Re: [Openvpn-devel] [PATCH] make t_server_null "server alive?" check more robust

2024-09-19 Thread Frank Lichtenheld
100755 > --- a/tests/t_server_null_server.sh > +++ b/tests/t_server_null_server.sh > @@ -82,6 +82,11 @@ for PID_FILE in $server_pid_files > do > SERVER_PID=$(cat "${PID_FILE}") > > +if [ -z "$SERVER_PID" ] ; then > +echo "WARNING: could not k

[Openvpn-devel] [PATCH v1] GHA: Update dependency Mbed-TLS/mbedtls to v3.6.1

2024-09-11 Thread Frank Lichtenheld
Requires submodule checkout. Change-Id: I86ceceb4e1c716b33c6c6ec8853eca0fb4b394f1 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v10] Implement support for larger packet counter sizes

2024-09-10 Thread Frank Lichtenheld
channel implementations to only support a limited set of data channel formats. Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Acked-by: Lev Stipakov --- This change was reviewed on Gerrit and approved by at least one developer. I request

[Openvpn-devel] [PATCH v3] configure: Allow to detect git checkout if .git is not a directory

2024-09-06 Thread Frank Lichtenheld
d-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Yuriy Darnobyt --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/675 This mail reflects revision 3 of this Change. Ack

[Openvpn-devel] [PATCH v8] tun: use is_tun_p2p more consistently

2024-09-06 Thread Frank Lichtenheld
hat are not required. Also use is_tun_p2p in more places. Change-Id: Ice8b95f953c3f7e71657a78ea12b02a08c60aa67 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https:

[Openvpn-devel] [PATCH v3] configure: Try to use pkg-config to detect mbedTLS

2024-09-06 Thread Frank Lichtenheld
mbedTLS does not seem to have pkg-config support on e.g. Debian/Ubuntu, so we definitely need to keep the fallback check as well. Change-Id: I5d0da76018e874cda5dbab9202a2b817ad5e4692 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt --- This change was reviewed on Gerrit and approved

[Openvpn-devel] [PATCH v1] GHA: Configure Renovate

2024-09-06 Thread Frank Lichtenheld
From: OpenVPN Renovate Maintain GitHub actions and other version references in GHA. Switch some GHA references from branch versions to tag version so the pinning works correctly. Change-Id: I06253be7ed783e3bf30e7df1d6da8ca888016711 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt

[Openvpn-devel] [PATCH v5] Ensures all params are ready before invoking dco_set_peer()

2024-09-06 Thread Frank Lichtenheld
From: Gianmarco De Gregori In UDP case the dco_set_peer() is currently perfomed at the wrong time since the mssfix param is calculated later on in tls_session_update_crypto_params_do_work(). By moving the dco_set_peer() inside the tls_session_update_crypto_params_do_work() and removing the p2p_se

[Openvpn-devel] [PATCH v2] Add a test for loading certificate and key using file: URI

2024-09-06 Thread Frank Lichtenheld
air Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/730 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected abo

[Openvpn-devel] [PATCH v3] Interpret --key and --cert option argument as URI

2024-09-06 Thread Frank Lichtenheld
s PR 591 but with the fixup commit that addresses review comments is squashed. Change-Id: I82b32d5ab472926e7889a5f4a90caba14231879a Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://

[Openvpn-devel] [PATCH v2] Add a test for loading certificate and key to ssl context

2024-09-06 Thread Frank Lichtenheld
test that the latter was loaded correctly. Change-Id: Ic6f089896191145f68ce9a11023587d05dcec4d8 Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

[Openvpn-devel] [PATCH v3] Static-challenge concatenation option

2024-07-19 Thread Frank Lichtenheld
ld be used. v2: use scrv1|concat instead of 0|1 as option argument fix typos v3: improve and correct documentation in management-notes.txt Change-Id: I59a90446bfe73d8856516025a58a6f62cc98ab0d Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and appr

[Openvpn-devel] [PATCH v1] Add Ubuntu 24.04 runner to Github Actions

2024-07-19 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: I44b9003143fdad90bfff7b2c86d0bb503f9157de Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v3] Avoid SIGUSR1 to SIGHUP when the configuration is read from stdin

2024-07-19 Thread Frank Lichtenheld
-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/533 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Frank L

[Openvpn-devel] [PATCH release/2.5] Allow trailing \r and \n in control channel message

2024-07-11 Thread Frank Lichtenheld
. Change-Id: I47c992b6b73b1475cbff8a28f720cf50dc1fbe3e Signed-off-by: Arne Schwabe Signed-off-by: Frank Lichtenheld --- src/openvpn/forward.c | 73 +-- 1 file changed, 43 insertions(+), 30 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c

Re: [Openvpn-devel] [PATCH v2] configure: Switch to C11 by default

2024-07-11 Thread Frank Lichtenheld
On Wed, Jul 10, 2024 at 09:32:39PM +0200, Gert Doering wrote: > Hi, > > On Wed, Jul 10, 2024 at 06:03:06PM +0200, Frank Lichtenheld wrote: > > Mostly so we can use anonymous structs without jumping through > > hoops or relying on unofficial suppor

[Openvpn-devel] [PATCH v2] configure: Switch to C11 by default

2024-07-10 Thread Frank Lichtenheld
Mostly so we can use anonymous structs without jumping through hoops or relying on unofficial support. Change-Id: I72934e747d1ad68a7e3675afbeb1b63df7941186 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v3] Remove check for anonymous unions from configure and cmake config

2024-07-10 Thread Frank Lichtenheld
: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/588 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected

Re: [Openvpn-devel] [PATCH v4] Allow trailing \r and \n in control channel message

2024-07-10 Thread Frank Lichtenheld
On Wed, Jul 10, 2024 at 04:06:23PM +0200, Frank Lichtenheld wrote: > From: Arne Schwabe > > Writing a reason from a script will easily end up adding extra \r\n characters > at the end of the reason. Our current code pushes this to the peer. So be more > liberal in acceptin

[Openvpn-devel] [PATCH v4] Allow trailing \r and \n in control channel message

2024-07-10 Thread Frank Lichtenheld
Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/672 This mail reflects revision 4 of this Change. Acked-by according to

Re: [Openvpn-devel] [PATCH 2/5] sample/sample-plugins/defer/multi-auth.c: handle strdup errors

2024-07-09 Thread Frank Lichtenheld
text->test_valid_pass = strdup(args->argv[4]); > +if (!context->test_valid_pass) > +{ > +plog(context, PLOG_ERR, "Out of memory"); > +goto error; > +} > } > else > { A bit ugly. Might be nicer

Re: [Openvpn-devel] [PATCH 5/5] tests/unit_tests/openvpn/test_auth_token.c: handle strdup errors

2024-07-09 Thread Frank Lichtenheld
> free_key_ctx(&ctx->multi.opt.auth_token_key); > auth_token_init_secret(&ctx->multi.opt.auth_token_key, random_key, true); Acked-by: Frank Lichtenheld Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v8] configure: Try to detect LZO with pkg-config

2024-06-26 Thread Frank Lichtenheld
de it. Change-Id: I1c038dc4ec80d3499582d81eee61fee74f26e693 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/556 This mail ref

[Openvpn-devel] OpenVPN 2.6.11 released

2024-06-21 Thread Frank Lichtenheld
able in the official apt repositories: <https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories> On Red Hat derivatives we recommend using the Fedora Copr repository. <https://copr.fedorainfracloud.org/coprs/dsommers/

[Openvpn-devel] [PATCH v2] Add t_server_null test suite

2024-06-13 Thread Frank Lichtenheld
From: Samuli Seppänen Change-Id: I1b54da258c7d15551b6c3de7522a0d19afdb66de Signed-off-by: Samuli Seppänen Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v2] Only schedule_exit() once

2024-04-25 Thread Frank Lichtenheld
is scheduled - we no longer notify management on redundant exit. Change-Id: I9457f005f4ba970502e6b667d9dc4299a588d661 Signed-off-by: Reynir Björnsson Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master

[Openvpn-devel] [PATCH v6] Allow the TLS session to send out TLS alerts

2024-04-08 Thread Frank Lichtenheld
experience is much better with alerts, this compromise is worth it. Change-Id: I0ad48915004ddee587e97c8ed190ba8ee989e48d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL

[Openvpn-devel] [PATCH v3] crypto_backend: fix type of enc parameter

2024-03-27 Thread Frank Lichtenheld
ution. Fix the actual API definition Change-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.

[Openvpn-devel] [PATCH v1] Fix snprintf/swnprintf related compiler warnings

2024-03-26 Thread Frank Lichtenheld
) Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/549 This mail reflects

[Openvpn-devel] [PATCH v1] Add bracket in fingerprint message and do not warn about missing verification

2024-03-26 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH] script-options.rst: Update ifconfig_* variables

2024-03-21 Thread Frank Lichtenheld
- Remove obsolete ifconfig_broadcast. Since this was removed in 2.5.0, do not add a removal note but just completely remove it. - Add missing documentation of IPv6 variants for ifconfig_pool_* variables. Github: #527 Change-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca Signed-off-by: Frank

[Openvpn-devel] [PATCH v1] GHA: general update March 2024

2024-03-19 Thread Frank Lichtenheld
- Update to Node 20 versions of actions to avoid warnings - Update to current vcpkg - Update mbedTLS and LibreSSL to latest releases Change-Id: I1ad6a0b1323ce0872f4a3299c5a9f18a982e0126 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved

Re: [Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

2024-03-15 Thread Frank Lichtenheld
On Fri, Mar 15, 2024 at 05:20:11PM +0100, Frank Lichtenheld wrote: > From: 5andr0 > > So far --server-poll-timeout was only applied > for HTTP proxies, apply it also to SOCKS proxies. > > This removes the default 5 second socks connect timeout > which can be too small depen

[Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

2024-03-15 Thread Frank Lichtenheld
From: 5andr0 So far --server-poll-timeout was only applied for HTTP proxies, apply it also to SOCKS proxies. This removes the default 5 second socks connect timeout which can be too small depending on network setup and replaces it with the configurable overall connect timeout (default 120 second

Re: [Openvpn-devel] [PATCH applied] Re: t_client.sh: Allow to skip tests

2024-03-11 Thread Frank Lichtenheld
way. > commit 0c7cf0694ee6f878168330e9a084c255c51a9e8b > Author: Frank Lichtenheld > Date: Fri Mar 8 11:28:18 2024 +0100 > > t_client.sh: Allow to skip tests > > Signed-off-by: Frank Lichtenheld > Acked-by: Gert Doering > Message-Id: <20240308

[Openvpn-devel] [PATCH] Update documentation references in systemd unit files

2024-03-08 Thread Frank Lichtenheld
From: Christoph Schug The systemd unit files for both client and server were referencing outdated documentation as they were hard-coded to the OpenVPN 2.4.x release branch. Change-Id: Iee289aa5df9ee0e9a03c0dc562e45dd39836e794 Signed-off-by: Christoph Schug Acked-by: Frank Lichtenheld

[Openvpn-devel] [PATCH] remove repetitive words in documentation and comments

2024-03-08 Thread Frank Lichtenheld
From: wellweek Change-Id: I4f349963b41ebe155d3866da8955f2d7245d0394 Signed-off-by: wellweek Acked-by: Frank Lichtenheld --- Changes.rst | 2 +- contrib/OCSP_check/OCSP_check.sh | 2 +- doc/man-sections/cipher-negotiation.rst | 2 +- doc/man-sections/vpn

Re: [Openvpn-devel] [PATCH OpenVPN3] Add 'pull' to ignored options

2024-03-08 Thread Frank Lichtenheld
options "client" and "pull" but no "tls-client" in the config, > the "pull" option will not be touched. True, due to short-circuit logic. I will prepare a fix. Regards, -- Frank Lichtenheld ___ Open

Re: [Openvpn-devel] [PATCH OpenVPN3] Add 'pull' to ignored options

2024-03-06 Thread Frank Lichtenheld
t; send-mail' [1]. > > In this specific case, resending the patch as an attachment can also work. Since I was confused about the state of this patch: It has been superseded by a patch from Arne, see commit https://github.com/OpenVPN/openvpn3/commit/53614a0cce7775ba0ae4a43887ee03aa2fa09

Re: [Openvpn-devel] [PATCH] Implement server_poll_timeout for socks

2024-03-06 Thread Frank Lichtenheld
reason I can also take care of it but it would be preferred if the original submitter does it :) Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/1] openvpn-[client|server].service: Remove syslog.target

2024-03-04 Thread Frank Lichtenheld
From: Martin Rys Change-Id: If825e5b1ebc6eecc9e5398f0d8274927b53e5b83 Signed-off-by: Martin Rys Acked-by: Frank Lichtenheld Signed-off-by: Frank Lichtenheld --- distro/systemd/openvpn-cli...@.service.in | 2 +- distro/systemd/openvpn-ser...@.service.in | 2 +- 2 files changed, 2 insertions

[Openvpn-devel] [PATCH v1] samples: Remove tls-*.conf

2024-03-04 Thread Frank Lichtenheld
These are mostly redundant with client/server.conf Let's try to manage to maintain one set of sample configurations before we branch out further. Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Antonio Quartulli ---

[Openvpn-devel] IRC community meeting summary (Feb 28th)

2024-02-28 Thread Frank Lichtenheld
work on it yet/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] Route: remove incorrect routes on exit

2024-02-21 Thread Frank Lichtenheld
value. Fixes: Trac #1457 Change-Id: I8a67b82eb4afdc8d82c5a879c18457b41e77cbe7 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/op

[Openvpn-devel] [PATCH v2] Minor fix to process_ip_header

2024-02-21 Thread Frank Lichtenheld
R macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it t

Re: [Openvpn-devel] [PATCH] Document that auth-user-pass may be inlined

2024-02-20 Thread Frank Lichtenheld
http-proxy-user-pass``, ``--tls-auth``, > ``--auth-gen-token-secret``, ``--peer-fingerprint``, ``--tls-crypt``, > -``--tls-crypt-v2`` and ``--verify-hash`` options. > +``--tls-crypt-v2``, ``--verify-hash`` and ``auth-user-pass`` options. --auth-user-pass for consistency. Rega

Re: [Openvpn-devel] IRC community meeting summary (Feb 14th)

2024-02-16 Thread Frank Lichtenheld
On Wed, Feb 14, 2024 at 05:18:21PM +, tincantech wrote: > On Wednesday, 14 February 2024 at 15:22, Frank Lichtenheld > wrote: > > > Meeting summary for 14 February 2024: > > > > > * New: Easy-rsa in Windows installers > > easy-rsa has included pre-bu

[Openvpn-devel] [PATCH v1] check_compression_settings_valid: Do not test for LZ4 in LZO check

2024-02-16 Thread Frank Lichtenheld
Probably introduced by copy & paste since there is no COMP_ALGV2_LZO. Github: #500 Change-Id: Id6b038c1c0095b2f22033e9dc7090e2507a373ab Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merg

[Openvpn-devel] IRC community meeting summary (Feb 14th)

2024-02-14 Thread Frank Lichtenheld
people really care about easy-rsa in the Windows installers. Depending on the feedback we might drop it from the installer./ * *Closed: 2.6.9* /Release was done on Monday/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn

[Openvpn-devel] [PATCH v3] Implement support for AEAD tag at the end

2024-02-14 Thread Frank Lichtenheld
as they do not need to buffer a whole packet content and encrypt it to finally write the tag but instead just add the calculated tag at the end of processing. Change-Id: I00821d75342daf3f813b829812d648fe298bea81 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed

[Openvpn-devel] OpenVPN 2.6.9 released

2024-02-13 Thread Frank Lichtenheld
tps://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/> Kind regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

2024-02-09 Thread Frank Lichtenheld
changes to buildsystem configuration would be required. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] IRC community meeting summary (Feb 7th)

2024-02-09 Thread Frank Lichtenheld
and uddr and colleague from Fox IT. Tuesday 13th at 11:00 CET/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v9] Print SSL peer signature information in handshake debug details

2024-02-09 Thread Frank Lichtenheld
peer certificate: 384 bits ECsecp384r1, signature: ecdsa-with-SHA256, server temp key: 448 bits X448, peer signing digest/type: SHA384 ECDSA Change-Id: Ib5fc0c4b8f164596681ac5ad73002068ec6de1e5 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and app

[Openvpn-devel] [PATCH v8] Implement generating TLS 1.0 PRF using new OpenSSL 3.0 APIs

2024-02-09 Thread Frank Lichtenheld
be in the future. Change-Id: Ic74195a4ed340547c5e862dc2438f95be318c286 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/457

[Openvpn-devel] [PATCH v5] Turn dead list test code into unit test

2024-02-09 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: I7511bc43cd6a0bcb89476f27d5822ab4a78d0d21 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v5] Windows: enforce 'block-local' with WFP filters

2024-02-09 Thread Frank Lichtenheld
From: Heiko Hund In an attempt to better defend against the TunnelCrack attacks, enforce that no traffic can pass to anything else than the VPN interface when the 'block-local' flags is given with either --redirect-gateway or --redirect-private. Reuse much of the existing --block-outside-dns cod

[Openvpn-devel] [PATCH v8] test_user_pass: add basic tests for static/dynamic challenges

2024-02-07 Thread Frank Lichtenheld
Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/475 This mail reflects

[Openvpn-devel] [PATCH] documentation: Fixes for previous fixes to --push-peer-info

2024-02-06 Thread Frank Lichtenheld
- Clarify compression IV_ settings - Clarify which settings might come from --setenv Change-Id: Id8615515c8df6e38e931e357396811234faad796 Signed-off-by: Frank Lichtenheld --- doc/man-sections/client-options.rst | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) For master and

[Openvpn-devel] [PATCH] documentation: Update and fix documentation for --push-peer-info

2024-02-06 Thread Frank Lichtenheld
- description of IV_PROTO was outdated, missing a lot of flags - complete list of compression flags, but separate them out - various other style/grammar/typo fixes Change-Id: I7f854a5a14d2a2a391ebb78a2a92b3e14cfd8be6 Signed-off-by: Frank Lichtenheld --- doc/man-sections/client-options.rst

Re: [Openvpn-devel] [PATCH applied] Re: README.cmake.md: Document minimum required CMake version for --preset

2024-02-02 Thread Frank Lichtenheld
On Thu, Feb 01, 2024 at 08:28:21PM +0100, Gert Doering wrote: > Makes sense (I did read the GH issue). > > Your patch has been applied to the master branch. I think it would make sense to apply this to release/2.6 as well, since that uses the same CMake build. Thanks, -- Frank Li

[Openvpn-devel] [PATCH v1] [CMake] Allow unit tests to fall back to hard coded location

2024-02-01 Thread Frank Lichtenheld
Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/509 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH] README.cmake.md: Document minimum required CMake version for --preset

2024-02-01 Thread Frank Lichtenheld
CMakePreset.json is supported since 3.19, but we have a version 3 preset file, so need at least 3.21. Github: OpenVPN/openvpn#489 Change-Id: I44c555f6ffa08f2aee739c7f687fa3b678c86231 Signed-off-by: Frank Lichtenheld --- README.cmake.md | 7 ++- 1 file changed, 6 insertions(+), 1 deletion

[Openvpn-devel] [PATCH v7] forked-test-driver: Show test output always

2024-01-25 Thread Frank Lichtenheld
We want to see the progress, at least for slow tests like t_client.sh. Change-Id: I11e0091482d9acee89ca018374cb8d96d22f8514 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master

[Openvpn-devel] [PATCH v6] tests: fork default automake test-driver

2024-01-25 Thread Frank Lichtenheld
Change-Id: I67d461afbcc9c06b1fc5ab4477141d7b8bd9ba8e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/478 This mail reflects revision 6 of t

[Openvpn-devel] [PATCH v4] Ensure that all unit tests use unbuffered stdout and stderr

2024-01-23 Thread Frank Lichtenheld
lost. As the unit test x_msg mock implementation prints even fatal on stdout we ensure with this setup method that stdout is also unbuffered. Change-Id: I5c06dc13e9d8ab73997f79b13c30ee8949e5e993 Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one

Re: [Openvpn-devel] [PATCH v2] tun.c: don't attempt to delete DNS and WINS servers if they're not set

2023-12-20 Thread Frank Lichtenheld
On Wed, Dec 20, 2023 at 02:36:37PM +0100, Frank Lichtenheld wrote: > From: Lev Stipakov > > Commits > > 1c4a47f7 ("wintun: set adapter properties via interactive service") > 18826de5 ("Set WINS servers via interactice service") > > ad

[Openvpn-devel] [PATCH v2] tun.c: don't attempt to delete DNS and WINS servers if they're not set

2023-12-20 Thread Frank Lichtenheld
k "has DNS/WINS been pushed?". While on it, convert do_XXX_service() functions to "void" from "bool", since we never check their return values. Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a Signed-off-by: Lev Stipakov Acked-by: Frank Lichtenheld --- This chan

[Openvpn-devel] [PATCH v4] cmake: create and link compile_commands.json file

2023-12-20 Thread Frank Lichtenheld
: Heiko Hund Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/483 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected

[Openvpn-devel] [PATCH v6] Implement the --tls-export-cert feature

2023-12-14 Thread Frank Lichtenheld
Once the script or plugin call has completed, OpenVPN should delete this file. Change-Id: Ia9b3f1813d2d0d492d17c87348b4cebd0bf19ce2 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to

[Openvpn-devel] [PATCH v2] tests: disable automake serial_tests

2023-12-14 Thread Frank Lichtenheld
hat with a custom test driver. But will put that into a separate commit. Change-Id: Ic7265d89142637b0963a6847c6beb06d9163bbb1 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master.

[Openvpn-devel] [PATCH] documentation: improve documentation of --x509-track

2023-12-13 Thread Frank Lichtenheld
In the current state it was completely unclear to me how you would use this. Extended the description based on reading the code and experimentation. Change-Id: Ibf728f9d624e64ecda094d66fa562bd3916829d2 Signed-off-by: Frank Lichtenheld --- doc/man-sections/script-options.rst | 3 +++ doc/man

[Openvpn-devel] [PATCH v2] Make it more explicit and visible when pkg-config is not found

2023-12-13 Thread Frank Lichtenheld
: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/465 This mail reflects revision 2 of this Change

[Openvpn-devel] [PATCH v8] Extend the error message when TLS 1.0 PRF fails

2023-12-13 Thread Frank Lichtenheld
Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/456 This mail reflects revision 8 of this Change. Acked-by according to

[Openvpn-devel] [PATCH v6] Fix building mbed TLS with CMake and allow specifying custom directories

2023-12-11 Thread Frank Lichtenheld
Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/377 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH v5] Check PRF availability on initialisation and add --force-tls-key-material-export

2023-12-11 Thread Frank Lichtenheld
support is not available. Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v1] buffer: add documentation for string_mod and extend related UT

2023-12-11 Thread Frank Lichtenheld
Since I was confused what exactly string_mod does, I added documentation and additional UTs to make it clearer. Change-Id: I911fb5c5fa4b41f1fc1a30c6bf8b314245f64a6e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH v1] unit_tests: remove includes for mock_msg.h

2023-12-08 Thread Frank Lichtenheld
Not actually used. Change-Id: I5e394bb73702d87562ed354100eaff9b41f5389e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master and release/2.6. Gerrit URL: https

[Openvpn-devel] [PATCH v1] Move tls_get_cipher_name_pair and get_num_elements to ssl_utils.c

2023-12-08 Thread Frank Lichtenheld
From: Arne Schwabe This allow these functions to be defined without having to include ssl.c/misc.c which pulls in a lot of more dependencies. Change-Id: I605394d4f3872a168d05bbbe52d90f6d48935865 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit

Re: [Openvpn-devel] [Openvpn-Devel] [PATCH] vcpkg-ports/pkcs11-helper: bump to version 1.30

2023-12-04 Thread Frank Lichtenheld
uild-with-disable-shared.patch > delete mode 100644 > contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch > Changes look reasonable. Build succeeds. Acked-By: Frank Lichtenheld -- Frank Lichtenheld ___ O

[Openvpn-devel] [PATCH] documentation: remove reference to removed option --show-proxy-settings

2023-12-04 Thread Frank Lichtenheld
This option was removed in 2.3.0. Change-Id: I243ba135ce36cff36ba77eead7dcd9354bd94ab7 Signed-off-by: Frank Lichtenheld --- doc/man-sections/proxy-options.rst | 4 1 file changed, 4 deletions(-) diff --git a/doc/man-sections/proxy-options.rst b/doc/man-sections/proxy-options.rst index

[Openvpn-devel] [PATCH v1] GHA: clean up libressl builds with newer libressl

2023-12-01 Thread Frank Lichtenheld
- Update to latest stable release - Work-around patches not required anymore - Official URL of repo has changed Change-Id: I9b8e69f2b9838cea4cb9001f4e8960b8a39724ef Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH v5] Remove unused/unneeded/add missing defines from configure/cmake

2023-12-01 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: Ifd0376b36d4050dc22bc93b8fcf7ed29faef0021 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v1] Replace character_class_debug with proper unit test

2023-12-01 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: Ib2aa85b9c34d0a0b8b1dfb9f477f56c9a6b705d0 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v2] Change default of "topology" to "subnet"

2023-12-01 Thread Frank Lichtenheld
Change-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/421 This mail reflects

[Openvpn-devel] [PATCH v3] Document tls-exit option mainly as test option

2023-12-01 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: I93afff2372c4150d6bddc8c07fd4ebc8bfb0cc3e Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v1] Remove dead remains of extract_x509_field_test

2023-12-01 Thread Frank Lichtenheld
From: Arne Schwabe This removes some leftover references to extract_x509_field_test that was removed 15 years ago in commit 564cbab5f. Change-Id: Ie511a586cf022afcab9d67891ff80676ac7d47b9 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and

[Openvpn-devel] [PATCH v1] Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway

2023-12-01 Thread Frank Lichtenheld
From: Arne Schwabe This debug code is not very useful as it is outdated and the same functionality is provided by --show-gateway Change-Id: Ie7fd59cc84e2eb024086c28c2ec2a5606a2b2e7c Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by

[Openvpn-devel] [PATCH v1] Minimal Solaris/OpenIndiana support to Cmake and clean up -Werror

2023-11-28 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: I66e3dd7b7166459526824fe5ae81a449b375b8db Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v1] Fix check_session_buf_not_used using wrong index

2023-11-28 Thread Frank Lichtenheld
doing anything really useful with i instead of j, it at least is not crashing or anything similar. Noticed-By: Jon Williams (braindead-bf) on Github issue #449 Change-Id: Ia3d5b4946138df322ebcd9e9e77d04328dacbc5d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was revie

[Openvpn-devel] [PATCH v3] Add check for nice in cmake config

2023-11-28 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: I2cc8f9b82079acca250db5871ffd9fad2997d1a8 Acked-by: Frank Lichtenheld Signed-off-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v2] Remove compat versionhelpers.h and remove cmake/configure check for it

2023-11-28 Thread Frank Lichtenheld
: I9c85ccab6d51064ebff2c391740ba8c2d044ed1a Acked-by: Frank Lichtenheld Signed-off-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/445 This mail reflects revision 2 of this Change. Acked

[Openvpn-devel] [PATCH v1] configure.ac: Remove unused AC_TYPE_SIGNAL macro

2023-11-28 Thread Frank Lichtenheld
hat signal handlers return void, without needing to use this macro or RETSIGTYPE." Change-Id: I7da7c2d7d34c7e5efd52d448646b4398a1005e77 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to

[Openvpn-devel] [PATCH v3] Rename state_change to continue_tls_process

2023-11-28 Thread Frank Lichtenheld
set to false. Change-Id: Ib6d713f2eb08a4c39d97de3e1a4a832cedc09585 Acked-by: Frank Lichtenheld Signed-off-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/452 This

[Openvpn-devel] [PATCH v2] sample-keys: renew for the next 10 years

2023-11-21 Thread Frank Lichtenheld
Old expiration was October 2024, less than a year away. Give everyone the chance to get the new keys before tests start failing. Change-Id: Ie264ec1ec61fd71e8cc87987be3e2adc2735c201 Signed-off-by: Frank Lichtenheld --- sample/sample-config-files/loopback-client | 319

[Openvpn-devel] [PATCH v1] Introduce report_command_status helper function

2023-11-21 Thread Frank Lichtenheld
From: Arne Schwabe Instead of repeating near identical code several times in manage.c, use a small helper function instead. Change-Id: I91f739f5cb43386b2ce767cf3603a76e6b93e216 Acked-by: Frank Lichtenheld Signed-off-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at

[Openvpn-devel] [PATCH v1] Remove unused function prototype crypto_adjust_frame_parameters

2023-11-21 Thread Frank Lichtenheld
From: Arne Schwabe Change-Id: I1141eb7740d8900ed4af0ff5ff52aa3659df99aa Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/451 This mail reflects

[Openvpn-devel] [PATCH v3] Log SSL alerts more prominently

2023-11-21 Thread Frank Lichtenheld
fatal SSL alert: protocol version which previously needed --verb 8 to be displayed (now verb 3). Also rework the message to be better readable. Change-Id: I6bdab3028c9bd679c31d4177a746a3ea505dcbbf Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and

[Openvpn-devel] [PATCH v2] sample-keys: renew for the next 10 years

2023-11-21 Thread Frank Lichtenheld
Old expiration was October 2024, less than a year away. Give everyone the chance to get the new keys before tests start failing. Change-Id: Ie264ec1ec61fd71e8cc87987be3e2adc2735c201 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by

[Openvpn-devel] [PATCH v2] tun: use is_tun_p2p more consistently

2023-11-21 Thread Frank Lichtenheld
hat are not required. Also use is_tun_p2p in more places. Change-Id: Ice8b95f953c3f7e71657a78ea12b02a08c60aa67 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https:

  1   2   3   4   5   6   >