[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
cron2 has uploaded a new patch set (#3) to the change originally created by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by ordex Change subject: Fix dco with null cipher being enabled without auth none .. Fix dco with null cipher being enabled without auth none This is a corner case and only the FreeBSD DCO module support the none encryption but as long as it supports it, we should only enable it when the configuration actually allows to enable it. Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1369 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg34847.html Signed-off-by: Gert Doering --- M src/openvpn/dco.c 1 file changed, 12 insertions(+), 0 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/69/1369/3 diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 7abdad3..6a1a5c9 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -474,6 +474,18 @@ gc_free(&gc); return false; } +/* FreeBSD supports none as cipher type but requires auth none to be + * be also enabled */ +if (strcmp(token, "none") == 0 && strcmp(o->authname, "none") != 0) +{ +msg(msglevel, +"Note: cipher '%s' in --data-ciphers is only supported " +"with --auth=none by ovpn-dco, disabling data channel " +"offload.", +token); +gc_free(&gc); +return false; +} } gc_free(&gc); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Gerrit-Change-Number: 1369 Gerrit-PatchSet: 3 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email ) Change subject: Fix dco with null cipher being enabled without auth none .. Fix dco with null cipher being enabled without auth none This is a corner case and only the FreeBSD DCO module support the none encryption but as long as it supports it, we should only enable it when the configuration actually allows to enable it. Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1369 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg34847.html Signed-off-by: Gert Doering --- M src/openvpn/dco.c 1 file changed, 12 insertions(+), 0 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 7abdad3..6a1a5c9 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -474,6 +474,18 @@ gc_free(&gc); return false; } +/* FreeBSD supports none as cipher type but requires auth none to be + * be also enabled */ +if (strcmp(token, "none") == 0 && strcmp(o->authname, "none") != 0) +{ +msg(msglevel, +"Note: cipher '%s' in --data-ciphers is only supported " +"with --auth=none by ovpn-dco, disabling data channel " +"offload.", +token); +gc_free(&gc); +return false; +} } gc_free(&gc); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Gerrit-Change-Number: 1369 Gerrit-PatchSet: 3 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
Attention is currently required from: plaisthos. cron2 has posted comments on this change by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email ) Change subject: Fix dco with null cipher being enabled without auth none .. Patch Set 2: -Code-Review -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Gerrit-Change-Number: 1369 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Comment-Date: Thu, 04 Dec 2025 13:45:09 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
Attention is currently required from: cron2, plaisthos. ordex has posted comments on this change by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email ) Change subject: Fix dco with null cipher being enabled without auth none .. Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Gerrit-Change-Number: 1369 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-Reviewer: ordex Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: cron2 Gerrit-Comment-Date: Thu, 04 Dec 2025 12:46:04 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
Attention is currently required from: cron2.
Hello cron2,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email
to look at the new patch set (#2).
Change subject: Fix dco with null cipher being enabled without auth none
..
Fix dco with null cipher being enabled without auth none
This is a corner case and only the FreeBSD DCO module support the
none encryption but as long as it supports it, we should only
enable it when the configuration actually allows to enable it.
Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3
Signed-off-by: Arne Schwabe
---
M src/openvpn/dco.c
1 file changed, 12 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/69/1369/2
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 7abdad3..6a1a5c9 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -474,6 +474,18 @@
gc_free(&gc);
return false;
}
+/* FreeBSD supports none as cipher type but requires auth none to be
+ * be also enabled */
+if (strcmp(token, "none") == 0 && strcmp(o->authname, "none") != 0)
+{
+msg(msglevel,
+"Note: cipher '%s' in --data-ciphers is only supported "
+"with --auth=none by ovpn-dco, disabling data channel "
+"offload.",
+token);
+gc_free(&gc);
+return false;
+}
}
gc_free(&gc);
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3
Gerrit-Change-Number: 1369
Gerrit-PatchSet: 2
Gerrit-Owner: plaisthos
Gerrit-Reviewer: cron2
Gerrit-CC: openvpn-devel
Gerrit-Attention: cron2
___
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
Attention is currently required from: cron2. plaisthos has posted comments on this change by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email ) Change subject: Fix dco with null cipher being enabled without auth none .. Patch Set 1: (1 comment) File src/openvpn/dco.c: http://gerrit.openvpn.net/c/openvpn/+/1369/comment/4cfc3549_2b460fa1?usp=email : PS1, Line 486: } > should this have a `gc_free(&gc); return false;` here? Acknowledged -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Gerrit-Change-Number: 1369 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-CC: openvpn-devel Gerrit-Attention: cron2 Gerrit-Comment-Date: Tue, 02 Dec 2025 15:14:53 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: cron2 ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
Attention is currently required from: plaisthos. cron2 has posted comments on this change by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email ) The change is no longer submittable: Code-Review is unsatisfied now. Change subject: Fix dco with null cipher being enabled without auth none .. Patch Set 1: Code-Review-2 (2 comments) Patchset: PS1: this is missing the required "return false" + gc cleanup File src/openvpn/dco.c: http://gerrit.openvpn.net/c/openvpn/+/1369/comment/bb353f92_d38bfc69?usp=email : PS1, Line 486: } should this have a `gc_free(&gc); return false;` here? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Gerrit-Change-Number: 1369 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Comment-Date: Wed, 19 Nov 2025 13:47:52 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
Attention is currently required from: plaisthos. cron2 has posted comments on this change by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email ) Change subject: Fix dco with null cipher being enabled without auth none .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Gerrit-Change-Number: 1369 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos Gerrit-Reviewer: cron2 Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Comment-Date: Wed, 19 Nov 2025 13:45:12 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes ___ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[master]: Fix dco with null cipher being enabled without auth none
plaisthos has uploaded this change for review. (
http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email )
Change subject: Fix dco with null cipher being enabled without auth none
..
Fix dco with null cipher being enabled without auth none
This is a corner case and only the FreeBSD DCO module support the
none encryption but as long as it supports it, we should only
enable it when the configuration actually allows to enable it.
Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3
Signed-off-by: Arne Schwabe
---
M src/openvpn/dco.c
1 file changed, 10 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/69/1369/1
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 7abdad3..a0a990f 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -474,6 +474,16 @@
gc_free(&gc);
return false;
}
+/* FreeBSD supports none as cipher type but requires auth none to be
+ * be also enabled */
+if (strcmp(token, "none") == 0 && strcmp(o->authname, "none") != 0)
+{
+msg(msglevel,
+"Note: cipher '%s' in --data-ciphers is only supported "
+"with --auth=none by ovpn-dco, disabling data channel "
+"offload.",
+token);
+}
}
gc_free(&gc);
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1369?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3
Gerrit-Change-Number: 1369
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos
Gerrit-CC: openvpn-devel
___
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
