[Openvpn-devel] OpenVPN 2.6.13 released

tu packages are available in the official apt repositories: <https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories> On Red Hat derivatives we recommend using the Fedora Copr repository. <https://copr.fedorainfracloud.org/coprs/dsommers/openvpn

[Openvpn-devel] [PATCH v1] Improve peer fingerpint documentation

Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/859 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

Re: [Openvpn-devel] [PATCH 1/1] console_systemd: remove the timeout when using `systemd-ask-password`

OpenVPN-Devel" - Add Signed-off-by line to commit message Doing this as part of an experiment to add mail-submitted patches to Gerrit. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] RFC: tchar removal patch series

g our Windows experts. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] GHA: General update December 2024

: I91f68317450c3c0d69be2c489276739211ccb422 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt Acked-by: Lev Stipakov --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/789 This mail reflects revision 2

[Openvpn-devel] [PATCH v3] Allow DEFAULT in data-ciphers and report both expanded and user set option

is not supported by the server. This commit aims to provide a better way for these situation as we still want people to rely on default cipher selection from OpenVPN when possible. Change-Id: Ia1c5209022d3ab4c0dac6438c41891c7d059f812 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld

[Openvpn-devel] [PATCH v1] service: add utf8to16 function that takes a size

: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/836 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH v1] dns: clone options via pointer instead of copy

From: Heiko Hund Change-Id: I12b8bb26c0cb70e50b2d42b1c69018894e9f080c Signed-off-by: Heiko Hund Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/835

[Openvpn-devel] [PATCH v1] dns: store IPv4 addresses in network byte order

: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/834 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank

[Openvpn-devel] [PATCH v4] io_work: pass event_arg object to event handler in case of socket event

link_socket. This code path is used on clients as well as UDP servers. Change-Id: I7ebf0d4fb2a23278e16003b2e35598178155d658 Signed-off-by: Antonio Quartulli Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v4] io_work: convert shift argument to uintptr_t

as event handler argument instead of a simple integer value. Change-Id: Ib583bf17e35b14aed78fd8217b6e71e8c2b78089 Signed-off-by: Antonio Quartulli Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v4] event/multi: add event_arg object to make event handling more generic

th only as UDP servers use only one socket to handle all clients. Change-Id: Icd7f6a2ad350cdc2312b3e80fa0dbdd7e4311d2e Signed-off-by: Antonio Quartulli Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v4] pass link_socket object to i/o functions

her than a fixed one. Change-Id: I8eae2d3356bbcc5d632eeb4fbe80de8009d9b40d Signed-off-by: Antonio Quartulli Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. I manua

[Openvpn-devel] [PATCH v4] event/multi: add event_arg object to make event handling more generic

th only as UDP servers use only one socket to handle all clients. Change-Id: Icd7f6a2ad350cdc2312b3e80fa0dbdd7e4311d2e Signed-off-by: Antonio Quartulli Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master.

[Openvpn-devel] [PATCH v3] io_work: convert shift argument to uintptr_t

as event handler argument instead of a simple integer value. Change-Id: Ib583bf17e35b14aed78fd8217b6e71e8c2b78089 Signed-off-by: Antonio Quartulli Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Note

[Openvpn-devel] IRC community meeting summary (Oct 2nd)

ty security audit for supported projects. So we will apply for that around or after the 2.7 release to review the latest code. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sour

[Openvpn-devel] [PATCH v5] Remove support for compression on send

sym" and removes all resulting dead code. Change-Id: I402ba016b75cfcfec4fc8b2b01cc4eca7e2bcc60 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.op

[Openvpn-devel] [PATCH v1] GHA: Pin dependencies

Done by renovate. Updates will also be handled by renovate. This makes the builds slightly more deterministic and removes some potential supply-chain attack vectors. GitHub: #610 Change-Id: I92dfbc3a0cc347a51892600bf02b501295ce612b Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt

[Openvpn-devel] [PATCH v4] dco: better naming for function parameters

From: Lev Stipakov Current naming (remote_in4/6) is confusing, since those are in fact VPN IPv4/v6 addresses and not related to remote at all. Change-Id: I101bbc9f682375ec733bca10b52da82f0abfec27 Signed-off-by: Lev Stipakov Acked-by: Antonio Quartulli --- This change was reviewed on Gerrit an

[Openvpn-devel] IRC community meeting summary (Sep 25th)

ntral European Time. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] make t_server_null "server alive?" check more robust

100755 > --- a/tests/t_server_null_server.sh > +++ b/tests/t_server_null_server.sh > @@ -82,6 +82,11 @@ for PID_FILE in $server_pid_files > do > SERVER_PID=$(cat "${PID_FILE}") > > +if [ -z "$SERVER_PID" ] ; then > +echo "WARNING: could not k

[Openvpn-devel] [PATCH v1] GHA: Update dependency Mbed-TLS/mbedtls to v3.6.1

Requires submodule checkout. Change-Id: I86ceceb4e1c716b33c6c6ec8853eca0fb4b394f1 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v10] Implement support for larger packet counter sizes

channel implementations to only support a limited set of data channel formats. Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Acked-by: Lev Stipakov --- This change was reviewed on Gerrit and approved by at least one developer. I request

[Openvpn-devel] [PATCH v3] configure: Allow to detect git checkout if .git is not a directory

d-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Yuriy Darnobyt --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/675 This mail reflects revision 3 of this Change. Ack

[Openvpn-devel] [PATCH v8] tun: use is_tun_p2p more consistently

hat are not required. Also use is_tun_p2p in more places. Change-Id: Ice8b95f953c3f7e71657a78ea12b02a08c60aa67 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https:

[Openvpn-devel] [PATCH v3] configure: Try to use pkg-config to detect mbedTLS

mbedTLS does not seem to have pkg-config support on e.g. Debian/Ubuntu, so we definitely need to keep the fallback check as well. Change-Id: I5d0da76018e874cda5dbab9202a2b817ad5e4692 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt --- This change was reviewed on Gerrit and approved

[Openvpn-devel] [PATCH v1] GHA: Configure Renovate

From: OpenVPN Renovate Maintain GitHub actions and other version references in GHA. Switch some GHA references from branch versions to tag version so the pinning works correctly. Change-Id: I06253be7ed783e3bf30e7df1d6da8ca888016711 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt

[Openvpn-devel] [PATCH v5] Ensures all params are ready before invoking dco_set_peer()

From: Gianmarco De Gregori In UDP case the dco_set_peer() is currently perfomed at the wrong time since the mssfix param is calculated later on in tls_session_update_crypto_params_do_work(). By moving the dco_set_peer() inside the tls_session_update_crypto_params_do_work() and removing the p2p_se

[Openvpn-devel] [PATCH v2] Add a test for loading certificate and key using file: URI

air Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/730 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected abo

[Openvpn-devel] [PATCH v3] Interpret --key and --cert option argument as URI

s PR 591 but with the fixup commit that addresses review comments is squashed. Change-Id: I82b32d5ab472926e7889a5f4a90caba14231879a Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://

[Openvpn-devel] [PATCH v2] Add a test for loading certificate and key to ssl context

test that the latter was loaded correctly. Change-Id: Ic6f089896191145f68ce9a11023587d05dcec4d8 Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

[Openvpn-devel] [PATCH v3] Static-challenge concatenation option

ld be used. v2: use scrv1|concat instead of 0|1 as option argument fix typos v3: improve and correct documentation in management-notes.txt Change-Id: I59a90446bfe73d8856516025a58a6f62cc98ab0d Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and appr

[Openvpn-devel] [PATCH v1] Add Ubuntu 24.04 runner to Github Actions

From: Arne Schwabe Change-Id: I44b9003143fdad90bfff7b2c86d0bb503f9157de Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v3] Avoid SIGUSR1 to SIGHUP when the configuration is read from stdin

-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/533 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Frank L

[Openvpn-devel] [PATCH release/2.5] Allow trailing \r and \n in control channel message

. Change-Id: I47c992b6b73b1475cbff8a28f720cf50dc1fbe3e Signed-off-by: Arne Schwabe Signed-off-by: Frank Lichtenheld --- src/openvpn/forward.c | 73 +-- 1 file changed, 43 insertions(+), 30 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c

Re: [Openvpn-devel] [PATCH v2] configure: Switch to C11 by default

On Wed, Jul 10, 2024 at 09:32:39PM +0200, Gert Doering wrote: > Hi, > > On Wed, Jul 10, 2024 at 06:03:06PM +0200, Frank Lichtenheld wrote: > > Mostly so we can use anonymous structs without jumping through > > hoops or relying on unofficial suppor

[Openvpn-devel] [PATCH v2] configure: Switch to C11 by default

Mostly so we can use anonymous structs without jumping through hoops or relying on unofficial support. Change-Id: I72934e747d1ad68a7e3675afbeb1b63df7941186 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I

[Openvpn-devel] [PATCH v3] Remove check for anonymous unions from configure and cmake config

: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/588 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected

Re: [Openvpn-devel] [PATCH v4] Allow trailing \r and \n in control channel message

On Wed, Jul 10, 2024 at 04:06:23PM +0200, Frank Lichtenheld wrote: > From: Arne Schwabe > > Writing a reason from a script will easily end up adding extra \r\n characters > at the end of the reason. Our current code pushes this to the peer. So be more > liberal in acceptin

[Openvpn-devel] [PATCH v4] Allow trailing \r and \n in control channel message

Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/672 This mail reflects revision 4 of this Change. Acked-by according to

Re: [Openvpn-devel] [PATCH 2/5] sample/sample-plugins/defer/multi-auth.c: handle strdup errors

text->test_valid_pass = strdup(args->argv[4]); > +if (!context->test_valid_pass) > +{ > +plog(context, PLOG_ERR, "Out of memory"); > +goto error; > +} > } > else > { A bit ugly. Might be nicer

Re: [Openvpn-devel] [PATCH 5/5] tests/unit_tests/openvpn/test_auth_token.c: handle strdup errors

> free_key_ctx(&ctx->multi.opt.auth_token_key); > auth_token_init_secret(&ctx->multi.opt.auth_token_key, random_key, true); Acked-by: Frank Lichtenheld Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v8] configure: Try to detect LZO with pkg-config

de it. Change-Id: I1c038dc4ec80d3499582d81eee61fee74f26e693 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/556 This mail ref

[Openvpn-devel] OpenVPN 2.6.11 released

able in the official apt repositories: <https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories> On Red Hat derivatives we recommend using the Fedora Copr repository. <https://copr.fedorainfracloud.org/coprs/dsommers/

[Openvpn-devel] [PATCH v2] Add t_server_null test suite

From: Samuli Seppänen Change-Id: I1b54da258c7d15551b6c3de7522a0d19afdb66de Signed-off-by: Samuli Seppänen Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v2] Only schedule_exit() once

is scheduled - we no longer notify management on redundant exit. Change-Id: I9457f005f4ba970502e6b667d9dc4299a588d661 Signed-off-by: Reynir Björnsson Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master

[Openvpn-devel] [PATCH v6] Allow the TLS session to send out TLS alerts

experience is much better with alerts, this compromise is worth it. Change-Id: I0ad48915004ddee587e97c8ed190ba8ee989e48d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL

[Openvpn-devel] [PATCH v3] crypto_backend: fix type of enc parameter

ution. Fix the actual API definition Change-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.

[Openvpn-devel] [PATCH v1] Fix snprintf/swnprintf related compiler warnings

) Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/549 This mail reflects

[Openvpn-devel] [PATCH v1] Add bracket in fingerprint message and do not warn about missing verification

From: Arne Schwabe Change-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH] script-options.rst: Update ifconfig_* variables

- Remove obsolete ifconfig_broadcast. Since this was removed in 2.5.0, do not add a removal note but just completely remove it. - Add missing documentation of IPv6 variants for ifconfig_pool_* variables. Github: #527 Change-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca Signed-off-by: Frank

[Openvpn-devel] [PATCH v1] GHA: general update March 2024

- Update to Node 20 versions of actions to avoid warnings - Update to current vcpkg - Update mbedTLS and LibreSSL to latest releases Change-Id: I1ad6a0b1323ce0872f4a3299c5a9f18a982e0126 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved

Re: [Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

On Fri, Mar 15, 2024 at 05:20:11PM +0100, Frank Lichtenheld wrote: > From: 5andr0 > > So far --server-poll-timeout was only applied > for HTTP proxies, apply it also to SOCKS proxies. > > This removes the default 5 second socks connect timeout > which can be too small depen

[Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

From: 5andr0 So far --server-poll-timeout was only applied for HTTP proxies, apply it also to SOCKS proxies. This removes the default 5 second socks connect timeout which can be too small depending on network setup and replaces it with the configurable overall connect timeout (default 120 second

Re: [Openvpn-devel] [PATCH applied] Re: t_client.sh: Allow to skip tests

way. > commit 0c7cf0694ee6f878168330e9a084c255c51a9e8b > Author: Frank Lichtenheld > Date: Fri Mar 8 11:28:18 2024 +0100 > > t_client.sh: Allow to skip tests > > Signed-off-by: Frank Lichtenheld > Acked-by: Gert Doering > Message-Id: <20240308

[Openvpn-devel] [PATCH] Update documentation references in systemd unit files

From: Christoph Schug The systemd unit files for both client and server were referencing outdated documentation as they were hard-coded to the OpenVPN 2.4.x release branch. Change-Id: Iee289aa5df9ee0e9a03c0dc562e45dd39836e794 Signed-off-by: Christoph Schug Acked-by: Frank Lichtenheld

[Openvpn-devel] [PATCH] remove repetitive words in documentation and comments

From: wellweek Change-Id: I4f349963b41ebe155d3866da8955f2d7245d0394 Signed-off-by: wellweek Acked-by: Frank Lichtenheld --- Changes.rst | 2 +- contrib/OCSP_check/OCSP_check.sh | 2 +- doc/man-sections/cipher-negotiation.rst | 2 +- doc/man-sections/vpn

Re: [Openvpn-devel] [PATCH OpenVPN3] Add 'pull' to ignored options

options "client" and "pull" but no "tls-client" in the config, > the "pull" option will not be touched. True, due to short-circuit logic. I will prepare a fix. Regards, -- Frank Lichtenheld ___ Open

Re: [Openvpn-devel] [PATCH OpenVPN3] Add 'pull' to ignored options

t; send-mail' [1]. > > In this specific case, resending the patch as an attachment can also work. Since I was confused about the state of this patch: It has been superseded by a patch from Arne, see commit https://github.com/OpenVPN/openvpn3/commit/53614a0cce7775ba0ae4a43887ee03aa2fa09

Re: [Openvpn-devel] [PATCH] Implement server_poll_timeout for socks

reason I can also take care of it but it would be preferred if the original submitter does it :) Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/1] openvpn-[client|server].service: Remove syslog.target

From: Martin Rys Change-Id: If825e5b1ebc6eecc9e5398f0d8274927b53e5b83 Signed-off-by: Martin Rys Acked-by: Frank Lichtenheld Signed-off-by: Frank Lichtenheld --- distro/systemd/openvpn-cli...@.service.in | 2 +- distro/systemd/openvpn-ser...@.service.in | 2 +- 2 files changed, 2 insertions

[Openvpn-devel] [PATCH v1] samples: Remove tls-*.conf

These are mostly redundant with client/server.conf Let's try to manage to maintain one set of sample configurations before we branch out further. Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Antonio Quartulli ---

[Openvpn-devel] IRC community meeting summary (Feb 28th)

work on it yet/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] Route: remove incorrect routes on exit

value. Fixes: Trac #1457 Change-Id: I8a67b82eb4afdc8d82c5a879c18457b41e77cbe7 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/op

[Openvpn-devel] [PATCH v2] Minor fix to process_ip_header

R macros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it t

Re: [Openvpn-devel] [PATCH] Document that auth-user-pass may be inlined

http-proxy-user-pass``, ``--tls-auth``, > ``--auth-gen-token-secret``, ``--peer-fingerprint``, ``--tls-crypt``, > -``--tls-crypt-v2`` and ``--verify-hash`` options. > +``--tls-crypt-v2``, ``--verify-hash`` and ``auth-user-pass`` options. --auth-user-pass for consistency. Rega

Re: [Openvpn-devel] IRC community meeting summary (Feb 14th)

On Wed, Feb 14, 2024 at 05:18:21PM +, tincantech wrote: > On Wednesday, 14 February 2024 at 15:22, Frank Lichtenheld > wrote: > > > Meeting summary for 14 February 2024: > > > > > * New: Easy-rsa in Windows installers > > easy-rsa has included pre-bu

[Openvpn-devel] [PATCH v1] check_compression_settings_valid: Do not test for LZ4 in LZO check

Probably introduced by copy & paste since there is no COMP_ALGV2_LZO. Github: #500 Change-Id: Id6b038c1c0095b2f22033e9dc7090e2507a373ab Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merg

[Openvpn-devel] IRC community meeting summary (Feb 14th)

people really care about easy-rsa in the Windows installers. Depending on the feedback we might drop it from the installer./ * *Closed: 2.6.9* /Release was done on Monday/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn

[Openvpn-devel] [PATCH v3] Implement support for AEAD tag at the end

as they do not need to buffer a whole packet content and encrypt it to finally write the tag but instead just add the calculated tag at the end of processing. Change-Id: I00821d75342daf3f813b829812d648fe298bea81 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed

[Openvpn-devel] OpenVPN 2.6.9 released

tps://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/> Kind regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

changes to buildsystem configuration would be required. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] IRC community meeting summary (Feb 7th)

and uddr and colleague from Fox IT. Tuesday 13th at 11:00 CET/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v9] Print SSL peer signature information in handshake debug details

peer certificate: 384 bits ECsecp384r1, signature: ecdsa-with-SHA256, server temp key: 448 bits X448, peer signing digest/type: SHA384 ECDSA Change-Id: Ib5fc0c4b8f164596681ac5ad73002068ec6de1e5 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and app

[Openvpn-devel] [PATCH v8] Implement generating TLS 1.0 PRF using new OpenSSL 3.0 APIs

be in the future. Change-Id: Ic74195a4ed340547c5e862dc2438f95be318c286 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/457

[Openvpn-devel] [PATCH v5] Turn dead list test code into unit test

From: Arne Schwabe Change-Id: I7511bc43cd6a0bcb89476f27d5822ab4a78d0d21 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v5] Windows: enforce 'block-local' with WFP filters

From: Heiko Hund In an attempt to better defend against the TunnelCrack attacks, enforce that no traffic can pass to anything else than the VPN interface when the 'block-local' flags is given with either --redirect-gateway or --redirect-private. Reuse much of the existing --block-outside-dns cod

[Openvpn-devel] [PATCH v8] test_user_pass: add basic tests for static/dynamic challenges

Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/475 This mail reflects

[Openvpn-devel] [PATCH] documentation: Fixes for previous fixes to --push-peer-info

- Clarify compression IV_ settings - Clarify which settings might come from --setenv Change-Id: Id8615515c8df6e38e931e357396811234faad796 Signed-off-by: Frank Lichtenheld --- doc/man-sections/client-options.rst | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) For master and

[Openvpn-devel] [PATCH] documentation: Update and fix documentation for --push-peer-info

- description of IV_PROTO was outdated, missing a lot of flags - complete list of compression flags, but separate them out - various other style/grammar/typo fixes Change-Id: I7f854a5a14d2a2a391ebb78a2a92b3e14cfd8be6 Signed-off-by: Frank Lichtenheld --- doc/man-sections/client-options.rst

Re: [Openvpn-devel] [PATCH applied] Re: README.cmake.md: Document minimum required CMake version for --preset

On Thu, Feb 01, 2024 at 08:28:21PM +0100, Gert Doering wrote: > Makes sense (I did read the GH issue). > > Your patch has been applied to the master branch. I think it would make sense to apply this to release/2.6 as well, since that uses the same CMake build. Thanks, -- Frank Li

[Openvpn-devel] [PATCH v1] [CMake] Allow unit tests to fall back to hard coded location

Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/509 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH] README.cmake.md: Document minimum required CMake version for --preset

CMakePreset.json is supported since 3.19, but we have a version 3 preset file, so need at least 3.21. Github: OpenVPN/openvpn#489 Change-Id: I44c555f6ffa08f2aee739c7f687fa3b678c86231 Signed-off-by: Frank Lichtenheld --- README.cmake.md | 7 ++- 1 file changed, 6 insertions(+), 1 deletion

[Openvpn-devel] [PATCH v7] forked-test-driver: Show test output always

We want to see the progress, at least for slow tests like t_client.sh. Change-Id: I11e0091482d9acee89ca018374cb8d96d22f8514 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master

[Openvpn-devel] [PATCH v6] tests: fork default automake test-driver

Change-Id: I67d461afbcc9c06b1fc5ab4477141d7b8bd9ba8e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/478 This mail reflects revision 6 of t

[Openvpn-devel] [PATCH v4] Ensure that all unit tests use unbuffered stdout and stderr

lost. As the unit test x_msg mock implementation prints even fatal on stdout we ensure with this setup method that stdout is also unbuffered. Change-Id: I5c06dc13e9d8ab73997f79b13c30ee8949e5e993 Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one

Re: [Openvpn-devel] [PATCH v2] tun.c: don't attempt to delete DNS and WINS servers if they're not set

On Wed, Dec 20, 2023 at 02:36:37PM +0100, Frank Lichtenheld wrote: > From: Lev Stipakov > > Commits > > 1c4a47f7 ("wintun: set adapter properties via interactive service") > 18826de5 ("Set WINS servers via interactice service") > > ad

[Openvpn-devel] [PATCH v2] tun.c: don't attempt to delete DNS and WINS servers if they're not set

k "has DNS/WINS been pushed?". While on it, convert do_XXX_service() functions to "void" from "bool", since we never check their return values. Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a Signed-off-by: Lev Stipakov Acked-by: Frank Lichtenheld --- This chan

[Openvpn-devel] [PATCH v4] cmake: create and link compile_commands.json file

: Heiko Hund Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/483 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected

[Openvpn-devel] [PATCH v6] Implement the --tls-export-cert feature

Once the script or plugin call has completed, OpenVPN should delete this file. Change-Id: Ia9b3f1813d2d0d492d17c87348b4cebd0bf19ce2 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to

[Openvpn-devel] [PATCH v2] tests: disable automake serial_tests

hat with a custom test driver. But will put that into a separate commit. Change-Id: Ic7265d89142637b0963a6847c6beb06d9163bbb1 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master.

[Openvpn-devel] [PATCH] documentation: improve documentation of --x509-track

In the current state it was completely unclear to me how you would use this. Extended the description based on reading the code and experimentation. Change-Id: Ibf728f9d624e64ecda094d66fa562bd3916829d2 Signed-off-by: Frank Lichtenheld --- doc/man-sections/script-options.rst | 3 +++ doc/man

[Openvpn-devel] [PATCH v2] Make it more explicit and visible when pkg-config is not found

: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/465 This mail reflects revision 2 of this Change

[Openvpn-devel] [PATCH v8] Extend the error message when TLS 1.0 PRF fails

Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/456 This mail reflects revision 8 of this Change. Acked-by according to

[Openvpn-devel] [PATCH v6] Fix building mbed TLS with CMake and allow specifying custom directories

Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/377 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH v5] Check PRF availability on initialisation and add --force-tls-key-material-export

support is not available. Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v1] buffer: add documentation for string_mod and extend related UT

Since I was confused what exactly string_mod does, I added documentation and additional UTs to make it clearer. Change-Id: I911fb5c5fa4b41f1fc1a30c6bf8b314245f64a6e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH v1] unit_tests: remove includes for mock_msg.h

Not actually used. Change-Id: I5e394bb73702d87562ed354100eaff9b41f5389e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master and release/2.6. Gerrit URL: https

[Openvpn-devel] [PATCH v1] Move tls_get_cipher_name_pair and get_num_elements to ssl_utils.c

From: Arne Schwabe This allow these functions to be defined without having to include ssl.c/misc.c which pulls in a lot of more dependencies. Change-Id: I605394d4f3872a168d05bbbe52d90f6d48935865 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit

Re: [Openvpn-devel] [Openvpn-Devel] [PATCH] vcpkg-ports/pkcs11-helper: bump to version 1.30

uild-with-disable-shared.patch > delete mode 100644 > contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch > Changes look reasonable. Build succeeds. Acked-By: Frank Lichtenheld -- Frank Lichtenheld ___ O

  1   2   3   4   5   6   >