Hi,
I would have merged this now, but it breaks ENABLE_ASYNC_PUSH... and
while at it, I have more questions.
On Sun, Mar 28, 2021 at 02:02:40PM +0200, Arne Schwabe wrote:
[..]
> Patch V2: also rename context_auth to multi_state, explain a bit why this
> change is done.
[..]
> diff --git
Hi,
On Sun, Mar 28, 2021 at 02:02:41PM +0200, Arne Schwabe wrote:
[..]
> @@ -2240,7 +2240,8 @@ error:
> * to the TLS control channel (cleartext).
> */
> static bool
> -key_method_2_write(struct buffer *buf, struct tls_session *session)
> +key_method_2_write(struct buffer *buf, struct tls_mult
Hi,
On Sun, Apr 18, 2021 at 12:11:27PM +0200, Gert Doering wrote:
> For release/2.5, this should be fine.
Confirming :-)
The patch 1/2 v2 (1666) needs some amount of force to go into 2.5 due
to context changes, and one extra is_cas_pending(). 2/2 v2 (1667) goes
right in, and succeeds
Test sets
Am 18.04.2021 um 12:11 schrieb Gert Doering:
Hi,
On Sun, Mar 28, 2021 at 02:02:41PM +0200, Arne Schwabe wrote:
[..]
@@ -2240,7 +2240,8 @@ error:
* to the TLS control channel (cleartext).
*/
static bool
-key_method_2_write(struct buffer *buf, struct tls_session *session)
+key_method_2_
Hi,
On Sun, Apr 18, 2021 at 01:48:53PM +0200, Arne Schwabe wrote:
> > For master, this conflicts with commit 8fa8a17528c (compress migrate),
> > which already introduces the "multi" parameter. Master only needs the
> > second hunk (documentation plus CAS_SUCCEEDED check).
>
> I can resend it if
Hi,
On Fri, Apr 16, 2021 at 05:07:08PM +0500, Vladislav Grishenko wrote:
> Load balancing setup over multiple upstreams may include multipath
> gateway route, which is not not supported by OpenVPN.
> Let's add basic support for that for selecting best route for zero
> destination address - use any
Code looks reasonable (though I won't claim to understand the nuances
of Netlink :-) ) - took me a bit to remember what is done here with
the callback function for matching, but yeah, seems to do what it says
on the lid. Did some very basic testing on a system with just a single
route table and no
Acked-by: Gert Doering
We discussed the feature-ACK part in the last community meeting - this
is for (Android) clients "everything that runs while the VPN is active"
should use an http proxy. This is installed by the VPN API and "just
passed through" through OpenVPN.
The new code is all #ifdef
On 18/04/2021 16:15, Gert Doering wrote:
> Hi,
>
> On Fri, Apr 16, 2021 at 05:07:08PM +0500, Vladislav Grishenko wrote:
>> Load balancing setup over multiple upstreams may include multipath
>> gateway route, which is not not supported by OpenVPN.
>> Let's add basic support for that for selectin
Hi,
On Sun, Apr 18, 2021 at 04:55:23PM +0200, Antonio Quartulli wrote:
> Still, we want to handle nexthop groups somehow.
Then it looks like this needs testing and an ACK :-)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer,
Hi,
On 15/04/2021 11:12, Max Fillinger wrote:
> When using the chroot option, the init_ssl function can be called before
> entering the chroot or, when OpenVPN receives a SIGHUP, afterwards. This
> commit ensures that OpenVPN tries to open the correct path for the CRL
> file in either situation.
>
Am 18.04.21 um 11:11 schrieb Gert Doering:
> Hi,
>
> I would have merged this now, but it breaks ENABLE_ASYNC_PUSH... and
> while at it, I have more questions.
>
> On Sun, Mar 28, 2021 at 02:02:40PM +0200, Arne Schwabe wrote:
> [..]
>> Patch V2: also rename context_auth to multi_state, explain a
context_2 and tls_multi have the same life cycle for TLS connections
but so this move does not affect behaviour of the variable.
OpenVPN TLS multi code has a grown a lot more complex and code that
handles multi objects needs to know the state that the object is in.
Since not all code has access to
Am 18.04.21 um 18:01 schrieb Arne Schwabe:
> context_2 and tls_multi have the same life cycle for TLS connections
> but so this move does not affect behaviour of the variable.
>
> OpenVPN TLS multi code has a grown a lot more complex and code that
> handles multi objects needs to know the state th
Hi,
On 15/04/2021 11:34, Max Fillinger wrote:
> Now that the path for the CRL file is handled correctly when using
> chroot, there's no good reason for the file to be inaccessible during
> ssl_init().
>
> This commit ensures that the CRL file is accessed successfully at least
> once, which fixes
Hi,
On 08/04/2021 15:36, Arne Schwabe wrote:
> These functions return const pointers in OpenSSL 3.0.0alpha14, so
> our pointers should be also const to avoid casting the const away.
>
> Signed-off-by: Arne Schwabe
Trivial change. No behaviour is expected to be modified by this.
This change im
Your patch has been applied to the master branch.
I have not tested this any further, but glance-at-code looks good.
commit 6fc292d2ed008a53061ce953dea6ff1e692e6723
Author: Arne Schwabe
Date: Thu Apr 8 15:36:26 2021 +0200
Ensure using const variables with EVP_PKEY_get0_*
Signed-off-
17 matches
Mail list logo
