Re: [Openvpn-devel] autoconf/automake warnings

2016-08-12 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/16 20:27, Selva Nair wrote: > > On Fri, Aug 12, 2016 at 6:30 AM, David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>> wrote: > > On 12/08/16 03:14, Selva Nair wr

Re: [Openvpn-devel] [PATCH] add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

2017-01-31 Thread David Sommerseth
ion are too easily ignored. -- kind regards, David Sommerseth OpenVPN Technologies, Inc > On 30/01/2017 08:48, Илья Шипицин wrote: >> can we merge it ? >> @mattock ? >> >> 2017-01-21 13:47 GMT+05:00 Илья Шипицин <chipits...@gmail.com >> <mailto:chipi

Re: [Openvpn-devel] [PATCH applied] github: Add PR template with contributor related information

2017-02-06 Thread David Sommerseth
ntributor related information Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <1486364115-9801-1-git-send-email-chipits...@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14010.html Signed-off-by: David Sommerset

Re: [Openvpn-devel] [PATCH applied] github: Add PR template with contributor related information

2017-02-07 Thread David Sommerseth
ommit. Many calls this process the "personal hygiene step". It's a fairly good description of the importance of doing so. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Descriptio

Re: [Openvpn-devel] [PATCH applied] github: Add PR template with contributor related information

2017-02-07 Thread David Sommerseth
ge text. And it just takes a quick look at our git log to see that we try to stay beyond that limit. We do sometimes exceed 50 characters, and we let that pass silently. But more than 3 times longer, then something must be done. -- kind regards, David Sommerseth OpenVPN

Re: [Openvpn-devel] [PATCH] add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

2017-02-02 Thread David Sommerseth
On 02/02/17 09:27, Samuli Seppänen wrote: > On 31/01/2017 15:49, David Sommerseth wrote: >> On 30/01/17 13:34, Samuli Seppänen wrote: >>> I agree with you on keeping the pull request template minimal and having >>> the more fine-grained information in Trac. >>&g

Re: [Openvpn-devel] [PATCH applied] github: Add PR template with contributor related information

2017-02-06 Thread David Sommerseth
e much to say for the future in this regards. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's

Re: [Openvpn-devel] [PATCH applied] Use SHA256 for the internal digest, instead of MD5

2017-01-22 Thread David Sommerseth
Use SHA256 for the internal digest, instead of MD5 Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <1485101081-9784-1-git-send-email-stef...@karger.me> URL: https://www.mail-archive

Re: [Openvpn-devel] [PATCH applied] git: Merge .gitignore files into a single file

2017-01-22 Thread David Sommerseth
: David Sommerseth Date: Fri Jan 20 22:04:57 2017 +0100 git: Merge .gitignore files into a single file Signed-off-by: David Sommerseth <dav...@openvpn.net> Acked-by: Steffan Karger <stef...@karger.me> Message-Id: <20170120210457.3383-1-dav...@openvpn.net>

Re: [Openvpn-devel] [PATCH applied] git: Merge .gitignore files into a single file

2017-01-22 Thread David Sommerseth
On 23/01/17 01:23, David Sommerseth wrote: > Your patch has been applied to the following branches > > commit d14b3c60c7796736e07bc3cddb0ab3a58475793e (master) > commit 61da0031b2a0036680d9e0f822619ecc116f1178 (release/2.3) > commit 2a7c994ca5b1583bc0f78c46be5b3a827f970b9

[Openvpn-devel] [PATCH] plugin: Improve the handling of default plug-in directory

2017-01-27 Thread David Sommerseth
option. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- doc/openvpn.8| 28 src/openvpn/plugin.c | 18 +- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index e3d603e..a8d06f3 100644 ---

Re: [Openvpn-devel] [PATCH applied] plugin: Remove GNUism in openvpn-plugin.h generation

2017-01-27 Thread David Sommerseth
t;m...@eworm.de> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <20170127084927.21040-1-l...@eworm.de> URL: http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13966.html Signed-off-by: David Sommerseth <dav...@openvpn.net> -

Re: [Openvpn-devel] [PATCH] Resolving several travis-ci issues:

2017-01-27 Thread David Sommerseth
ers. We don't like to do spoon feeding ;-) And a git trick, which you can instantly benefit from ... when doing git commit ... add the -s argument ;-) -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -

Re: [Openvpn-devel] [PATCH] Resolving several travis-ci issues:

2017-01-27 Thread David Sommerseth
On 27/01/17 17:58, Selva Nair wrote: > > On Fri, Jan 27, 2017 at 10:08 AM, David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>> wrote: > > On 27/01/17 14:56, Илья Шипицин wrote: > > > >

Re: [Openvpn-devel] [PATCH v3 1/1] Clean up plugin path handling

2017-01-25 Thread David Sommerseth
_PLUGIN_SEARCH macro without changing a .c/.h file. Does this block even make sense to enable at all? So, as this patch got "clean-up" and "plugin path handling" in the subject, lets cover a few more aspects of this clean-up :) -- kind regards, D

[Openvpn-devel] [PATCH] git: Merge .gitignore files into a single file

2017-01-20 Thread David Sommerseth
if changes needs to be done. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- .gitignore| 5 + sample/sample-keys/.gitignore | 1 - tests/unit_tests/.gitignore | 1 - vendor/.gitignore | 2 -- 4 files changed, 5 insertions(+), 4 deletions(-) delet

Re: [Openvpn-devel] [PATCH 1/2] use automake tools to install systemd files

2017-01-20 Thread David Sommerseth
gt; WorkingDirectory=/etc/openvpn/server > -ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log > --status-version 2 --suppress-timestamps --config %i.conf > +ExecStart=@sbindir@ --status %t/openvpn-server/status-%i.log > --status-version 2 --suppress-timestamps --confi

Re: [Openvpn-devel] [PATCH] add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

2017-01-20 Thread David Sommerseth
t new patches should go into the master branch primarily, unless it is fixing a bug or another issue which is only relevant for specific release branches? -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature --

Re: [Openvpn-devel] [PATCH 2/2] do not race on RuntimeDirectory

2017-01-20 Thread David Sommerseth
sers might more see this as a sample configuration for OpenVPN and be even more confused. I propose ... either rename this file to tmpfiles.d--openvpn.conf or move this openvpn.conf inside a tmpfiles.d/ subdirectory inside the ./distro/systemd/ director

Re: [Openvpn-devel] [PATCH applied] Add a check for -Wl, --wrap support in linker

2017-01-20 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/01/17 21:38, Selva Nair wrote: > > On Fri, Jan 20, 2017 at 1:16 PM, David Sommerseth > <dav...@openvpn.net <mailto:dav...@openvpn.net>> wrote: > > Your patch has been applied to the fol

Re: [Openvpn-devel] [PATCH] Use SHA256 for the internal digest, instead of MD5

2017-01-20 Thread David Sommerseth
est(>c2.pulled_options_state, _orig, > - >options); > +push_update_digest(>c2.pulled_options_state, _orig); And this too is also a revert of the same commit as above. Had it been just a simple rebase, I'd be willing to tackle that on-t

Re: [Openvpn-devel] [PATCH] Feedback wanted: proof-of-concept recvmmsg() support

2017-01-25 Thread David Sommerseth
an gain even more performance if looking into sendmmsg() as well. I'll try to play a bit with this patch and see how things go on my side though. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature --

Re: [Openvpn-devel] [PATCH] Resolving several travis-ci issues:

2017-01-25 Thread David Sommerseth
://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13843.html That approach got rejected and we went for this [2] approach instead, will that change anything in regards to the changes in this patch? [2] <https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13911.html>

[Openvpn-devel] [PATCH] systemd: Move the READY=1 signalling to an earlier point

2017-01-24 Thread David Sommerseth
cate we're in a good state - even though that update will still not be visible if --chroot is used (as before this patch). Trac: #827, #801 Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/openvpn/init.c | 29 ++--- 1 file changed, 10 insertions(+), 19 dele

Re: [Openvpn-devel] [PATCH applied] systemd: Move the READY=1 signalling to an earlier point

2017-01-25 Thread David Sommerseth
041fd6488434b5df01f86dd873b536a2b690ee13 (release/2.4) Author: David Sommerseth Date: Wed Jan 25 00:23:44 2017 +0100 systemd: Move the READY=1 signalling to an earlier point Trac: #827, #801 Signed-off-by: David Sommerseth <dav...@openvpn.net> Acked-by: Gert Doering <g...@greenie.muc.de>

Re: [Openvpn-devel] [PATCH applied] systemd: Use automake tools to install unit files

2017-01-25 Thread David Sommerseth
ca5b4c2aad2370be7862660d274b7485f2d0af71 (master) commit a125229f509b593dff7ecc24e21b3de384b3fa98 (release/2.4) Author: Christian Hesse Date: Tue Jan 24 15:39:46 2017 +0100 systemd: Use automake tools to install unit files Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerset

Re: [Openvpn-devel] [PATCH applied] systemd: Do not race on RuntimeDirectory

2017-01-25 Thread David Sommerseth
Hesse Date: Tue Jan 24 15:39:47 2017 +0100 systemd: Do not race on RuntimeDirectory Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <20170124143947.27385-2-l...@eworm.de> URL: https://ww

Re: [Openvpn-devel] [PATCH applied] systemd: Add more security feature for systemd units

2017-01-25 Thread David Sommerseth
Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <20161227221832.610-1-l...@eworm.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13743.html Signed-off-by: Dav

[Openvpn-devel] [PATCH] dev-tools: Simple tool wihch automates rebasing LZ4 compat library

2017-01-25 Thread David Sommerseth
This tool depends on a cloned upstream LZ4 git repository and a checked out release tag. Then run the script like this: $ ./dev-tools/lz4-rebaser.sh /path/to/lz4.git To see the result before committing, use: git diff --cached Signed-off-by: David Sommerseth <dav...@openvpn.net> --

Re: [Openvpn-devel] [PATCH applied] Clean up plugin path handling

2017-01-25 Thread David Sommerseth
: Christian Hesse Date: Wed Jan 25 21:19:47 2017 +0100 Clean up plugin path handling Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <20170125201947.17197-1-l...@eworm.de> URL: http://www.mail-archiv

[Openvpn-devel] Updates to the git repositories

2017-02-21 Thread David Sommerseth
e 'git verify-commit' to verify specific commits. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJYrFVyAAoJEIbPlEyWcf3yQQYP/2I2IhT3fXhSZCAKjrfZfKah 1ymuSGfJMeef+PRpmPn5kzz1b4swOib73oBB+j8pPC6N

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-21 Thread David Sommerseth
to the SoB when it comes to documentation and text snippets (unless it is a massive contribution). -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread David Sommerseth
On 22/02/17 10:54, Antonio Quartulli wrote: > On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote: >> On 22-02-17 08:39, Gert Doering wrote: >>> On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: >>>>>> >From d97f526a2ddbf2abe60a6

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-21 Thread David Sommerseth
On 13/02/17 21:16, David Sommerseth wrote: > On 13/02/17 20:50, Christian Hesse wrote: >> And a lot more has to be done... There's a long list of packages to be >> fixed. Sadly openssl developers do not care about ABI and API stability >> or compatibility. :( > > I do

Re: [Openvpn-devel] [PATCH] dev-tools: Simple tool wihch automates rebasing LZ4 compat library

2017-02-20 Thread David Sommerseth
On 20/02/17 14:03, Gert Doering wrote: > Hi, > > On Wed, Jan 25, 2017 at 09:53:02PM +0100, David Sommerseth wrote: >> This tool depends on a cloned upstream LZ4 git repository and a >> checked out release tag. Then run the script like this: >> >>$ ./dev-tool

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-18 Thread David Sommerseth
n RHEL 6 though. So unless your travis script is clever enough to only test OpenSSL v1.0.1e on RHEL, CentOS or ScientificLinux *or* build OpenSSL using the CentOS source RPM ... then I am not surprised things may fail. Red Hat may very well have fixed some bugs which we're hitting. -- kind

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

2017-02-19 Thread David Sommerseth
ll just work, or otherwise just needs some minor tweaking. RHEL6 ships with OpenSSL 1.0.1e. We don't need anything older for git master, and I would even argue release/2.4. RHEL5 (which goes EOL by end of next month) ships with OpenSSL 0.9.8e. So I vote for ditching 0.9.8e now. -- kind regards, Davi

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-19 Thread David Sommerseth
On 19/02/17 05:48, Илья Шипицин wrote: > > > 2017-02-19 4:16 GMT+05:00 David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>>: > > On 18/02/17 08:34, Илья Шипицин wrote: > > I added openssl-1.0.

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-17 Thread David Sommerseth
olding anything back. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech site

[Openvpn-devel] [PATCH] cleanup: Remove faulty env processing functions

2017-02-24 Thread David Sommerseth
The env_set_add_to_environmenti() and env_set_remove_from_environment() functions where not used in the code at all and they would cause an ASSERT() in setenv_str_ex() later on, as it would not allow the struct env_set *es pointer to be NULL (misc.c:807). Signed-off-by: David Sommerseth <

Re: [Openvpn-devel] [PATCH] cleanup: Remove faulty env processing functions

2017-02-25 Thread David Sommerseth
() which checks if the pointer to a struct set_env is NULL or not. If it is NULL, it stops. And these two functions ends up calling setenv_str_ex() with struct env_set *es = NULL; -- kind regards, David Sommerseth OpenVPN Technologies, Inc > 2017-02-25 7:02 GMT+05:00 David Sommerseth &

Re: [Openvpn-devel] [PATCH] Ignore auth-nocache for auth-user-pass if auth-token is pushed

2017-02-25 Thread David Sommerseth
w and ACK/NAK it. I'm not able to be objective on this patch. -- kind regards, David Sommerseth OpenVPN Technologies, Inc diff --git a/src/openvpn/init.c b/src/openvpn/init.c index dc63475..3603c36 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1253,6 +1253,18 @@ initialization_se

Re: [Openvpn-devel] [PATCH] cleanup: Remove faulty env processing functions

2017-02-25 Thread David Sommerseth
Normal builds should generally not be built with ENABLE_DEBUG, that is a intended as a "developer mode". We should generally avoid '#if 0' or even '#if 1' as much as possible in the code. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.

[Openvpn-devel] [PATCH v2 0/3] LZ4 updates

2017-02-21 Thread David Sommerseth
git-send-email-dav...@openvpn.net> <http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13576.html> Christian Hesse (1): Replace deprecated LZ4 function David Sommerseth (2): dev-tools: lz4-rebaser tool carried a typo lz4: Rebase compat-lz4 against upstream v1.7.5

[Openvpn-devel] [PATCH v2 3/3] Replace deprecated LZ4 function

2017-02-21 Thread David Sommerseth
From: Christian Hesse The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler gives warning: warning: ‘LZ4_compress_limitedOutput’ is deprecated: use LZ4_compress_default() instead The new function LZ4_compress_default() appeared in r129 (1.7.0), so replace the

[Openvpn-devel] [PATCH v2 1/3] dev-tools: lz4-rebaser tool carried a typo

2017-02-21 Thread David Sommerseth
The HAVE_CONFIG_H block which gets added to compat-lz4.c was missing a # before the first ifdef statement. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- dev-tools/lz4-rebaser.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/lz4-rebaser.sh b/dev

[Openvpn-devel] [PATCH v2 2/3] lz4: Rebase compat-lz4 against upstream v1.7.5

2017-02-21 Thread David Sommerseth
This rebase is done using the new lz4-rebaser.sh tool The lz4 v1.7.5 is based on commit 7bb64ff2b69a9f8367 in git://github.com/lz4/lz4 Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/compat/compat-lz4.c | 830 +++- src/compat/compat

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-17 Thread David Sommerseth
Sv1.3 from openssl-1.1 will not be backported, as the code has changed too much since the 1.0.1 baseline. But I would be surprised if a future RHEL 8 does not ship with openssl-1.1.x -- kind regards, David Sommerseth OpenVPN Technologies, In

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-13 Thread David Sommerseth
this year, I'll try to dig up the slides from Tomas Mraz who had the talk. It was quite informative why it was needed to break several APIs in v1.1. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread David Sommerseth
res ;-) > I've created my share of weird git e-mails in the past :-) - so what I've > started to do is "send the mail to myself" (if possible, on a different > account) and then verify if the result is what I want to see... That's

Re: [Openvpn-devel] [PATCH 2/2] do not race on RuntimeDirectory

2017-01-24 Thread David Sommerseth
On 24/01/17 15:36, Christian Hesse wrote: > David Sommerseth <open...@sf.lists.topphemmelig.net> on Fri, 2017/01/20 21:55: >> On 27/12/16 23:15, Christian Hesse wrote: >>> From: Christian Hesse <m...@eworm.de> >>> >>> Different unit instan

Re: [Openvpn-devel] [PATCH 2/2] do not race on RuntimeDirectory

2017-01-24 Thread David Sommerseth
And this Makefile.am is so small and isolated it is good enough for me. If we regret it later on, it's an easy move into a tmpfiles.d subdir. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Descr

Re: [Openvpn-devel] [PATCH] Add a check for -Wl, --wrap support in linker

2017-01-19 Thread David Sommerseth
stalled could run some tests with this patch by EOB tomorrow (Friday Jan 20). If I don't hear any objects by then, I am going to give this an ACK without the AC_DEFINE line (unless good arguments having this in config.h surfaces). Selva, if you don't mind ... I can use this patch and just take out

Re: [Openvpn-devel] [openvpn-devel] --auth RSA-SHA512 vs --auth SHA512

2017-01-18 Thread David Sommerseth
variants (there are a few exceptions). And as I understand the code, the RSA-* stuff is just ignored, as that is not used by by HMAC functions in our code. So using --auth SHA512 would provide the same result. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -BEGIN PGP SIGNATURE

Re: [Openvpn-devel] [PATCH applied] man: fix formatting for alternative option

2017-01-18 Thread David Sommerseth
er) commit 6204fccb2441b5bae8b3f6e0b31a4a0b232fc8e6 (release/2.4) Author: Christian Hesse Date: Wed Dec 28 08:54:20 2016 +0100 man: fix formatting for alternative option Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerseth <dav...@openvpn.n

Re: [Openvpn-devel] [PATCH applied] More broadly enforce Allman style and braces-around-conditionals

2017-01-18 Thread David Sommerseth
.com/openvpn-devel@lists.sourceforge.net/msg13875.html Signed-off-by: David Sommerseth <dav...@openvpn.net> - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYf8qpAAoJEIbPlEyWcf3yitwQAMZbK+6pQ062y2lnIEusYAR/ PPi44

Re: [Openvpn-devel] [PATCH] Add a check for -Wl, --wrap support in linker

2017-01-19 Thread David Sommerseth
On 19/01/17 16:32, Selva Nair wrote: > Hi, > > Thanks for the comments. > > On Thu, Jan 19, 2017 at 9:41 AM, David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>> wrote: > > Any reason to have this AC_

Re: [Openvpn-devel] [PATCH applied] Add a check for -Wl, --wrap support in linker

2017-01-20 Thread David Sommerseth
ed-by: David Sommerseth <dav...@openvpn.net> Message-Id: <1484772172-19758-1-git-send-email-selva.n...@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13897.html Signed-off-by: David Sommerseth <dav...@openvpn.net> - -- kind regards,

Re: [Openvpn-devel] Should we use mbedTLS certificate profiles?

2017-02-27 Thread David Sommerseth
not something which changes much. So in 5 or 10 years from now, "standard" may just as much be "legacy". Hence my suggestion for "preferred"; this is what we prefer now. "legacy" is

[Openvpn-devel] [RFC] - Enable 2FA to be used with renegotiations

2016-08-25 Thread David Sommerseth
try to make the overall implementation more transparent, easy to review and easier to git bisect when needing to debug. Each commit level should compile cleanly. Please feel free to comment inline. - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.2

Re: [Openvpn-devel] [PATCH (master)] Drop gnu89/c89 support, switch to c99

2016-08-29 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30/08/16 00:20, David Sommerseth wrote: > On 29/08/16 23:32, Steffan Karger wrote: >> HI, > >> On 29 August 2016 at 23:03, David Sommerseth >> <open...@sf.lists.topphemmelig.net> wrote: >>> On 29/08/16 22:45

Re: [Openvpn-devel] [PATCH (master)] Drop gnu89/c89 support, switch to c99

2016-08-29 Thread David Sommerseth
That should happen automatically. Some CentOS 5.11 details: glibc-2.5-123.el5_11.3 glibc-headers-2.5-123.el5_11.3 gcc-4.1.2-55.el5 openssl-0.9.8e-40.el5_11 lzo-2.02-2.el5.1 - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcB

Re: [Openvpn-devel] [PATCH (master)] Drop gnu89/c89 support, switch to c99

2016-08-29 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29/08/16 22:45, David Sommerseth wrote: > On 28/08/16 21:42, Steffan Karger wrote: >> Previously, we would use the compiler's default C version, which >> defaults to gnu89 for GCC < 5, gnu11 for GCC > 5, and c11 for >

Re: [Openvpn-devel] [PATCH v4 2/4] Re-implement the systemd support using the new query user API

2016-08-12 Thread David Sommerseth
On 12/08/16 06:11, Selva Nair wrote: > (sending again with the list in CC:) > > Mon, Aug 8, 2016 at 3:28 PM, David Sommerseth <dav...@openvpn.net > <mailto:dav...@openvpn.net>> wrote: > > This provides exactly the same systemd functionality which exist

Re: [Openvpn-devel] autoconf/automake warnings

2016-08-12 Thread David Sommerseth
ts). In this case, autotools doesn't even need to be installed (with the exception of libtool, iirc) ... but that's a discussion outside this mail-thread, though. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAletnZUACgkQDC186MBRfrqt3wCfT+fo+9haooMUHZ2MUxlekWeY ex8AnRcCNQey/fEbTakJSbrgUqzeULP2 =bN9r -END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Change timestamps to POSIX format.

2016-08-12 Thread David Sommerseth
e way. It would be great if as many as possible could put this into somewhat limited production environment for testing if this breaks any thing *and* report back after a while; even if no issues where detected. - -- kind regards, David Somme

Re: [Openvpn-devel] autoconf/automake warnings

2016-08-12 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/16 03:14, Selva Nair wrote: > > > On Thu, Aug 11, 2016 at 2:50 PM, David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>> wrote: > > -BEGIN PGP SIGNED M

[Openvpn-devel] [PATCH v4.1 2/4] Re-implement the systemd support using the new query user API

2016-08-12 Thread David Sommerseth
lify alternatives definition directly in console.h. For now only depend on ENABLE_SYSTEMD] [v2 - Removed the QUERY_USER_FOREACH macro] Signed-off-by: David Sommerseth <dav...@openvpn.net> --- configure.ac | 2 +- src/openvpn/Makefile.am | 2 +- src/openvpn

Re: [Openvpn-devel] Dropping Windows Vista / XP support?

2016-09-07 Thread David Sommerseth
ct our users, even though we might not put much maintenance resources into the core OpenVPN code. Of course, we'll fix critical bugs and so on, but I don't see that will take a lot of resources as things are right now. Once we officially claim XP/Vista as unsupported, we can consider to drop Open

Re: [Openvpn-devel] Modernising the management interface

2016-09-07 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/08/16 20:55, David Sommerseth wrote: > > Hi, > > I have for a long time pondered on how we can make the management > API more suitable for more modern tools and tasks. So I am just > giving an extremely early heads-up on

Re: [Openvpn-devel] Modernising the management interface

2016-09-07 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/09/16 19:28, David Sommerseth wrote: > On 31/08/16 20:55, David Sommerseth wrote: > >> Hi, > >> I have for a long time pondered on how we can make the management >> API more suitable for more modern tools and task

Re: [Openvpn-devel] [PATCH] Do not abort t_client run if OpenVPN instance does not start.

2016-09-16 Thread David Sommerseth
> of sub-tests for test run $SUF.\n" >&2 trap - 0 1 2 3 15 -exit 10 > + SUMMARY_FAIL="$SUMMARY_FAIL $SUF" + exit_code=30 + continue fi > > # compare whether anything changed in ifconfig/route setup? > ACK. This looks reasonable and if

Re: [Openvpn-devel] [PATCH applied] Drop gnu89/c89 support, switch to c99

2016-09-16 Thread David Sommerseth
tef...@karger.me> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: 1472760870-11769-1-git-send-email-stef...@karger.me URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg00194.html Signed-off-by: David Sommerseth <dav...@openvpn.net>

Re: [Openvpn-devel] [PATCH applied] Do not abort t_client run if OpenVPN instance does not start.

2016-09-16 Thread David Sommerseth
not abort t_client run if OpenVPN instance does not start. Signed-off-by: Gert Doering <g...@greenie.muc.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: 20160913200458.9906-1-g...@greenie.muc.de URL: http://www.mail-archive.com/search?l=mid=20160913200

Re: [Openvpn-devel] [RFC] - Enable 2FA to be used with renegotiations

2016-09-16 Thread David Sommerseth
On 25/08/16 15:45, David Sommerseth wrote: > > Hi, > [...snip...] > > What the patch-set does is: > > - Add --auth-gen-token, and when used the following steps happens > > - After a successful normal user/password authentication, it will > generate a random

Re: [Openvpn-devel] [PATCH applied] Make gnu89 support explicit

2016-09-16 Thread David Sommerseth
GS setting. Your patch has been applied to the release/2.3 branch. commit 130c27b1f24a33c77e01b2cf82c3427699153967 Author: Steffan Karger Date: Fri Sep 16 17:40:36 2016 +0200 Make gnu89 support explicit Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: David

Re: [Openvpn-devel] [PATCH applied] cleanup: remove code duplication in msg_test()

2016-09-16 Thread David Sommerseth
: remove code duplication in msg_test() Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: 1472757207-17900-1-git-send-email-stef...@karger.me URL: https://www.mail-archive.com/openvpn-devel@lists.sou

[Openvpn-devel] [PATCH] t_client.sh: Make OpenVPN write PID file to avoid various sudo issues

2016-09-17 Thread David Sommerseth
This resolves an issue where $! returns the PID of the sudo process instead of the PID of OpenVPN and when sudo does not properly propagate signales down to OpenVPN. Trac: #738 Signed-off-by: David Sommerseth <dav...@openvpn.net> --- tests/t_client.sh.in | 6 +- 1 file changed, 5 inse

[Openvpn-devel] [PATCHv3] t_client.sh: Add support for Kerberos/ksu

2016-09-17 Thread David Sommerseth
] [ v3 - Kick out bashism - '&>' redirect ] Signed-off-by: David Sommerseth <dav...@openvpn.net> --- tests/t_client.sh.in | 40 +++- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/tests/t_client.sh.in b/tests/t_client.sh.in index fc8

[Openvpn-devel] [PATCH] t_client.sh: Improve detection if the OpenVPN process did start during tests

2016-09-17 Thread David Sommerseth
). The umask is also set to a more permissive mode to ensure the test script is capable of reading the OpenVPN PID file, as that will be created by root. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- tests/t_client.sh.in | 46 +- 1 file chang

Re: [Openvpn-devel] [PATCH applied] Add SHA256 fingerprint support

2016-09-17 Thread David Sommerseth
fingerprint support Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: 1462479247-21854-1-git-send-email-stef...@karger.me Message-Id: 1474055635-7427-1-git-send-email-stef...@karger.me URL: http

Re: [Openvpn-devel] how is debug/doval and debug/dovalns are supposed to be used ?

2016-09-17 Thread David Sommerseth
l ? This is tackled via the --with-mem-check argument to ./configure. $ ./configure --with-mem-check=valgrind That should make valgrind runs look far more reasonable. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQI

[Openvpn-devel] [PATCHv2] Document the --auth-token option

2016-09-17 Thread David Sommerseth
-off-by: David Sommerseth <dav...@openvpn.net> --- doc/openvpn.8 | 56 ++-- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 2f42636..be9dc47 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

2016-09-18 Thread David Sommerseth
is needs to be checked far more carefully and compared against all the callers of format_hex_ex(). The question which pops up in my head is: Is this patch purely targeted to silence a code analyser warning? If so, this is most likely not the right fix for the OpenVPN code base. - -- kind

Re: [Openvpn-devel] [PATCH applied] Fix t_client runs on OpenSolaris

2016-09-20 Thread David Sommerseth
t_client runs on OpenSolaris Signed-off-by: Gert Doering <g...@greenie.muc.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: 20160920091914.37585-1-g...@greenie.muc.de URL: http://www.mail-archive.com/search?l=mid=20160920091914.37585-1-g...@gr

[Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

2016-09-22 Thread David Sommerseth
to 4096 bytes, regardless of the --enable-pkcs11 state. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/openvpn/misc.h | 9 +++-- 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index b694096..31ea10e 100644 --- a/src/o

Re: [Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

2016-09-22 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/09/16 12:04, David Sommerseth wrote: > If running an OpenVPN client with --enable-pkcs11 and a server > without and having a username and/or password with more than 128 > characters, the authentication will fail as the server

Re: [Openvpn-devel] Linux: Use /tmp for log problem ?

2016-09-22 Thread David Sommerseth
the systemd.exec(5) man page for more info. Simple and brief enough? ;-) > That said, you probably would not need a logfile, as you can view > them with > > $ journalctl /usr/sbin/openvpn Interesting approach. It is usually better to use $ journalctl -u openvpn@CONFIG If y

Re: [Openvpn-devel] Linux: Use /tmp for log problem ? (solved)

2016-09-22 Thread David Sommerseth
ect. There's nothing >> OpenVPN can do about this, it's one of those weird idiosyncracies >> of systemd. >> >> HTH, >> >> JJK >> >> > Thanks JJK, this was *exactly* the problem .. I removed > PrivateTmp=True from the unit file, (which I had over l

Re: [Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

2016-09-22 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/09/16 18:43, Selva Nair wrote: > Hi, > > On Thu, Sep 22, 2016 at 6:04 AM, David Sommerseth > <dav...@openvpn.net <mailto:dav...@openvpn.net>> wrote: > > If running an OpenVPN client with --enable-pkcs11 and

[Openvpn-devel] [PATCH/RFC] Remove global allocation of HTTP proxy user/password

2016-09-22 Thread David Sommerseth
come too. David Sommerseth (1): Remove static global allocation of HTTP proxy user/passwords src/openvpn/ntlm.c | 16 src/openvpn/proxy.c | 41 + src/openvpn/proxy.h | 2 +- 3 files changed, 38 insertions(+), 21 deletions(-) -BEGIN

[Openvpn-devel] [PATCH] Remove static global allocation of HTTP proxy user/passwords

2016-09-22 Thread David Sommerseth
This avoids allocating static memory which is not used unless the a HTTP proxy with authentication is configured. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/openvpn/ntlm.c | 16 src/openvpn/proxy.c | 41 + src/o

Re: [Openvpn-devel] [PATCH] Remove static global allocation of HTTP proxy user/passwords

2016-09-23 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/09/16 22:51, Selva Nair wrote: > Hi, > > On Thu, Sep 22, 2016 at 3:40 PM, David Sommerseth > <dav...@openvpn.net <mailto:dav...@openvpn.net>> wrote: > > This avoids allocating static memory which is not

Re: [Openvpn-devel] [PATCH] enable "--disable-crypto" build configuration

2016-09-26 Thread David Sommerseth
ght think about > this next May". +1 ... Due to _exactly_ this reasoning, it was on my "If I have time this week"-list. Thanks Gert for taking care of it! - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGB

Re: [Openvpn-devel] Preview of OpenVPN 2.1.4 Debian and Ubuntu packages

2010-11-08 Thread David Sommerseth
ght have overseen something ... In general, I'm terribly sorry I haven't had time to follow up on the patch queue lately. But if all goes as I hope/plan, I'm going to spend some time this week and weekend going through patches. That implies also evaluating patches for inclusion into the coming 2.2-beta4

Re: [Openvpn-devel] [PATCH] Remove hardcoded path to resolvconf

2010-11-10 Thread David Sommerseth
most bash versions? We must consider that there are some old systems with older bash installations which we might break. I'd rather see a similar patch which checks the exit code instead of something more undefined like this approach. Also for clarity in the code of what we expect or n

Re: [Openvpn-devel] Architecture diagram & Theory of Operation documents

2010-11-12 Thread David Sommerseth
seem to have a knack for finding > sore spots, we need that. I second Gert's comment as well, JJK ;-) We need people like you for sure! kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - ht

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread David Sommerseth
ilable, it is still possible to build the rest of OpenVPN. You might even manage to install the unsigned TUN/TAP driver with some tweaking. kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ i

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/10 17:55, Peter Stuge wrote: > David Sommerseth wrote: >>>> Modified win/build_all.py so that build does not fail even if >>>> the optional signtool python class is not available. >>> >>> What is

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

2010-11-12 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/10 18:11, Samuli Seppänen wrote: > >> On 12/11/10 17:55, Peter Stuge wrote: >>> David Sommerseth wrote: >>>>>> Modified win/build_all.py so that build does not fail even if >>>>>&g

  1   2   3   4   5   6   7   8   9   10   >