[Openvpn-devel] [PATCH] make %x destination unsigned

The %x specifier requires for the argument to be an unsigned int. Signed-off-by: Heiko Hund --- src/openvpn/options.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9ff384d0..3dbd3fab 100644 --- a/src/openvpn/options.c +++

[Openvpn-devel] [PATCH] signal --dns support in peer info

Have clients set a bit in IV_PROTO, so that servers can make an informed decision on whether to push --dns to the client. While unknown options are ignored by clients when pushed, they generate a warning in the log. That can be circumvented by server backends by checking if bit 7 is set. Signed-of

[Openvpn-devel] [PATCH 6/7] Fix allowing/showing unsupported ciphers and digests

This is a minimal version to hide the non-supported ciphers in these show-cipher/show-digests listings. It also adds code to the kt_md_get/ kt_cipher_get functions to error out early instead of getting an ugly backtrace with OpenSSL errors later when actually trying to use the ciphers. This allows

[Openvpn-devel] [PATCH 5/7] Add --with-openssl-engine autoconf option (auto|yes|no)

This is a cherry-pick to release2.5 from 0df2261da. The OpenSSL engine tests fail otherwise and it is good to have the same behaviour as in master/2.6 This allows to select engine support at configure time. For OpenSSL 1.1 the default is not changed and we detect if engine support is available.

[Openvpn-devel] [PATCH 0/7] Improve OpenSSL 3.0 support in OpenVPN 2.5

We already see distros shipping 2.5 with OpenSSL 3.0 and while it builds and works, there are number of problems. This patch addresses most of them while not backporting the full refactoring that also allows using ciphers and digests from providers that were not present in OpenSSL itself. Also the

[Openvpn-devel] [PATCH 7/7] Remove dependency on BF-CBC existance from test_ncp

The test_check_ncp_ciphers_list test assumed that BF-CBC is always available, which is no longer the case with OpenSSL 3.0. Rewrite the test to not rely on BF-CBC to be available. Signed-off-by: Arne Schwabe Acked-by: Max Fillinger Message-Id: <20211019183127.614175-14-a...@rfc2549.org> URL: ht

[Openvpn-devel] [PATCH 3/7] Add ubuntu 22.04 to Github Actions

This adds Ubuntu 22.04 to the Github actions. mbed TLS in 22.04 is still old enough (2.28) to build with OpenVPN and GPL licensed. Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20220506132836.1318985-2-a...@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sou

[Openvpn-devel] [PATCH 4/7] Add macos OpenSSL 3.0 and ASAN builds

Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20211019183127.614175-21-a...@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23018.html Signed-off-by: Gert Doering --- .github/workflows/build.yaml | 28 +--- 1 file

[Openvpn-devel] [PATCH 1/7] Refactor early initialisation and uninitialisation into methods

This put the early initialisation and uninitialisation that needs to happen between option parsing and post processing into small methods. Cherry-pick of 97056dbf9 as prerequirement for the provider patch Signed-off-by: Arne Schwabe --- src/openvpn/openvpn.c | 23 ++- 1 file

[Openvpn-devel] [PATCH 2/7] Allow loading of non default providers

This allows OpenVPN to load non-default providers. This is mainly useful for loading the legacy provider with --providers legacy default Cherry-pick of 08081aa0a153 to release/2.5. Changes.rst has been adjust to better fit the changes in 2.5. Signed-off-by: Arne Schwabe --- Changes.rst