[Openvpn-devel] Topics for the upcoming (Wednesday, 22nd February 2016) community meeting

2017-02-21 Thread Samuli Seppänen
Hi, We're going to have an IRC meeting on Wednesday 22nd February 2016. The meeting begins at 20:00 CET (19:00 UTC) on #openvpn-meeting irc.freenode.net. You do not have to be logged in to Freenode to join the channel. Current topic list along with basic information is here:

[Openvpn-devel] Updates to the git repositories

2017-02-21 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Since the early days of the OpenVPN git era, we have done pushes to both a stable (openvpn.git) repository and a testing (openvpn-testing.git) repository. In the early days, this made a lot of sense. But life moves on, evolves and things

[Openvpn-devel] [PATCH applied] Re: dev-tools: Simple tool wihch automates rebasing LZ4 compat library

2017-02-21 Thread Gert Doering
ACK. Your patch has been applied to the master branch. Some comments: - I'm not putting this into release/2.4 branch, as we're only ever going to use it in master - lz4 changes get applied to master, and then cherrypicked to other branches. - the sed statement has been fix-on-commit'ed

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread David Sommerseth
On 21/02/17 22:12, Gert Doering wrote: > Hi, > > On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote: >> ACK to the attached patch. > >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 >> From: "Simon (simix)" > > All previous commits (I'm aware of) carry a

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread Gert Doering
Hi, On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: > >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 > >> From: "Simon (simix)" > > > > Do we have a policy how to handle patches with missing author info? > > I see no reason at all why we should not

Re: [Openvpn-devel] NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

2017-02-21 Thread Gert Doering
Hi, following up on the thread starter... On Wed, Jan 18, 2017 at 04:43:22PM +0100, Thomas Schäfer wrote: > This works perfectly as long the client has still an IPv4-connection. > > But in case of an IPv6-only-client (not system-wide disabled, just not > getting IPv4-addresses by the ISP, e.g.

[Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread Steffan Karger
Hi, The attached patch from trac #825 fixes a silly bug in my --tls-crypt code. I already confirmed this in trac, but now also on the list: ACK to the attached patch. -Steffan >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 From: "Simon (simix)" Date: Tue, 21 Feb 2017

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-21 Thread David Sommerseth
On 13/02/17 21:16, David Sommerseth wrote: > On 13/02/17 20:50, Christian Hesse wrote: >> And a lot more has to be done... There's a long list of packages to be >> fixed. Sadly openssl developers do not care about ABI and API stability >> or compatibility. :( > > I do understand the frustration

[Openvpn-devel] [PATCH v2 0/3] LZ4 updates

2017-02-21 Thread David Sommerseth
This is an updated LZ4 patch series. It fixes a silly bug which sneaked into the lz4-rebaser.sh tool, rebases LZ4 to upstream lz4-1.7.5 and updates our LZ4 usage to not use a deprecated API. This patch-set replaces the previous [1] LZ4 update series. [1] Message-Id:

[Openvpn-devel] [PATCH v2 3/3] Replace deprecated LZ4 function

2017-02-21 Thread David Sommerseth
From: Christian Hesse The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler gives warning: warning: ‘LZ4_compress_limitedOutput’ is deprecated: use LZ4_compress_default() instead The new function LZ4_compress_default() appeared in r129 (1.7.0), so replace the

[Openvpn-devel] [PATCH v2 1/3] dev-tools: lz4-rebaser tool carried a typo

2017-02-21 Thread David Sommerseth
The HAVE_CONFIG_H block which gets added to compat-lz4.c was missing a # before the first ifdef statement. Signed-off-by: David Sommerseth --- dev-tools/lz4-rebaser.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/lz4-rebaser.sh

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread Steffan Karger
Hi, On 21-02-17 22:12, Gert Doering wrote: > On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote: >> ACK to the attached patch. > >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 >> From: "Simon (simix)" > > All previous commits (I'm aware of) carry a valid

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread Gert Doering
Hi, On Tue, Feb 21, 2017 at 08:42:57PM +0100, Steffan Karger wrote: > ACK to the attached patch. > >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 > From: "Simon (simix)" All previous commits (I'm aware of) carry a valid e-mail address, and most of them have a full name

Re: [Openvpn-devel] [RFC PATCH v1 09/15] OpenSSL: don't use direct access to the internal of X509_STORE_CTX

2017-02-21 Thread Steffan Karger
Hi, On 17-02-17 23:00, log...@free.fr wrote: > From: Emmanuel Deloget > > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including X509_STORE_CTX. We have to use the defined > functions to do so. > > Fortunately, these functions have existed

[Openvpn-devel] [PATCH applied] Re: dev-tools: lz4-rebaser tool carried a typo

2017-02-21 Thread Gert Doering
ACK. Oh the annoyance :-( - I *did* test-runs, but "it looked reasonable", and I did not verify that the result *compiled*. I should have... Your patch has been applied to the master branch. commit 40d6d471ff72e6a5e46911a3205f8e4401f506a3 Author: David Sommerseth Date: Tue Feb 21 20:27:35

[Openvpn-devel] [PATCH applied] Re: fix redirect-gateway behaviour when an IPv4 default route does not exist

2017-02-21 Thread Gert Doering
ACK. Verified the problematic behaviour (connected from a FreeBSD 11 system without an IPv4 default route to a v6-transport VPN server, and it refused "redirect-gateway", with or without "def1") - and with the patch, it does the expected thing. Also, stared at the code :-) Your patch has been