Your patch has been applied to the master branch.
commit 29ed605c2a91e85bc9905cf2968e900cb3969095
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thu Jul 3 23:47:45 2014 +0200
Don't issue warning for 'translate to self' tls-ciphers
Signed-off-by: Steffan K
---
configure.ac | 16
src/openvpn/base64.c | 6 --
src/openvpn/base64.h | 4
src/openvpn/forward.c | 12 +---
src/openvpn/init.c| 44 +---
src/openvpn/openvpn.h | 4
src/openvpn/options.c | 40 ---
Hi,
On 07-07-14 22:09, Gert Doering wrote:
> Your patch has been applied to the master branch.
Thanks. These are actually bugfixes for stuff that should just work in
2.3 too, so I suggest to apply these patches, including the preceding
OFB/CFB fix by Heiko (be46a2c083a6bd77754bc1674249eab583d25da
Your patch has been applied to the master branch.
(It might break the script on some of the more obscure platforms that
haven't learned the new POSIXly "tail -n+7" yet. But if so, buildbot
will tell us, and we can then still fix it, like by using "sed -e '1,6d'"
instead...)
commit b2bff9fa156
Your patch has been applied to the master branch.
commit d344820faeae987f52e574e15812c86aa5c59ae6
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sun Jun 8 17:04:32 2014 +0200
Improve --show-ciphers to show if a cipher can be used in static key mode
Signed
On 07-07-14 20:22, Steffan Karger wrote:
> On 07-07-14 19:52, Arne Schwabe wrote:
>> Am 07.07.14 19:37, schrieb Steffan Karger:
>>> On 07-07-14 10:54, Arne Schwabe wrote:
Am 08.06.14 18:16, schrieb Steffan Karger:
> Also remove the bulky warning from init_key_type() and add the information
Your patch has been applied to the master branch.
commit a4b27b6481c7496f2a8705c993edfe150a3541cb
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sun Jun 8 18:16:13 2014 +0200
Add proper check for crypto modes (CBC or OFB/CFB)
Signed-off-by: Steffan Karger
Your patch has been applied to the master branch.
commit c353af2f474f79bfd7b2b67ecc02e91152500209
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sun Jun 8 18:16:12 2014 +0200
Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.
Signe
On 07-07-14 19:52, Arne Schwabe wrote:
> Am 07.07.14 19:37, schrieb Steffan Karger:
>> On 07-07-14 10:54, Arne Schwabe wrote:
>>> Am 08.06.14 18:16, schrieb Steffan Karger:
Also remove the bulky warning from init_key_type() and add the information
to the --show-ciphers output.
>>> It
Your patch has been applied to the master branch.
commit a637016ea3a6b49e3c792ca335f50eb32a182093
Author: Gert Doering
List-Post: openvpn-devel@lists.sourceforge.net
Date: Tue Jun 10 16:04:33 2014 +0200
Make t_client.sh work on AIX.
Signed-off-by: Gert Doering
Acked-by: Arne Sc
Your patch has been applied to the master branch.
(A followup patch will have to come, making use of count_netmask_bits(),
and drop the netmask_to_netbits2() helper again)
commit b4b92ae5dca218325dfbe16992922716ea83e261
Author: Gert Doering
List-Post: openvpn-devel@lists.sourceforge.net
Date:
Your patch has been applied to the master branch.
commit 7e1e7b46701214f7886af6b408d6954a6621be46
Author: Gert Doering
List-Post: openvpn-devel@lists.sourceforge.net
Date: Tue Jun 10 16:04:31 2014 +0200
Add tap driver initialization and ifconfig for AIX.
Signed-off-by: Gert Doering
Your patch has been applied to the master branch.
commit 42f13dc03c12805b994ea67fe77c9cb9dd55c10d
Author: Gert Doering
List-Post: openvpn-devel@lists.sourceforge.net
Date: Tue Jun 10 16:04:30 2014 +0200
Recognize AIX, define TARGET_AIX
Signed-off-by: Gert Doering
Acked-by: Arne
Am 07.07.14 19:37, schrieb Steffan Karger:
> On 07-07-14 10:54, Arne Schwabe wrote:
>> Am 08.06.14 18:16, schrieb Steffan Karger:
>>> Also remove the bulky warning from init_key_type() and add the information
>>> to the --show-ciphers output.
>>>
>> It does what it says but I think most users will
On 07-07-14 10:54, Arne Schwabe wrote:
> Am 08.06.14 18:16, schrieb Steffan Karger:
>> Also remove the bulky warning from init_key_type() and add the information
>> to the --show-ciphers output.
>>
> It does what it says but I think most users will be confused about what
> (SSL mode only) is about.
On 07-07-14 10:44, Arne Schwabe wrote:
> Am 08.06.14 18:16, schrieb Steffan Karger:
>> Makes OFB/CFB compile time configurable, and fixes output of --show-ciphers
>> to also show OFB/CFB ciphers along the way (becasue crypto.h was not
>> included from crypto_openssl.c).
>>
>>
> ACK. But maybe we sh
---
configure.ac | 16
src/openvpn/base64.c | 6 --
src/openvpn/base64.h | 4
src/openvpn/forward.c | 12 +---
src/openvpn/init.c| 44 +---
src/openvpn/openvpn.h | 4
src/openvpn/options.c | 40 ---
The client-nat feature was always unconditionally enabled
---
src/openvpn/clinat.c | 4
src/openvpn/clinat.h | 2 +-
src/openvpn/forward.c | 12 +++-
src/openvpn/multi.c | 2 --
src/openvpn/openvpn.h | 2 --
src/openvpn/options.c | 18 +-
src/openvpn/options.h
---
src/openvpn/push.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index ea788b0..24d12c7 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -68,6 +68,7 @@ receive_auth_failed (struct context *c, const struct buffer
*buffer)
ASS
it is unconditionally enabled and OpenVPN does not compile if disabled
---
src/openvpn/buffer.c | 5 -
src/openvpn/buffer.h | 6 --
src/openvpn/syshead.h | 5 -
3 files changed, 16 deletions(-)
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 3661141..46f874b 100644
--
Am 10.06.14 16:04, schrieb Gert Doering:
> From: Gert Doering
>
> Teach it how to run ifconfig/route on AIX to have meaningful results.
>
ACK on the basis of "cannot test, but looks sane and does not touch
other platforms"
Arne
Am 10.06.14 16:04, schrieb Gert Doering:
> From: Gert Doering
>
> AIX only has TAP interfaces, so always use gateway address as next hop,
> not interface name.
>
> AIX route works much more reliable if passed netbits than netmask - do so
> (introducing a new helper function netmask_to_netbits2())
Am 10.06.14 16:04, schrieb Gert Doering:
> From: Gert Doering
>
> AIX is special... ifconfig only works if it can add the data to
> the ODM right away, so setup a local enviromnment set that has
> "ODMDIR=/etc/objrepos" in it (hard-coded, nobody changes that).
>
> Only --dev tap or --dev tapNN are
Am 10.06.14 16:04, schrieb Gert Doering:
> From: Gert Doering
>
> force "have_tap_header=yes", as configure won't like AIX headers otherwise
> (no tun related headers, just ).
>
> force ROUTE to be "/usr/sbin/route" - not executable by non-root users, so
> configure testing for executables will no
On Mon, Jul 7, 2014 at 10:44 AM, Arne Schwabe wrote:
>
> Am 08.06.14 18:16, schrieb Steffan Karger:
> > Makes OFB/CFB compile time configurable, and fixes output of --show-ciphers
> > to also show OFB/CFB ciphers along the way (becasue crypto.h was not
> > included from crypto_openssl.c).
> >
> >
Am 30.06.14 21:43, schrieb Steffan Karger:
> Hi,
>
> The patch below is extracted from Andris Kalnozols' version 2 patch in
> trac ticket #402, annotated with some comments from me.
>
> The functionality this patch provides makes sense to me, and fixes
> faulty behaviour in both the release/2.3 and
Am 03.07.14 23:47, schrieb Steffan Karger:
> All cipher suite names supplied through --tls-cipher are translated by
> OpenVPN to IANA names, to get OpenSSL and PolarSSL configuration files
> compatible. OpenSSL however supports cipher suite group names, like
> 'DEFAULT', 'HIGH', or 'ECDH'. To make
Am 08.06.14 18:16, schrieb Steffan Karger:
> ... instead of just BF-CBC. Should catch more mistakes.
>
>
ACK
Arne
Am 08.06.14 18:16, schrieb Steffan Karger:
> Also remove the bulky warning from init_key_type() and add the information
> to the --show-ciphers output.
>
>
It does what it says but I think most users will be confused about what
(SSL mode only) is about. Most people which are not familar with openvp
Am 08.06.14 18:16, schrieb Steffan Karger:
> OpenSSL has added AEAD-CBC mode ciphers like AES-128-CBC-HMAC-SHA1, which
> have mode EVP_CIPH_CBC_MODE, but require a different API (the AEAD API).
> So, add extra checks to filter out those AEAD-mode ciphers.
>
> Adding these made the crypto library ag
Am 08.06.14 18:16, schrieb Steffan Karger:
> Makes OFB/CFB compile time configurable, and fixes output of --show-ciphers
> to also show OFB/CFB ciphers along the way (becasue crypto.h was not
> included from crypto_openssl.c).
>
>
ACK. But maybe we should just always enable this mode instead of hav
31 matches
Mail list logo
