Fix the indentation on the code block that got moved out of an unneeded
"if".
---
src/openvpn/misc.c | 116 ++---
1 file changed, 58 insertions(+), 58 deletions(-)
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index e0aa5f9..517a2eb 100644
--
Two buffers used for username/password prompting can be moved into a
deeper block so that they don't get set if they are not going to be
used.
---
src/openvpn/misc.c | 17 +
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index
The code that reads the challenge response (both dynamic & static) will
not prompt the user if the username and password information was read
from a file. In the latest code this can be fixed by simply removing
the "if (username_from_stdin || password_from_stdin)" condition because
all the deeper
On Tue, Dec 15, 2015 at 12:51 PM, Selva Nair wrote:
> This could be a small ~2 line patch -- easier to review and test.
>
I'll post a 3-part patch as a reply to this email. They are: (1) the "if"
removal that fixes the bug, (2) the prompt buffer moves, and (3) the
reindentation. If you end up w
On Tue, Dec 15, 2015 at 10:41 PM, Jan Just Keijser wrote:
> On 15/12/15 08:53, Gert Doering wrote:
>> On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote:
>>> Just tried to build openvpn on one of my laptops (Scientific Linux 7.1,
>>> openssl-1.0.1e-42.el7). And it explodes when reac
Hi,
> > My original comment about this to an early version of valdikSS' patch
> > was on a different level -- if the user want DNS blocked, failure to
> block
> > should be FATAL. But not respecting ignore-unknown-option only on
> > some platforms doesn't look right.
>
> Well, it is not an "unkno
Hi,
On 15/12/15 08:53, Gert Doering wrote:
Hi,
On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote:
Just tried to build openvpn on one of my laptops (Scientific Linux 7.1,
openssl-1.0.1e-42.el7). And it explodes when reaching the
SSL_CTX_get0_certificate(), it seems that support
Hi,
On Tue, Dec 15, 2015 at 04:12:25PM -0500, Selva Nair wrote:
> > Make that "setenv opt block-outside-dns". ignore-unknown-option will
> > *not* help here, as it is not "unknown", but just "not working".
>
> You are right, ignore-unknown .. would have worked with valdikSS patch,
> but not any
Hi,
On Tue, Dec 15, 2015 at 3:54 PM, Gert Doering wrote:
> Hi,
>
> On Tue, Dec 15, 2015 at 12:25:23PM -0500, Selva Nair wrote:
>
> > 2. release/2.3 (and upcoming 2.3.9)
> > - May be built for target = winxp
> > (this is the default target in openvpn-build if release/2.3 source is
> > used)
> >
Hi,
On Tue, Dec 15, 2015 at 12:25:23PM -0500, Selva Nair wrote:
> 1. git_master:
> - May be built with target = vista and will run correctly only on vista
> and above
> (this is the default target in openvpn-build if git-master source is
> used)
> - Will support --block-outside-dns when ru
Hi,
On Mon, Dec 14, 2015 at 4:10 PM, Selva Nair wrote:
>
>> I took a quick look and it seems a simplified patch that addresses the
>> most critical-sounding issue (challenge/reponse not prompted for
>> from stdin) may be more useful.
>>
>
>
> That's exactly what that patch is.
>
Ok, now looking
Hi Arne,
Some comments after a first review:
On Thu, Dec 10, 2015 at 1:39 PM, Arne Schwabe wrote:
> V2: Fix an unintended change in the old lz4 decompress code.
>
> [..snip...]
>
> +static void
> +lz4_compress (struct buffer *buf, struct buffer work,
> + struct compress_context *comp
Hi,
On Tue, Dec 15, 2015 at 08:54:23PM +0100, Steffan Karger wrote:
> Ooh, I like using alice and bob!
+1
I'm fine with using example.com, but "host1" and "host2" just didn't
ring true (but I was too busy to spell this out).
gert
--
USENET is *not* the non-clickable part of WWW!
On Tue, Dec 15, 2015 at 2:54 PM, Steffan Karger wrote:
> On Tue, Dec 15, 2015 at 8:46 PM, David Sommerseth
> wrote:
> > On 30/11/15 04:03, Phillip Smith wrote:
> >> This patch uses the generic "host1.example.com" and "host2.example.com"
> to
> >> replace the current "may" and "june" hostname exa
On Tue, Dec 15, 2015 at 8:46 PM, David Sommerseth
wrote:
> On 30/11/15 04:03, Phillip Smith wrote:
>> This patch uses the generic "host1.example.com" and "host2.example.com" to
>> replace the current "may" and "june" hostname examples. Generic names chosen
>> rather than other names like "server"/
On 30/11/15 04:03, Phillip Smith wrote:
> This patch uses the generic "host1.example.com" and "host2.example.com" to
> replace the current "may" and "june" hostname examples. Generic names chosen
> rather than other names like "server"/"client" or
> "head-office"/"remote-office"
> etc which may c
Hi Philip,
On Mon, Nov 30, 2015 at 4:03 AM, Phillip Smith wrote:
> This patch uses the generic "host1.example.com" and "host2.example.com" to
> replace the current "may" and "june" hostname examples. Generic names chosen
> rather than other names like "server"/"client" or
> "head-office"/"remote
Hi,
On Tue, Dec 15, 2015 at 6:24 PM, Jan Just Keijser wrote:
> ah well, in that case I would simply write out get0_certificate again: the
> code for that function actually is:
>
> 3011 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
> 3012 {
> 3013 if (ctx->cert != NULL)
> 3014 ret
- Original Message -
From: "Gert Doering"
To:
Cc:
Sent: Tuesday, December 15, 2015 5:10 PM
Subject: Re: [Openvpn-devel] [PATCH] Updates to Changes.rst
This is a bug in the mingw header files. You need a patch for it
(or upgrade to a newer version than contained in ubuntu). Annoyi
On Tue, Dec 15, 2015 at 11:29 AM, wrote:
> Any clarity on what to expect of the --block-outside-dns option
> and what windows version it is/will be support would help.
>
1. git_master:
- May be built with target = vista and will run correctly only on vista
and above
(this is the default t
Hi,
On 15/12/15 13:21, Steffan Karger wrote:
The SSL_CTX_get0_certificate() function I used in 091edd8e is available
in
OpenSSL 1.0.2+ only. Older versions seem to not have a useful
alternative.
The remaining option would then be to create a cache for our parsed
certificate, but that would mean
Hi,
On Tue, Dec 15, 2015 at 04:29:21PM -, debbie...@gmail.com wrote:
> > From: Samuli Seppänen
> >
> > This patch is for the release/2.3 branch
[..]
> > -Peer ID support
> > +Windows DNS leak fix
> > +This feature allows blocking all out-of-tunnel communication on
> > TCP/UDP port
> > +
Hi,
On Tue, Dec 15, 2015 at 04:40:32PM +0200, sam...@openvpn.net wrote:
> From: Samuli Seppänen
>
> This patch is for the "master" branch
This one does not apply to my "master" branch...
Applying: Updates to Changes.rst
error: patch failed: Changes.rst:34
error: Changes.rst: patch does not app
ACK, and thanks for getting this started.
Your patch has been applied to the release/2.3 branch.
(I have added a bit more to it, some of the user-visible changes were
missing)
commit 3b1fa7f6ebe5d4bedfe66aac33222e7e1e3e420a
Author: Samuli Seppänen
List-Post: openvpn-devel@lists.sourceforge.net
Hi
- Original Message -
From:
To:
Sent: Tuesday, December 15, 2015 3:00 PM
Subject: [Openvpn-devel] [PATCH] Updates to Changes.rst
From: Samuli Seppänen
This patch is for the release/2.3 branch
+Overview of changes in 2.3
+==
New features
-P
From: Samuli Seppänen
This patch is for the release/2.3 branch
Signed-off-by: Samuli Seppänen
---
Changes.rst | 390 ++--
1 file changed, 383 insertions(+), 7 deletions(-)
diff --git a/Changes.rst b/Changes.rst
index 0188323..38f42b6 100
From: Samuli Seppänen
This patch is for the "master" branch
Signed-off-by: Samuli Seppänen
---
Changes.rst | 21 +++--
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/Changes.rst b/Changes.rst
index 41629bd..61e1e59 100644
--- a/Changes.rst
+++ b/Changes.rst
@@
The SSL_CTX_get0_certificate() function I used in 091edd8e is available
in
OpenSSL 1.0.2+ only. Older versions seem to not have a useful
alternative.
The remaining option would then be to create a cache for our parsed
certificate, but that would mean adding more struc
Hi,
On 15/12/15 10:12, Steffan Karger wrote:
Hi,
On Tue, Dec 15, 2015 at 9:42 AM, Jan Just Keijser wrote:
On 14/12/15 23:14, Steffan Karger wrote:
The SSL_CTX_get0_certificate() function I used in 091edd8e is available in
OpenSSL 1.0.2+ only. Older versions seem to not have a useful
alterna
Hi,
On Tue, Dec 15, 2015 at 9:42 AM, Jan Just Keijser wrote:
> On 14/12/15 23:14, Steffan Karger wrote:
>> The SSL_CTX_get0_certificate() function I used in 091edd8e is available in
>> OpenSSL 1.0.2+ only. Older versions seem to not have a useful
>> alternative.
>> The remaining option would the
Hi,
On 14/12/15 23:14, Steffan Karger wrote:
The SSL_CTX_get0_certificate() function I used in 091edd8e is available in
OpenSSL 1.0.2+ only. Older versions seem to not have a useful alternative.
The remaining option would then be to create a cache for our parsed
certificate, but that would mean
ACK, as this is basically the "2.3" parts of commit 123092a7a95. Thanks.
Your patch has been applied to the release/2.3 branch.
commit 723c7c3d3a95f04a233449efd3ccd647eb0e1bf6 (release/2.3)
Author: Lev Stipakov
List-Post: openvpn-devel@lists.sourceforge.net
Date: Tue Dec 15 10:18:22 2015 +0200
Update toolset, define __attribute__.
Signed-off-by: Lev Stipakov
---
src/compat/compat.vcxproj | 4 +++-
src/openvpn/openvpn.vcxproj | 6 --
src/openvpn/syshead.h | 1 +
src/openvpnserv/openvpnserv.vcxproj | 4 +++-
4 files changed, 11 insertions(+), 4 deleti
Hi,
On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote:
> Just tried to build openvpn on one of my laptops (Scientific Linux 7.1,
> openssl-1.0.1e-42.el7). And it explodes when reaching the
> SSL_CTX_get0_certificate(), it seems that support arrived in OpenSSL 1.0.2?
> Could that be
ACK (grumble...)
Your patch has been applied to the master branch.
commit 644f2cdd13f49cd374aebc1fc506474104aac372
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Mon Dec 14 23:14:45 2015 +0100
Disable certificate notBefore/notAfter sanity check on OpenSSL < 1.
On Mon, Dec 14, 2015 at 4:10 PM, Selva Nair wrote:
> I took a quick look and it seems a simplified patch that addresses the
> most critical-sounding issue (challenge/reponse not prompted for
> from stdin) may be more useful.
>
That's exactly what that patch is.
>From the cover-letter to the pat
On 14/12/15 21:09, Steffan Karger wrote:
> Previously, client certificate expiry warnings would only visible in the
> server log, and server certificate expiry warnings in the client log.
> Both after a (failed) connection attempt. This patch adds a warning to
> log when a users own certificate h
Hi,
On Mon, Dec 14, 2015 at 4:45 PM, Samuli Seppänen wrote:
Discussed OpenVPN 2.3.9 release. Here is the release plan:
>
[..]
> In addition:
>
>
> - - the initial windows installers will not have the openvpn-gui changes
> - - mattock will provide test installers with the changes and send a lin
Hi,
On Mon, Dec 14, 2015 at 4:56 PM, Wayne Davison wrote:
>
> On Thu, Dec 10, 2015 at 8:57 AM, Wayne Davison
> wrote:
>
>> src/openvpn/misc.c | 119
>> +
>> 1 file changed, 57 insertions(+), 62 deletions(-)
>>
>
> Any questions I can answer a
39 matches
Mail list logo
