Quick sanity check on FreeBSD/1.0.2s, Linux/1.1.1g, Linux/mbedTLS
(client side only). All good.
Your patch has been applied to the master branch.
commit 94edc7c5dd3cf8988df15fe4d7bd6cba9486b2a6
Author: Arne Schwabe
Date: Mon Jul 20 14:17:04 2020 +0200
Require AEAD support in the crypto l
Your patch has been applied to the master branch.
Whitespace fixed on-the-go.
Sanity-tested on Linux / 1.1.1g and FreeBSD / 1.0.2s (client only).
commit ec7d0e8e0f8cd8f1c5fab58c795a59828eba6ae7
Author: Arne Schwabe
Date: Fri Jul 17 15:47:32 2020 +0200
Drop support for OpenSSL 1.0.1
On 20/07/2020 15:22, Arne Schwabe wrote:
> Am 20.07.20 um 15:16 schrieb David Sommerseth:
>> On 17/07/2020 15:47, Arne Schwabe wrote:
>>> Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients.
>>>
>>> Patch V2: Fix style. Make V1 op codes illegal, remove all code handling
>>> v1
1x typo, 3x suggestions
On 20/07/2020 15:27, Arne Schwabe wrote:
Signed-off-by: David Sommerseth
Signed-off-by: Arne Schwabe
Patch V5: Fix typos, clarify man page section about deferred client-connect
script. Add section to Changes.rst
Patch V6: Convert manpage to rst
Signed-off-by: David Sommerseth
Signed-off-by: Arne Schwabe
Patch V5: Fix typos, clarify man page section about deferred client-connect
script. Add section to Changes.rst
Patch V6: Convert manpage to rst
It also incoroporates suggested changes from Richard Bonhomme
[0]
[0
Am 20.07.20 um 15:16 schrieb David Sommerseth:
> On 17/07/2020 15:47, Arne Schwabe wrote:
>> Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients.
>>
>> Patch V2: Fix style. Make V1 op codes illegal, remove all code handling
>> v1 op codes and give a good warning message if we e
On 17/07/2020 15:47, Arne Schwabe wrote:
> Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients.
>
> Patch V2: Fix style. Make V1 op codes illegal, remove all code handling
> v1 op codes and give a good warning message if we encounter
> them in the legal op codes pre-
Hi,
On 20-07-2020 14:17, Arne Schwabe wrote:
> All supported crypto libraries have AEAD support and with our
> ncp/de facto default cipher AES-256-GCM we do not want to support
> the obscure corner case of a library with disabled AEAD.
>
> Signed-off-by: Arne Schwabe
>
> Patch V2: Remove three
Hi,
On 20/07/2020 10:17, Arne Schwabe wrote:
This allows us to skip waiting for the first PUSH_REQUEST message from
the client to send the response.
This changes the interpretation of IV_PROTO from a scalar to a bitfield
Since we only have IV_PROTO=2 defined so far and will support DATA_V2
this
All supported crypto libraries have AEAD support and with our
ncp/de facto default cipher AES-256-GCM we do not want to support
the obscure corner case of a library with disabled AEAD.
Signed-off-by: Arne Schwabe
Patch V2: Remove three instances of (harmless) #ifdef Steffan spotted
tha
Hi,
On 17-07-2020 15:47, Arne Schwabe wrote:
> All supported crypto libraries have AEAD support and with our
> ncp/de facto default cipher AES-256-GCM we do not want to support
> the obscure corner case of a library with disabled AEAD.
Again: feature-ACK, but some comments.
config-msvc.h still h
This option has been deprecated since OpenVPN 2.1 and it has been
highlighted in the documentation and log files since OpenVPN 2.4.4.
Signed-off-by: David Sommerseth
---
Changes.rst | 3 +++
src/openvpn/options.c | 9 -
2 files changed, 3 insertions(+), 9 deletions(-)
diff --g
Hi,
On 17-07-2020 15:47, Arne Schwabe wrote:
> OpenSSL 1.0.1 was supported until 2016-12-31. Rhel6/Centos6 still
> use this version but considering that RHEL7 and RHEL8 are already
> out, these versions can also stay with OpenVPN 2.4.
>
> All the supported Debian based distributions also come wit
This removes support for the --client-cert-not-required option. To
avoid starting a server with this option just ignored, which would make
it impossible for existing clients to connect it will exit with
instructions to replace this option with --verify-client-cert none.
Signed-off-by: David Somme
Your patch has been applied to the master branch.
commit df85950a61879517ae77472eeef526cdd1906662
Author: David Sommerseth
Date: Mon Jul 20 12:38:22 2020 +0200
travis: Fix make distcheck failure
Signed-off-by: David Sommerseth
Acked-by: Arne Schwabe
Message-Id: <202007201
This removes support for the --client-cert-not-required option. To
avoid starting a server with this option just ignored, which would make
it impossible for existing clients to connect it will exit with
instructions to replace this option with --verify-client-cert none.
Signed-off-by: David Somme
Am 20.07.20 um 12:38 schrieb David Sommerseth:
> Since commit f500c49c8e0, the man page and html documentation need to be
> generated when building out of the git repository, as both openvpn.8 and
> openvpn.8.html will be shipped pregenerated inside the tarball generated
> by 'make dist'.
>
> Trav
Acked-by: Gert Doering
Stared-at-code, and whacked it from all sides - sync and
async/deferred CLIENT_CONNECT and CLIENT_CONNECT_V2, with
"success", "failure" and "disabled" rejection:
Test sets succeeded: 5 5a 5b 5c 5v1 5v2 5v3 5w1 5w2 5w3 5w4 5x1 5x2 5x3 5x4.
Test sets failed: none.
(Full "f
Since commit f500c49c8e0, the man page and html documentation need to be
generated when building out of the git repository, as both openvpn.8 and
openvpn.8.html will be shipped pregenerated inside the tarball generated
by 'make dist'.
Travis was lacking the python-docutils package, which made the
Hi,
On Sun, Jul 19, 2020 at 10:05:54PM +0200, Gert Doering wrote:
[..]
> the fact that it's reading the "client specific options" even in case of
> failure is clear form the source (but I decided that it won't do harm, so
> "leave it in") but the fact that it's not logging the failure is not goo
Patch has been applied to the master branch.
commit 3658e57797656e63e35be65397101a7191897272
Author: Gert Doering
Date: Mon Jul 20 09:08:02 2020 +0200
Separate handling of non-deferred return values for client-connect-scripts.
Signed-off-by: Gert Doering
Acked-by: Arne Schwabe
Acked-by: Gert Doering
Stared-at-code, server torture test, all succeeded.
Grammar change from Richard included (in the "v1 api" comment).
I have modified the commit message a bit to make it more clear that
this is about CLIENT_CONNECT and CLIENT_CONNECT_V2, not plugin_func_v1()
vs. plugin_fun
Hi,
On 20/07/2020 11:17, Arne Schwabe wrote:
> This allows us to skip waiting for the first PUSH_REQUEST message from
> the client to send the response.
>
> This changes the interpretation of IV_PROTO from a scalar to a bitfield
> Since we only have IV_PROTO=2 defined so far and will support DATA
Am 20.07.20 um 09:08 schrieb Gert Doering:
> (Only) on "CC_RET_SUCCESS", run multi_client_connect_post().
>
> On "CC_RET_FAILURE", add missing log line, do not call ..._post().
>
> Signed-off-by: Gert Doering
> ---
> src/openvpn/multi.c | 8 +++-
> 1 file changed, 7 insertions(+), 1 deletio
This allows us to skip waiting for the first PUSH_REQUEST message from
the client to send the response.
This changes the interpretation of IV_PROTO from a scalar to a bitfield
Since we only have IV_PROTO=2 defined so far and will support DATA_V2
this should not make any problem. This avoid adding
Hi,
On 17-07-2020 15:47, Arne Schwabe wrote:
> This allows us to skip waiting for the first PUSH_REQUEST message from
> the client to send the response.
Feature-ACK, clever use of existing infra. Some comments though:
This commit message could use a bit more information. In particular, it
would
Acked-by: Gert Doering
Stared-at-code, tortured with the test framework
master...
Test sets succeeded: 1 1a 1b 1c 1d 1e 2 2a 2b 2c 2d 2e 3 4 5 5a 5v1 5v2 5v3 5w1
5w2 5w3 5w4 5y 5z 6 7 7x 8 8a 9 2f 4b.
Test sets failed: none.
and verified by "looking at logfile in realtime" that it will now,
i
(Only) on "CC_RET_SUCCESS", run multi_client_connect_post().
On "CC_RET_FAILURE", add missing log line, do not call ..._post().
Signed-off-by: Gert Doering
---
src/openvpn/multi.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.
28 matches
Mail list logo
