Attention is currently required from: MaxF, plaisthos.
flichtenheld has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/402?usp=email )
Change subject: Enable key export with mbed TLS 3.x.y
..
Patch Set
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/403?usp=email )
Change subject: Disable TLS 1.3 support with mbed TLS
..
Disable TLS 1.3 support with mbed TLS
As of version 3.5.0 the TLS-Exporter functi
cron2 has uploaded a new patch set (#6) to the change originally created by
MaxF. ( http://gerrit.openvpn.net/c/openvpn/+/403?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
Change subject: Disable TLS 1.3 support with mbed TLS
..
Your patch has been applied to the master branch.
commit efad93d049c318a3bd9ea5956c6ac8237b8d6d70 (master)
Author: Max Fillinger
Date: Wed Nov 15 16:17:40 2023 +0100
Disable TLS 1.3 support with mbed TLS
Signed-off-by: Max Fillinger
Acked-by: Frank Lichtenheld
Message-Id:
From: Max Fillinger
As of version 3.5.0 the TLS-Exporter function is not yet implemented in
mbed TLS, and the exporter_master_secret is not exposed to the
application either. Falling back to an older PRF when claiming to use
TLS1.3 seems like false advertising.
Change-Id: If4e1c4af9831eb1090ccb3
The patch looks reasonable so far. Haven't tested it, just test compiled
with GHA.
Looking forward to the day we can get rid of --ip-win32, and simplify
all these messages having '"%s ...", prefix' in them.
I have taken the liberty of wrapping the open_tun() line - "80-110 chars"
is our limit, n
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/424?usp=email )
Change subject: Warn if pushed options require DHCP
..
Warn if pushed options require DHCP
Some pushed options (such as DOMAIN-SEARCH) req
cron2 has uploaded a new patch set (#5) to the change originally created by
stipa. ( http://gerrit.openvpn.net/c/openvpn/+/424?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
Change subject: Warn if pushed options require DHCP
...
cron2 has uploaded a new patch set (#2) to the change originally created by
stipa. ( http://gerrit.openvpn.net/c/openvpn/+/428?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
Change subject: Warn if pushed options require DHCP
...
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/428?usp=email )
Change subject: Warn if pushed options require DHCP
..
Warn if pushed options require DHCP
Some pushed options (such as DOMAIN-SEARCH) req
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/427?usp=email )
Change subject: Make --dns options apply for tap-windows6 driver
..
Make --dns options apply for tap-windows6 driver
When tap-windows6 dri
cron2 has uploaded a new patch set (#4) to the change originally created by
stipa. ( http://gerrit.openvpn.net/c/openvpn/+/423?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
Change subject: Make --dns options apply for tap-windows6 driver
..
cron2 has uploaded a new patch set (#3) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/426?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: Do not check key_state buffers that are in S_UNDEF state
.
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/426?usp=email )
Change subject: Do not check key_state buffers that are in S_UNDEF state
..
Do not check key_state buffers that are in S_UNDEF state
When
Haven't tested this for real, but it looks very reasonable. Just inject
the proper flag on "--dns", the backend data structures are already
filled, we just didn't know that we should use them.
Sanity tested via GHA build.
Your patch has been applied to the master and release/2.6 branch
(bugfix,
cron2 has uploaded a new patch set (#2) to the change originally created by
stipa. ( http://gerrit.openvpn.net/c/openvpn/+/427?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
Change subject: Make --dns options apply for tap-windows6 driver
..
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/423?usp=email )
Change subject: Make --dns options apply for tap-windows6 driver
..
Make --dns options apply for tap-windows6 driver
When tap-windows6 dri
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/430?usp=email )
Change subject: event/multi: add event_arg object to make event handling more
generic
..
Restored
--
To view, visit http://gerrit.openvpn.
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/431?usp=email )
Change subject: pass link_socket object to i/o functions
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/431?usp=email
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/432?usp=email )
Change subject: io_work: convert shift argument to uintptr_t
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/432?usp=em
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/433?usp=email )
Change subject: io_work: pass event_arg object to event handler in case of
socket event
..
Restored
--
To view, visit http://gerrit.openvp
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/434?usp=email )
Change subject: allow tcp/udp server to listen on multiple ports at the same
time
..
Restored
--
To view, visit http://gerrit.openvpn.net/
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/435?usp=email )
Change subject: if a local IPv6 address is provided, socket must be v6-only
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/openv
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/436?usp=email )
Change subject: allow user to specify 'local' multiple times in config files
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/open
I have tested the "lite" version of that patch (only the S_UNDEF patch)
for 30+ hours in a scenario that managed to crash after a few hours without
it, so am reasonably confident it fixes the 2.6.7 crashes observed - in
case there *are* other cases, we added a M_FATAL so we stop with a debug
note,
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/437?usp=email )
Change subject: override ai_family if 'local' numeric address was specified
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/openv
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/438?usp=email )
Change subject: Bind to multiple ipv4/ipv6 addresses
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/438?usp=email
To
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/439?usp=email )
Change subject: mroute: properly print protocol at the end of the string
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/openvpn/
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/440?usp=email )
Change subject: Using the same wait function for both TCP and UDP
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/440?u
ordex has restored this change. (
http://gerrit.openvpn.net/c/openvpn/+/441?usp=email )
Change subject: multiproto: move generic event handling code in dedicated files
..
Restored
--
To view, visit http://gerrit.openvpn.net/c/o
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/431?usp=email )
Change subject: pass link_socket object to i/o functions
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/431?usp=emai
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/439?usp=email )
Change subject: mroute: properly print protocol at the end of the string
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c/openvp
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/430?usp=email )
Change subject: event/multi: add event_arg object to make event handling more
generic
..
Abandoned
--
To view, visit http://gerrit.openvp
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/438?usp=email )
Change subject: Bind to multiple ipv4/ipv6 addresses
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/438?usp=email
To
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/434?usp=email )
Change subject: allow tcp/udp server to listen on multiple ports at the same
time
..
Abandoned
--
To view, visit http://gerrit.openvpn.ne
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/436?usp=email )
Change subject: allow user to specify 'local' multiple times in config files
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c/op
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/433?usp=email )
Change subject: io_work: pass event_arg object to event handler in case of
socket event
..
Abandoned
--
To view, visit http://gerrit.open
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/440?usp=email )
Change subject: Using the same wait function for both TCP and UDP
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/440
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/435?usp=email )
Change subject: if a local IPv6 address is provided, socket must be v6-only
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c/ope
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/432?usp=email )
Change subject: io_work: convert shift argument to uintptr_t
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/432?usp=
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/437?usp=email )
Change subject: override ai_family if 'local' numeric address was specified
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c/ope
ordex has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/441?usp=email )
Change subject: multiproto: move generic event handling code in dedicated files
..
Abandoned
--
To view, visit http://gerrit.openvpn.net/c
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/438?usp=email
to review the following change.
Change subject: Bind to multiple ipv4/ipv6 addresses
...
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/436?usp=email
to review the following change.
Change subject: allow user to specify 'local' multiple times in
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/432?usp=email
to review the following change.
Change subject: io_work: convert shift argument to uintptr_t
...
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/439?usp=email
to review the following change.
Change subject: mroute: properly print protocol at the end of th
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/440?usp=email
to review the following change.
Change subject: Using the same wait function for both TCP and UD
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/431?usp=email
to review the following change.
Change subject: pass link_socket object to i/o functions
...
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/430?usp=email
to review the following change.
Change subject: event/multi: add event_arg object to make event
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/435?usp=email
to review the following change.
Change subject: if a local IPv6 address is provided, socket must
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/437?usp=email
to review the following change.
Change subject: override ai_family if 'local' numeric address wa
Attention is currently required from: flichtenheld, plaisthos.
Hello plaisthos, flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/433?usp=email
to review the following change.
Change subject: io_work: pass event_arg object to event handler
Meeting summary for 15 November 2023:
* *Updated: OpenVPN 2.6.7 release*
/The 2.6.7 release was made last week on November 9th 2023./
/There was a segfault crash reported that points to double check
buffer leak code./
/There was a mention of fragment 0 not working anymore (since
2
Attention is currently required from: MaxF, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/403?usp=email
to look at the new patch set (#5).
The change is no longer submittable: checks~ChecksSubmitRule is unsa
From: Lev Stipakov
Some pushed options (such as DOMAIN-SEARCH) require
DHCP server to work. Warn user that some options
will not work if the current driver (such as dco-win)
doesn't support DHCP.
Change-Id: Ie512544329a91fae15409cb18f29d8be617051a1
Signed-off-by: Lev Stipakov
Acked-by: Frank Li
From: Lev Stipakov
When tap-windows6 driver is used, both --dhcp-option and
--dns options are applied with DHCP. When processing --dns options,
we don't set "tuntap_options.dhcp_options" member, which is required
for DHCP string to be sent to the driver. As a result, --dns options
are not applied
From: Arne Schwabe
When a key_state is in S_UNDEF the send_reliable is not initialised. So
checking it might access invalid memory or null pointers.
Github: fixes OpenVPN/openvpn#449
Change-Id: I226a73d47a2b1b29f7ec175ce23a806593abc2ac
[a...@unstable.cc: add check for !send_reliable and message
Attention is currently required from: flichtenheld, ordex, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/426?usp=email )
Change subject: Do not check key_state buffers that are in S_UNDEF state
...
Attention is currently required from: flichtenheld, plaisthos.
ordex has uploaded a new patch set (#2) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/426?usp=email )
Change subject: Do not check key_state buffers that are in S_UNDEF state
Attention is currently required from: flichtenheld, plaisthos.
ordex has removed a vote from this change. (
http://gerrit.openvpn.net/c/openvpn/+/426?usp=email )
Change subject: Do not check key_state buffers that are in S_UNDEF state
Attention is currently required from: flichtenheld, plaisthos.
ordex has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/426?usp=email )
Change subject: Do not check key_state buffers that are in S_UNDEF state
..
61 matches
Mail list logo
