Re: [Openvpn-devel] [PATCH (2.4)] Fix --disable-crypto build

Hi, On 05-10-18 21:59, Gert Doering wrote: > On Fri, Oct 05, 2018 at 08:23:28PM +0500, ?? wrote: >> shall we add "--disable-crypto" to travis-ci matrix in 2.4 branch ? > > I'm afraid this will bite us a few more times, so "yes, please" We already have this - that's how I not

Re: [Openvpn-devel] [PATCH (2.4)] Fix --disable-crypto build

Hi, On Sat, Oct 06, 2018 at 09:54:22AM +0200, Steffan Karger wrote: > On 05-10-18 21:59, Gert Doering wrote: > > On Fri, Oct 05, 2018 at 08:23:28PM +0500, ?? wrote: > >> shall we add "--disable-crypto" to travis-ci matrix in 2.4 branch ? > > > > I'm afraid this will bite us a

[Openvpn-devel] [PATCH 2/3] Add support for tls-ciphersuites for TLS 1.3

OpenSSL 1.1.1 introduces a seperate list for TLS 1.3 ciphers. As these interfaces are meant to be user facing or not exposed at all and we expose the tls-cipher interface, we should also expose tls-cipherlist. Combining both settings into tls-cipher would add a lot of glue logic that needs to be m

[Openvpn-devel] [PATCH 1/3] Factor out convert_tls_list_to_openssl method

This makes the tls_ctx_restrict_ciphers function more readable and clean ups the code a bit more. --- src/openvpn/ssl_openssl.c | 57 +-- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index

[Openvpn-devel] [PATCH 3/3] Add better support for showing TLS 1.3 ciphersuites in --show-tls

show-tls shows mixed TLS 1.3 and TLS 1.2 ciphers. The ciphersuites are only valid in tls-cipher or tls-ciphersuites. So this confusing and not really helpful. This patch modifies show-tls to show separate lists for TLS 1.2 and TLS 1.3. --- src/openvpn/init.c| 1 + src/openvpn/ssl_backend

Re: [Openvpn-devel] [PATCH 1/3] Factor out convert_tls_list_to_openssl method

Hi, Two minor nits: On 06-10-18 10:06, Arne Schwabe wrote: > This makes the tls_ctx_restrict_ciphers function more readable and > clean ups the code a bit more. The signed-off-by tag is missing. > "Failed to set restricted TLS cipher list, too long (>%d).", > -(

[Openvpn-devel] [PATCH] init.c: refine functions names and description

From: Lev Stipakov This patch provides better naming and description for functions which deal with backup/restore NCP-negotiable options. Signed-off-by: Lev Stipakov --- src/openvpn/init.c | 20 +++- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/src/openvpn/ini

[Openvpn-devel] [PATCH v3] Improve "recursive routing" warning message

From: Lev Stipakov This patch provides additional information, such as source address/port and destination address/port, to the "recursive routing" warning message. It also mentiones possible workaround. Trac #843 Signed-off-by: Lev Stipakov --- v3: - factor out ports extraction code into own

[Openvpn-devel] [PATCH applied] Re: init.c: refine functions names and description

Acked-by: Gert Doering No (real) code changes, just comment and function *names*. Your patch has been applied to the master and release/2.4 branch. commit 39326238dca7c28368928f728c5a3c80031255e5 (master) commit 6f8fb6fe796015051f30d1327d89e1a63cf592e8 (release/2.4) Author: Lev Stipakov Date:

Re: [Openvpn-devel] [PATCH v3] Improve management-external-key/cert error handling

Hi, On 03-04-18 04:53, Selva Nair wrote: > But I can't believe I missed this in the last round. This else clause > will now get executed not only if options->cert_file is false, but > also if its true and the call to tls_ctx_use_external_private_key() > succeeds! That would be wrong and is not wha

[Openvpn-devel] [PATCH applied] Re: Factor out convert_tls_list_to_openssl method

Your patch has been applied to the master branch. Whitespace and signed-off-by line have been adjusted as instructed. commit 3b9d4d2a9aa89f9c21870a97bcdb42bb007e3ac0 Author: Arne Schwabe Date: Sat Oct 6 10:06:15 2018 +0200 Factor out convert_tls_list_to_openssl method Signed-off-by:

[Openvpn-devel] [PATCH applied] Re: Fix combination of --dev tap and --topology subnet across multiple platforms.

Thanks for the review. Patch has been applied to the release/2.4 branch. For reference: this is still broken in master, but warrants a proper cleanup/refactor approach there. commit 6c13e24e5709f404231632f14758ea8f6bd9ec83 Author: Gert Doering Date: Sun Aug 19 22:07:03 2018 +0200 Fix com

Re: [Openvpn-devel] [PATCH v6] merge *-inline.h files with their main header

Hi, On Sun, Nov 12, 2017 at 04:48:30PM +0800, Antonio Quartulli wrote: > *-inline.h files are not very useful anymore. > In the attempt of cleaning up the code some more, > merge them into their main header files. > > At the same time, move functions from fowrard.h > to forward.c, when they are u

[Openvpn-devel] [PATCH applied] Re: pf: restyle pf_c2c/addr_test() to make them 'struct context' agnostic

Your patch has been applied to the master branch. commit 9646caeae3b3879e1d422405e42b7fbd05cb30a9 Author: Antonio Quartulli Date: Sun Nov 12 00:18:34 2017 +0800 pf: restyle pf_c2c/addr_test() to make them 'struct context' agnostic Signed-off-by: Antonio Quartulli Acked-by: Stef

[Openvpn-devel] [PATCH applied] Re: merge *-inline.h files with their main header

Your patch has been applied to the master branch. I had to mangle the patch a bit so it could apply - the copyright notice and company name changed, so "remove foo-inline.h" failed due to textual differences. In addition, the patch had #ifdef ENABLE_CRYPTO still in (which I all removed). Also, s

[Openvpn-devel] [PATCH applied] Re: ensure function declarations are compiled with their definitions

Your patch has been applied to the master branch. There was a bit of hassle again due to ENABLE_CRYPTO (so the comment about the typo in the comment ended up being moot anyway, because that was #ifndef ENABLE_CRYPTO) and also because someone took out so much stuff from misc.h that git could find