Acked-by: Gert Doering
Thanks, Selva, for checking what was missing (nothing but context) :-) - I
wasn't feeling familiar enough with the code to check myself yesterday,
and the large conflict "git cherrypick" created misled me.
I have verified that the patch itself contains the code same chang
Hi
On Fri, Oct 5, 2018 at 8:41 PM Jon Kunkee wrote:
> > I don't know what causes this (the TAP driver?) but hopefully others may
> chime in with some clue.
>
> I wonder if this will be addressed by adding the missing buffer-remaining
> query OIDs. Unfortunately I don’t know enough to say for sur
> I don't know what causes this (the TAP driver?) but hopefully others may
> chime in with some clue.
I wonder if this will be addressed by adding the missing buffer-remaining query
OIDs. Unfortunately I don’t know enough to say for sure, but they are used for
protocol behavior hinting.
My 2c,
From: Selva Nair
In case of TLS 1.2 signatures, the callback rsa_priv_enc() gets
the hash with the DigestInfo prepended. Signing this using
NCryptSignHash() with hash algorithm id set to NULL works in most cases.
But when using some hardware tokens, the data gets interpreted as the pre
TLS 1.2 MD
Hi
On Fri, Oct 5, 2018 at 6:51 AM Gert Doering wrote:
> Your patch has been applied to the master branch. Steffan says "it is
> a bugfix so it should go to 2.4", but the underlying infrastructure
> does not seem to be there yet (git cherry-pick tries to bring in lots
> of extra stuff). So we c
Hi,
On Fri, Oct 05, 2018 at 08:23:28PM +0500, ?? wrote:
> shall we add "--disable-crypto" to travis-ci matrix in 2.4 branch ?
I'm afraid this will bite us a few more times, so "yes, please"
gert
--
"If was one thing all people took for granted, was conviction that if you
Hi,
On Fri, Oct 5, 2018 at 5:44 AM Steffan Karger wrote:
> Hi,
>
> On 13-07-18 16:16, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > The error is treated as a warning only if its triggered due
> > to script_security < SSEC_SCRIPTS.
> >
> > This helps user interfaces enforce a safer sc
shall we add "--disable-crypto" to travis-ci matrix in 2.4 branch ?
пт, 5 окт. 2018 г. в 19:00, Steffan Karger :
> Commit d2ff5164 was fine for the master branch, but broke the 2.4 build if
> the --disable-crypto configure options was used (which is removed in the
> master branch).
>
> Signed-off
Instead of requiring users to do "--genkey --secret new.key", allow
them to just do "--genkey new.key". This has hit me often enough that I
decided to write a patch for it. Also, the upcoming tls-crypt-v2-genkey
uses a similar syntax and Antonio suggested we should make them consistent.
The docu
Dear Selva,
Longer test time shows the same results:
*win2012r2 (iperf -c -R -t 30) + win2016 (iperf -s)*
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-30.00 sec 1.75 MBytes *489 Kbits/sec *
sender
[ 4] 0.00-30.00 sec 1.58 MBytes *442 Kbits/sec *
receiver
I am not sure i
Acked-by: Gert Doering
Passes the style guide filter, fixes an annoying and misleading warning,
and affects only Android. Fixed two typos in the comment.
Your patch has been applied to the master branch.
commit 5e80600a45c22dd96eb1dcce6a4af7a6c361396b
Author: Arne Schwabe
Date: Fri Oct 5 15:
Acked-by: Gert Doering
Thanks. Makes sense, and passes the test (Linux with --disable-crypto)
Your patch has been applied to the release/2.4 branch.
commit ee80ce3d6f2ebc59068338757311e0488ae620fc
Author: Steffan Karger
Date: Fri Oct 5 15:58:49 2018 +0200
Fix --disable-crypto build
Acked-by: Gert Doering
Patch looks good. This one I have actually tested :-) - test build
on ubuntu 16.04/mingw, test run on win7. This test also includes setting
of DHCP mode from an unprivileged user (which works)
Fri Oct 05 16:26:52 2018 DHCP enabled on interface 15 using service
Your pa
Hi,
On Fri, Oct 5, 2018 at 4:02 AM Rostyslav Maryliak <
rostyslav.maryl...@idealscorp.com> wrote:
> Dear Selva,
>
> I've got a similar results. Except the outbound network speed for win2016
> server.
> The bandwidth in clear is about 700 Mbits/sec in both directions and
> different measures (with
Hi,
> As a side note (rambling about comments today), this hunk makes the
> comment above it slightly misleading:
>
> /* The hash OID is already in 'from'. So set the hash algorithm
> * in the padding info struct to NULL.
> */
> -BCRYPT_PKCS1_PADDING_INFO padinfo = {NULL};
>
Commit d2ff5164 was fine for the master branch, but broke the 2.4 build if
the --disable-crypto configure options was used (which is removed in the
master branch).
Signed-off-by: Steffan Karger
---
src/openvpn/init.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/openvpn/init.c b/sr
Acked-by: Gert Doering
Another ACK from me. Code looks good. Thanks.
Your patch has been applied to the master and release/2.4 branch (bugfix,
so openvpn 2.4.x on windows can fully run unprivileged).
Test compiled on ubuntu 16.04 / mingw, not actually run.
commit b4fc8bbd6b1d0211dd6982c4acce
Patch: V2 Do not use C99 style comments
---
src/openvpn/route.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index cadd34e1..cb337c42 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3258,6 +3258,12 @@ get_default_gateway(struct
---
src/openvpn/route.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index cadd34e1..a1d4ade1 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3258,6 +3258,10 @@ get_default_gateway(struct route_gateway_info *rgi)
rgi->gateway
---
src/openvpn/route.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index ff392308..cadd34e1 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -1050,6 +1050,16 @@ redirect_default_route_to_vpn(struct route_list *rl,
const
Hi,
On Fri, Oct 05, 2018 at 05:49:17PM +0500, ?? wrote:
> openssl versions were aligned to those used in "openvpn-build" repo, i.e.
> the same version were used as in installer creation.
> not sure why do we want to have big matrix for cross builds.
>
> but I do not mind, the
openssl versions were aligned to those used in "openvpn-build" repo, i.e.
the same version were used as in installer creation.
not sure why do we want to have big matrix for cross builds.
but I do not mind, the more tests the better :)
пт, 5 окт. 2018 г. в 17:40, Steffan Karger :
> So we catch b
Acked-by: Gert Doering
Thanks. As we figured out, we miss testing openssl 1.0 <-> 1.1 for the
windows builds - no we do, and the test results nicely show the "1.0 only"
breakage before Arne's fix that just went in.
Your patch has been applied to the master and release/2.4 branch.
commit a29b60
Another ACK from me, looks good.
Your patch has been applied to the master and release/2.4 branch.
(This is refactoring so normally shouldn't go to 2.4, but since the
"set interface to DHCP" patch really is really fixing an omission in
the initial 2.4 interactive service implementation, I see t
Acked-by: Gert Doering
Thanks :-)
Your patch has been applied to the master and release/2.4 branch (keep
our compat wrapper aligned).
commit 720c880a8ca73e0f9e9b03e3c9d6031c026bccac (master)
commit c75e937657bf0ae9e9551163f77305d7658c71b3 (release/2.4)
Author: Arne Schwabe
Date: Fri Oct 5 14:
So we catch both compilation errors against OpenSSL 1.0 and 1.1 on Windows.
Signed-off-by: Steffan Karger
---
.travis.yml | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/.travis.yml b/.travis.yml
index 216f0a04..ede2aaa6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -53,7
Commit 6b495dc4c5cfc118091ddc9c19330b3c9e3e3dff introduced
RSA_meth_set_sign, which is OpenSSL 1.1.0 and newer. Add a compatibility
definition.
---
configure.ac | 1 +
src/openvpn/openssl_compat.h | 20
2 files changed, 21 insertions(+)
diff --git a/configure
Commit 6b495dc4c5cfc118091ddc9c19330b3c9e3e3dff introduced
RSA_meth_set_sign, which is OpenSSL 1.1.0 and newer. Add a compatibility
definition.
---
configure.ac | 1 +
src/openvpn/openssl_compat.h | 20
2 files changed, 21 insertions(+)
diff --git a/configure
Commit 6b495dc4c5cfc118091ddc9c19330b3c9e3e3dff introduced
RSA_meth_set_sign, which is OpenSSL 1.1.0 and newer. Add a compatibility
definition.
---
configure.ac | 1 +
src/openvpn/openssl_compat.h | 20
2 files changed, 21 insertions(+)
diff --git a/configure
Commit 6b495dc4c5cfc118091ddc9c19330b3c9e3e3dff introduced
RSA_meth_set_sign, which is OpenSSL 1.1.0 and newer. Add a compatibility
definition.
---
configure.ac | 1 +
src/openvpn/openssl_compat.h | 20
src/openvpn/ssl_openssl.c| 4
3 files changed,
Your patch has been applied to the master branch. Steffan says "it is
a bugfix so it should go to 2.4", but the underlying infrastructure
does not seem to be there yet (git cherry-pick tries to bring in lots
of extra stuff). So we can do that, but I need to be told which master
commits I need to
Hi,
On 26-04-18 16:24, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> In case of TLS 1.2 signatures, the callback rsa_priv_enc() gets
> the hash with the DigestInfo prepended. Signing this using
> NCryptSignHash() with hash algorithm id set to NULL works in most cases.
> But when using some
Your patch has been applied to the master branch and release/2.4 branch.
I would appreciate a followup-patch, though, that explains a bit better
what "do_set_ncp_options()" *does* - basically "save the initial set
of config options into a storage space from where it can be recovered
later on, to g
Hi,
On 13-07-18 16:16, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> The error is treated as a warning only if its triggered due
> to script_security < SSEC_SCRIPTS.
>
> This helps user interfaces enforce a safer script-security setting
> without causing a FATAL error.
But does it make se
Dear Selva,
I've got a similar results. Except the outbound network speed for win2016
server.
The bandwidth in clear is about 700 Mbits/sec in both directions and
different measures (with -R option and without it):
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 880 MByt
Hi,
On 20-09-18 15:12, Lev Stipakov wrote:
> From: Lev Stipakov
>
> NCP negotiation can alter options. On reconnect
> client sends possibly altered options while server
> expects original values. This leads to warnings
> in log and, if server uses --opt-verify, breaks
> reconnect.
>
> Fix by de
36 matches
Mail list logo
