Hi,
On Sun, Mar 28, 2021 at 01:52:51AM +0100, Antonio Quartulli wrote:
> I believe termios.h should normally be available on any *nix system,
> therefore it should be ok to switch to it.
Well, on everything that is recent enough to have tun/tap and sockets,
termios.h will exist.
On the necessity
The non-TLS mode is a relict from OpenVPN 1.x or 2.0. When tls mode was
introduce the advantages of TLS over non-tls were small but tls mode
evolved to include a lot more features. (NCP, multipeer, AEAD ciphers to name
a few).
Today VPN that use --secret are mainly used because of its relative eas
Lightly tested on OpenSSL 1.0.2 and 1.1.1 clients, talking to 1.0.2 and
1.1.1 servers (= TLS 1.2 and 1.3).
Your patch has been applied to the master and release/2.5 branch.
I think it falls under the "long term compatibility" clause for 2.5,
as 2.5 will be around for a while and being able to pri
Hi,
On 28/03/2021 10:52, Gert Doering wrote:
> [..]
>>> +{
>>> +(void) tcsetattr(fileno(fp), TCSAFLUSH, &tty_save);
>>
>> We should not need to cast to void - I don't think we have warnings set
>> for non-checked return values.
>
> Actually we should catch errors here and log them. I
Hi,
On Thu, Mar 25, 2021 at 09:13:13PM +0100, Antonio Quartulli wrote:
[..]
> Acked-by: Antonio Quartulli
I see your ACK, and find myself wanting to be convinced that this is
really the best possible approach.
The code change in multi.c is nice, but the effects on ssl.c are ugly,
and will be wi
context_2 and tls_multi have the same life cycle for TLS connections
but so this move does not affect behaviour of the variable.
OpenVPN TLS multi code has a grown a lot more complex and code that
handles multi objects needs to know the state that the object is in.
Since not all code has access to
When OpenVPN sees a new (SSL) connection via HARD_RESET or SOFT_RESET with
the same port/ip as an existing session, it will give it the slot of the
renegotiation session (TM_UNTRUSTED). And when the authentication
succeeds it will replace the current session. In the case of a SOFT_RESET
this a rene
Hi,
Thank you both for the review and feedback.
On Sun, Mar 28, 2021 at 10:52 AM Gert Doering wrote:
>
> On the necessity for the patch, I have mixed feelings - I do not see
> any OS remove getpass() any time soon, as it would break applications...
The specific issue I ran into was getpass() ha
>
> Regarding mbedtls I am not sure how it is related to calling
> EVP_CIPHER_CTX_set_key_length.
>
That was probably misleading. I wanted to say that the mbed variant of
this function actually still has a more useful check in this function.
So I wanted to keep both checks rather than to remove
Hi,
On Sun, Mar 28, 2021 at 02:03:37PM +0200, Tõivo Leedjärv wrote:
> The specific issue I ran into was getpass() having 8 character limit
> on Solaris/illumos.
Ah, thanks for that reminder. That is, indeed, a strong argument (and
who knows which other platforms might do this and we don't know a
This is configure macro that tries out how to declare a variable array
at the end of struct. This has been standardised in C99, so there is
no more need for non C99 magic. See also this stackoverflow discussion:
https://stackoverflow.com/questions/14643406/whats-the-need-of-array-with-zero-element
Hi,
On 28-03-2021 14:22, Arne Schwabe wrote:
> This is configure macro that tries out how to declare a variable array
> at the end of struct. This has been standardised in C99, so there is
> no more need for non C99 magic. See also this stackoverflow discussion:
>
> https://stackoverflow.com/ques
We ISO C99 as minimum support for our source code and all compilers
should support the ISO C99 macros. Especially gcc does not need
the gcc extensions anymore. Also MSVC has support for it (as defined
in the config-msvc.h but also double checked)
LCLINT seems to be a C analyzer that history has fo
Hi,
On 28-03-2021 14:53, Arne Schwabe wrote:
> We ISO C99 as minimum support for our source code and all compilers
> should support the ISO C99 macros. Especially gcc does not need
> the gcc extensions anymore. Also MSVC has support for it (as defined
> in the config-msvc.h but also double checked
The getpass() function is present in SUSv2, but marked LEGACY. It is
removed in POSIX.1-2001. Additionally, on Solaris getpass() returns
maximum 9 bytes. This will make longer passwords fail with no
possibility for user to know what is happening.
This patch removes usage of getpass() completely an
This is configure macro that tries out how to declare a variable array
at the end of struct. This has been standardised in C99, so there is
no more need for non C99 magic. See also this stackoverflow discussion:
https://stackoverflow.com/questions/14643406/whats-the-need-of-array-with-zero-element
We require ISO C99 as minimum support for our source code and all compilers
should support the ISO C99 macros. Especially gcc does not need
the gcc extensions anymore. Also MSVC has support for it (as defined
in the config-msvc.h but also double checked)
LCLINT seems to be a C analyzer that histor
I found this when playing with building OpenVPN with cmake.
Signed-off-by: Arne Schwabe
---
src/openvpn/tun.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 9d995dd46..902665cc6 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.
Acked-by: Gert Doering
Taking Steffan's ACK on the v1, and mine on the single-line change in
v2 (which gets rid of these warnings). Buildbot army tested v1, so
I'm reasonably sure nothing bad will happen on v2 either :-)
Your patch has been applied to the master branch.
commit 7975e33bd9122045
Acked-by: Gert Doering
Taking Steffan's ACK on the v1, and mine on the single-line change in
v2 (which gets rid of these warnings). Buildbot army tested v1, so
I'm reasonably sure nothing bad will happen on v2 either :-)
Your patch has been applied to the master branch.
commit f91e21163708b5dc
Acked-by: Gert Doering
Not sure why it is not erroring-out there, but "symbol not defined"
seems to be good enough as "0". OTOH, all the other code uses "#ifdef"
or "defined(TARGET_FOO)", so bringing this in line is good.
Your patch has been applied to the master branch.
commit d11c273b07c422d
Hi,
On Sun, Mar 28, 2021 at 03:51:39PM +0200, Tõivo Leedjärv wrote:
> The getpass() function is present in SUSv2, but marked LEGACY. It is
> removed in POSIX.1-2001. Additionally, on Solaris getpass() returns
> maximum 9 bytes. This will make longer passwords fail with no
> possibility for user to
The getpass() function is present in SUSv2, but marked LEGACY. It is
removed in POSIX.1-2001. Additionally, on Solaris getpass() returns
maximum 9 bytes. This will make longer passwords fail with no
possibility for user to know what is happening.
This patch removes usage of getpass() completely an
From: Selva Nair
This has been replaced by openvpnserv2 since 2.4.0 and we have
stopped setting up this service in the installer since 2.5.0.
Get rid of the unused code. The mechanics of supporting multiple
services with the same executable is retained for possible future use.
For backwards com
24 matches
Mail list logo
