a>
This is more or less a workaround for this issue, but it is considered
safe as it's only used by the test programs. And it may very well be a
false-positive from the GCC-15 compiler - but I need to dig deeper into
this to conclude either way.
--
kind regards,
David Sommerseth
OpenVPN
tps://github.com/OpenVPN/openvpn3/commit/5a77f05b68be54351b6fc36396930fb2ce54702b>
<https://github.com/OpenVPN/openvpn3/commit/bb120dafb16bc9ee6f4f61c40f12d0054f8700f3>
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@li
- Red Hat Enterprise Linux 8, 9
- Ubuntu: 22.04, 24.04
Red Hat Enterprise Linux 10 is in tech preview.
Installation and getting started instructions can be found here:
<https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux>
--
kind regards,
David Sommerseth
OpenVPN Inc
Sour
rds,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
argv_printf_cat(&argv, "%s", prompt);
if ((std_out = openvpn_popen(&argv, NULL)) < 0)
Given the confirmation by Ben in this reply [1], I give this my ACK.
I've also double checked the git commit log in systemd to verify his
finding.
Acked-By: David So
ment in systemd-ask-password, this can get my ACK.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
should
be prepended with a '_'.
Signed-off-by: Marc Leeman
Approved-by: David Sommerseth
<https://codeberg.org/OpenVPN/openvpn3-linux/commit/9a1cf3fae9fb3788e9714d148d9b7efcb5f4c948>
--
kind regards,
David Sommer
a lot. All but the 'nam' spellings has been resolved. I was not
able to locate the 'nam' spelling anywhere. If this continue to appear,
we need to figure out which object file this comes from.
commit 6b16d119810b0cec66fab1afa79c33ecb6c73234
Author: David Sommerseth
Date: Mon
u: 20.04, 22.04, 24.04
Red Hat Enterprise Linux 10 Beta is in also tech preview.
Fedora 39 has reached EOL and is no longer supported.
Installation and getting started instructions can be found here:
<https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux>
--
kind rega
is
just plain misconfiguration.
Since you seem to run OpenVPN Access Server, just log into the web
portal and download a new configuration profile.
This has certainly nothing to do with any kind of security issues.
--
kind regards,
Davi
penVPN Access Server, just log into the web
portal and download a new configuration profile.
This has certainly nothing to do with any kind of security issues.
--
kind regards,
David Sommerseth
OpenVPN Inc
On 18/11/2024 15:17, נתי שטרן wrote:
*_
_*
*_server logs:_*
[...snip...]
בתאריך יום
o the server because of
network connectivity issues is not a CVE.
This case is closed.
--
kind regards,
David Sommerseth
OpenVPN Inc
On 18/11/2024 08:37, נתי שטרן wrote:
What can I do to assign a CVE?
I attached the CVE team of ISRAEL CERT to conversation
tnx
בתאריך יום ב׳, 18 בנוב׳
it a patch
using the git tools. Then the patch is reviewed and discussed, and if
it is approved (ACKed) it is applied to the appropriate git branches in
the official git repositories.
More details here:
<https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation>
--
kind reg
On 13/11/2024 15:24, נתי שטרן wrote:
In which programming languages openvpn has written?
Python , C or etc.?
We do expect you to do some research on your own. But here is a
starting point: https://github.com/OpenVPN/
--
kind regards,
David Sommerseth
OpenVPN Inc
here: https://openvpn.net/contact/
If you find critical issue, we kindly ask you to PGP encrypt the report
you send to secur...@openvpn.net.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-
n requirements were fulfilled is not important for
OpenVPN. And that's what the current plug-in API already gives you.
If the auth-pam plug-in is not sufficient, I'd like to see some
exploration if that could be improved - or by adding a new auth-plugin
which OpenVPN can use, which sol
ere.
Your changes makes sense, so I don't expect any issues here. Going to
test it a bit first, though.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourcefo
this is too strict as some
distros (namely NixOS) may have the 'include' directory with
a differently named parent. Thus this change minimizes the
hardcoded part of the path to make it more flexible.
Signed-off-by: Petr Portnov
Thanks a lot
ly.
I've seen your patch, and it makes total sense. It's in my pipe to get
merged as soon as I have cleaned up a bunch of other changes as well.
Again, sorry for the slow response.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Op
8, 9
- Ubuntu: 20.04, 22.04, 24.04
Installation and getting started instructions can be found here:
<https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux>
Debian 11, Red Hat Enterprise Linux 7 and Ubuntu 23.10 are EOL and
is no longer supported.
--
kind
Enterprise Linux 7 and
Ubuntu 23.10 will go EOL in just a few days or weeks and will no longer
be supported.
[3] Fedora Copr development snapshots:
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn3-devsnapshots/>
--
kind regards
On 22/11/2023 22:51, Gert Doering wrote:
Hi,
On Wed, Nov 22, 2023 at 03:31:10PM +0100, David Sommerseth wrote:
From: David Sommerseth
As OpenVPN 2.6+ is doing some adoptions to the license text, all
prior contributors need to accept this new text. Unfortunately, Mathieu
Giannecchini who
From: David Sommerseth
After removing --tls-export-cert, this function was left in the code
base with no other users. This was an oversight in the previous
change. Removing it to avoid leaving dead code behind.
Signed-off-by: David Sommerseth
---
src/openvpn/ssl_verify_backend.h | 11
From: David Sommerseth
After removing --tls-export-cert, this function was left in the code
base with no other users. This was an oversight in the previous
change. Removing it to avoid leaving dead code behind.
Signed-off-by: David Sommerseth
---
src/openvpn/ssl_verify_backend.h | 11
From: David Sommerseth
As OpenVPN 2.6+ is doing some adoptions to the license text, all
prior contributors need to accept this new text. Unfortunately, Mathieu
Giannecchini who implemented the --tls-export-cert feature did not
respond at all. Without an explicit acceptance we need to remove
From: David Sommerseth
As OpenVPN 2.6+ is doing some adoptions to the license text, all
prior contributors need to accept this new text. Unfortunately, Mathieu
Giannecchini who implemented the --tls-export-cert feature did not
respond at all. Without an explicit acceptance we need to remove
d here:
<https://github.com/OpenVPN/openvpn3-linux/issues/193>
--
kind regards,
David Sommerseth
OpenVPN Inc
Source tarballs ---
* OpenVPN 3 Linux v21
<https://swupdate.openvpn.net/community/releases/openvpn3-linux-21.tar.xz
e
comments and commit messages, but the code itself is unchanged.
I'll follow-up with an update once this commit is public.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.s
send-email -v2 \
--in-reply-to 20230709231929.195048-1-jeremyfleisch...@gmail.com
Thx!
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
remove_signal_receiver() call. We should avoid that.
I'm not familiar with path email etiquette/best practices. Let me know
if/when I should send a fully updated patch.
So far, we've discussed possible solutions - so it has been fine doing
it like this now. But I thin
it (LogCallback(None)) before setting the new one. And if more
callbacks functions is wanted/needed, the additional ones can be called
via the callback function registered with the LogCallback(). No need to
make this code more complicated.
Otherwise, I like what you did to __set_log_forward().
se
reference counting, it should be a bit more robust as it bases the
decision on the value of the callback function pointers.
Thoughts?
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On 02/08/2023 13:31, David Sommerseth wrote:
From: David Sommerseth
The code was very clear if we accept that the base64 decode of the
There is a "not" missing in the line above: "The code was not very
clear ..."
I'm fine with fixing this at commit time.
From: David Sommerseth
The code was very clear if we accept that the base64 decode of the
NTLM challenge was truncated or not. Move the related code lines
closer to where it first used and comment what we are not concerned
about any truncation.
If the decoded result is truncated, the NTLM
ith gmail.com; which is why we generally recommend to
use 'git send-mail' [1].
In this specific case, resending the patch as an attachment can also work.
[1] <https://git-scm.com/docs/git-send-email>
--
kind regards,
David Sommerseth
OpenVPN Inc
_
the editor, just add "[Service]" and those two
lines mentioned earlier. You might want to have a bit longer "Restart"
timer, but that's up to the local sysadmin to judge best.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
6a3-1a61-d112-7a48-a7da4af38...@eurephia.org>
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26269.html>
Acked-By: David Sommerseth
---
COPYING | 47 +++
1 file changed, 47 insertions(+)
diff --git a/COPYING b/C
From: David Sommerseth
Your patch has been applied to the master branch
commit 97c729808a688364c16d17f7c34a4c7229ca0131 master
Author: Frank Lichtenheld
Date: Tue, 02 May 2023 12:02:27 +
docs/man: Fix description in openvpn3-config-manage man page
Signed-off-by: Frank
dback through various channels through all these releases. You have
all been important in ensuring this project has evolved and matured. I'm
sorry I don't have a proper list of all you, but you would also deserve
to be mentioned.
--
kind regards,
David Sommerseth
Ope
On 14/03/2023 10:02, David Sommerseth wrote:
On 14/03/2023 09:45, David Sommerseth wrote:
On 11/03/2023 06:24, selva.n...@gmail.com wrote:
From: Selva Nair
- With OpenSSL 3.0 and xkey-provider, we use
pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated
On 14/03/2023 09:45, David Sommerseth wrote:
On 11/03/2023 06:24, selva.n...@gmail.com wrote:
From: Selva Nair
- With OpenSSL 3.0 and xkey-provider, we use
pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated. But OpenSSL
expects
a DER encoded ASN.1
-
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
| 7 ---
src/openvpn/options.c | 16
4 files changed, 7 insertions(+), 43 deletions(-)
I've only glared at the code and quickly done a few compile tests.
LGTM. Change itself also makes sense.
Acked-By: David Sommerseth
--
kind regards,
David Somme
on, you CANNOT distribute an OpenVPN binary
linked with this library.
I hope we can reach an agreement and replace the current OpenSSL linking
exception with this new exception above.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openv
On 27/01/2023 12:32, André wrote:
Hi,
So download link in Forum Announcement should be corrected?
https://forums.openvpn.net/viewtopic.php?t=35260
Yes, thank you! Updated!
--
kind regards,
David Sommerseth
OpenVPN Inc
--- Original Message ---
On Friday, January 27th, 2023 at
A new repository for OpenVPN 2.6 has been published:
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/>
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourcefor
n this can be unified to a specific SPDX specification
standard across all files.
[1] <https://spdx.dev/licenses/>
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-devel mail
From: David Sommerseth
Thanks a lot! This patch was a by the book in every possible way, so
this was really easy to review and apply.
Acked-by: David Sommerseth
-
Your patch has been applied
commit
n selected Debian and Ubuntu releases are
currently considered a tech-preview. We would like to get
feedback from arm64 users how OpenVPN 3 Linux works here, then
we can remove the tech-preview label for arm64.
--
kind regards,
David Sommerseth
OpenVPN Inc
Source tarballs ---
On 14/09/2022 09:38, Antonio Quartulli wrote:
Hi,
On 14/09/2022 09:33, David Sommerseth wrote:
On 12/09/2022 09:41, Gert Doering wrote:
During the research for commit a5cf4cfb77f745 it turned out that
OpenVPN's behaviour regarding "--dev arbitrary-name" is very
platform-specif
with tap-windows6 and
neither how this is with wintun or ovpn-dco-win.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
t;works with OpenVPN" label on wolfSSL. But
don't count on the OpenVPN community doing the grunt work for wolfSSL.
Either be more actively involved - or accept we will move it to an
unmaintained status - plausibly removing it if it stays broken for a
longer time.
--
kind regards,
hat more carefully on my end. One issue I know is
real I've commented here already.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
re flag to the server with this patch.
The rest of the code otherwise looks reasonable with the current "option
approach". The client also sends the IV_PROTO_CC_EXIT_NOTIFY flag to
the server, as expected.
--
kind regards,
David Sommerseth
OpenVPN Inc
_
asked
for when the auth-token expires with this fix; and that it would ask for
it without this fix.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://l
_DEFINES macro in config.h ends up empty.
Reverting this patch alone, and it comes back again.
So, I'm sorry, I can't ack this one.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
ht
password query mechanism with systemd colliding with some
pkcs11-helper implementation details. For the systemd case, we added a
workaround which made most people happy.
For more details:
<https://community.openvpn.net/openvpn/ticket/538>
--
kind regards,
David Sommerseth
OpenVPN Inc
___
On 17/06/2022 13:06, David Sommerseth wrote:
From: David Sommerseth
Your patch has been applied
commit 6a26cb51297024b563603faf78a33298b5d59f30 master
Author: Lev Stipakov
Date: Sun, 05 Jun 2022 00:40:13 +
GitHub Actions: trigger openvpn-build GHA on success
Signed-off-by
From: David Sommerseth
Your patch has been applied
commit 6a26cb51297024b563603faf78a33298b5d59f30 master
Author: Lev Stipakov
Date: Sun, 05 Jun 2022 00:40:13 +
GitHub Actions: trigger openvpn-build GHA on success
Signed-off-by: Lev Stipakov
Patchwork-Id: 2508
URL
ug.cgi?id=2092800>
<https://bugzilla.redhat.com/show_bug.cgi?id=2093069>
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: David Sommerseth
Your patch has been applied to the master branch
commit 94848c3cc3f5ea1fec97ab6b18ba7eff6923561d master
Author: Christopher Ng
Date: Tue, 07 Jun 2022 16:30:49 +
omi: add support for ovpn-dco-win
Signed-off-by: Christopher Ng
Acked-by: Lev Stipakov
From: David Sommerseth
Your patch has been applied to the master branch
commit 452e7cb6259d40ae0a1ff749d22a1634c7100fc9 master
Author: Christopher Ng
Date: Tue, 07 Jun 2022 16:30:48 +
ovpnagent: fix quoting of omiclient parameters
Signed-off-by: Christopher Ng
Acked-by
ort on selected Debian and Ubuntu releases are
considered a tech-preview.
--
kind regards,
David Sommerseth
OpenVPN Inc
Source tarballs ---
* OpenVPN 3 Linux v18 beta
<https://swupdate.openvpn.net/community/releases/openvpn3-li
On 13/05/2022 13:40, Arne Schwabe wrote:
Am 13.05.22 um 13:22 schrieb David Sommerseth:
On 13/05/2022 11:37, Heiko Hund wrote:
Have clients set a bit in IV_PROTO, so that servers can make an informed
decision on whether to push --dns to the client. While unknown options
are ignored by clients
compile tested. LGTM.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: David Sommerseth
It was agreed it was time to do a full reformat fix-up of the whole
source tree again. Over time (since late 2016) small changes has not
adhered to our uncrustify defined coding style. This realigns to our
current standards.
Signed-off-by: David Sommerseth
---
Note
From: David Sommerseth
The bug in uncrustify 0.64 is no longer causing us issues as we now
require at least v0.72.
This workaround was added as part of the initial reformat-all inclusion,
in commit 2417d55c4945d491e.
Signed-off-by: David Sommerseth
---
.../after_include_openvpn
From: David Sommerseth
The MAC_FMT in src/openvpn/misc.h need to be formatted strictly, and
uncrustify does not fully grasp the current code. So we tell it to not
touch it.
Signed-off-by: David Sommerseth
---
src/openvpn/misc.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src
From: David Sommerseth
The -p option to uncrustify was providing debug information about
decisions done by uncrustify. This was useful when debugging why
certain formatting choices.
With newer versions of uncrusitfy the -p option can only be used on
individual files and not a list of files
docs: Fix incorrect doc paths in net.openvpn.v3.sessions docs
Signed-off-by: David Schneider
Signed-off-by: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.source
use
plugin_n() more freely and to avoid iterating over MAX_PLUGINS. Now
there is a mixture between iterating plugin_n() and MAX_PLUGINS, and in
most configurations plugin_n() will return a lower value than MAX_PLUGINS.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
_MODULES()
in general. We have at least 4 different ways in use today.
Probably something to clean-up some day later.
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sou
led.
For more details of the capng_change_id(), the implementation itself
isn't that hard to read (but it does a several steps to harden the
privilege drop):
<https://github.com/stevegrubb/libcap-ng/blob/03b8572843b36bf071776a311c61f8d1dcfc4d53/src/cap-ng.c#L960>
--
kind regar
On 31/03/2022 15:26, Gert Doering wrote:
Hi,
On Thu, Mar 31, 2022 at 03:20:59PM +0200, David Sommerseth wrote:
I've also run a few tests using an --up script which modified
/etc/resolv.conf, which also worked as expected with capabilities enabled.
This is actually an interesting corner
n-dco interfaces
will fail when --user/--group are used.
This patch set sets the CAP_NET_ADMIN capability, which grants the
needed privileges during the lifetime of the OpenVPN process when
dropping root privileges.
Signed-off-by: Timo Rothenpieler
Reviewed-By: David Somme
eak setups going 2.5 -> 2.6, so maybe "being
careful about things" is the better way :-)
Yeah, I agree with this. For v2.6, the time is too short to be dare too
much potential breakage now. But we can consider further steps with v2.7.
--
kind regards,
David Sommerseth
OpenVPN I
in time
for the OpenVPN 2.6 release. This is probably something which is more
realistic for OpenVPN 2.8. But this needs to be discussed more
thoroughly (next hackathon?).
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel
On 30/03/2022 10:51, David Sommerseth wrote:
On 29/03/2022 21:29, Timo Rothenpieler wrote:
---
This patch sits on top of the current dco branch, and will not apply to
latest master.
It solves the issue of dropping root privileges breaking dco and sitnl
due to missing NET_ADMIN capabilities
52fedfa70304eae797b305e780/src/netcfg/openvpn3-service-netcfg.cpp#L82>
And the code for dropping root, ensuring the capabilities are restricted
properly:
<https://github.com/OpenVPN/openvpn3-linux/blob/c40218df43c8e652fedfa70304eae797b305e780/src/netcfg/openvpn3-service-netcfg.cpp#L64>
From: David Sommerseth
This plugin allows setting username/passwords as well as configure
deferred authentication behaviour as part of the runtime initialization.
With this plug-in it is easier to test various scenarios where multiple
authentication plug-ins are active on the server side.
A
From: David Sommerseth
The plug-in API in OpenVPN 2.x is not designed for running multiple
deferred authentication processes in parallel. The authentication
results of such configurations are not to be trusted. For now we bail
out when this discovered with an error in the log.
CVE: 2022-0547
From: David Sommerseth
The use case for this plug-in is dubious now with the new multi-auth.c
plugin available. This new plugin is based on simple.c, but allows
far more flexibility for testing.
Signed-off-by: David Sommerseth
---
sample/sample-plugins/defer/README | 3 -
sample/sample
From: David Sommerseth
This is the same patch set as the v4 [1] patch set, just without the
embarrassing syntax error in the second patch.
[1]
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23935.html>
Message-Id: 20220313200715.13518-
From: David Sommerseth
The use case for this plug-in is dubious now with the new multi-auth.c
plugin available. This new plugin is based on simple.c, but allows
far more flexibility for testing.
Signed-off-by: David Sommerseth
---
sample/sample-plugins/defer/README | 3 -
sample/sample
From: David Sommerseth
The plug-in API in OpenVPN 2.x is not designed for running multiple
deferred authentication processes in parallel. The authentication
results of such configurations are not to be trusted. For now we bail
out when this discovered with an error in the log.
CVE: 2022-0547
From: David Sommerseth
This plugin allows setting username/passwords as well as configure
deferred authentication behaviour as part of the runtime initialization.
With this plug-in it is easier to test various scenarios where multiple
authentication plug-ins are active on the server side.
A
From: David Sommerseth
This is an adopted version of [0] for the OpenVPN 2.4 release branch.
It was discovered an issue with OpenVPN 2.x when multiple --plugin
modules were loaded and more than one of them used deferred
authentication. To fix this properly will require a larger refactoring
of
From: David Sommerseth
The use case for this plug-in is dubious now with the new multi-auth.c
plugin available. This new plugin is based on simple.c, but allows
far more flexibility for testing.
Signed-off-by: David Sommerseth
---
include/openvpn-plugin.h.in| 4 +-
sample
From: David Sommerseth
The plug-in API in OpenVPN 2.x is not designed for running multiple
deferred authentication processes in parallel. The authentication
results of such configurations are not to be trusted. For now we bail
out when this discovered with an error in the log.
CVE: 2022-0547
From: David Sommerseth
This plugin allows setting username/passwords as well as configure
deferred authentication behaviour as part of the runtime initialization.
With this plug-in it is easier to test various scenarios where multiple
authentication plug-ins are active on the server side.
A
From: David Sommerseth
It was discovered an issue with OpenVPN 2.x when multiple --plugin
modules were loaded and more than one of them used deferred
authentication. To fix this properly will require a larger refactoring
of the plug-in code, so it was decided in the mean time to disable the
s.rst | 34 +--
1 file changed, 17 insertions(+), 17 deletions(-)
Only glared at changes, and they looks good to me.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing li
On 15/02/2022 15:54, Frank Lichtenheld wrote:
The family specific options were generally omitted.
Cc: David Sommerseth
Signed-off-by: Frank Lichtenheld
---
doc/man-sections/client-options.rst | 10 ++
doc/man-sections/link-options.rst | 5 -
src/openvpn/options.c
.
>
Regards,
--
Frank Lichtenheld
Thanks!
This time I've only glared at the changes in diff format, but they all
look sane and good to me.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mail
On 14/02/2022 13:41, Frank Lichtenheld wrote:
David Sommerseth hat am 11.02.2022 21:39
geschrieben:
On 10/02/2022 11:21, Frank Lichtenheld wrote:
The family specific options were generally omitted.
Signed-off-by: Frank Lichtenheld
---
doc/man-sections/client-options.rst | 5
d
:code:`udp6` are all considered the same. And similar with
:code:`tcp`, :code:`tcp4` and :code:`tcp6`
The rest of the changes looks good now, and the relocation of the
#define is better as well.
--
kind regards,
David Sommerseth
OpenVPN Inc
OpenPGP_signature
Description: OpenP
around line 2306, where
the whole MODE_SERVER option parsing starts. This makes it clearer it
is may be used more places.
I've just looked briefly at these changes. And it looks reasonable.
The ill-placed #define is the biggest issue for
around.
If we just want security warnings in plain bold or wrapped in '*' is
more a design/layout detail. I would suggest that we try to find better
ways to highlight these security related aspects in a clear and visible
way though. It doesn't mean it need to stay
insertions(+), 6 deletions(-)
Done code review and lightly tested it, where it does what it is
intended to do. This change makes a lot of sense as well.
Acked-By: David Sommerseth
--
kind regards,
David Sommerseth
OpenVPN Inc
___
Openvpn-devel mailing
he rst split. But probably not
something that needs to be addressed in this patch.
The openvpn.8.rst includes all the other .rst files and builds a
complete man page from there, so this isn't unexpected. It's part of
the man-split design.
--
kin
1 - 100 of 2304 matches
Mail list logo
