On Sun, Mar 6, 2016 at 4:48 PM, Gert Doering wrote:
> On Sun, Mar 06, 2016 at 03:17:40PM -0500, Selva Nair wrote:
> > There at least two more things on windows that the interactive service
> has
> > to support:
> >
> > (i) register-dns
>
> Indeed, this seems to be missing today.
>
> > (ii) ipv6
Hi,
On Sun, Mar 06, 2016 at 03:17:40PM -0500, Selva Nair wrote:
> There at least two more things on windows that the interactive service has
> to support:
>
> (i) register-dns
Indeed, this seems to be missing today.
> (ii) ipv6 address and route setup
>
> Is there anything else? For (ii) can
Hi,
There at least two more things on windows that the interactive service has
to support:
(i) register-dns
(ii) ipv6 address and route setup
Is there anything else? For (ii) can't it be done using the IP Helper API
on vista+ -- is the use of net command required? If not, it should be easy
to
On Sun, Mar 6, 2016 at 8:39 PM, Arne Schwabe wrote:
> While crl files can change regulary and it is usually not a good idea to
> statically include them into config files, handling multiple files and
> updating files on mobile files is tiresome/problematic. Inlining a static
> version of the cr
Hi,
On Thu, Mar 3, 2016 at 9:19 AM, James Yonan wrote:
> + char *sha1_fingerprint = format_hex_ex(x509->sha1_hash,
> SHA_DIGEST_LENGTH, 0, 1 | FHE_CAPS, ":", &gc);
This line could use some wrapping. Perhaps Gert can fix this when applying?
Otherwise, ACK.
-Steffan
While crl files can change regulary and it is usually not a good idea to
statically include them into config files, handling multiple files and updating
files on mobile files is tiresome/problematic. Inlining a static version of the
crl file is better in these use cases than to use no crl at all
On Thu, Mar 3, 2016 at 9:19 AM, James Yonan wrote:
> We add the flags parameter without changing the signature of
> the function by repurposing the space_break parameter into
> space_break_flags where the lower 8 bits are used for the
> previous space_break parameter and the higher bits are used
>
While crl files can change regulary and it is usually not a good idea to
statically include them into config files, handling multiple files and updating
files on mobile files is tiresome/problematic. Inlining a static version of the
crl file is better in these use cases than to use no crl at all
ACK.
This is a bit bigger than "just move to new file" because it gets rid
of global variables at the same time (h_EngineHandle etc.) and simplifies
the error handling by introducing a CHECK_ERROR() macro - but as far as
I could figure out, it's still doing the same things.
I have not actually te
ACK.
The OpenVPN changes are fairly straightforward and fully in-line with
the other service-using modules. Same for the iservice changes - look
reasonable and are fully in-line with the the other function calls.
Again, I did not test, just stared at the code and did a test compile
(mingw 32bit
On Sun, Mar 6, 2016 at 9:20 AM, Selva Nair wrote:
>
>> So, question 1: is this a mingw issue, or just a 32bit windows requirement
>> and you only tested on 64bit?
>>
>
> Strange thing is that it compiles and links without error (even with
> -Wall) using mingw I have here (uses gcc 4.6.3).
>
For
On Sun, Mar 6, 2016 at 8:44 AM, Gert Doering wrote:
> Trying to compile this on mingw 32bit, block_dns.c blows up for me
> unless I add two more header files to get definitions for ADDRESS_FAMILY
> and SOCKADDR_INET (which are referenced by iphlpapi.c)
>
> --- a/src/openvpn/block_dns.c
> +++ b/sr
Hi,
On Sun, Mar 06, 2016 at 08:34:38AM -0500, Selva Nair wrote:
> On Sun, Mar 6, 2016 at 4:31 AM, Gert Doering wrote:
>
> > I'm not sure if I understand in which scenarios data is fed to the
> > nascent openvpn.exe on stdin - buf if done at all, we should better do
> > it right :-) - I do wonder
Hi,
On Thu, Feb 25, 2016 at 10:24:50PM -0500, Selva Nair wrote:
> - Move the core of win_wfp_block_dns() to a new function
> - Remove globals and make it independent of the rest of the code
Trying to compile this on mingw 32bit, block_dns.c blows up for me
unless I add two more header files to ge
Hi,
On Sun, Mar 6, 2016 at 4:31 AM, Gert Doering wrote:
>
> I'm not sure if I understand in which scenarios data is fed to the
> nascent openvpn.exe on stdin - buf if done at all, we should better do
> it right :-) - I do wonder, though, if WriteFile() could block here,
> leading to a dead worke
ACK, thanks for the quick followup. As discussed on IRC.
Your patch has been applied to the master branch.
commit 71d89065ad56dda19996deeeffeddcea632b8349
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sun Mar 6 13:09:50 2016 +0100
Only include aead encrypt/d
ACK.
The FD_SET() calls in event.c should all be safe as there are checks
already, but many of the others are not checked - "usually" we're well in
the range of FD_SETSIZE with our file descriptors, and "usually" platforms
are using poll() anyway, but in the exceptional case, having a clear
AS
This fixes the build for OpenSSL < 1.0.1 (broken by commit 3654d953),
which has no AEAD support.
Signed-off-by: Steffan Karger
---
src/openvpn/crypto.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 269ec4b..f15ac35 100644
--- a/src
Hi,
On Sat, Mar 5, 2016 at 3:34 PM, Arne Schwabe wrote:
> While crl files can change regulary and it is usually not a good idea to
> statically include them into config files, handling multiple files and
> updating files on mobile files is tiresome/problematic. Inlining a static
> version of t
ACK.
Tested on Ubuntu 12.04, makes "make check" succeed for AES*GCM modes
(and has no effect on systems with older/newer OpenSSL versions).
Your patch has been applied to the master branch.
commit 13de0103ea361e2be24ab8b16f5be269c6ab7496
Author: Steffan Karger
List-Post: openvpn-devel@lists.so
The 'nobody uses OpenSSL 1.0.1-1.0.1c'-gamble in commit 66407e11 (add AEAD
support) did not turn out well; apparently Ubuntu 12.04 LTS ships with a
broken OpenSSL 1.0.1. Since this is still a popular platform, re-add the
fixup code, now with a clear version check so it's easy to remove once we
dro
ACK.
https://msdn.microsoft.com/en-us/library/windows/desktop/dd374130(v=vs.85).aspx
explains about WideCharToMultiByte() usage with cbMultiByte==0.
I'm not sure if I understand in which scenarios data is fed to the
nascent openvpn.exe on stdin - buf if done at all, we should better do
it right :
ACK.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682396(v=vs.85).aspx
explains the behaviour described in trac#666 (only a single thread is
stopping, all the rest does not receive the event due to auto-reset
behaviour).
I'm not sure if the ResetEvent() call is actually needed but
ACK, thanks (based on "stare at code and MSDN docs" and Leonardo's testing).
Your patch has been applied to the master branch.
commit 6370f703573c6284e0b3c5935ab204285cdda8e6
Author: Selva Nair
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sat Mar 5 14:39:56 2016 -0500
Handle loca
A widechar can potentially take more than 2 bytes in UTF-8.
Signed-off-by: Selva Nair
---
src/openvpnserv/interactive.c |7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index 39397d1..6a7227b 100644
--- a/
Make the exit event not auto-reset so that the signal propagates to
all worker threads and finally to the main thread.
Fixes Trac #666
Signed-off-by: Selva Nair
---
src/openvpnserv/interactive.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpnserv/interactive
26 matches
Mail list logo
