Hi,
On 21/06/20 17:14, Selva Nair wrote:
On Sun, Jun 21, 2020 at 7:14 AM Gert Doering wrote:
going through OpenVPN threads that went stale - I think this is
actually a nice addition (read: other people have already asked
me if this can be done).
On Thu, Mar 05, 2020 at 01:53:12PM +0100, Jan
Hi,
On Tue, Jun 23, 2020 at 08:28:36AM +0200, Gert Doering wrote:
> Acked-by: Gert Doering
>
> Tested on :
> - MacOS Mojave with OpenSSL 1.1.1c (brew) and out-of-tree build, works.
> - Linux with mbedtls (does not try engine tests, good :-) )
> - Linux with OpenSSL 1.1.1, works
> - FreeBSD
Acked-by: Gert Doering
Tested on :
- MacOS Mojave with OpenSSL 1.1.1c (brew) and out-of-tree build, works.
- Linux with mbedtls (does not try engine tests, good :-) )
- Linux with OpenSSL 1.1.1, works
- FreeBSD 11.3 with OpenSSL 1.0.2s -> v6 fails, v6 works \o/
Conferred with Arne, we
Hi,
On Wed, Nov 13, 2019 at 06:07:02PM +0800, Tom Yan wrote:
> The setting probably just slipped out of the if-block over rewrites.
Possibly... so it makes sense to clean this up.
Can you please re-send the patch to change *both* places where this
occurs, helper.c line 348 and helper.c line
Hi,
On Tue, Jun 23, 2020 at 10:34:47AM +0200, Arne Schwabe wrote:
> > Well, may be it is possible to add support for setting cipher in ccd
> >
> > as it was possible before 2.4.9 using patch from here
> >
> > https://community.openvpn.net/openvpn/ticket/845
> >
>
> I get that this might have
Hi,
On 22/06/2020 16:02, Arne Schwabe wrote:
[CUT]
> @@ -343,6 +348,42 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const
> char *profile)
> }
> }
>
> +void
> +tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
> +{
> +ASSERT(ctx);
> +struct gc_arena
On Tue, 2020-06-23 at 09:21 +0200, Gert Doering wrote:
> Hi,
>
> On Tue, Jun 23, 2020 at 08:28:36AM +0200, Gert Doering wrote:
> > Acked-by: Gert Doering
> >
> > Tested on :
> > - MacOS Mojave with OpenSSL 1.1.1c (brew) and out-of-tree build,
> > works.
> > - Linux with mbedtls (does not try
Am 23.06.20 um 06:16 schrieb Dmitry Melekhov:
> 22.06.2020 20:58, Selva Nair пишет:
>> +*WARNING* This MAY break configurations where the client uses
>> + ``--disable-occ`` feature where the ``--cipher`` has
>> + not been explicitly configured on both client and
>>
23.06.2020 13:02, Gert Doering пишет:
That patch is from Steffan, and review has been sitting in my lap for
way too long. Need to see if it still applies.
Unfortunately it is not compatible with 2.4.9, because of introduced
change...
___
Hi,
On Tue, Jun 23, 2020 at 01:12:42PM +0400, Dmitry Melekhov wrote:
> 23.06.2020 13:02, Gert Doering ??:
> > That patch is from Steffan, and review has been sitting in my lap for
> > way too long. Need to see if it still applies.
>
> Unfortunately it is not compatible with 2.4.9,
If OpenVPN signals deferred authentication support (by setting
the internal environment variables "auth_control_file" and
"deferred_auth_pam"), do not wait for PAM stack to finish. Instead,
the privileged PAM process returns RESPONSE_DEFER via the control
socket, which gets turned into
23.06.2020 12:34, Arne Schwabe пишет:
Am 23.06.20 um 06:16 schrieb Dmitry Melekhov:
22.06.2020 20:58, Selva Nair пишет:
+*WARNING* This MAY break configurations where the client uses
+ ``--disable-occ`` feature where the ``--cipher`` has
+ not been explicitly
apparently, it fails for some build on travis
https://travis-ci.org/github/OpenVPN/openvpn/jobs/701158156
вт, 23 июн. 2020 г. в 18:07, James Bottomley <
james.bottom...@hansenpartnership.com>:
> On Tue, 2020-06-23 at 09:21 +0200, Gert Doering wrote:
> > Hi,
> >
> > On Tue, Jun 23, 2020 at
as far as I understand, openssl-1.0.2 does not support engines ?
вт, 23 июн. 2020 г. в 21:42, Илья Шипицин :
> apparently, it fails for some build on travis
> https://travis-ci.org/github/OpenVPN/openvpn/jobs/701158156
>
> вт, 23 июн. 2020 г. в 18:07, James Bottomley <
>
Acked-by: Gert Doering
Looks reasonable, explanation is reasonable, and it passes "make distcheck"
(only tested on Linux, but there should not be a difference here).
Your patch has been applied to the master branch.
Thanks.
commit 21e3e9fc34128d37bd612def2acca29a5a18de77 (HEAD -> master)
Hi,
On Tue, Jun 23, 2020 at 11:36:49PM +0500, ?? wrote:
> Also, I think we should out log.txt in case of failure.
Indeed, this would help.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest
Hi,
On Tue, Jun 23, 2020 at 09:42:51PM +0500, ?? wrote:
> apparently, it fails for some build on travis
> https://travis-ci.org/github/OpenVPN/openvpn/jobs/701158156
This is the reason why James sent this new patch - what we have in
master works but fails "make distcheck".
вт, 23 июн. 2020 г. в 23:17, James Bottomley <
james.bottom...@hansenpartnership.com>:
> On Tue, 2020-06-23 at 21:43 +0500, Илья Шипицин wrote:
> > as far as I understand, openssl-1.0.2 does not support engines ?
>
> No, it does. Engines were a pre 0.9.8 thing. I support openssl in my
> builds
On Tue, 2020-06-23 at 21:43 +0500, Илья Шипицин wrote:
> as far as I understand, openssl-1.0.2 does not support engines ?
No, it does. Engines were a pre 0.9.8 thing. I support openssl in my
builds for the TPM engine down to 1.0.1
However, the failure:
> Key mismatch not detected
>
> FAIL:
Hi,
On Tue, Jun 23, 2020 at 08:47:33PM +0200, Gert Doering wrote:
> On Tue, Jun 23, 2020 at 11:36:49PM +0500, ?? wrote:
> > Also, I think we should out log.txt in case of failure.
>
> Indeed, this would help.
Yep.
The "make distcheck" travis instance is now happy, but the
On Tue, 2020-06-23 at 21:26 +0200, Gert Doering wrote:
> Hi,
>
> On Tue, Jun 23, 2020 at 08:47:33PM +0200, Gert Doering wrote:
> > On Tue, Jun 23, 2020 at 11:36:49PM +0500, ??
> > wrote:
> > > Also, I think we should out log.txt in case of failure.
> >
> > Indeed, this would
Hi,
On Tue, Jun 23, 2020 at 12:32:42PM -0700, James Bottomley wrote:
> > James, are you triggering on specific openvpn messages? "--enable-
> > small"
> > changes these (trimming some warnings and help texts). Can you test
> > with
> > "configure --enable-small", please?
> >
> >
Hi,
On Tue, Jun 23, 2020 at 3:22 AM Jan Just Keijser wrote:
>
> Hi,
>
> On 21/06/20 17:14, Selva Nair wrote:
> > On Sun, Jun 21, 2020 at 7:14 AM Gert Doering wrote:
> >>
> >> going through OpenVPN threads that went stale - I think this is
> >> actually a nice addition (read: other people have
ср, 24 июн. 2020 г. в 00:37, Gert Doering :
> Hi,
>
> On Tue, Jun 23, 2020 at 12:32:42PM -0700, James Bottomley wrote:
> > > James, are you triggering on specific openvpn messages? "--enable-
> > > small"
> > > changes these (trimming some warnings and help texts). Can you test
> > > with
> > >
Hi,
Arne and I have discussed the challenge of DNS configuration and we have paid
attention to a recent discussion here on the mailing list as well [1]. We
have tried to consider various platforms and have a few proposals for unifying
and documenting DNS configuration as much as possible.
[1]
On Wed, 2020-06-24 at 01:18 +0500, Илья Шипицин wrote:
[...]
> I've added output of log.txt, if you are going to modify "grep"
> magic, can you adopt something like that, please ?
OK, I folded this into the --enable-small correction
James
---8>8>8><8<8<8---
From: James Bottomley
Subject:
26 matches
Mail list logo
