Am 03.03.16 um 09:18 schrieb James Yonan:
> Define PIP_OPT_MASK to represent all flags of interest to
> process_ip_header, so that it can have a fast exit path
> if no flags are set.
Basically what this patch does is to change the condition to
if (flags)
and if for example PASSTOS_CAPABILITY is
On Thu, Mar 3, 2016 at 3:19 AM, James Yonan wrote:
>
> The inline directive http-proxy-user-pass can be used to
> specify proxy credentials in config, e.g.:
>
> http-proxy proxy.tld 3128 auto-nct
>
> foo
> bar
>
>
> This usage is already supported by OpenVPN 3.
>
> Signed-off-by: James Yonan
>
Hello everyone,
I'm trying to leisurely move from an old existing 1024 bit CA to a new 4096 bit
one without a hassle for a clients.
From a X.509 perspective it shouldn't be a problem, and I already have new CA
self-signed and cross-signed with old CA, it should work just fine.
While there's no
On 02/17/2016 06:16 PM, Samuli Seppänen wrote:
> I don't think there are many (any?) 32-bit Windows operating systems
> being bundled with new computers. The reason why Microsoft backpedaled
> on dropping 32-bit support in Windows 10 seemed to be their free upgrade
> program: they wanted the 32-
Hi,
On Thu, Mar 03, 2016 at 05:13:01PM +0100, Jan Just Keijser wrote:
> and a few others. However, the actual name of these env vars is local_N,
> local_port_N etc. I've checked the code and that has been the case
> since v2.1
>
> Two questions:
> - why are we adding the number? per connection
hi,
the openvpn man page section on environment variables lists
local The --local parameter. Set on program initiation and
reset on SIGHUP.
local_port
The local port number, specified by --port or --lport.
Set on program initiation and reset on SIGHUP.
and
From: Steffan Karger
On many platforms (not Windows, for once), FD_SET() can write outside the
given fd_set if an fd >= FD_SETSIZE is given. To make sure we don't do
that, add an ASSERT() to error out with a clear error message when this
does happen.
This patch was inspired by remarks about FD_
Bind the local TCP/UDP socket before UID/GID downgrade,
otherwise we cannot bind to ports < 1024.
Signed-off-by: James Yonan
---
src/openvpn/init.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cb73a3d..9658895 100644
--
The inline directive http-proxy-user-pass can be used to
specify proxy credentials in config, e.g.:
http-proxy proxy.tld 3128 auto-nct
foo
bar
This usage is already supported by OpenVPN 3.
Signed-off-by: James Yonan
---
src/openvpn/misc.c| 8
src/openvpn/misc.h| 2 ++
src/
Added ./configure --disable-scripts build flag to ignore the
"script-security" directive in configs. This can be used to
prevent configs from raising the script-security level to
allow user-defined script execution.
At the C level, script support is enabled by:
/* Enable user-defined scripting
Signed-off-by: James Yonan
---
src/openvpn/ssl_verify_polarssl.c | 166 ++
src/openvpn/syshead.h | 2 +-
2 files changed, 167 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/ssl_verify_polarssl.c
b/src/openvpn/ssl_verify_polarssl.c
index 9
Signed-off-by: James Yonan
---
src/openvpn/ssl_verify_polarssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/ssl_verify_polarssl.c
b/src/openvpn/ssl_verify_polarssl.c
index e87d2e2..9d0d086 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_v
For example:
x509-track "+SHA1"
will extract the SHA1 fingerprints for all certs in the
peer chain.
This patch is ported from OpenVPN 2.1.
Signed-off-by: James Yonan
---
src/openvpn/ssl_verify_openssl.c | 114 +--
1 file changed, 74 insertions(+), 40 dele
We add the flags parameter without changing the signature of
the function by repurposing the space_break parameter into
space_break_flags where the lower 8 bits are used for the
previous space_break parameter and the higher bits are used
for flag values.
Added new flag FHE_CAPS that formats the ge
To accomplish this, prepend 'x' before hex serial numbers, so they
can be distinguished from decimal serial numbers. For example:
tls_serial_1 = "x4D:9B:7C:94"
is equivalent to:
tls_serial_1 = "1302035604"
Currently, only PolarSSL generates hex serial numbers while
OpenSSL returns decimal
Define PIP_OPT_MASK to represent all flags of interest to
process_ip_header, so that it can have a fast exit path
if no flags are set.
Merged from OpenVPN 2.1
Signed-off-by: James Yonan
---
src/openvpn/forward.c | 8 +---
src/openvpn/forward.h | 4 +++-
2 files changed, 4 insertions(+), 8 d
remote-override -- replace the hostname in all remote
directives with alt-remote.
Merged from OpenVPN 2.1
Signed-off-by: James Yonan
---
doc/openvpn.8 | 5 +
src/openvpn/options.c | 8 +++-
src/openvpn/options.h | 2 ++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --g
17 matches
Mail list logo
