Re: [Openvpn-devel] autoconf/automake warnings

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/16 20:27, Selva Nair wrote: > > On Fri, Aug 12, 2016 at 6:30 AM, David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>> wrote: > > On 12/08/16 03:14, Selva Nair wr

Re: [Openvpn-devel] [PATCH] add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

ion are too easily ignored. -- kind regards, David Sommerseth OpenVPN Technologies, Inc > On 30/01/2017 08:48, Илья Шипицин wrote: >> can we merge it ? >> @mattock ? >> >> 2017-01-21 13:47 GMT+05:00 Илья Шипицин <chipits...@gmail.com >> <mailto:chipi

Re: [Openvpn-devel] [PATCH applied] github: Add PR template with contributor related information

ntributor related information Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <1486364115-9801-1-git-send-email-chipits...@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14010.html Signed-off-by: David Sommerset

Re: [Openvpn-devel] [PATCH applied] github: Add PR template with contributor related information

ommit. Many calls this process the "personal hygiene step". It's a fairly good description of the importance of doing so. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Descriptio

Re: [Openvpn-devel] [PATCH applied] github: Add PR template with contributor related information

ge text. And it just takes a quick look at our git log to see that we try to stay beyond that limit. We do sometimes exceed 50 characters, and we let that pass silently. But more than 3 times longer, then something must be done. -- kind regards, David Sommerseth OpenVPN

Re: [Openvpn-devel] [PATCH] add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

On 02/02/17 09:27, Samuli Seppänen wrote: > On 31/01/2017 15:49, David Sommerseth wrote: >> On 30/01/17 13:34, Samuli Seppänen wrote: >>> I agree with you on keeping the pull request template minimal and having >>> the more fine-grained information in Trac. >>&g

Re: [Openvpn-devel] [PATCH applied] github: Add PR template with contributor related information

e much to say for the future in this regards. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's

Re: [Openvpn-devel] [PATCH applied] Use SHA256 for the internal digest, instead of MD5

Use SHA256 for the internal digest, instead of MD5 Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <1485101081-9784-1-git-send-email-stef...@karger.me> URL: https://www.mail-archive

Re: [Openvpn-devel] [PATCH applied] git: Merge .gitignore files into a single file

: David Sommerseth Date: Fri Jan 20 22:04:57 2017 +0100 git: Merge .gitignore files into a single file Signed-off-by: David Sommerseth <dav...@openvpn.net> Acked-by: Steffan Karger <stef...@karger.me> Message-Id: <20170120210457.3383-1-dav...@openvpn.net>

Re: [Openvpn-devel] [PATCH applied] git: Merge .gitignore files into a single file

On 23/01/17 01:23, David Sommerseth wrote: > Your patch has been applied to the following branches > > commit d14b3c60c7796736e07bc3cddb0ab3a58475793e (master) > commit 61da0031b2a0036680d9e0f822619ecc116f1178 (release/2.3) > commit 2a7c994ca5b1583bc0f78c46be5b3a827f970b9

[Openvpn-devel] [PATCH] plugin: Improve the handling of default plug-in directory

option. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- doc/openvpn.8| 28 src/openvpn/plugin.c | 18 +- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index e3d603e..a8d06f3 100644 ---

Re: [Openvpn-devel] [PATCH applied] plugin: Remove GNUism in openvpn-plugin.h generation

t;m...@eworm.de> Acked-by: Gert Doering <g...@greenie.muc.de> Message-Id: <20170127084927.21040-1-l...@eworm.de> URL: http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13966.html Signed-off-by: David Sommerseth <dav...@openvpn.net> -

Re: [Openvpn-devel] [PATCH] Resolving several travis-ci issues:

ers. We don't like to do spoon feeding ;-) And a git trick, which you can instantly benefit from ... when doing git commit ... add the -s argument ;-) -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -

Re: [Openvpn-devel] [PATCH] Resolving several travis-ci issues:

On 27/01/17 17:58, Selva Nair wrote: > > On Fri, Jan 27, 2017 at 10:08 AM, David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>> wrote: > > On 27/01/17 14:56, Илья Шипицин wrote: > > > >

Re: [Openvpn-devel] [PATCH v3 1/1] Clean up plugin path handling

_PLUGIN_SEARCH macro without changing a .c/.h file. Does this block even make sense to enable at all? So, as this patch got "clean-up" and "plugin path handling" in the subject, lets cover a few more aspects of this clean-up :) -- kind regards, D

[Openvpn-devel] [PATCH] git: Merge .gitignore files into a single file

if changes needs to be done. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- .gitignore| 5 + sample/sample-keys/.gitignore | 1 - tests/unit_tests/.gitignore | 1 - vendor/.gitignore | 2 -- 4 files changed, 5 insertions(+), 4 deletions(-) delet

Re: [Openvpn-devel] [PATCH 1/2] use automake tools to install systemd files

gt; WorkingDirectory=/etc/openvpn/server > -ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log > --status-version 2 --suppress-timestamps --config %i.conf > +ExecStart=@sbindir@ --status %t/openvpn-server/status-%i.log > --status-version 2 --suppress-timestamps --confi

Re: [Openvpn-devel] [PATCH] add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

t new patches should go into the master branch primarily, unless it is fixing a bug or another issue which is only relevant for specific release branches? -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature --

Re: [Openvpn-devel] [PATCH 2/2] do not race on RuntimeDirectory

sers might more see this as a sample configuration for OpenVPN and be even more confused. I propose ... either rename this file to tmpfiles.d--openvpn.conf or move this openvpn.conf inside a tmpfiles.d/ subdirectory inside the ./distro/systemd/ director

Re: [Openvpn-devel] [PATCH applied] Add a check for -Wl, --wrap support in linker

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/01/17 21:38, Selva Nair wrote: > > On Fri, Jan 20, 2017 at 1:16 PM, David Sommerseth > <dav...@openvpn.net <mailto:dav...@openvpn.net>> wrote: > > Your patch has been applied to the fol

Re: [Openvpn-devel] [PATCH] Feedback wanted: proof-of-concept recvmmsg() support

an gain even more performance if looking into sendmmsg() as well. I'll try to play a bit with this patch and see how things go on my side though. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature --

Re: [Openvpn-devel] [PATCH] Resolving several travis-ci issues:

://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13843.html That approach got rejected and we went for this [2] approach instead, will that change anything in regards to the changes in this patch? [2] <https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13911.html>

[Openvpn-devel] [PATCH] systemd: Move the READY=1 signalling to an earlier point

cate we're in a good state - even though that update will still not be visible if --chroot is used (as before this patch). Trac: #827, #801 Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/openvpn/init.c | 29 ++--- 1 file changed, 10 insertions(+), 19 dele

Re: [Openvpn-devel] [PATCH applied] systemd: Move the READY=1 signalling to an earlier point

041fd6488434b5df01f86dd873b536a2b690ee13 (release/2.4) Author: David Sommerseth Date: Wed Jan 25 00:23:44 2017 +0100 systemd: Move the READY=1 signalling to an earlier point Trac: #827, #801 Signed-off-by: David Sommerseth <dav...@openvpn.net> Acked-by: Gert Doering <g...@greenie.muc.de>

Re: [Openvpn-devel] [PATCH applied] systemd: Use automake tools to install unit files

ca5b4c2aad2370be7862660d274b7485f2d0af71 (master) commit a125229f509b593dff7ecc24e21b3de384b3fa98 (release/2.4) Author: Christian Hesse Date: Tue Jan 24 15:39:46 2017 +0100 systemd: Use automake tools to install unit files Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerset

Re: [Openvpn-devel] [PATCH applied] systemd: Do not race on RuntimeDirectory

Hesse Date: Tue Jan 24 15:39:47 2017 +0100 systemd: Do not race on RuntimeDirectory Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <20170124143947.27385-2-l...@eworm.de> URL: https://ww

Re: [Openvpn-devel] [PATCH applied] systemd: Add more security feature for systemd units

Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <20161227221832.610-1-l...@eworm.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13743.html Signed-off-by: Dav

[Openvpn-devel] [PATCH] dev-tools: Simple tool wihch automates rebasing LZ4 compat library

This tool depends on a cloned upstream LZ4 git repository and a checked out release tag. Then run the script like this: $ ./dev-tools/lz4-rebaser.sh /path/to/lz4.git To see the result before committing, use: git diff --cached Signed-off-by: David Sommerseth <dav...@openvpn.net> --

Re: [Openvpn-devel] [PATCH applied] Clean up plugin path handling

: Christian Hesse Date: Wed Jan 25 21:19:47 2017 +0100 Clean up plugin path handling Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: <20170125201947.17197-1-l...@eworm.de> URL: http://www.mail-archiv

[Openvpn-devel] Updates to the git repositories

e 'git verify-commit' to verify specific commits. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJYrFVyAAoJEIbPlEyWcf3yQQYP/2I2IhT3fXhSZCAKjrfZfKah 1ymuSGfJMeef+PRpmPn5kzz1b4swOib73oBB+j8pPC6N

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

to the SoB when it comes to documentation and text snippets (unless it is a massive contribution). -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

On 22/02/17 10:54, Antonio Quartulli wrote: > On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote: >> On 22-02-17 08:39, Gert Doering wrote: >>> On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: >>>>>> >From d97f526a2ddbf2abe60a6

Re: [Openvpn-devel] build against openssl 1.1.0

On 13/02/17 21:16, David Sommerseth wrote: > On 13/02/17 20:50, Christian Hesse wrote: >> And a lot more has to be done... There's a long list of packages to be >> fixed. Sadly openssl developers do not care about ABI and API stability >> or compatibility. :( > > I do

Re: [Openvpn-devel] [PATCH] dev-tools: Simple tool wihch automates rebasing LZ4 compat library

On 20/02/17 14:03, Gert Doering wrote: > Hi, > > On Wed, Jan 25, 2017 at 09:53:02PM +0100, David Sommerseth wrote: >> This tool depends on a cloned upstream LZ4 git repository and a >> checked out release tag. Then run the script like this: >> >>$ ./dev-tool

Re: [Openvpn-devel] build against openssl 1.1.0

n RHEL 6 though. So unless your travis script is clever enough to only test OpenSSL v1.0.1e on RHEL, CentOS or ScientificLinux *or* build OpenSSL using the CentOS source RPM ... then I am not surprised things may fail. Red Hat may very well have fixed some bugs which we're hitting. -- kind

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

ll just work, or otherwise just needs some minor tweaking. RHEL6 ships with OpenSSL 1.0.1e. We don't need anything older for git master, and I would even argue release/2.4. RHEL5 (which goes EOL by end of next month) ships with OpenSSL 0.9.8e. So I vote for ditching 0.9.8e now. -- kind regards, Davi

Re: [Openvpn-devel] build against openssl 1.1.0

On 19/02/17 05:48, Илья Шипицин wrote: > > > 2017-02-19 4:16 GMT+05:00 David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>>: > > On 18/02/17 08:34, Илья Шипицин wrote: > > I added openssl-1.0.

Re: [Openvpn-devel] build against openssl 1.1.0

olding anything back. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech site

[Openvpn-devel] [PATCH] cleanup: Remove faulty env processing functions

The env_set_add_to_environmenti() and env_set_remove_from_environment() functions where not used in the code at all and they would cause an ASSERT() in setenv_str_ex() later on, as it would not allow the struct env_set *es pointer to be NULL (misc.c:807). Signed-off-by: David Sommerseth <

Re: [Openvpn-devel] [PATCH] cleanup: Remove faulty env processing functions

() which checks if the pointer to a struct set_env is NULL or not. If it is NULL, it stops. And these two functions ends up calling setenv_str_ex() with struct env_set *es = NULL; -- kind regards, David Sommerseth OpenVPN Technologies, Inc > 2017-02-25 7:02 GMT+05:00 David Sommerseth &

Re: [Openvpn-devel] [PATCH] Ignore auth-nocache for auth-user-pass if auth-token is pushed

w and ACK/NAK it. I'm not able to be objective on this patch. -- kind regards, David Sommerseth OpenVPN Technologies, Inc diff --git a/src/openvpn/init.c b/src/openvpn/init.c index dc63475..3603c36 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1253,6 +1253,18 @@ initialization_se

Re: [Openvpn-devel] [PATCH] cleanup: Remove faulty env processing functions

Normal builds should generally not be built with ENABLE_DEBUG, that is a intended as a "developer mode". We should generally avoid '#if 0' or even '#if 1' as much as possible in the code. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.

[Openvpn-devel] [PATCH v2 0/3] LZ4 updates

git-send-email-dav...@openvpn.net> <http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13576.html> Christian Hesse (1): Replace deprecated LZ4 function David Sommerseth (2): dev-tools: lz4-rebaser tool carried a typo lz4: Rebase compat-lz4 against upstream v1.7.5

[Openvpn-devel] [PATCH v2 3/3] Replace deprecated LZ4 function

From: Christian Hesse The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler gives warning: warning: ‘LZ4_compress_limitedOutput’ is deprecated: use LZ4_compress_default() instead The new function LZ4_compress_default() appeared in r129 (1.7.0), so replace the

[Openvpn-devel] [PATCH v2 1/3] dev-tools: lz4-rebaser tool carried a typo

The HAVE_CONFIG_H block which gets added to compat-lz4.c was missing a # before the first ifdef statement. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- dev-tools/lz4-rebaser.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/lz4-rebaser.sh b/dev

Re: [Openvpn-devel] build against openssl 1.1.0

Sv1.3 from openssl-1.1 will not be backported, as the code has changed too much since the 1.0.1 baseline. But I would be surprised if a future RHEL 8 does not ship with openssl-1.1.x -- kind regards, David Sommerseth OpenVPN Technologies, In

Re: [Openvpn-devel] build against openssl 1.1.0

this year, I'll try to dig up the slides from Tomas Mraz who had the talk. It was quite informative why it was needed to break several APIs in v1.1. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

res ;-) > I've created my share of weird git e-mails in the past :-) - so what I've > started to do is "send the mail to myself" (if possible, on a different > account) and then verify if the result is what I want to see... That's

Re: [Openvpn-devel] [PATCH 2/2] do not race on RuntimeDirectory

On 24/01/17 15:36, Christian Hesse wrote: > David Sommerseth <open...@sf.lists.topphemmelig.net> on Fri, 2017/01/20 21:55: >> On 27/12/16 23:15, Christian Hesse wrote: >>> From: Christian Hesse <m...@eworm.de> >>> >>> Different unit instan

Re: [Openvpn-devel] [PATCH 2/2] do not race on RuntimeDirectory

And this Makefile.am is so small and isolated it is good enough for me. If we regret it later on, it's an easy move into a tmpfiles.d subdir. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Descr

Re: [Openvpn-devel] [PATCH] Add a check for -Wl, --wrap support in linker

stalled could run some tests with this patch by EOB tomorrow (Friday Jan 20). If I don't hear any objects by then, I am going to give this an ACK without the AC_DEFINE line (unless good arguments having this in config.h surfaces). Selva, if you don't mind ... I can use this patch and just take out

Re: [Openvpn-devel] [openvpn-devel] --auth RSA-SHA512 vs --auth SHA512

variants (there are a few exceptions). And as I understand the code, the RSA-* stuff is just ignored, as that is not used by by HMAC functions in our code. So using --auth SHA512 would provide the same result. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -BEGIN PGP SIGNATURE

Re: [Openvpn-devel] [PATCH applied] man: fix formatting for alternative option

er) commit 6204fccb2441b5bae8b3f6e0b31a4a0b232fc8e6 (release/2.4) Author: Christian Hesse Date: Wed Dec 28 08:54:20 2016 +0100 man: fix formatting for alternative option Signed-off-by: Christian Hesse <m...@eworm.de> Acked-by: David Sommerseth <dav...@openvpn.n

Re: [Openvpn-devel] [PATCH applied] More broadly enforce Allman style and braces-around-conditionals

.com/openvpn-devel@lists.sourceforge.net/msg13875.html Signed-off-by: David Sommerseth <dav...@openvpn.net> - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYf8qpAAoJEIbPlEyWcf3yitwQAMZbK+6pQ062y2lnIEusYAR/ PPi44

Re: [Openvpn-devel] [PATCH] Add a check for -Wl, --wrap support in linker

On 19/01/17 16:32, Selva Nair wrote: > Hi, > > Thanks for the comments. > > On Thu, Jan 19, 2017 at 9:41 AM, David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>> wrote: > > Any reason to have this AC_

Re: [Openvpn-devel] [PATCH applied] Add a check for -Wl, --wrap support in linker

ed-by: David Sommerseth <dav...@openvpn.net> Message-Id: <1484772172-19758-1-git-send-email-selva.n...@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13897.html Signed-off-by: David Sommerseth <dav...@openvpn.net> - -- kind regards,

Re: [Openvpn-devel] Should we use mbedTLS certificate profiles?

not something which changes much. So in 5 or 10 years from now, "standard" may just as much be "legacy". Hence my suggestion for "preferred"; this is what we prefer now. "legacy" is

[Openvpn-devel] [RFC] - Enable 2FA to be used with renegotiations

try to make the overall implementation more transparent, easy to review and easier to git bisect when needing to debug. Each commit level should compile cleanly. Please feel free to comment inline. - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.2

Re: [Openvpn-devel] [PATCH (master)] Drop gnu89/c89 support, switch to c99

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30/08/16 00:20, David Sommerseth wrote: > On 29/08/16 23:32, Steffan Karger wrote: >> HI, > >> On 29 August 2016 at 23:03, David Sommerseth >> <open...@sf.lists.topphemmelig.net> wrote: >>> On 29/08/16 22:45

Re: [Openvpn-devel] [PATCH (master)] Drop gnu89/c89 support, switch to c99

That should happen automatically. Some CentOS 5.11 details: glibc-2.5-123.el5_11.3 glibc-headers-2.5-123.el5_11.3 gcc-4.1.2-55.el5 openssl-0.9.8e-40.el5_11 lzo-2.02-2.el5.1 - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcB

Re: [Openvpn-devel] [PATCH v4 2/4] Re-implement the systemd support using the new query user API

On 12/08/16 06:11, Selva Nair wrote: > (sending again with the list in CC:) > > Mon, Aug 8, 2016 at 3:28 PM, David Sommerseth <dav...@openvpn.net > <mailto:dav...@openvpn.net>> wrote: > > This provides exactly the same systemd functionality which exist

Re: [Openvpn-devel] autoconf/automake warnings

ts). In this case, autotools doesn't even need to be installed (with the exception of libtool, iirc) ... but that's a discussion outside this mail-thread, though. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAletnZUACgkQDC186MBRfrqt3wCfT+fo+9haooMUHZ2MUxlekWeY ex8AnRcCNQey/fEbTakJSbrgUqzeULP2 =bN9r -END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Change timestamps to POSIX format.

e way. It would be great if as many as possible could put this into somewhat limited production environment for testing if this breaks any thing *and* report back after a while; even if no issues where detected. - -- kind regards, David Somme

Re: [Openvpn-devel] autoconf/automake warnings

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/16 03:14, Selva Nair wrote: > > > On Thu, Aug 11, 2016 at 2:50 PM, David Sommerseth > <open...@sf.lists.topphemmelig.net > <mailto:open...@sf.lists.topphemmelig.net>> wrote: > > -BEGIN PGP SIGNED M

[Openvpn-devel] [PATCH v4.1 2/4] Re-implement the systemd support using the new query user API

lify alternatives definition directly in console.h. For now only depend on ENABLE_SYSTEMD] [v2 - Removed the QUERY_USER_FOREACH macro] Signed-off-by: David Sommerseth <dav...@openvpn.net> --- configure.ac | 2 +- src/openvpn/Makefile.am | 2 +- src/openvpn

Re: [Openvpn-devel] Dropping Windows Vista / XP support?

ct our users, even though we might not put much maintenance resources into the core OpenVPN code. Of course, we'll fix critical bugs and so on, but I don't see that will take a lot of resources as things are right now. Once we officially claim XP/Vista as unsupported, we can consider to drop Open

Re: [Openvpn-devel] Modernising the management interface

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/08/16 20:55, David Sommerseth wrote: > > Hi, > > I have for a long time pondered on how we can make the management > API more suitable for more modern tools and tasks. So I am just > giving an extremely early heads-up on

Re: [Openvpn-devel] Modernising the management interface

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/09/16 19:28, David Sommerseth wrote: > On 31/08/16 20:55, David Sommerseth wrote: > >> Hi, > >> I have for a long time pondered on how we can make the management >> API more suitable for more modern tools and task

Re: [Openvpn-devel] [PATCH] Do not abort t_client run if OpenVPN instance does not start.

> of sub-tests for test run $SUF.\n" >&2 trap - 0 1 2 3 15 -exit 10 > + SUMMARY_FAIL="$SUMMARY_FAIL $SUF" + exit_code=30 + continue fi > > # compare whether anything changed in ifconfig/route setup? > ACK. This looks reasonable and if

Re: [Openvpn-devel] [PATCH applied] Do not abort t_client run if OpenVPN instance does not start.

not abort t_client run if OpenVPN instance does not start. Signed-off-by: Gert Doering <g...@greenie.muc.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: 20160913200458.9906-1-g...@greenie.muc.de URL: http://www.mail-archive.com/search?l=mid=20160913200

Re: [Openvpn-devel] [RFC] - Enable 2FA to be used with renegotiations

On 25/08/16 15:45, David Sommerseth wrote: > > Hi, > [...snip...] > > What the patch-set does is: > > - Add --auth-gen-token, and when used the following steps happens > > - After a successful normal user/password authentication, it will > generate a random

Re: [Openvpn-devel] [PATCH applied] Make gnu89 support explicit

GS setting. Your patch has been applied to the release/2.3 branch. commit 130c27b1f24a33c77e01b2cf82c3427699153967 Author: Steffan Karger Date: Fri Sep 16 17:40:36 2016 +0200 Make gnu89 support explicit Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: David

[Openvpn-devel] [PATCHv3] t_client.sh: Add support for Kerberos/ksu

] [ v3 - Kick out bashism - '&>' redirect ] Signed-off-by: David Sommerseth <dav...@openvpn.net> --- tests/t_client.sh.in | 40 +++- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/tests/t_client.sh.in b/tests/t_client.sh.in index fc8

[Openvpn-devel] [PATCH] t_client.sh: Improve detection if the OpenVPN process did start during tests

). The umask is also set to a more permissive mode to ensure the test script is capable of reading the OpenVPN PID file, as that will be created by root. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- tests/t_client.sh.in | 46 +- 1 file chang

Re: [Openvpn-devel] [PATCH applied] Add SHA256 fingerprint support

fingerprint support Signed-off-by: Steffan Karger <stef...@karger.me> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: 1462479247-21854-1-git-send-email-stef...@karger.me Message-Id: 1474055635-7427-1-git-send-email-stef...@karger.me URL: http

Re: [Openvpn-devel] how is debug/doval and debug/dovalns are supposed to be used ?

l ? This is tackled via the --with-mem-check argument to ./configure. $ ./configure --with-mem-check=valgrind That should make valgrind runs look far more reasonable. - -- kind regards, David Sommerseth OpenVPN Technologies, Inc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQI

[Openvpn-devel] [PATCHv2] Document the --auth-token option

-off-by: David Sommerseth <dav...@openvpn.net> --- doc/openvpn.8 | 56 ++-- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 2f42636..be9dc47 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

is needs to be checked far more carefully and compared against all the callers of format_hex_ex(). The question which pops up in my head is: Is this patch purely targeted to silence a code analyser warning? If so, this is most likely not the right fix for the OpenVPN code base. - -- kind

Re: [Openvpn-devel] [PATCH applied] Fix t_client runs on OpenSolaris

t_client runs on OpenSolaris Signed-off-by: Gert Doering <g...@greenie.muc.de> Acked-by: David Sommerseth <dav...@openvpn.net> Message-Id: 20160920091914.37585-1-g...@greenie.muc.de URL: http://www.mail-archive.com/search?l=mid=20160920091914.37585-1-g...@gr

[Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

to 4096 bytes, regardless of the --enable-pkcs11 state. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/openvpn/misc.h | 9 +++-- 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index b694096..31ea10e 100644 --- a/src/o

Re: [Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/09/16 12:04, David Sommerseth wrote: > If running an OpenVPN client with --enable-pkcs11 and a server > without and having a username and/or password with more than 128 > characters, the authentication will fail as the server

Re: [Openvpn-devel] Linux: Use /tmp for log problem ?

the systemd.exec(5) man page for more info. Simple and brief enough? ;-) > That said, you probably would not need a logfile, as you can view > them with > > $ journalctl /usr/sbin/openvpn Interesting approach. It is usually better to use $ journalctl -u openvpn@CONFIG If y

Re: [Openvpn-devel] Linux: Use /tmp for log problem ? (solved)

ect. There's nothing >> OpenVPN can do about this, it's one of those weird idiosyncracies >> of systemd. >> >> HTH, >> >> JJK >> >> > Thanks JJK, this was *exactly* the problem .. I removed > PrivateTmp=True from the unit file, (which I had over l

Re: [Openvpn-devel] [PATCH] Have the same username/password length regardless of PKCS#11 enablement

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/09/16 18:43, Selva Nair wrote: > Hi, > > On Thu, Sep 22, 2016 at 6:04 AM, David Sommerseth > <dav...@openvpn.net <mailto:dav...@openvpn.net>> wrote: > > If running an OpenVPN client with --enable-pkcs11 and

[Openvpn-devel] [PATCH/RFC] Remove global allocation of HTTP proxy user/password

come too. David Sommerseth (1): Remove static global allocation of HTTP proxy user/passwords src/openvpn/ntlm.c | 16 src/openvpn/proxy.c | 41 + src/openvpn/proxy.h | 2 +- 3 files changed, 38 insertions(+), 21 deletions(-) -BEGIN

[Openvpn-devel] [PATCH] Remove static global allocation of HTTP proxy user/passwords

This avoids allocating static memory which is not used unless the a HTTP proxy with authentication is configured. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/openvpn/ntlm.c | 16 src/openvpn/proxy.c | 41 + src/o

Re: [Openvpn-devel] [PATCH] Remove static global allocation of HTTP proxy user/passwords

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/09/16 22:51, Selva Nair wrote: > Hi, > > On Thu, Sep 22, 2016 at 3:40 PM, David Sommerseth > <dav...@openvpn.net <mailto:dav...@openvpn.net>> wrote: > > This avoids allocating static memory which is not

Re: [Openvpn-devel] [PATCH] enable "--disable-crypto" build configuration

ght think about > this next May". +1 ... Due to _exactly_ this reasoning, it was on my "If I have time this week"-list. Thanks Gert for taking care of it! - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGB

Re: [Openvpn-devel] Preview of OpenVPN 2.1.4 Debian and Ubuntu packages

ght have overseen something ... In general, I'm terribly sorry I haven't had time to follow up on the patch queue lately. But if all goes as I hope/plan, I'm going to spend some time this week and weekend going through patches. That implies also evaluating patches for inclusion into the coming 2.2-beta4

Re: [Openvpn-devel] [PATCH] Remove hardcoded path to resolvconf

most bash versions? We must consider that there are some old systems with older bash installations which we might break. I'd rather see a similar patch which checks the exit code instead of something more undefined like this approach. Also for clarity in the code of what we expect or n

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

ilable, it is still possible to build the rest of OpenVPN. You might even manage to install the unsigned TUN/TAP driver with some tweaking. kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ i

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/10 17:55, Peter Stuge wrote: > David Sommerseth wrote: >>>> Modified win/build_all.py so that build does not fail even if >>>> the optional signtool python class is not available. >>> >>> What is

Re: [Openvpn-devel] [PATCH] Removed hardcoded signtool dependency from win/build_all.py

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/10 18:11, Samuli Seppänen wrote: > >> On 12/11/10 17:55, Peter Stuge wrote: >>> David Sommerseth wrote: >>>>>> Modified win/build_all.py so that build does not fail even if >>>>>&g

Re: [Openvpn-devel] [PATCH] Socks5 username/password authentication support

commit fc1fa9ffc7e3356458ec38d43816e5ddeb0c580a Author: Pierre Bourdon <delroth@?> List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Oct 11 00:56:04 2010 +0200 kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) C

Re: [Openvpn-devel] [PATCH] TAP driver for Solaris patch

b3674f9d80871f496d1da8 Author: Gert Doering <g...@greenie.muc.de> List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Oct 30 21:03:16 2010 +0200 Make "topology subnet" work on Solaris (ifconfig + route metric changes by Kazuyoshi Aizawa, adding of loc

Re: [Openvpn-devel] Variable common_name can be blank in client-connect script

stead. With such a plug-in you should be able to skip the usage of - --username-as-common-name. I believe this would be a much cleaner approach, as it's the authentication phase which decides if this situation with a blank username is correct or not. kind regards

Re: [Openvpn-devel] [PATCH] Remove hardcoded path to resolvconf

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/10 01:22, Jesse Young wrote: > On Thu, Nov 11, 2010 at 00:25:03 +0100, David Sommerseth wrote: > On 01/11/10 17:33, Jesse Young wrote: >>>> Signed-off-by: Jesse Young <jesse.yo...@gmail.com> >>>> --- >&g

Re: [Openvpn-devel] [PATCH 0/3] Code clean-up - removing "dead" code.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/08/10 22:31, David Sommerseth wrote: > This is a patch series which tries to do some source code clean-up. > After having noticed that ./configure --enable-pthread was simply doing > *nothing*, as it was forcefully being disabled in sys

Re: [Openvpn-devel] [PATCH] Added check for variable CONFIGURE_DEFINES into options.c

d to fail. This patch adds a check to see if variable exists before trying to use it. Signed-off-by: Samuli Seppänen <sam...@openvpn.net> Acked-by: Peter Stuge <pe...@stuge.se> Signed-off-by: David Sommerseth <d...@users.sourceforge.net> kind regards, Davi

[Openvpn-devel] [PATCH 0/6] GNU C compiler warning clean-up

The GNU C compiler gives a lot of different warnings when compiling with -Wall set. This patch-set tries to clean up all these issues, hopefully without breaking anything for other compilers - especially on the Windows platform. David Sommerseth (6): Use stricter snprintf() formatting

  1   2   3   4   5   6   7   8   9   10   >