Re: [Openvpn-devel] 2.4 sees all client certificates as expired when using crl-verify

> On 02-01-17 15:26, Gert Doering wrote: > > On Mon, Jan 02, 2017 at 03:17:23PM +0100, Alberto Gonzalez Iniesta wrote: > >> I just got this [1] bug report on OpenVPN 2.4 threating all certs as > >> expired when upgrading from 2.3. I find this quite weird, but until I have > >> some time to test it

Re: [Openvpn-devel] [PATCH 1/1] add more security features for systemd units

> Hi, > > On Fri, Dec 09, 2016 at 07:13:03PM +0100, Christian Hesse wrote: > > From: Christian Hesse > > > > ProtectSystem=strict mounts the entire file system hierarchy read-only, > > except for the API file system subtrees /dev, /proc and /sys (which can > > be protected using PrivateDevices=,

Re: [Openvpn-devel] [PATCH 1/1] add more security features for systemd units

> You can break this with something like: > > status /etc/openvpn/client/status.log > > in your configuration. Writing a status file > to /run/openvpn-{client,server}/status.log works, though. So the default > setups should be fine. Do we have any more cases where openvpn wants write > access for

Re: [Openvpn-devel] [PATCH] push: Provide a warning if --ifconfig-push have argument mismatch with --topology

While I admit that it is *extremely* unlikely to have a network larger than /8, such logic still looks a little clumsy. It does not cover all the valid netmasks neither it detects all possible invalid ones. If you wish to test if the netmask is valid, this solution could be better: http://stacko

Re: [Openvpn-devel] [PATCH] reload CRL only if file was modified

1) I would also check if the file size was changed, not only mtime. 2) I wasn't digging the code deeply, but the > ssl_ctx->crl_last_mtime.tv_sec >= crl_stat.st_mtime makes me think it would fail if the file goes reverted to a previous version. Perhaps the check shall be != instead of >=. > In

[Openvpn-devel] [PATCH] Fix using a pointer before checking against null

There was a few places where pointer was used and then checked against null. This patch is trying to fix that by adding additional checks or moving it into the right place. Signed-off-by: Sviatoslav Mikhailov --- src/openvpn/buffer.c |2 +- src/openvpn/ps.c |4 ++-- src/openvpn/push

Re: [Openvpn-devel] Proper location for user-specific OpenVPN configuration files used by OpenVPN-GUI?

> Maybe add an 'open config folder' button/link to openvpn-gui? Sounds like a good idea in any case! Why it hasn't been done, like, 10 years ago? :D I spent sooo much time opening the C:\Program Files\OpenVPN\config ! But my vote is still for %USERPR

Re: [Openvpn-devel] Proper location for user-specific OpenVPN configuration files used by OpenVPN-GUI?

stored in external files, or there are up\down scripts that should also be copied, or... ".openvpn" - definitely NO. It looks just ugly. Even Linux doesn't use that for configuration folders (remember /etc/openvpn?). -- SviMik -