Re: [Openvpn-devel] Wik page drafti: DeprecationWarnings

Hi On 28/03/17 20:53, David Sommerseth wrote: > On 28/03/17 21:24, debbie10t wrote: >> >> >> On 28/03/17 19:18, debbie10t wrote: >>> Hi, >>> >>> Following on from: >>> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14330.html >>> >>> >>> For your consideration: >>> https://com

Re: [Openvpn-devel] [PATCH] auth-token: Ensure tokens are always wiped on de-auth

On 28/03/17 22:24, Steffan Karger wrote: > Hi, > > On 28-03-17 21:19, David Sommerseth wrote: >> If tls_deauthenticate() was called, it could in some scenarios leave the >> authentication token for a session in memory. This change just ensures >> auth-tokens are always wiped as soon as a TLS sess

[Openvpn-devel] [PATCH v2] auth-token: Ensure tokens are always wiped on de-auth

If tls_deauthenticate() was called, it could in some scenarios leave the authentication token for a session in memory. This change just ensures auth-tokens are always wiped as soon as a TLS session is considered broken. Signed-off-by: David Sommerseth --- The wipe_auth_token() function is othe

Re: [Openvpn-devel] [PATCH] auth-token: Ensure tokens are always wiped on de-auth

Hi, On 28-03-17 21:19, David Sommerseth wrote: > If tls_deauthenticate() was called, it could in some scenarios leave the > authentication token for a session in memory. This change just ensures > auth-tokens are always wiped as soon as a TLS session is considered > broken. > > Signed-off-by: Da

Re: [Openvpn-devel] Wik page drafti: DeprecationWarnings

On 28/03/17 21:24, debbie10t wrote: > > > On 28/03/17 19:18, debbie10t wrote: >> Hi, >> >> Following on from: >> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14330.html >> >> >> For your consideration: >> https://community.openvpn.net/openvpn/wiki/DeprecationWarnings >> >>

Re: [Openvpn-devel] Wik page drafti: DeprecationWarnings

On 28/03/17 19:18, debbie10t wrote: > Hi, > > Following on from: > https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14330.html > > > For your consideration: > https://community.openvpn.net/openvpn/wiki/DeprecationWarnings > > I do understand why duplicating work is not preferre

[Openvpn-devel] [PATCH] auth-token: Ensure tokens are always wiped on de-auth

If tls_deauthenticate() was called, it could in some scenarios leave the authentication token for a session in memory. This change just ensures auth-tokens are always wiped as soon as a TLS session is considered broken. Signed-off-by: David Sommerseth --- The wipe_auth_token() function is othe

[Openvpn-devel] Wik page drafti: DeprecationWarnings

Hi, Following on from: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14330.html For your consideration: https://community.openvpn.net/openvpn/wiki/DeprecationWarnings I do understand why duplicating work is not preferred, which is why the page is for priority Warnings .. it

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/17 14:47, Gert Doering wrote: > Hi, > > On Tue, Mar 28, 2017 at 02:35:59PM +0200, David Sommerseth wrote: >> On 28/03/17 14:21, Gert Doering wrote: >>> On Tue, Mar 28, 2017 at 02:11:26PM +0200, David Sommerseth wrote: > That's great! This way, 2.4 does not have to change it's behavio

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/2017 17:11, debbie10t wrote: >> >> Agreed: a simple Deprecation page on the wiki linking to changes.rst >> >> The wiki page *could* also be updated from time to time to provide >> specific warnings of important changes like deprecating --ns-cert-type >> as it has been identified that it wi

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/17 15:05, debbie10t wrote: > > > On 28/03/17 14:41, Steffan Karger wrote: >> On 28-03-17 15:31, Samuli Seppänen wrote: >>> On 28/03/2017 16:08, Steffan Karger wrote: On 28-03-17 15:02, debbie10t wrote: > On 28/03/17 13:47, Gert Doering wrote: >> We need to communicate better

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/17 14:41, Steffan Karger wrote: > On 28-03-17 15:31, Samuli Seppänen wrote: >> On 28/03/2017 16:08, Steffan Karger wrote: >>> On 28-03-17 15:02, debbie10t wrote: On 28/03/17 13:47, Gert Doering wrote: > We need to communicate better what might affect users in new versions, so >>

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28-03-17 15:31, Samuli Seppänen wrote: > On 28/03/2017 16:08, Steffan Karger wrote: >> On 28-03-17 15:02, debbie10t wrote: >>> On 28/03/17 13:47, Gert Doering wrote: We need to communicate better what might affect users in new versions, so they can test and complain/adjust in time (lik

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/2017 16:08, Steffan Karger wrote: > On 28-03-17 15:02, debbie10t wrote: >> On 28/03/17 13:47, Gert Doering wrote: >>> We need to communicate better what might affect users in new versions, so >>> they can test and complain/adjust in time (like, the stricter CRL handling >>> in 2.4, and - o

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/2017 16:02, debbie10t wrote: > > > On 28/03/17 13:47, Gert Doering wrote: > >> We need to communicate better what might affect users in new versions, so >> they can test and complain/adjust in time (like, the stricter CRL handling >> in 2.4, and - obviously - the --tls-remote bit) > >

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28-03-17 15:02, debbie10t wrote: > On 28/03/17 13:47, Gert Doering wrote: >> We need to communicate better what might affect users in new versions, so >> they can test and complain/adjust in time (like, the stricter CRL handling >> in 2.4, and - obviously - the --tls-remote bit) > > Suggestion:

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/17 13:47, Gert Doering wrote: > We need to communicate better what might affect users in new versions, so > they can test and complain/adjust in time (like, the stricter CRL handling > in 2.4, and - obviously - the --tls-remote bit) Suggestion: A Wiki Page detailing deprecation plans w

Re: [Openvpn-devel] [PATCH] resolve format string warnings

Hi, On Tue, Mar 28, 2017 at 02:54:03PM +0200, David Sommerseth wrote: > Gert proposed by a mistake to use uint8_t. As integers are most > commonly 32 bits, so uint32_t. But that may be of a different length on > some other platforms. So using 'unsigned int' is most likely the safest > type in t

Re: [Openvpn-devel] [PATCH] resolve format string warnings

On 28/03/17 09:04, Илья Шипицин wrote: > > > 2017-03-28 11:56 GMT+05:00 Gert Doering >: > > Hi, > > On Tue, Mar 28, 2017 at 11:43:11AM +0500, ?? wrote: > > > (See how dangerous "fixing compiler warnings" is? :-) ) > > > > th

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

Hi, On Tue, Mar 28, 2017 at 02:35:59PM +0200, David Sommerseth wrote: > On 28/03/17 14:21, Gert Doering wrote: > > On Tue, Mar 28, 2017 at 02:11:26PM +0200, David Sommerseth wrote: > >>> That's great! This way, 2.4 does not have to change it's behaviour. > >>> Still, I think it makes sense to dep

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/17 14:21, Gert Doering wrote: > Hi, > > On Tue, Mar 28, 2017 at 02:11:26PM +0200, David Sommerseth wrote: >>> That's great! This way, 2.4 does not have to change it's behaviour. >>> Still, I think it makes sense to deprecate --ns-cert-type, and remove it >>> in favour or --remote-cert-tl

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

Hi, On Tue, Mar 28, 2017 at 02:11:26PM +0200, David Sommerseth wrote: > > That's great! This way, 2.4 does not have to change it's behaviour. > > Still, I think it makes sense to deprecate --ns-cert-type, and remove it > > in favour or --remote-cert-tls in openvpn 2.5. > > Based on the feedback

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

On 28/03/17 10:39, Steffan Karger wrote: > Hi, > > On 28-03-17 10:33, Emmanuel Deloget wrote: >> ​I should be able to push a new version of the remaining patches in the >> foreseeable future (let's say today or tomorrow, because I will be >> unavailable at the end of this week). >> >> I found a so

Re: [Openvpn-devel] [RFC PATCH v1 05/15] OpenSSL: don't use direct access to the internal of X509

Hi, On Tue, Mar 28, 2017 at 10:43:54AM +0200, Emmanuel Deloget wrote: > I'm not sure why but it seems this mail (that I send yesterday) never found > its way to the ML. So I re-send it. > > Sorry for the inconvenience. According to https://www.mail-archive.com/openvpn-devel@lists.sourceforge.n

Re: [Openvpn-devel] [RFC PATCH v1 05/15] OpenSSL: don't use direct access to the internal of X509

Hi, I'm not sure why but it seems this mail (that I send yesterday) never found its way to the ML. So I re-send it. Sorry for the inconvenience. BR, -- Emmanuel Deloget On Mon, Mar 27, 2017 at 5:49 PM, Emmanuel Deloget wrote: > Hi everyone, > > I got some time to try to fix all that stuff. >

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

Hi, On 28-03-17 10:33, Emmanuel Deloget wrote: > ​I should be able to push a new version of the remaining patches in the > foreseeable future (let's say today or tomorrow, because I will be > unavailable at the end of this week). > > I found a solution to overcome the big X509_check_purpose() iss

Re: [Openvpn-devel] building HEAD + openssl 1.1 api fails @ "crypto.c:823:32: error: invalid application of ???sizeof??? to incomplete type ???cipher_ctx_t"

Hi, On Mon, Mar 27, 2017 at 8:35 PM, Gert Doering wrote: > Hi, > > On Mon, Mar 27, 2017 at 11:25:50AM -0700, PGNet Dev wrote: > > noting > > > > openvpn fails to build with openssl 1.1 > > https://community.openvpn.net/openvpn/ticket/759 > > Guess why that ticket is still op

Re: [Openvpn-devel] [PATCH v2] Allow changing cipher from a ccd file

Hi, On 17-02-17 16:20, Steffan Karger wrote: > As described in msg <374a7eb7-f539-5231-623b-41f208ed8...@belkam.com> on > openvpn-devel@lists.sourceforge.net, clients that are compiled with > --disable-occ (included in --enable-small) won't send an options string. > Without the options string, th

Re: [Openvpn-devel] [PATCH] travis-ci: add 2 mingw "build only configurations"

Hi, On 28 March 2017 at 08:50, Илья Шипицин wrote: > I opened https://github.com/OpenVPN/openvpn/pull/85 > for discussion > > thoughts ? I put the patch on my review list, but need to tackle other things first. Will get back to you. -Steffan ---

Re: [Openvpn-devel] [PATCH] resolve format string warnings

2017-03-28 11:56 GMT+05:00 Gert Doering : > Hi, > > On Tue, Mar 28, 2017 at 11:43:11AM +0500, ?? wrote: > > > (See how dangerous "fixing compiler warnings" is? :-) ) > > > > this particular warning came from cppcheck, it's not a compiler warning > > Same thing. A tool that i