoptions to the license text, all
prior contributors need to accept this new text. Unfortunately, Mathieu
Giannecchini who implemented the --tls-export-cert feature did not
respond at all. Without an explicit acceptance we need to remove
d here:
<https://github.com/OpenVPN/openvpn3-linux/issues/193>
--
kind regards,
David Sommerseth
OpenVPN Inc
Source tarballs ---
* OpenVPN 3 Linux v21
<https://swupdate.openvpn.net/community/releases/openvpn3-linux-21.tar.xz
e
comments and commit messages, but the code itself is unchanged.
I'll follow-up with an update once this commit is public.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.s
send-email -v2 \
--in-reply-to 20230709231929.195048-1-jeremyfleisch...@gmail.com
Thx!
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
remove_signal_receiver() call. We should avoid that.
I'm not familiar with path email etiquette/best practices. Let me know
if/when I should send a fully updated patch.
So far, we've discussed possible solutions - so it has been fine doing
it like this now. But I thin
it (LogCallback(None)) before setting the new one. And if more
callbacks functions is wanted/needed, the additional ones can be called
via the callback function registered with the LogCallback(). No need to
make this code more complicated.
Otherwise, I like what you did to __set_log_forward().
se
reference counting, it should be a bit more robust as it bases the
decision on the value of the callback function pointers.
Thoughts?
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 02/08/2023 13:31, David Sommerseth wrote:
From: David Sommerseth
The code was very clear if we accept that the base64 decode of the
There is a "not" missing in the line above: "The code was not very
clear ..."
I'm fine with fixing this at commit time.
From: David Sommerseth
The code was very clear if we accept that the base64 decode of the
NTLM challenge was truncated or not. Move the related code lines
closer to where it first used and comment what we are not concerned
about any truncation.
If the decoded result is truncated, the NTLM
ith gmail.com; which is why we generally recommend to
use 'git send-mail' [1].
In this specific case, resending the patch as an attachment can also work.
[1] <https://git-scm.com/docs/git-send-email>
--
kind regards,
David Sommerseth
OpenVPN Inc
_
the editor, just add "[Service]" and those two
lines mentioned earlier. You might want to have a bit longer "Restart"
timer, but that's up to the local sysadmin to judge best.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
6a3-1a61-d112-7a48-a7da4af38...@eurephia.org>
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26269.html>
Acked-By: David Sommerseth
---
COPYING | 47 +++
1 file changed, 47 insertions(+)
diff --git a/COPYING b/C
From: David Sommerseth
Your patch has been applied to the master branch
commit 97c729808a688364c16d17f7c34a4c7229ca0131 master
Author: Frank Lichtenheld
Date: Tue, 02 May 2023 12:02:27 +
docs/man: Fix description in openvpn3-config-manage man page
Signed-off-by: Frank
dback through various channels through all these releases. You have
all been important in ensuring this project has evolved and matured. I'm
sorry I don't have a proper list of all you, but you would also deserve
to be mentioned.
--
kind regards,
David Sommerseth
Ope
On 14/03/2023 10:02, David Sommerseth wrote:
On 14/03/2023 09:45, David Sommerseth wrote:
On 11/03/2023 06:24, selva.n...@gmail.com wrote:
From: Selva Nair
- With OpenSSL 3.0 and xkey-provider, we use
pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated
On 14/03/2023 09:45, David Sommerseth wrote:
On 11/03/2023 06:24, selva.n...@gmail.com wrote:
From: Selva Nair
- With OpenSSL 3.0 and xkey-provider, we use
pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated. But OpenSSL
expects
a DER encoded ASN.1
-
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
| 7 ---
src/openvpn/options.c | 16
4 files changed, 7 insertions(+), 43 deletions(-)
I've only glared at the code and quickly done a few compile tests.
LGTM. Change itself also makes sense.
Acked-By: David Sommerseth
--
kind regards,
David Somme
on, you CANNOT distribute an OpenVPN binary
linked with this library.
I hope we can reach an agreement and replace the current OpenSSL linking
exception with this new exception above.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openv
On 27/01/2023 12:32, André wrote:
Hi,
So download link in Forum Announcement should be corrected?
https://forums.openvpn.net/viewtopic.php?t=35260
Yes, thank you! Updated!
--
kind regards,
David Sommerseth
OpenVPN Inc
--- Original Message ---
On Friday, January 27th, 2023 at
A new repository for OpenVPN 2.6 has been published:
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/>
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourcefor
n this can be unified to a specific SPDX specification
standard across all files.
[1] <https://spdx.dev/licenses/>
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mail
From: David Sommerseth
Thanks a lot! This patch was a by the book in every possible way, so
this was really easy to review and apply.
Acked-by: David Sommerseth
-
Your patch has been applied
commit
n selected Debian and Ubuntu releases are
currently considered a tech-preview. We would like to get
feedback from arm64 users how OpenVPN 3 Linux works here, then
we can remove the tech-preview label for arm64.
--
kind regards,
David Sommerseth
OpenVPN Inc
Source tarballs ---
On 14/09/2022 09:38, Antonio Quartulli wrote:
Hi,
On 14/09/2022 09:33, David Sommerseth wrote:
On 12/09/2022 09:41, Gert Doering wrote:
During the research for commit a5cf4cfb77f745 it turned out that
OpenVPN's behaviour regarding "--dev arbitrary-name" is very
platform-specif
with tap-windows6 and
neither how this is with wintun or ovpn-dco-win.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
t;works with OpenVPN" label on wolfSSL. But
don't count on the OpenVPN community doing the grunt work for wolfSSL.
Either be more actively involved - or accept we will move it to an
unmaintained status - plausibly removing it if it stays broken for a
longer time.
--
kind regards,
hat more carefully on my end. One issue I know is
real I've commented here already.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
re flag to the server with this patch.
The rest of the code otherwise looks reasonable with the current "option
approach". The client also sends the IV_PROTO_CC_EXIT_NOTIFY flag to
the server, as expected.
--
kind regards,
David Sommerseth
OpenVPN Inc
_
asked
for when the auth-token expires with this fix; and that it would ask for
it without this fix.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://l
_DEFINES macro in config.h ends up empty.
Reverting this patch alone, and it comes back again.
So, I'm sorry, I can't ack this one.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
ht
password query mechanism with systemd colliding with some
pkcs11-helper implementation details. For the systemd case, we added a
workaround which made most people happy.
For more details:
<https://community.openvpn.net/openvpn/ticket/538>
--
kind regards,
David Sommerseth
OpenVPN Inc
___
On 17/06/2022 13:06, David Sommerseth wrote:
From: David Sommerseth
Your patch has been applied
commit 6a26cb51297024b563603faf78a33298b5d59f30 master
Author: Lev Stipakov
Date: Sun, 05 Jun 2022 00:40:13 +
GitHub Actions: trigger openvpn-build GHA on success
Signed-off-by
From: David Sommerseth
Your patch has been applied
commit 6a26cb51297024b563603faf78a33298b5d59f30 master
Author: Lev Stipakov
Date: Sun, 05 Jun 2022 00:40:13 +
GitHub Actions: trigger openvpn-build GHA on success
Signed-off-by: Lev Stipakov
Patchwork-Id: 2508
URL
ug.cgi?id=2092800>
<https://bugzilla.redhat.com/show_bug.cgi?id=2093069>
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: David Sommerseth
Your patch has been applied to the master branch
commit 94848c3cc3f5ea1fec97ab6b18ba7eff6923561d master
Author: Christopher Ng
Date: Tue, 07 Jun 2022 16:30:49 +
omi: add support for ovpn-dco-win
Signed-off-by: Christopher Ng
Acked-by: Lev Stipakov
From: David Sommerseth
Your patch has been applied to the master branch
commit 452e7cb6259d40ae0a1ff749d22a1634c7100fc9 master
Author: Christopher Ng
Date: Tue, 07 Jun 2022 16:30:48 +
ovpnagent: fix quoting of omiclient parameters
Signed-off-by: Christopher Ng
Acked-by
ort on selected Debian and Ubuntu releases are
considered a tech-preview.
--
kind regards,
David Sommerseth
OpenVPN Inc
Source tarballs ---
* OpenVPN 3 Linux v18 beta
<https://swupdate.openvpn.net/community/releases/openvpn3-li
On 13/05/2022 13:40, Arne Schwabe wrote:
Am 13.05.22 um 13:22 schrieb David Sommerseth:
On 13/05/2022 11:37, Heiko Hund wrote:
Have clients set a bit in IV_PROTO, so that servers can make an informed
decision on whether to push --dns to the client. While unknown options
are ignored by clients
compile tested. LGTM.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: David Sommerseth
It was agreed it was time to do a full reformat fix-up of the whole
source tree again. Over time (since late 2016) small changes has not
adhered to our uncrustify defined coding style. This realigns to our
current standards.
Signed-off-by: David Sommerseth
---
Note
From: David Sommerseth
The bug in uncrustify 0.64 is no longer causing us issues as we now
require at least v0.72.
This workaround was added as part of the initial reformat-all inclusion,
in commit 2417d55c4945d491e.
Signed-off-by: David Sommerseth
---
.../after_include_openvpn
From: David Sommerseth
The MAC_FMT in src/openvpn/misc.h need to be formatted strictly, and
uncrustify does not fully grasp the current code. So we tell it to not
touch it.
Signed-off-by: David Sommerseth
---
src/openvpn/misc.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src
From: David Sommerseth
The -p option to uncrustify was providing debug information about
decisions done by uncrustify. This was useful when debugging why
certain formatting choices.
With newer versions of uncrusitfy the -p option can only be used on
individual files and not a list of files
docs: Fix incorrect doc paths in net.openvpn.v3.sessions docs
Signed-off-by: David Schneider
Signed-off-by: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.source
use
plugin_n() more freely and to avoid iterating over MAX_PLUGINS. Now
there is a mixture between iterating plugin_n() and MAX_PLUGINS, and in
most configurations plugin_n() will return a lower value than MAX_PLUGINS.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
_MODULES()
in general. We have at least 4 different ways in use today.
Probably something to clean-up some day later.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sou
led.
For more details of the capng_change_id(), the implementation itself
isn't that hard to read (but it does a several steps to harden the
privilege drop):
<https://github.com/stevegrubb/libcap-ng/blob/03b8572843b36bf071776a311c61f8d1dcfc4d53/src/cap-ng.c#L960>
--
kind regar
On 31/03/2022 15:26, Gert Doering wrote:
Hi,
On Thu, Mar 31, 2022 at 03:20:59PM +0200, David Sommerseth wrote:
I've also run a few tests using an --up script which modified
/etc/resolv.conf, which also worked as expected with capabilities enabled.
This is actually an interesting corner
n-dco interfaces
will fail when --user/--group are used.
This patch set sets the CAP_NET_ADMIN capability, which grants the
needed privileges during the lifetime of the OpenVPN process when
dropping root privileges.
Signed-off-by: Timo Rothenpieler
Reviewed-By: David Somme
eak setups going 2.5 -> 2.6, so maybe "being
careful about things" is the better way :-)
Yeah, I agree with this. For v2.6, the time is too short to be dare too
much potential breakage now. But we can consider further steps with v2.7.
--
kind regards,
David Sommerseth
OpenVPN I
in time
for the OpenVPN 2.6 release. This is probably something which is more
realistic for OpenVPN 2.8. But this needs to be discussed more
thoroughly (next hackathon?).
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel
On 30/03/2022 10:51, David Sommerseth wrote:
On 29/03/2022 21:29, Timo Rothenpieler wrote:
---
This patch sits on top of the current dco branch, and will not apply to
latest master.
It solves the issue of dropping root privileges breaking dco and sitnl
due to missing NET_ADMIN capabilities
52fedfa70304eae797b305e780/src/netcfg/openvpn3-service-netcfg.cpp#L82>
And the code for dropping root, ensuring the capabilities are restricted
properly:
<https://github.com/OpenVPN/openvpn3-linux/blob/c40218df43c8e652fedfa70304eae797b305e780/src/netcfg/openvpn3-service-netcfg.cpp#L64>
From: David Sommerseth
This plugin allows setting username/passwords as well as configure
deferred authentication behaviour as part of the runtime initialization.
With this plug-in it is easier to test various scenarios where multiple
authentication plug-ins are active on the server side.
A
From: David Sommerseth
The plug-in API in OpenVPN 2.x is not designed for running multiple
deferred authentication processes in parallel. The authentication
results of such configurations are not to be trusted. For now we bail
out when this discovered with an error in the log.
CVE: 2022-0547
From: David Sommerseth
The use case for this plug-in is dubious now with the new multi-auth.c
plugin available. This new plugin is based on simple.c, but allows
far more flexibility for testing.
Signed-off-by: David Sommerseth
---
sample/sample-plugins/defer/README | 3 -
sample/sample
From: David Sommerseth
This is the same patch set as the v4 [1] patch set, just without the
embarrassing syntax error in the second patch.
[1]
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23935.html>
Message-Id: 20220313200715.13518-
From: David Sommerseth
The use case for this plug-in is dubious now with the new multi-auth.c
plugin available. This new plugin is based on simple.c, but allows
far more flexibility for testing.
Signed-off-by: David Sommerseth
---
sample/sample-plugins/defer/README | 3 -
sample/sample
From: David Sommerseth
The plug-in API in OpenVPN 2.x is not designed for running multiple
deferred authentication processes in parallel. The authentication
results of such configurations are not to be trusted. For now we bail
out when this discovered with an error in the log.
CVE: 2022-0547
From: David Sommerseth
This plugin allows setting username/passwords as well as configure
deferred authentication behaviour as part of the runtime initialization.
With this plug-in it is easier to test various scenarios where multiple
authentication plug-ins are active on the server side.
A
From: David Sommerseth
This is an adopted version of [0] for the OpenVPN 2.4 release branch.
It was discovered an issue with OpenVPN 2.x when multiple --plugin
modules were loaded and more than one of them used deferred
authentication. To fix this properly will require a larger refactoring
of
From: David Sommerseth
The use case for this plug-in is dubious now with the new multi-auth.c
plugin available. This new plugin is based on simple.c, but allows
far more flexibility for testing.
Signed-off-by: David Sommerseth
---
include/openvpn-plugin.h.in| 4 +-
sample
From: David Sommerseth
The plug-in API in OpenVPN 2.x is not designed for running multiple
deferred authentication processes in parallel. The authentication
results of such configurations are not to be trusted. For now we bail
out when this discovered with an error in the log.
CVE: 2022-0547
From: David Sommerseth
This plugin allows setting username/passwords as well as configure
deferred authentication behaviour as part of the runtime initialization.
With this plug-in it is easier to test various scenarios where multiple
authentication plug-ins are active on the server side.
A
From: David Sommerseth
It was discovered an issue with OpenVPN 2.x when multiple --plugin
modules were loaded and more than one of them used deferred
authentication. To fix this properly will require a larger refactoring
of the plug-in code, so it was decided in the mean time to disable the
s.rst | 34 +--
1 file changed, 17 insertions(+), 17 deletions(-)
Only glared at changes, and they looks good to me.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing li
On 15/02/2022 15:54, Frank Lichtenheld wrote:
The family specific options were generally omitted.
Cc: David Sommerseth
Signed-off-by: Frank Lichtenheld
---
doc/man-sections/client-options.rst | 10 ++
doc/man-sections/link-options.rst | 5 -
src/openvpn/options.c
.
>
Regards,
--
Frank Lichtenheld
Thanks!
This time I've only glared at the changes in diff format, but they all
look sane and good to me.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mail
On 14/02/2022 13:41, Frank Lichtenheld wrote:
David Sommerseth hat am 11.02.2022 21:39
geschrieben:
On 10/02/2022 11:21, Frank Lichtenheld wrote:
The family specific options were generally omitted.
Signed-off-by: Frank Lichtenheld
---
doc/man-sections/client-options.rst | 5
d
:code:`udp6` are all considered the same. And similar with
:code:`tcp`, :code:`tcp4` and :code:`tcp6`
The rest of the changes looks good now, and the relocation of the
#define is better as well.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenP
around line 2306, where
the whole MODE_SERVER option parsing starts. This makes it clearer it
is may be used more places.
I've just looked briefly at these changes. And it looks reasonable.
The ill-placed #define is the biggest issue for
around.
If we just want security warnings in plain bold or wrapped in '*' is
more a design/layout detail. I would suggest that we try to find better
ways to highlight these security related aspects in a clear and visible
way though. It doesn't mean it need to stay
insertions(+), 6 deletions(-)
Done code review and lightly tested it, where it does what it is
intended to do. This change makes a lot of sense as well.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing
he rst split. But probably not
something that needs to be addressed in this patch.
The openvpn.8.rst includes all the other .rst files and builds a
complete man page from there, so this isn't unexpected. It's part of
the man-split design.
--
kin
:
544330fe ("crypto: Fix OPENSSL_FIPS enabled builds")
Cc: David Sommerseth
Signed-off-by: Antonio Quartulli
---
Changes from v1:
* rebased
* don't return cipher, but true in cipher_valid_reason()
src/openvpn/crypto.c | 11 +++
src/openvpn/crypto
to cipher_valid() so that checks are performed
only when OpenVPN really want to know if a cipher is usable or not.
Fixes: ce2954a0 ("Remove cipher_kt_t and change type to const char* in API")
Cc: Arne Schwabe
Cc: David Sommerseth
Signed-off-by: Antonio Quartulli
---
Changes from v1:
l ret = true' defined in the
beginning and have an 'exit' label above the EVP_CIPHER_free() and at
those two failure locations just set ret = false and goto exit?
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
hese steps will also start OpenVPN automatically upon boot. If you
don't want that, just replace 'enable --now' with 'start'.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvp
On 25/01/2022 15:24, Antonio Quartulli wrote:
Update performed by means of: dev-tools/update-copyright.sh
Cc: David Sommerseth
Signed-off-by: Antonio Quartulli
---
COPYING | 2 +-
ChangeLog
From: David Sommerseth
With commit 544330fefedc87, the openssl_compat.h got included in
crypto.c. This caused issues when building against mbed TLS, which this
compat layer is not targeting.
This issue is resolved by only including this header when the OpenSSL
library is in use. The
On 19/01/2022 17:34, Selva Nair wrote:
Hi,
Sorry for chiming in late:
On Wed, Jan 19, 2022 at 10:20 AM David Sommerseth
<mailto:open...@sf.lists.topphemmelig.net>> wrote:
From: David Sommerseth mailto:dav...@openvpn.net>>
On Fedora and RHEL/CentOS, the standard Open
From: David Sommerseth
On Fedora and RHEL/CentOS, the standard OpenSSL library has the FIPS
module enabled by default. On these platforms, the OPENSSL_FIPS macro
is always defined via /usr/include/openssl/opensslconf-*.h.
Without this fix, the following compilation error appears:
./src
From: David Sommerseth
On Fedora and RHEL/CentOS, the standard OpenSSL library has the FIPS
module enabled by default. On these platforms, the OPENSSL_FIPS macro
is always defined via /usr/include/openssl/opensslconf-*.h.
Without this fix, the following compilation error appears:
./src
On 19/01/2022 14:44, Antonio Quartulli wrote:
Hi David,
On 19/01/2022 12:34, David Sommerseth wrote:
From: David Sommerseth
On Fedora and RHEL/CentOS, the standard OpenSSL library has the FIPS
module enabled by default. This revealed some incompatible code with
the added DCO support
From: David Sommerseth
On Fedora and RHEL/CentOS, the standard OpenSSL library has the FIPS
module enabled by default. This revealed some incompatible code with
the added DCO support.
Signed-off-by: David Sommerseth
---
src/openvpn/crypto.c | 3 +++
1 file changed, 3 insertions(+)
diff
.04, 20.04 and 21.04 (amd64, arm64)
- Ubuntu 21.10 (amd64, arm64) is available for testing
The arm64 support on selected Debian and Ubuntu releases are
currently considered a tech-preview.
--
kind regards,
David Sommerseth
OpenVPN Inc
rding to
src/plugins/down-root/Makefile.am:
plugin_LTLIBRARIES = openvpn-plugin-down-root.la
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.
FORWARD ! -s $PRIVATE -i eth1 -j DROP
# Allow local loopback
iptables -A INPUT -s $LOOP -j ACCEPT
This change makes sense to me. The syntax changed ages ago for
iptables, where the negation needed to happen first.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN
in this case). It's probably closer to
8-10 years since this change, unless my memory is completely corrupted.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sou
ed back then. But given
that neither relevant Linux distributions supports this option today,
it's reasonable to remove it now.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
_
4 and 21.04
- Red Hat Enterprise Linux 8
We have not yet had any chances to test DCO on Debian 11 yet.
Ubuntu 21.10 will also get ovpn-dco packages. This work will
be part of the next release.
--
kind regards,
David Sommerseth
OpenVPN Inc
Source tarballs -
1 - 100 of 2287 matches
Mail list logo