Re: [Openvpn-devel] [PATCH 5/7] Remove support for blocking connect()

Hi, On Wed, Apr 21, 2021 at 03:43:46PM +0200, Arne Schwabe wrote: > It is hard to imagine that we still have any supported OS that does > not support non-blocking connect while still supporting non-blocking > sockets in general. [..] > diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h >

Re: [Openvpn-devel] [PATCH 5/7] Remove support for blocking connect()

Am 21.04.21 um 22:32 schrieb Gert Doering: > Hi, > > On Wed, Apr 21, 2021 at 03:43:46PM +0200, Arne Schwabe wrote: >> It is hard to imagine that we still have any supported OS that does >> not support non-blocking connect while still supporting non-blocking >> sockets in general. > [..] >> diff

[Openvpn-devel] [PATCH] options: check for blanks in fingerprints and reject string if found

From: Antonio Quartulli A fingerprint is not expected to contains any blank (white space), howeveri, the parser routine will still attempt parsing the octect and ignore the space. This means that a fingerprint like 5

Re: [Openvpn-devel] [PATCH 2/7] Move direct.h header where it is used

Hi, On 21/04/2021 15:43, Arne Schwabe wrote: > The direct.h header provides only a handful of functions [1] of which > we only use _wchdir. Directly included the direct.h file where it is > used and remove autoconf magic around it. > > [1] >

Re: [Openvpn-devel] [PATCH 3/7] Remove always enabled USE_64_BIT_COUNTERS define

Hi, On 21/04/2021 15:43, Arne Schwabe wrote: > Also change the types to use C99 uint64_t and its printf u64 define. > > Signed-off-by: Arne Schwabe This patch looks good and compiles on my test rig. As expected, it is basically removing a bunch of ifdefs always forced on the "true-branch".

Re: [Openvpn-devel] [PATCH 3/3] Support NCP in pure P2P VPN setups

As per Arne's request, this patch is on hold as he wants to send another change first, which will heavily conflict with this patch. We will wait for a new version of this patch that will be based on this other change he will send. Cheers, -- Antonio Quartulli

Re: [Openvpn-devel] [PATCH 4/7] Fix a number of mingw warnings

Hi, On 21/04/2021 15:43, Arne Schwabe wrote: > Move to definition inside the ifdef where they are used to avoid > unused warnings. > > Fix a few printf related warnings when DWORD is used as paramter and > the printf format should be %lu (long unsigned int) > > Signed-off-by: Arne Schwabe >

Re: [Openvpn-devel] [PATCH applied] Re: Fix build with mbedtls w/o SSL renegotiation support

On 13.04.2021 07:57, Gert Doering wrote: Your patch has been applied to the master branch. commit e4bd17c86e01aaf6f809d9ea355419c86c4defdc Author: Max Fillinger Date: Mon Apr 12 19:46:17 2021 +0200 Fix build with mbedtls w/o SSL renegotiation support Please backport this to

Re: [Openvpn-devel] [PATCH 2/3] Remove --ncp-disable option

Hi, On 08/04/2021 16:02, Arne Schwabe wrote: > NCP has proven to be stable and apart from the one VPN Provider doing > hacky things with homebrewed NCP we have not had any reports about > ncp-disable being required. Remove ncp-disable to simplify code paths. > > Note: This patch breaks client

Re: [Openvpn-devel] [PATCH 1/7] Remove --disable-multihome option

Hi, On 21/04/2021 15:43, Arne Schwabe wrote: > With this change we always build multihome support if the operating > system supports it. > > Signed-off-by: Arne Schwabe Shouldn't these go too? $ grep -rn MULTIHOME config-msvc.h:13:#define ENABLE_MULTIHOME 1 configure.ac:1155:test

[Openvpn-devel] [PATCH] tapctl: support for ovpn-dco Windows driver

From: Lev Stipakov Make tapctl aware of ovpn-dco. Signed-off-by: Lev Stipakov --- src/tapctl/main.c | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/tapctl/main.c b/src/tapctl/main.c index d5bc7290..3350bf1f 100644 --- a/src/tapctl/main.c +++

[Openvpn-devel] Summary of the community meeting (21st April 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wed 21st April 2021 Time: 14:00 CET (12:00 UTC) Planned meeting topics for this meeting were here: Your local

[Openvpn-devel] [PATCH 2/7] Move direct.h header where it is used

The direct.h header provides only a handful of functions [1] of which we only use _wchdir. Directly included the direct.h file where it is used and remove autoconf magic around it. [1]

[Openvpn-devel] [PATCH 4/7] Fix a number of mingw warnings

Move to definition inside the ifdef where they are used to avoid unused warnings. Fix a few printf related warnings when DWORD is used as paramter and the printf format should be %lu (long unsigned int) Signed-off-by: Arne Schwabe --- src/openvpn/route.c | 4 ++-- src/openvpn/socket.c | 3 ++-

[Openvpn-devel] [PATCH 7/7] Remove a number of platform specific checks in configure.ac

- Remove windows XP/old mingw compat code in socket.c - Use _WIN32 instead checking for existence of windows.h, winsock2.h and ws2tcpip.h in autconf - Remove check for unlink. The last remaining use is a check inside a Unix socket. - Even Windows has umask, so remove the check for it

[Openvpn-devel] [PATCH 1/7] Remove --disable-multihome option

With this change we always build multihome support if the operating system supports it. Signed-off-by: Arne Schwabe --- configure.ac | 7 --- src/openvpn/syshead.h | 2 +- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac index

[Openvpn-devel] [PATCH 3/7] Remove always enabled USE_64_BIT_COUNTERS define

Also change the types to use C99 uint64_t and its printf u64 define. Signed-off-by: Arne Schwabe --- src/openvpn/common.h | 15 +++ src/openvpn/syshead.h | 5 - 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/src/openvpn/common.h b/src/openvpn/common.h index

[Openvpn-devel] [PATCH 5/7] Remove support for blocking connect()

It is hard to imagine that we still have any supported OS that does not support non-blocking connect while still supporting non-blocking sockets in general. Signed-off-by: Arne Schwabe --- src/openvpn/socket.c | 8 src/openvpn/syshead.h | 11 --- 2 files changed, 19

[Openvpn-devel] [PATCH 6/7] Replace OS_SPECIFIC_DIRSEP with PATH_SEPARATOR

We have two define that do exactly the same. Also move the check from configure.ac to syshead.h since it is really only checking for Windows. Signed-off-by: Arne Schwabe --- configure.ac | 8 src/openvpn/platform.c | 2 +- src/openvpn/ssl_verify.c | 2 +-

[Openvpn-devel] OpenVPN 2.5.2 released

The OpenVPN community project team is proud to release OpenVPN 2.5.2. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the

[Openvpn-devel] OpenVPN 2.4.11 released

The OpenVPN community project team is proud to release OpenVPN 2.4.11. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the

[Openvpn-devel] [PATCH v2] Allow all GCM ciphers

OpenSSL also allows ARIA-GCM and that works well with our implementation While the handpicked list was needed for earlier OpenSSL versions (and is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL 1.0.2 and 1.1.x works as expected. Patch V2: Remove special cases for AES-GCM

Re: [Openvpn-devel] [PATCH 6/7] Replace OS_SPECIFIC_DIRSEP with PATH_SEPARATOR

Hi, On 21/04/2021 15:43, Arne Schwabe wrote: > We have two define that do exactly the same. Also move the check > from configure.ac to syshead.h since it is really only checking > for Windows. > > Signed-off-by: Arne Schwabe > --- > configure.ac | 8 >