[Openvpn-devel] [PATCH applied] Re: make t_server_null 'server alive?' check more robust

Thanks for the review. Indent fixed, that was a that sneaked in. Patch has been applied to the master branch. commit b322690394b75a9d4987d4b27107ccb01bbcd90e Author: Gert Doering Date: Wed Sep 18 18:29:17 2024 +0200 make t_server_null 'server alive?' check more robust

[Openvpn-devel] [PATCH applied] Re: socket: Change return types of link_socket_write* to ssize_t

o the master branch. commit 2cc77debf0221fa0cef3ea470c1328d25397d021 (master) Author: Frank Lichtenheld Date: Wed Sep 18 22:48:44 2024 +0200 socket: Change return types of link_socket_write* to ssize_t Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Messa

[Openvpn-devel] [PATCH applied] Re: configure: Review use of standard AC macros

nheld Acked-by: Gert Doering Message-Id: <20240918204551.2530-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29321.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___

[Openvpn-devel] [PATCH v1] socket: Change return types of link_socket_write* to ssize_t

: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/740 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected

[Openvpn-devel] [PATCH v3] configure: Review use of standard AC macros

dependency of other macros, but it is nicer to have it explicitely as well. - A few typo and whitespace fixes. Change-Id: I7927a572611b7c1dc0b522fd6cdf05fd222a852d Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH] make t_server_null "server alive?" check more robust

- use "$RUN_SUDO kill -0 $pid" to test if a given process is running, not "ps -p $pid" - the latter will not work if security.bsd.see_other_uids=0 is set - produce proper error messages if pid files can not be found or are empty at server shutdown time --- tests/t_server_null_client.sh | 5

[Openvpn-devel] [PATCH applied] Re: configure: Handle libnl-genl and libcap-ng consistent with other libs

Lichtenheld Date: Tue Sep 17 15:32:53 2024 +0200 configure: Handle libnl-genl and libcap-ng consistent with other libs Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240917133253.19616-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/o

[Openvpn-devel] [PATCH v3] configure: Handle libnl-genl and libcap-ng consistent with other libs

: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/724 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering

[Openvpn-devel] [PATCH applied] Re: Avoid SIGUSR1 to SIGHUP remapping when the configuration is read from stdin

abe Acked-by: Frank Lichtenheld Message-Id: <20240719131016.75042-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28941.html Signed-off-by: Gert Doering -- kind regards, Gert Doering __

[Openvpn-devel] [PATCH applied] Re: Route: remove incorrect routes on exit

chtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28290.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Fix check_addr_clash argument order

6bee80eb42a473fbfde7de4362b0f (release/2.6) Author: Ralf Lici Date: Tue Sep 17 11:14:33 2024 +0200 Fix check_addr_clash argument order Signed-off-by: Ralf Lici Acked-by: Frank Lichtenheld Message-Id: <20240917091433.24092-1-g...@greenie.muc.de> URL: https://www.mail-arch

[Openvpn-devel] [PATCH v1] Fix check_addr_clash argument order

From: Ralf Lici In init_tun() make sure to pass the --local and --remote addresses in the host order so that they can be compared to the --ifconfig addresses. Change-Id: I5adbe0a79f078221c4bb5f3d39391a81b4d8adce Signed-off-by: Ralf Lici Acked-by: Frank Lichtenheld --- This change was reviewed

[Openvpn-devel] [PATCH applied] Re: Make read/write_tun_header static

d-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240916133436.29943-1-g...@greenie.muc.de> Signed-off-by: Gert Doering URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29249.html -- kind regards, G

[Openvpn-devel] [PATCH v1] Make read/write_tun_header static

From: Arne Schwabe These functions are not used outside tun.c Change-Id: I028634dba74a273c725b0beb16b674897b3c23fa Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL

[Openvpn-devel] [PATCH v1] Move cipher/data-ciphers warning to D_LOW (verb 4)

-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/746 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected

[Openvpn-devel] [PATCH applied] Re: GHA: Enable t_server_null tests

d-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240912174910.21058-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29231.html Signed-off-by: Gert Doering -- kind r

[Openvpn-devel] [PATCH v1] GHA: Enable t_server_null tests

From: Frank Lichtenheld Change-Id: I86203b8f9a6d3cfc5e56d3ce9452af694fd11011 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH applied] Re: dco: mark peer as deleted from kernel after receiving CMD_DEL_PEER notification

receiving CMD_DEL_PEER notification Signed-off-by: Antonio Quartulli Acked-by: Arne Schwabe Message-Id: <20240912165339.21058-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29226.html Signed-off-by: Gert D

[Openvpn-devel] [PATCH v1] dco: mark peer as deleted from kernel after receiving CMD_DEL_PEER notification

From: Antonio Quartulli some extra DCO calls may be made after receiving the DEL_PEER notification (i.e. due to timeout), but this will result in an error message due to the peer having disappeared already. An extra call might be, for example, an explicit DEL_PEER in the attempt of cleaning the

[Openvpn-devel] [PATCH applied] Re: Remove check for anonymous unions from configure and cmake config

off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: tun: removed unnecessary route installations

d-off-by: Marco Baffo Acked-by: Gert Doering Message-Id: <20240912142421.703-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29217.html Signed-off-by: Gert Doering -- kind r

[Openvpn-devel] [PATCH v3] tun: removed unnecessary route installations

From: Marco Baffo Removed superfluous calls to 'add_route_ipv6' for adding ipv6 routes after tun opening in OpenBSD, NetBSD and Darwin. Change-Id: I235891212b15277349810913c9c1763da5c48587 Signed-off-by: Marco Baffo Acked-by: Gert Doering --- This change was reviewed on Gerrit an

[Openvpn-devel] [PATCH applied] Re: GHA: Update dependency Mbed-TLS/mbedtls to v3.6.1

URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29208.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.ne

[Openvpn-devel] [PATCH v1] GHA: Update dependency Mbed-TLS/mbedtls to v3.6.1

From: Frank Lichtenheld Requires submodule checkout. Change-Id: I86ceceb4e1c716b33c6c6ec8853eca0fb4b394f1 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https:

[Openvpn-devel] [PATCH applied] Re: Do not stop reading from file/uri when OPENSSL_STORE_load() returns error

Message-Id: <20240911104941.19429-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29187.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list O

[Openvpn-devel] [PATCH applied] Re: generate_auth_token: simplify code

8.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] Do not stop reading from file/uri when OPENSSL_STORE_load() returns error

From: Selva Nair OPENSSL_STORE_load() can error and return NULL even when the file or URI still has readable objects left. Fix by iterating until OPENSSL_STORE_eof(). Also clear such errors to avoid misleading messages printed at the end by crypto_print_openssl_errors(). Change-Id: I2bfa9ffbd17

Re: [Openvpn-devel] [PATCH v11] Implement support for larger packet counter sizes

out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature

[Openvpn-devel] [PATCH v3] generate_auth_token: simplify code

From: Frank Lichtenheld The previous code went through some hoops to avoid compiler warnings. But there is a much easier way by just telling it exactly what you want to do. Also fix typo in variable name while I'm here. Change-Id: Icc86334b26ba1fcc20f4cd03644018d1d16796e3 Signed-off-by: Frank L

[Openvpn-devel] [PATCH v11] Implement support for larger packet counter sizes

From: Arne Schwabe With DCO and possible future hardware assisted OpenVPN acceleration we are approaching the point where 32 bit IVs are not cutting it any more. To illustrate the problem, some back of the envelope math here: If we want to keep the current 3600s renegotiation interval and have

[Openvpn-devel] [PATCH applied] Re: Various fixes for -Wconversion errors

...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29172.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://

[Openvpn-devel] [PATCH v6] Various fixes for -Wconversion errors

From: Frank Lichtenheld These are all fixes I considered "safe". They either - Have sufficient checks/shifts for a cast to be safe - Fix the type of a variable without requiring code changes - Are in non-critical unittest code v2: - add min_size instead of abusing min_int v6: - remove change

[Openvpn-devel] [PATCH applied] Re: Fix more of uninitialized struct user_pass local vars

Acked-by: Gert Doering Thanks. Not tested beyond "does it compile", as the changes are very straightforward :-) Your patch has been applied to the master and released/2.6 branch. commit aa1dd09b5fc196499c84d2ef9b0c254ebb1745d8 (master) commit f9ab7edbebd6dfb3fd384b56626aabb3171ac0a

Re: [Openvpn-devel] [PATCH applied] Re: Static-challenge concatenation option

Thanks :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon

[Openvpn-devel] [PATCH v3] dco-win: support for data_v3 features

From: Lev Stipakov Since version 1.4, dco-win drivere supports data_v3 features such as: - AEAD tag at the end - 64bit pktid We have to: - check in runtime if driver supports data_v3 features (we might be running with the older driver) - if those features are negotiated, we pass them to

[Openvpn-devel] [PATCH v1] tun: removed unnecessary route installations

From: Marco Baffo Removed superfluous calls to 'add_route_ipv6' for adding ipv6 routes after tun opening in OpenBSD, NetBSD and Darwin. Change-Id: I235891212b15277349810913c9c1763da5c48587 Signed-off-by: Marco Baffo Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and appro

Re: [Openvpn-devel] [PATCH applied] Re: Ensures all params are ready before invoking dco_set_peer()

Hi, On Mon, Sep 09, 2024 at 01:39:30PM +0200, Gert Doering wrote: > Your patch has been applied to the master branch. Note: while this is a bugfix, it does not need to go to 2.6 - there is no mssfix support in-kernel for DCO v2, and the upcoming DCOv3-no-called- "ovpn" wil

[Openvpn-devel] [PATCH applied] Re: Ensures all params are ready before invoking dco_set_peer()

y: Gianmarco De Gregori Acked-by: Lev Stipakov Message-Id: <20240906145745.67596-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29086.html Signed-off-by: Gert Doering -- kind regards, Gert Doering __

[Openvpn-devel] [PATCH applied] Re: tun: use is_tun_p2p more consistently

ned-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240906162514.78671-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29091.html Signed-off-by: Gert Doering -- kind regards, Gert Doering _

[Openvpn-devel] [PATCH applied] Re: tests/unit_tests/openvpn/test_auth_token.c: handle strdup errors

Lichtenheld Message-Id: <20240708210912.566-6-chipits...@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28882.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailin

Re: [Openvpn-devel] [PATCH 3/5] src/openvpn/auth_token.c: handle strdup errors

ction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany

[Openvpn-devel] [PATCH applied] Re: sample/sample-plugins/defer/multi-auth.c: handle strdup errors

Signed-off-by: Ilia Shipitsin Acked-by: Frank Lichtenheld Message-Id: <20240708210912.566-3-chipits...@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28886.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: src/openvpn/init.c: handle strdup failures

Acked-by: Gert Doering Taken the "patchset looks great" from Antonio as ACK, fixed the "msg( M_FATAL," space on the go (trivial whitespace fixes are acceptable). Not tested beyond minimal compile test and stare-at-code. Your patch has been applied to the ma

[Openvpn-devel] [PATCH applied] Re: Static-challenge concatenation option

sage-Id: <20240719131407.75746-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28943.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list

[Openvpn-devel] [PATCH applied] Re: Add test for static-challenge concatenation option

: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Initialize before use struct user_pass in ui_reader()

Acked-by: Gert Doering Thanks :-) (not much to test here) Your patch has been applied to the master branch. commit 67124dcf317460609860a2ea7cb7a55ceed4a4ce Author: Selva Nair Date: Sun Sep 8 18:42:20 2024 -0400 Initialize before use struct user_pass in ui_reader() Signed-off-by

[Openvpn-devel] [PATCH applied] Re: Add a test for loading certificate and key using file: URI

et/msg29076.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Add a test for loading certificate and key to ssl context

ists.sourceforge.net/msg29074.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Interpret --key and --cert option argument as URI

as URI Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld Message-Id: <20240906103734.36633-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29075.html Signed-off-by: Gert Doering -- kind regards, Gert Doe

[Openvpn-devel] [PATCH applied] Re: Protect cached username, password and token on client

13:29:08 2024 +0200 Protect cached username, password and token on client Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld Message-Id: <20240906112908.1009-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg290

[Openvpn-devel] [PATCH applied] Re: proxy.c: Clear sensitive data after use

https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29061.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: configure: Try to use pkg-config to detect mbedTLS

yt Message-Id: <20240906160510.76387-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29090.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel m

[Openvpn-devel] [PATCH applied] Re: GHA: Configure Renovate

URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29087.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lis

[Openvpn-devel] [PATCH applied] Re: configure: Allow to detect git checkout if .git is not a directory

sage-Id: <20240906172112.87148-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29092.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list

[Openvpn-devel] [PATCH v3] Protect cached username, password and token on client

From: Selva Nair Keep the memory segment containing username and password in "struct user_pass" encrypted. Works only on Windows. Username and auth-token cached by the server are not covered here. v2: Encrypt username and password separately as it looks more robust. We continue to depend on the

[Openvpn-devel] [PATCH v1] proxy.c: Clear sensitive data after use

From: Selva Nair Usage of credentials is a bit odd in this file. Actually the copy of "struct user_pass" kept in p->up is not required at all. It just defeats the purpose of auth-nocahe as it never gets cleared. Removing it is beyond the scope of this patch -- we just ensure it's purged after u

[Openvpn-devel] [PATCH applied] Re: Implement support for AEAD tag at the end

mplement support for AEAD tag at the end Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240214132719.3031492-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28239

[Openvpn-devel] [PATCH applied] Re: Use a more robust way to get dco-win version

e5a8ea36a0228c30cdbee8791d44a1f0fbaffa9f (master) commit 41fe48585ebd005e65d191452c2860ab9c089c55 (release/2.6) Author: Lev Stipakov Date: Fri Aug 9 21:22:56 2024 +0200 Use a more robust way to get dco-win version Signed-off-by: Lev Stipakov Acked-by: Gert Doering Message-Id: <20240809192257.24208-

[Openvpn-devel] [PATCH applied] Re: test_pkcs11.c: set file offset to 0 after ftruncate

Acked-by: Gert Doering "explanation makes sense, man ftruncate clearly says 'fd is not modified'" smoke tested ("make check") on linux with --enable-pkcs11 Your patch has been applied to the master branch. Not applied to 2.6 because the code in question

[Openvpn-devel] [PATCH v1] Use a more robust way to get dco-win version

n-dco-win/pull/76 This will be expecially handy later when checking which features driver supports. Change-Id: Ieb6f3a9d14d76000c1caf8ee1e959c6d0de832bf Signed-off-by: Lev Stipakov Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to

[Openvpn-devel] [PATCH applied] Re: console_systemd: rename query_user_exec to query_user_systemd

console_systemd: rename query_user_exec to query_user_systemd Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240726104032.2112-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28983.html Signed-

[Openvpn-devel] [PATCH v4] console_systemd: rename query_user_exec to query_user_systemd

: I379e1eb6dc57b9fe4bbdaefbd947a14326e7117a Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/670 This mail reflects revision 4 of this Change. Acked-by

[Openvpn-devel] [PATCH applied] Re: add and send IV_PROTO_DNS_OPTION_V2 flag

12248.21075-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28970.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openv

[Openvpn-devel] [PATCH v1] add and send IV_PROTO_DNS_OPTION_V2 flag

From: Heiko Hund Incompatible changes to the --dns server address and --dns server exclude-domains options were introduced after the code for handling them was released. Add and send a new IV_PROTO flag, so servers which act on the flags set can differentiate between clients which have implemente

[Openvpn-devel] [PATCH applied] Re: Add Ubuntu 24.04 runner to Github Actions

Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240719131141.75324-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28942.html Signed-off-by: Gert Doering

[Openvpn-devel] [PATCH applied] Re: Fix missing spaces in various messages

02346806adafd3c656f018a7a1b3fb2c585a1cea (release/2.6) Author: Frank Lichtenheld Date: Mon Jul 22 14:10:34 2024 +0200 Fix missing spaces in various messages Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240722121034.10816-1-g...@greenie.muc.de> URL: https://ww

[Openvpn-devel] [PATCH v1] Fix missing spaces in various messages

From: Frank Lichtenheld These result from broken up literals where it is easy to miss the missing space. Change-Id: Ic27d84c74c1dd6ff7973ca6966d186f475c67e21 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer

[Openvpn-devel] [PATCH applied] Re: configure: Switch to C11 by default

6.190351-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28916.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourc

[Openvpn-devel] [PATCH applied] Re: Allow trailing \r and \n in control channel message

200 Allow trailing \r and \n in control channel message Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240710140623.172829-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28910.html Signed

[Openvpn-devel] [PATCH applied] Re: Allow trailing \r and \n in control channel message

Acked-by: Gert Doering Thanks for the backport. Verified that it's the same change (without the unit test, and having extract_command_buffer() in forward.c), and that it gets the job done :-) Your patch has been applied to the release/2.5 branch. c

Re: [Openvpn-devel] [PATCH v2] configure: Switch to C11 by default

into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany

[Openvpn-devel] [PATCH applied] Re: t_server_null: multiple improvements and fixes

reenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28871.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists

[Openvpn-devel] [PATCH v5] t_server_null: multiple improvements and fixes

From: Samuli Seppänen - exit after a timeout if unable to kill servers - use sudo or equivalent only for server stop/start - use /bin/sh directly instead of through /usr/bin/env - simplify sudo call in the sample rc file - remove misleading and outdated documentation - make it work on OpenBSD 7.5

[Openvpn-devel] [PATCH applied] Re: mbedtls: Warn if --tls-version-min is too low

Message-Id: <20240703174158.7137-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28865.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing li

[Openvpn-devel] [PATCH v1] mbedtls: Warn if --tls-version-min is too low

From: Max Fillinger Recent versions of mbedtls only support TLS 1.2. When the minimum version is set to TLS 1.0 or 1.1, log a warning and use 1.2 as the actual minimum version. Change-Id: Ibc641388d8016533c94dfef3618376f6dfa91f4e Signed-off-by: Max Fillinger Acked-by: Arne Schwabe --- This ch

[Openvpn-devel] [PATCH applied] Re: configure: Try to detect LZO with pkg-config

Wed Jun 26 18:19:21 2024 +0200 configure: Try to detect LZO with pkg-config Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240626161921.179301-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.n

[Openvpn-devel] [PATCH applied] Re: Http-proxy: fix bug preventing proxy credentials caching

4 +0200 Http-proxy: fix bug preventing proxy credentials caching Signed-off-by: Gianmarco De Gregori Acked-by: Gert Doering Acked-by: Frank Lichtenheld Message-Id: <20240623200551.20092-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-dev

[Openvpn-devel] [PATCH v10] Http-proxy: fix bug preventing proxy credentials caching

from ssl has been added, by doing this we're able to erase previous queried user credentials to ensure correct operation. Fixes: Trac #1187 Signed-off-by: Gianmarco De Gregori Acked-by: Gert Doering Change-Id: Ia3e06c0832c4ca0ab868c845279fb71c01a1a78a --- This change was reviewed on Gerrit

[Openvpn-devel] [PATCH applied] Re: configure: Add -Wstrict-prototypes and -Wold-style-definition

orms", so in it goes. Your patch has been applied to the master branch. commit 56355924b4945ec808500b18c714c111387697f9 Author: Frank Lichtenheld Date: Thu Jun 20 16:42:30 2024 +0200 configure: Add -Wstrict-prototypes and -Wold-style-definition Signed-off-by: Frank Lichtenheld

[Openvpn-devel] [PATCH v4] configure: Add -Wstrict-prototypes and -Wold-style-definition

From: Frank Lichtenheld These are not covered by -Wall (nor -Wextra) but we want to enforce them. Change-Id: I6e08920e4cf4762b9f14a7461a29fa77df15255c Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v2] configure: Add -Wstrict-prototypes and -Wold-style-definition

From: Frank Lichtenheld These are not covered by -Wall (nor -Wextra) but we want to enforce them. Change-Id: I6e08920e4cf4762b9f14a7461a29fa77df15255c Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH applied] Re: t_server_null.sh: Fix failure case

Seppänen Message-Id: <20240620103749.7923-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28815.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel m

[Openvpn-devel] [PATCH v1] t_server_null.sh: Fix failure case

From: Frank Lichtenheld The changes for POSIX shell compatibility and parallel make compatibility broke actually failing the test when a subtest fails. Change-Id: I35f7cf84e035bc793d6f0f59e46edf1a2efe0391 Signed-off-by: Frank Lichtenheld Acked-by: Samuli Seppänen --- This change was reviewed

[Openvpn-devel] [PATCH applied] Re: interactive.c: Improve access control for gui<->service pipe

URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28808.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/li

[Openvpn-devel] [PATCH applied] Re: interactive.c: Improve access control for gui<->service pipe

24 +0300 interactive.c: Improve access control for gui<->service pipe Signed-off-by: Lev Stipakov Acked-by: Selva Nair Message-Id: <20240619134451.222-1-...@openvpn.net> URL: https://www.mail-archive.com/search?l=mi

Re: [Openvpn-devel] [PATCH applied] Re: mbedtls: Remove support for old TLS versions

nest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP s

[Openvpn-devel] [PATCH applied] Re: Properly handle null bytes and invalid characters in control messages

> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28791.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/l

Re: [Openvpn-devel] [PATCH v3] Properly handle null bytes and invalid characters in control messages

Hi, On Wed, Jun 19, 2024 at 12:30:04PM +0200, Gert Doering wrote: > From: Arne Schwabe > > This makes OpenVPN more picky in accepting control message in two aspects: > - Characters are checked in the whole buffer and not until the first > NUL byte > - if the messag

[Openvpn-devel] [PATCH v3] Properly handle null bytes and invalid characters in control messages

From: Arne Schwabe This makes OpenVPN more picky in accepting control message in two aspects: - Characters are checked in the whole buffer and not until the first NUL byte - if the message contains invalid characters, we no longer continue evaluating a fixed up version of the message but rath

[Openvpn-devel] [PATCH applied] Re: Implement server_poll_timeout for socks

.@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28408.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] Re: mbedtls: Remove support for old TLS versions

/1.2 cause "something to get upset" in the TLS version printer. Sorry for not testing this more thoroughly before merging. gert On Tue, Jun 18, 2024 at 06:30:05PM +0200, Gert Doering wrote: > Mildly tested via GHA builds. > > Not sure we want this in release/2.6 - I tend t

[Openvpn-devel] [PATCH applied] Re: Add t_server_null test suite

un 13 10:14:22 2024 +0200 Add t_server_null test suite Signed-off-by: Samuli Seppänen Acked-by: Frank Lichtenheld Message-Id: <20240613081422.139493-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28750.html Signe

[Openvpn-devel] [PATCH applied] Re: Remove experimental denotation for --fast-io

mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28772.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Fix MBEDTLS_DEPRECATED_REMOVED build errors

et/msg28771.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: mbedtls: Remove support for old TLS versions

ml Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] mbedtls: Remove support for old TLS versions

From: Max Fillinger Recent versions of mbedtls have dropped support for TLS 1.0 and 1.1. Rather than checking which versions are supported, drop support for everything before 1.2. Change-Id: Ia3883a26ac26df6bbb5353fb074a2e0f814737be Signed-off-by: Max Fillinger Acked-by: Arne Schwabe --- This

[Openvpn-devel] [PATCH v1] Remove "experimental" denotation for --fast-io

From: Frank Lichtenheld This option is very old (from SVN days) and has been used by Access Server for many years. I don't think it makes sense to claim that it is "experimental" at this point. Change-Id: I913bb70c5e527e78e7cdb43110e23a8944f35a22 Signed-off-by: Frank Lichtenheld Acked-by: Arne

[Openvpn-devel] [PATCH v4] Fix MBEDTLS_DEPRECATED_REMOVED build errors

From: rein.vanbaaren This commit allows compiling OpenVPN with recent versions of mbed TLS if MBEDTLS_DEPRECATED_REMOVED is defined. Change-Id: If96c2ebd2af16b18ed34820e8c0531547e2076d9 Signed-off-by: Max Fillinger Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by

Re: [Openvpn-devel] windows client tests needed

Hi, if you think this is a useful security enhancement, and would like to have it in a "short term" 2.6.x release, we need test results... please! gert On Thu, Jun 06, 2024 at 02:23:33PM +0200, Gert Doering wrote: > Hi, > > we have new code in master that helps with th

Re: [Openvpn-devel] [PATCH applied] Re: Implement Windows CA template match for Crypto-API selector

Hi, On Thu, Jun 06, 2024 at 01:33:24PM +0200, Gert Doering wrote: > As instructed I have removed the "and fallback requested" part > from the comment where "fallback" was removed from the code. > > Your patch has been applied t

  1   2   3   4   5   6   7   8   9   10   >