Re: [Openvpn-devel] [PATCH] Add coverity static analysis to Travis CI config

2017-08-09 Thread Илья Шипицин
2017-08-10 1:09 GMT+05:00 Steffan Karger : > Hi, > > On 09-08-17 08:12, Илья Шипицин wrote: > > 2017-08-09 10:47 GMT+05:00 Илья Шипицин > >: > > 2017-08-09 10:41 GMT+05:00 Илья Шипицин > >: > > 2017-08-08 20:55 GMT+05:00 S

Re: [Openvpn-devel] OVPN Interactive Service for non-admin users

2017-08-09 Thread Selva Nair
Hi, > But that would open the OpenVPN Interactive Service to any user and > application. This is why we would like your opinion first. > > Yes the service will then launch openvpn with arbitrary configs as any > user, but that is what you want isn't it? > > > > True, I want that indeed. I was ju

Re: [Openvpn-devel] [PATCH] Add coverity static analysis to Travis CI config

2017-08-09 Thread Steffan Karger
Hi, On 09-08-17 08:12, Илья Шипицин wrote: > 2017-08-09 10:47 GMT+05:00 Илья Шипицин >: > 2017-08-09 10:41 GMT+05:00 Илья Шипицин >: > 2017-08-08 20:55 GMT+05:00 Steffan Karger > mailto:steffan.kar...@fox-it.com>>:

Re: [Openvpn-devel] OVPN Interactive Service for non-admin users

2017-08-09 Thread Simon Rozman via Openvpn-devel
Hi Selva, Is there any specific reason, why Interactive Service is so paranoid, knowing that it launches openvpn.exe and all external scripts as the interactive user anyway? The service does privileged operations so some admin has to bless a user to allow certain options when launching openvpn

Re: [Openvpn-devel] [PATCH] OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey()

2017-08-09 Thread Steffan Karger
Hi, On 09-08-17 09:42, Antonio Quartulli wrote: > From: Antonio Quartulli > > In tls_ctx_load_ecdh_params() the SSL_CTX_get0_privatekey() function > is invoked only when "OPENSSL_VERSION_NUMBER >= 0x10002000L" and > curve_name is NULL. > > However, under the very same conditions the code flow w

Re: [Openvpn-devel] [PATCH] v2 travis-ci: update pkcs11-helper to 1.22

2017-08-09 Thread Steffan Karger
Hi, Very minor comment for next time: please put the 'v2' in the subject inside the [PATCH] bracket, i.e. [PATCH v2]. On 09-08-17 10:12, Ilya Shipitsin wrote: > use pkcs11-helper from https://github.com/OpenSC/pkcs11-helper/ > to match build process used in windows installer build > > Signed-off

Re: [Openvpn-devel] OVPN Interactive Service for non-admin users

2017-08-09 Thread Selva Nair
Hi Simon, Adding to what I wrote in my reply to your private email: > I am developing an eduVPN client for Windows. Imagine the eduVPN client as > a custom OpenVPN GUI. The client uses openvpn.exe for connecting, the > configuration file is provided by eduVPN server once user authenticates > usi

[Openvpn-devel] OVPN Interactive Service for non-admin users

2017-08-09 Thread Simon Rozman via Openvpn-devel
Hi! I am developing an eduVPN client for Windows. Imagine the eduVPN client as a custom OpenVPN GUI. The client uses openvpn.exe for connecting, the configuration file is provided by eduVPN server once user authenticates using OAuth. User running the eduVPN client is not an administrator. Eleva

[Openvpn-devel] [PATCH] tests: Add a simple build sanity check

2017-08-09 Thread David Sommerseth
This runs openvpn --help to check if the output is somewhat sensible and sane. It will catch if the binary segfaults, if it is a normal build or an --enable-small build and does some simple checks when a list of options is produced. This is based on the discussions in this [1] mailing thread. [1

Re: [Openvpn-devel] [PATCH 3/3] add a test to "openvpn --help"

2017-08-09 Thread David Sommerseth
On 09/08/17 12:28, Илья Шипицин wrote: > > > 2017-08-09 14:31 GMT+05:00 David Sommerseth > >: > > On 09/08/17 07:55, Илья Шипицин wrote: > [...] > > > For example: > > > > > > $ ./openvpn --help | grep -- ^-- | wc

Re: [Openvpn-devel] [PATCH 3/3] add a test to "openvpn --help"

2017-08-09 Thread Илья Шипицин
2017-08-09 14:31 GMT+05:00 David Sommerseth < open...@sf.lists.topphemmelig.net>: > On 09/08/17 07:55, Илья Шипицин wrote: > [...] > > > For example: > > > > > > $ ./openvpn --help | grep -- ^-- | wc -l > > > 238 > > > > But to do the spoon feeding: > > > > optc

Re: [Openvpn-devel] [PATCH 3/3] add a test to "openvpn --help"

2017-08-09 Thread David Sommerseth
On 09/08/17 07:55, Илья Шипицин wrote: [...] > > For example: > > > > $ ./openvpn --help | grep -- ^-- | wc -l > > 238 > > But to do the spoon feeding: > > optcount="$(${top_builddir}/src/openvpn/openvpn --help | grep -E -- > ^-- | wc -l)" > if [ $outco

[Openvpn-devel] [PATCH] v2 travis-ci: update pkcs11-helper to 1.22

2017-08-09 Thread Ilya Shipitsin
use pkcs11-helper from https://github.com/OpenSC/pkcs11-helper/ to match build process used in windows installer build Signed-off-by: Ilya Shipitsin --- v2: break lines up into 80-char, thanks Steffan Karger .travis.yml | 2 +- .travis/build-deps.sh | 8 ++-- 2 files changed, 7 in

[Openvpn-devel] [PATCH] OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey()

2017-08-09 Thread Antonio Quartulli
From: Antonio Quartulli In tls_ctx_load_ecdh_params() the SSL_CTX_get0_privatekey() function is invoked only when "OPENSSL_VERSION_NUMBER >= 0x10002000L" and curve_name is NULL. However, under the very same conditions the code flow will lead to an earlier return, thus never reaching the invocati