[Openvpn-devel] [PATCH applied] Re: Fix memory leak in add_option() for option 'connection'

2017-06-11 Thread Gert Doering
ACK, thanks. (The actual "init_options()" bit is not the real cause of the memory leak here, as gc_init() doesn't allocate anything yet, but the read_config_string(...&sub...) will use the gc arena... interesting enough, the *final* uninit_options(&sub) in this function is a NO-OP, as gc_tran

[Openvpn-devel] [PATCH applied] Re: Fix an unaligned access on OpenBSD/sparc64

2017-06-11 Thread Gert Doering
ACK, thanks. As discussed in great detail :-) Smoke-tested on OpenBSD 6.0/amd64 (to ensure v4/v6 still work). Note to self: clean up the different per-OS ways of doing the same thing here. Your patch has been applied to the master, release/2.4 and release/2.3 branch. commit 3e4e300d6c5ea9c320e

[Openvpn-devel] [PATCH applied] Re: Missing include for socket-flags TCP_NODELAY on OpenBSD

2017-06-11 Thread Gert Doering
ACK, thanks. (While I'm not exactly happy with the mess we have in syshead.h, this is not your fault - you just happen to add the 6th identical chunk...) Applying this to all branches to fix the bug, putting "rework syshead.h for master, to clean up the zillion nearly-identical blocks" on my TODO

[Openvpn-devel] No hidden tap adapter anymore?

2017-06-11 Thread Илья Шипицин
Hello, Long time ago it was possible to choose hidden tap adapter during install, I missed the reason why we are not allowing it anymore. For windows users we have 3 common "support cases" 1. Wrong password (it was improved greatly by Selva Nair) 2. Interactive service not started, routes are n

Re: [Openvpn-devel] [PATCH 1/7] OpenSSL: don't use direct access to the internal of X509

2017-06-11 Thread Steffan Karger
Hi, On 19-05-17 12:38, Emmanuel Deloget wrote: > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including X509. We have to use the defined > functions to do so. > > In x509_verify_ns_cert_type() in particular, this means that we > cannot directly check for the e

Re: [Openvpn-devel] [PATCH 2/7] OpenSSL: don't use direct access to the internal of EVP_PKEY

2017-06-11 Thread Steffan Karger
Hi, On 19-05-17 12:38, Emmanuel Deloget wrote: > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including EVP_PKEY. We have to use the defined > functions to do so. > > Compatibility with OpenSSL 1.0 is kept by defining the corresponding > functions when they ar

Re: [Openvpn-devel] [PATCH 3/7] OpenSSL: don't use direct access to the internal of RSA

2017-06-11 Thread Steffan Karger
Hi, Patch looks good in general, but some minor remarks: On 19-05-17 12:38, Emmanuel Deloget wrote: > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including RSA. We have to use the defined > functions to do so. > > Compatibility with OpenSSL 1.0 is kept by de

Re: [Openvpn-devel] [PATCH 4/7] OpenSSL: don't use direct access to the internal of DSA

2017-06-11 Thread Steffan Karger
Hi, On 19-05-17 12:38, Emmanuel Deloget wrote: > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including DSA. We have to use the defined > functions to do so. > > Compatibility with OpenSSL 1.0 is kept by defining the corresponding > functions when they are not

Re: [Openvpn-devel] [PATCH] proxy.c refactoring: remove always-NULL gc parameter

2017-06-11 Thread Steffan Karger
Hi, On 09-06-17 22:50, Gert Doering wrote: > get_proxy_authenticate() is called with a "gc" parameter which MUST > be NULL, otherwise string_alloc() will allocate memory in the gc_arena > while the caller expects the result to be durable and will do explicit > free() when no longer needed. Remove