Re: [Openvpn-devel] OpenVPN Interactive Service Branding

2017-11-01 Thread Simon Rozman
Hi, > > Hi Simon, > > Speaking of MSIs... we are planning on moving from NSIS to MSI due to > security issues like the one we fixed in previous release. At the moment four > (other) people who have expressed interest in taking part in the "create MSI > installers for OpenVPN" project. One of

Re: [Openvpn-devel] [PATCH 1/1] openssl: add engine method for loading the key

2017-11-01 Thread Steffan Karger
Hi, On 29-10-17 16:57, James Bottomley wrote: > On Sun, 2017-10-29 at 23:15 +0800, Antonio Quartulli wrote: >> James, >> >> could you please resend a full patch, so to have a better overview of >> the whole change? > > Sure thing.  It's below. Feature makes sense, so feature-ACK. An early

Re: [Openvpn-devel] [PATCH] autoconf: Fix engine checks for openssl 1.1

2017-11-01 Thread Steffan Karger
Hi, On 29-10-17 16:34, James Bottomley wrote: > In openssl 1.1, ENGINE_cleanup became a #define instead of a function > (because it's no longer needed as engines are self cleaning). Update > the autoconf.ac script to check for ENGINE_cleanup as a declaration to > avoid falsely underfinig

[Openvpn-devel] [PATCH v2] Don't throw fatal errors from create_temp_file()

2017-11-01 Thread Steffan Karger
Hi, The following four patches are a rebased and reordered set of patched that replace the original 2 patches I send in September. These should include fixes for all Antonio's and David's comments (where needed). -Steffan

[Openvpn-devel] [PATCH 4/4 v3] create_temp_file/gen_path: prevent memory leak if gc == NULL

2017-11-01 Thread Steffan Karger
If gc == NULL, the data allocated in the alloc_gc_buf() call in create_temp_file or the string_mod_const call in gen_path would never be free'd. These functions are currently never called that way, but let's prevent future problems. While touching create_temp_file, also remove the counter

[Openvpn-devel] [PATCH 2/4 v2] pf: reject client if PF plugin is configured, but init fails

2017-11-01 Thread Steffan Karger
This changes the behavior for pf plugins: instead of just not initializing the firewall rules and happily continuing, this now rejects the client in the case of an (unlikely) failure to initialize the pf. Signed-off-by: Steffan Karger --- v3: return immediately after

[Openvpn-devel] [PATCH 1/4 v3] pf: clean up temporary files if plugin init fails

2017-11-01 Thread Steffan Karger
From: Steffan Karger close_instance() tries to remove the file in c2.pf.filename, but that only works if we actually set that if we fail. So, set that filename as soon as we know we've created the file. Signed-off-by: Steffan Karger ---

[Openvpn-devel] [PATCH 3/4 v2] Don't throw fatal errors from create_temp_file()

2017-11-01 Thread Steffan Karger
From: Steffan Karger This function is called in response to connecting clients, and can fail when I/O fails for some (possibly temporary) reason. In such cases we should not exit the process, but just reject the connecting client. This commit changes the function to

Re: [Openvpn-devel] [PATCH 0/2] Reject client if PF plugin is configured, but init fails

2017-11-01 Thread Steffan Karger
Hi, On 30-09-17 03:00, Antonio Quartulli wrote: > On 30/09/17 00:24, Steffan Karger wrote: >> This changes the behavior for pf plugins: instead of just not initializing >> the firewall rules and happily continuing, this now rejects the client in >> the case of an (unlikely) failure to initialize

Re: [Openvpn-devel] OpenVPN Interactive Service Branding

2017-11-01 Thread Simon Rozman
Hi, > Named instances sounds like is a good idea. As you pointed out, Microsoft > itself uses command line parameters on service (like -i NAME for SQL server) > so that looks kosher. > > There is a problem though: multiple instances also need multiple service > names but the service name is

Re: [Openvpn-devel] OpenVPN Interactive Service Branding

2017-11-01 Thread Илья Шипицин
2017-11-01 23:46 GMT+05:00 Simon Rozman : > Hi, > > > > > Hi Simon, > > > > Speaking of MSIs... we are planning on moving from NSIS to MSI due to > > security issues like the one we fixed in previous release. At the moment > four > > (other) people who have expressed interest in

[Openvpn-devel] [PATCH 1/2] doxygen: use relative paths from the project root

2017-11-01 Thread Steffan Karger
Instead of genering docs with full path names (e.g. /home/steffan/dev/openvpn/src/openvpn/crypto.h), use a relative path wrt the project root (e.g. src/openvpn/crypto.h). This makes the generated doxygen easier to read. Signed-off-by: Steffan Karger ---

Re: [Openvpn-devel] OpenVPN Interactive Service Branding

2017-11-01 Thread Samuli Seppänen
On 01/11/2017 10:25, Simon Rozman wrote: > Because of those issues, we would like to install local OpenVPN - and keep it > up-to-date - using an MSI package. While openvpn.exe and its dependency DLLs > can easily be managed as a local copy, the interactive service cannot - > without interfering

[Openvpn-devel] Summary of the community meeting (Wed, 1st Nov 2017)

2017-11-01 Thread Samuli Seppänen
Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 1st Nov 2017 Time: 11:30 CET (10:30 UTC) Planned meeting topics for this meeting were here: The next

[Openvpn-devel] [PATCH 2/2] doxygen: add make target

2017-11-01 Thread Steffan Karger
Add a make target, such that 'make doxygen' works (both for in-tree and out-of-tree builds). Signed-off-by: Steffan Karger --- Makefile.am | 5 +- configure.ac| 1 + doc/Makefile.am | 2 +

Re: [Openvpn-devel] OpenVPN Interactive Service Branding

2017-11-01 Thread Selva
Hi On Wed, Nov 1, 2017 at 4:25 AM, Simon Rozman wrote: > Hi, > > > Named instances sounds like is a good idea. As you pointed out, Microsoft > > itself uses command line parameters on service (like -i NAME for SQL > server) > > so that looks kosher. > > > > There is a problem

Re: [Openvpn-devel] [PATCH] Further enhance async-push feature description

2017-11-01 Thread Gert Doering
Hi, finding lost gems in my mailbox... On Wed, Dec 14, 2016 at 01:45:09PM +0100, Steffan Karger wrote: > > AC_ARG_ENABLE( > > [async-push], > > - [AS_HELP_STRING([--enable-async-push], [enable async-push support > > @<:@default=no@:>@])], > > + [AS_HELP_STRING([--enable-async-push],

Re: [Openvpn-devel] [PATCH 0/1] add engine keys keys

2017-11-01 Thread Selva
Hi, On Wed, Nov 1, 2017 at 2:18 PM, Steffan Karger wrote: > Hi, > > On 29-10-17 22:03, Selva wrote: > > I would like to see new features transparently supported on Windows > > as well without the need for too much extra code and associated > > maintenance burden. Our

Re: [Openvpn-devel] [PATCH 0/1] add engine keys keys

2017-11-01 Thread Steffan Karger
Hi, On 29-10-17 22:03, Selva wrote: > I would like to see new features transparently supported on Windows > as well without the need for too much extra code and associated > maintenance burden. Our 'cryptoapicert' implementation is already in > need of a major re-write to support TLS 1.2 and