Hi,
Here's the summary of the IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on libera.chat
Date: Wed 2nd March 2022
Time: 10:30 CET (9:30 UTC)
Planned meeting topics for this meeting were here:
<https://community.openvpn.net/openvpn/wiki/Topics-2022-03-02>
Your local meeting time is easy to check from services such as
<http://www.timeanddate.com/worldclock>
SUMMARY
d12fk, lev, mattock, ordex, plaisthos and rob0 participated in this meeting.
---
Noted that email sending in Trac does not work because the recipient
(e.g. gmail) rejects the From address. Mattock will organize a meeting
with somebody that has access to Sendgrid to resolve this. Then we can
start adding Sendgrid-based email delivery to other places as well (Pwm,
Trac).
---
Noted that buildbot Windows builds broke on several fronts due to change
in OpenVPN build process (spectre mitigation, openssl3). Those are now
fixed except for openvpn-gui build which still fails. Mattock will work
on that.
---
Lev is working on dco-win and fixed a bug when connection stalls (found
by plaisthos on his hardware). He's also working on adding mssfix
support. We also now have chachapoly support on Windows 11
Latest signed dco-win releases could be found here:
<https://github.com/OpenVPN/ovpn-dco-win/releases>
---
Talked about secur...@openvpn.net GPG keys. Noted that MaxF needs one
and that the existing subkeys are soon expiring.
--
Full chatlog attached
(11.31.28) mattock: hi
(11.31.31) mattock: meeting time
(11.31.39) mattock: adding the meeting agenda pages
(11.32.13) MaxF: hi!
(11.32.22) plaisthos: hey
(11.32.28) dazo: hey!
(11.32.35) lev__: hello
(11.32.44) mattock: hi guys!
(11.35.37) mattock: https://community.openvpn.net/openvpn/wiki/Topics-2022-03-02
(11.36.48) d12fk: moin
(11.36.53) mattock: will cron2 be here?
(11.38.40) ***d12fk added --dns to the agneda
(11.38.48) mattock: +1
(11.41.14) mattock: maybe sync-up first?
(11.41.27) mattock: cron2 is not here it seems, but maybe a small status report
would be ok?
(11.42.11) dazo: yeah
(11.42.59) mattock: I'll start
(11.43.18) mattock: I'm fighting Sendgrid to understand why the emails (that
get queued) get invalid "From" addresses
(11.43.38) mattock: without visibility at the sendgrid side fixing this is a
bit challenging, so I may have to do a call with somebody who has that access
(11.44.08) dazo: could it be you need different sendgrid credentials per "from
identity"?
(11.44.25) mattock: on buildbot side things have progressed, but I was set back
by two things 1) introduction of spectre mitigation in the Windows build
process (needed fixes) and 2) openssl3
(11.44.40) mattock: dazo: the credentials are ok
(11.45.22) mattock: the email gets dropped by the recipient email server due to
malformed From address
(11.45.23) dazo: Or that the envelope sender is not the same as "from" ... and
sendgrid prioritises (overwrites) "from" with the envelope address? (as an spam
counter measure)
(11.45.33) dazo: ahh
(11.45.59) mattock: it is hard to tell what exactly is wrong without the
visibility, so I think I need a session with a person with Sendgrid access to
resolve it
(11.46.06) mattock: anyhow
(11.46.30) mattock: buildbot windows builds have only one final issue:
openvpn-gui builds broke, and this seems also related to openssl3
(11.46.36) mattock: code signing etc. is working fine
(11.47.00) mattock: once windows build are working, I want to enable
notifications (which is also blocked by sendgrid issues)
(11.47.09) mattock: then buildbot will be "in production"
(11.47.21) mattock: now it is, but nobody will know if the builds do not work
(11.47.30) mattock: that's all from my end
(11.50.50) d12fk: is it also the end of status updates?
(11.51.00) mattock: could very well be
(11.51.01) lev__: I am working on dco-win, fixed a bug when connection stalls
which plaisthos discovered on his hardware. Working on adding mssfix support
(11.51.16) mattock: we had a volunteer! :)
(11.52.44) lev__: and we also have chachapoly support on Windows 11
(11.53.10) lev__: latest signed dco-win releases could be found here
https://github.com/OpenVPN/ovpn-dco-win/releases
(11.53.41) mattock: +1
(11.53.47) d12fk: do you know if they will bring chacha to windows 10 with an
update?
(11.55.32) lev__: I don't know for sure but I doubt
(11.56.11) lev__: but if they do it will work for us, since we probe it in
runtime
(11.56.56) d12fk: is it in cryptoapi?
(11.57.59) lev__: CNG
(11.58.40) lev__:
https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal Cryptography
API: Next Generation (CNG) is the long-term replacement for the CryptoAPI
(12.02.13) d12fk: Vista onwards, maybe the driver can just be backported, do
you know if the algos are in a dedicated dll?
(12.03.35) lev__: must be BCrypt.dll
(12.06.22) plaisthos: isn't the driver framework itself that you are using
win10+?
(12.06.41) lev__: but dco-win requires at least Windows 10 2004 (since that
framework I use appeared since there)
(12.11.50) d12fk: think it would be possible to dev a chchaploy driver for CNG
before win11. anyway, shall we move on with the agenda?
(12.12.11) mattock: yes yes
(12.12.15) mattock: move on
(12.12.21) mattock: anything else to report from anyone?
(12.14.07) mattock: I have one thing actually: MaxF is being added to the
security list
(12.14.21) mattock: I use the phrase "is being added" because I can't do it no
longer
(12.14.29) novaflash [~novafl...@185-227-75-241.dsl.cambrium.nl] è entrato
nella stanza.
(12.14.29) mattock: so, I can at most push at people who can do it
(12.14.50) dazo: +1
(12.16.24) MaxF: How does it work with the GPG subkeys? I've uploaded a key to
a keyserver already
(12.18.51) mattock: dazo can answer more properly, but basically you get a
subkey of secur...@openpvn.net key once dazo confirms that you are you
(12.19.22) mattock: that allows us all to open emails encrypted with the same
public secur...@openvpn.net key
(12.19.34) dazo: MaxF: I'll arrange that for you
(12.19.52) mattock: your own GPG key is not relevant in this context, except
maybe to prove your identity and to receive the subkey
(12.20.00) dazo: and it's getting close to another key rotation
(12.20.04) MaxF: ah, I see
(12.20.08) MaxF: thank you
(12.20.30) dazo: yeah, I need your public key ... you don't get any of the
secret stuff unencrypted from me ;-)
(12.22.04) MaxF: I'll mail it to you in a moment. dav...@openvpn.net is the
right address, correct?
(12.22.53) MaxF: also, it's here:
https://keyserver.ubuntu.com/pks/lookup?search=max+fillinger&fingerprint=on&op=index
(12.22.55) mattock: I need to split in a few mins, lunch
(12.23.00) mattock: any last minute topics?
(12.23.41) d12fk: --dns should be quick
(12.23.52) dazo: mattock: yes
(12.23.55) dazo: sorry
(12.23.56) d12fk: I only have 1 ack on github
(12.23.59) dazo: MaxF: Yes!
(12.24.12) mattock: you can keep talking, I will leave soon
(12.24.18) d12fk: is it enough?
(12.24.21) mattock: summary is ready up to this point
(12.25.24) dazo: d12fk: yes, that's normally enough on the community side
(12.25.42) dazo: it's corp-side there is the 2-ACK approach
(12.29.11) rob0: aww, I missed out :(
(12.30.57) d12fk: okay will e-mail the patch to -devel then
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
