At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v103:
* fix ifdef condition (use || instead of &&) in options.c
Changes from v102:
* remove platform defin
yes! This is what we need!
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Acked-by: Antonio Quartulli
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Am 11.08.22 um 19:11 schrieb Max Fillinger:
LibreSSL has added some of the functions that are defined here. However,
we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
Signed-off-by: Max Fillinger
---
src/openvpn/openssl_compat.h | 8
Signed-off-by: Frank Lichtenheld
---
src/openvpn/auth_token.h| 16 -
src/openvpn/block_dns.h | 16 -
src/openvpn/buffer.h| 7 ++--
src/openvpn/crypto.h| 18 --
src/openvpn/crypto_openssl.h| 3 +-
src/openvpn/dco_win.h
Signed-off-by: Frank Lichtenheld
---
dev-tools/uncrustify.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/dev-tools/uncrustify.conf b/dev-tools/uncrustify.conf
index 325f3108..c73fba0c 100644
--- a/dev-tools/uncrustify.conf
+++ b/dev-tools/uncrustify.conf
@@ -40,6 +40,7 @@ sp_after_comma
Am 18.08.22 um 17:21 schrieb Juliusz Sosinowicz:
Hi Arne,
thank you for your report. In the future, please send reports to
supp...@wolfssl.com to guarantee the fastest possible response. This
also helps us track bug reports. I have forwarded this report for you.
Either I or someone else will
Hi,
On Thu, Aug 18, 2022 at 12:09:53PM +0200, Antonio Quartulli wrote:
> At the moment dco-win doesn't support --persist-tun and --server,
> so check for these options at startup time.
>
> Signed-off-by: Antonio Quartulli
> Signed-off-by: Lev Stipakov
I was about to merge this (and thank you f
Am 18.08.22 um 16:39 schrieb Heiko Hund:
Patch and thus series doesn't apply anymore, in addition to eventual changes
also please rebase.
On Freitag, 20. Mai 2022 23:32:47 CEST Arne Schwabe wrote:
+ If both server and client support sending this message using the control
+ channel, the messag
Am 18.08.22 um 16:38 schrieb Heiko Hund:
On Freitag, 1. Juli 2022 00:42:55 CEST Arne Schwabe wrote:
Basically if I had been a bit more forwarding looking we would now have
protocol-flags ekm cc-exit instead of key-derivation ekm and
protocol-flags cc-exit
Then maybe also add support for handli
I've stared at the code for a while... I'm not really happy with the
jumping back and forth between dco.c and tun.c (who is supposed to
understand that code flow in 6 weeks from now?). That said, the
"non windows" changes in this patch are harmless enough, and the
"windows bits" do look safe enou
Thanks. This was left hanging in the cold for some reason... merged
now. I've subjected it to the usual test for DCO related stuff (client
with no-dco kernel, client with dco, server with dco) and verified that
the same instances have DCO enabled that had before - glad for Arne's
GLOBAL_STATS pat
Hi,
On Thu, Aug 18, 2022 at 04:39:07PM +0200, Heiko Hund wrote:
> On Freitag, 20. Mai 2022 23:32:48 CEST Arne Schwabe wrote:
> > This simplifies the buffer handling in the method and adds a quick
> > return instead of wrapping the whole method in a if (pull) block
> >
> > Patch V2: remove uncessa
Hi Arne,
thank you for your report. In the future, please send reports to
supp...@wolfssl.com to guarantee the fastest possible response. This
also helps us track bug reports. I have forwarded this report for you.
Either I or someone else will investigate this and get back to you with
a solu
DEL_PEER events can be sent by ovpn-dco to userspace for various reasons.
We should trigger the ping timeout reaction only if the reason was
"peer has expired".
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/op
What Frank said, and the nitpick about this hunk which should be removed:
On Freitag, 20. Mai 2022 23:32:50 CEST Arne Schwabe wrote:
> @@ -1376,6 +1440,7 @@ verify_user_pass_plugin(struct tls_session *session,
> struct tls_multi *multi, /* call command */
> retval = plugin_call(session->opt->
Patch and thus series doesn't apply anymore, in addition to eventual changes
also please rebase.
On Freitag, 20. Mai 2022 23:32:47 CEST Arne Schwabe wrote:
> + If both server and client support sending this message using the control
> + channel, the message will be sent as control-channel messa
On Freitag, 20. Mai 2022 23:32:49 CEST Arne Schwabe wrote:
> This allows a server to indicate a temporary problem on the server and
> allows the server to indicate how to proceed (i.e. move to the next server,
> retry the same server, wait a certain time,...)
>
> This adds options_utils.c/h to be
On Freitag, 1. Juli 2022 00:42:55 CEST Arne Schwabe wrote:
> Basically if I had been a bit more forwarding looking we would now have
> protocol-flags ekm cc-exit instead of key-derivation ekm and
> protocol-flags cc-exit
Then maybe also add support for handling ekm via --protocol-flags and
deprec
On Freitag, 20. Mai 2022 23:32:48 CEST Arne Schwabe wrote:
> This simplifies the buffer handling in the method and adds a quick
> return instead of wrapping the whole method in a if (pull) block
>
> Patch V2: remove uncessary ifdef/endif and unnecassary block
Acked-by: Heiko Hund
___
Acked-by: Gert Doering
Seems we need an uncrustify option to enforce this for new code
(*most* prototypes have the "all-in-one-line" approach, some follow
the "return type on previous line" as for functions).
Subject fixed, ssl_util, not ssh_util :-)
Your patch has been applied to the master br
Acked-by: Gert Doering
Test compiled on Linux and FreeBSD, just to be sure.
Your patch has been applied to the master branch.
commit 329cb7ed2cb8503e99bed5bf3499f2194536d6ce
Author: Lev Stipakov
Date: Wed Aug 17 22:12:23 2022 +0200
dco.h: fix return type when DCO is not enabled
Si
Hi,
On Mon, Aug 08, 2022 at 01:27:38PM +0200, Gert Doering wrote:
> If the inside packet is fragmented already, Linux kernel hands us
> packets with skb->ignore_df=0. Since this is applied to the encapsulated
> packet, the kernel will then refuse to fragment the resulting UDP/IPv6
> packet (for I
Thanks a lot, will do!
On August 18, 2022, at 05:10, tincantech wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Magnus,
can you report this as an issue on github, please ?
https://github.com/OpenVPN/easy-rsa/issues
My first guess would be the version of openssl 3.0.1 is at fault.
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v102:
* remove platform defined log level and make check_options_ calls on
Windows explicit and document
Hi,
On Thu, Aug 18, 2022 at 11:26:38AM +0200, Antonio Quartulli wrote:
> -#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
> -o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o)
> -||
> !dco_check_startup_option_conflict(D_DCO, o);
> -#
At the moment dco-win doesn't support --persist-tun and --server,
so check for these options at startup time.
Signed-off-by: Antonio Quartulli
Signed-off-by: Lev Stipakov
---
Changes from v101:
* rebased
* remove call to dco_check_option_ from verify() and reuse invocation
that was already im
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Magnus,
can you report this as an issue on github, please ?
https://github.com/OpenVPN/easy-rsa/issues
My first guess would be the version of openssl 3.0.1 is at fault.
Thanks,
Richard
Sent with Proton Mail secure email.
--- Original M
This patch is supposed to implement no function change.
The only change in behaviour that can be observed is the IV_/UV_ variables
being printed in different order compared to before applying this patch.
However, order does not matter, so we don't need to retain it.
What this change really does i
Hi,
Typo, subject should probably be s/ssh_util/ssl_util
Regards,
Simon
> Function prototypes should have the return type on the same line as the
> function name itself. Fix this in ssl_util.h.
>
> Signed-off-by: Antonio Quartulli
> ---
> src/openvpn/ssl_util.h | 13 +
> 1 file cha
On Donnerstag, 17. Februar 2022 19:22:34 CEST Arne Schwabe wrote:
> @@ -590,6 +590,7 @@ init_query_passwords(const struct context *c)
> /* Auth user/pass input */
> if (c->options.auth_user_pass_file)
> {
> +enable_auth_user_pass();
> #ifdef ENABLE_MANAGEMENT
> aut
Function prototypes should have the return type on the same line as the
function name itself. Fix this in ssl_util.h.
Signed-off-by: Antonio Quartulli
---
src/openvpn/ssl_util.h | 13 +
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/openvpn/ssl_util.h b/src/openvpn
Hi,
On Sat, Aug 13, 2022 at 10:42:19PM +0200, Antonio Quartulli wrote:
> At the moment dco-win doesn't support --persist-tun and --server,
> so check for these options at startup time.
This needs rebasing anyway (due to the startup change), but while at it...
> +
> +if (options->windows_driv
Am 18.08.22 um 03:37 schrieb Magnus Larsson via Openvpn-devel:
Hi,
I just moved from Ubuntu 20.04 LTS (where the exact command works fine
and does not prompt for pass phrase) to Red Hat Enterprise Linux 9 and
installed Easy-RSA via EPEL.
Probably old keys with now unsupported RC4 encryption
Taking the ACK from Lev on 102, applying to 103 - which mostly has
"better wording". I have tested this on the DCO test rig, and it's
fine with the change.
I wouldn't be surprised to see more work in this area for "we need to
be able to send packets to not-yet-authenticated remotes in p2p mode",
35 matches
Mail list logo
