Acked-by: Gert Doering
We discussed this previously, and it makes sense to take "route addition
errors" into account, even if we consciously decided (long before I got
involved...) that we consider these non-fatal, unlike ifconfig errors.
I have stared at the code, and it looks reasonable (we
On Mon, Jan 09, 2023 at 05:36:06PM +0100, Arne Schwabe wrote:
> Am 09.01.23 um 16:01 schrieb Frank Lichtenheld:
> > On Mon, Dec 12, 2022 at 12:27:45PM +0100, Arne Schwabe wrote:
> > > Currently we have only one slot for renegotiation of the session/keys.
> > > If a replayed/faked packet is
Warning by GCC 12:
pkcs11_openssl.c:237:22: warning:
dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]
Signed-off-by: Frank Lichtenheld
---
src/openvpn/pkcs11_openssl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/pkcs11_openssl.c
Acked-by: Gert Doering
"Automatic and really easy to verify" ("git show -I Copyright")
The patch seems to be too big for mail-archive.com to archive it
(wat?) - it's not visible there, so pointing URL: to patchwork.
Your patch has been applied to the master and release/2.6 branch.
commit
Haven't tested this beyond "does it compile on Github?" - it looks
correct, though :-)
Your patch has been applied to the master branch.
commit 202b34da386c8574692111bad23814602d0e09f5 (master)
commit 71f3a109f9f73f0d978f58e08caed896c064767f (release/2.6)
Author: Frank Lichtenheld
Date: Tue
Hi,
On Tue, Dec 27, 2022 at 11:12:44AM +0100, Gert Doering wrote:
> Playing around with the patch a bit, the offending piece seems to be
> "mi->context.options.verbosity >= D_DCO_DEBUG" - which is unsurprising,
> as D_DCO_DEBUG is not "6" but "LOGLEV(6, 69, M_DEBUG)", which translates
> to
>
>
Not enabled by default with OpenSSL 3, so we don't
see this in our builds.
While here add missing entries to .gitignore (which
is what made me look at engine-key test in the first
place).
Signed-off-by: Frank Lichtenheld
---
.gitignore | 4
Hi,
On Tue, Jan 10, 2023 at 8:21 AM Frank Lichtenheld
wrote:
> Warning by GCC 12:
> pkcs11_openssl.c:237:22: warning:
> dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]
>
> Signed-off-by: Frank Lichtenheld
> ---
> src/openvpn/pkcs11_openssl.c | 6 +++---
> 1 file changed, 3
Hi,
On Thu, Dec 29, 2022 at 12:27:46PM +0500, Vladislav Grishenko wrote:
> client will move on to the next connection entry.
>
> v15:
> rebase to master (Dec 2022)
> add optional port argument to --remote and --remote-srv usage message
> fix --proto option coexisting with
Hi,
On 09/01/2023 21:00, Gert Doering wrote:
p2p --tls-server with no active client/peer logs once per second
"dco_update_keys: peer_id=-1"
which does exactly nothing, except fill the disk. So skip the call to
dco_update_keys() if peer_id == -1.
Signed-off-by: Gert Doering
---
Antonio, thanks for the review. Fixed the whitespace. (Uncrustify
did not see it since the patch was ad-hoc written on a system that
does not have the hook - but my pre-merge hook would have caught it).
Patch has been applied to the master and release/2.6 branch.
commit
This enables logging the peer id in p2mp mode if dco is enabled
and the log level is high enough
Patch v2: use check_debug_level to check current log level
Signed-off-by: Arne Schwabe
---
src/openvpn/multi.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/openvpn/multi.c
Acked-by: Gert Doering
Works and helps with DCO debugging.
Some of the messages look a bit stupid now... so we might want to go
and polish :-)
.. gremlin14943/194.97.140.21:12404 peer-id=9 dco_update_keys: peer_id=9
.. gremlin14833/194.97.140.21:11036 peer-id=11 dco_update_keys: peer_id=11
..
Hi,
On Tue, Jan 10, 2023 at 04:42:50PM -0500, Selva Nair wrote:
> I'm trying to get this info into the GUI for handling
> "--management-query-remote". Selecting a disabled entry from the UI would
> lead to erratic behaviour. Ideally this info (CE_DISABLED state) should be
> included in the
On Tue, Jan 10, 2023 at 4:56 PM Gert Doering wrote:
> Hi,
>
> On Tue, Jan 10, 2023 at 04:42:50PM -0500, Selva Nair wrote:
> > I'm trying to get this info into the GUI for handling
> > "--management-query-remote". Selecting a disabled entry from the UI
> would
> > lead to erratic behaviour.
correction:
> (i) --proto-force is in effect : configs not matching with the forced
protocol are disabled
configs --> connection entries
> (ii) --http-proxy-override : UDP profiles get disabled.
profiles --> connection entries
On Tue, Jan 10, 2023 at 4:42 PM Selva Nair wrote:
> Hi,
>
> I
Hi, sure, will do.
Yes, I’ve noticed undesired code dup in v14 and have fixed everything found
in v15 rebase, same will be rechecked in v16 of course.
Thanks!
Ср, 11 янв. 2023 г. в 01:05, Gert Doering :
> Hi,
>
> On Thu, Dec 29, 2022 at 12:27:46PM +0500, Vladislav Grishenko wrote:
> > client
Hi,
I see two situations under which a connection-entry (remote) could be
disabled while iterating through the list of remotes:
(i) --proto-force is in effect : configs not matching with the forced
protocol are disabled
(ii) --http-proxy-override : UDP profiles get disabled.
This looks like an
From: Selva Nair
- The response to the management command "remote-entry-get" is
amended to include the status of the remote entry. The status
reads "disabled" if (ce->flag & DISABLED) is true, "enabled"
otherwise.
- Update and correct the description of this option in
Error in commit message:
0,vpn.example.org,udp,enabled
> 2,vpn.example.net,tcp-client,disabled
> 1,vpn.example.com,udp,enabled
>
That should have been
0,vpn.example.org,udp,enabled
1,vpn.example.net,tcp-client,disabled
2,vpn.example.com,udp,enabled
with indices 0, 1, 2 ordered.
Acked-by: Gert Doering
This is really straightforward. Tested with my .ovpn full with generated
"remote" lines, some of them changed to "tcp", and "--proto-force tcp-client"
..
190,1185.server.org,1185,udp,disabled
191,1186.server.org,1186,udp,disabled
192,1187.server.org,1187,udp,disabled
Hi,
On Tue, Jan 10, 2023 at 06:02:57PM +0100, Frank Lichtenheld wrote:
> @@ -27,7 +27,7 @@ ${top_builddir}/src/openvpn/openvpn --cd
> ${top_srcdir}/sample --config sample-co
> # first off check we died because of a key mismatch. If this doesn't
> # pass, suspect openssl of returning different
22 matches
Mail list logo