Re: [Openvpn-devel] [PATCH v3] Return cached result in tls_authentication_status

Hi, On 06/05/2021 16:12, Arne Schwabe wrote: > tls_authentication_status does caching to avoid file I/O more than > every TLS_MULTI_AUTH_STATUS_INTERVAL (10s) per connection. But > counter-intuitively it does not return the cached result but rather > TLS_AUTHENTICATION_UNDEFINED if the cache is no

Re: [Openvpn-devel] [PATCH] Use exponential backoff for caching in tls_authentication_status

Hi, On 10/05/2021 15:13, Arne Schwabe wrote: > The caching in tls_authentication_status broke the quick reaction to > authentication status in the code paths that did not do caching like > PUSH_REQUEST reply code path. > > This patch introduces exponential backoff for the caching so we still > re

[Openvpn-devel] [PATCH 2/9] Remove getpeername, getpid check

getpeername is part of SUSv3 and Windows also provides the function as part of winsocks. getpid is also provided by both Posix and windows and we do not even use getpid on Windows since we rather call GetCurrentProcessId. Signed-off-by: Arne Schwabe --- configure.ac | 4 ++-- src/open

[Openvpn-devel] [PATCH 3/9] Inline do_init_auth_token_key

The extra function does give really give a better understanding of the code or does give any other benefit, inline it to make the code more streamlined. Signed-off-by: Arne Schwabe --- src/openvpn/init.c | 23 ++- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a

[Openvpn-devel] [PATCH 0/9] Miscellaneous cleanup patches/small fixes

This patch set has a number of small fixes/improvements and documentation fixes/updates. They should be able to be applied in any order and have weak relationship to each other at best. I am sending them in one patch set to make review/keeping track of patches easier. Arne Schwabe (9): Remove ex

[Openvpn-devel] [PATCH 1/9] Remove explicit struct iovec check (HAVE_IOVEC)

This macro is currently used only in 3 places in syshead.h - EXTENDED_SOCKET_ERROR_CAPABILITY is linux specific anyway and starts with #if defined(HAVE_LINUX_TYPES_H) - port share and ip_pktinfo macros depends on sendmsg/recvmsg that implicitly also require iovec So in all three cases we can i

[Openvpn-devel] [PATCH 6/9] Add noreturn attribute for MSVC to assert_failed method.

Signed-off-by: Arne Schwabe --- src/openvpn/error.h | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/openvpn/error.h b/src/openvpn/error.h index 1a5521654..469afe20a 100644 --- a/src/openvpn/error.h +++ b/src/openvpn/error.h @@ -202,8 +202,14 @@ FILE *msg_fp(const un

[Openvpn-devel] [PATCH 4/9] Add missing free_key_ctx for auth_token

This is is a small memory leak as this key is only leaked once per server start. Signed-off-by: Arne Schwabe --- src/openvpn/init.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 1d77a9d42..49c742928 100644 --- a/src/openvpn/init.c +++ b/src/ope

[Openvpn-devel] [PATCH 8/9] Document stub-v2 being basically an alias for no compression at all

Signed-off-by: Arne Schwabe --- doc/man-sections/protocol-options.rst | 5 + 1 file changed, 5 insertions(+) diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 4b6928c68..34d4255ee 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man

[Openvpn-devel] [PATCH 9/9] Add detailed man page section to setup a OpenVPN setup with peer-fingerprint

This is meant to give new users a quickstart for a useable OpenVPN setup. Our own documentation is lacking in this regard and many often tutorials that can be found online are often questionable in some aspects. Linking the invidiaul RST file on github also give a tutorial in a nicely formatted wa

[Openvpn-devel] [PATCH 7/9] Move utility function from win32.c to win32-util.c

This done to allow to include parts win32.c when building unit tests as win32.c itself has too many dependencies and cannot be included in a small unit test. Also fix a missing Windows.h include in error.h that otherwise breaks complation when included from unit tests. Signed-off-by: Arne Schwabe

[Openvpn-devel] [PATCH 5/9] Add ifdef guards to unit test

the unit tests do not compile under windows since they are missing the correct ifdef guards Signed-off-by: Arne Schwabe --- tests/unit_tests/openvpn/test_argv.c | 2 ++ tests/unit_tests/openvpn/test_auth_token.c | 2 ++ tests/unit_tests/openvpn/test_crypto.c | 4 tests/unit_tests/

[Openvpn-devel] Summary of the community meeting (12th May 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wed 12th May 2021 Time: 14:00 CET (12:00 UTC) Planned meeting topics for this meeting were here: Your local meet

[Openvpn-devel] PID is deleted unconditionally on exit

Hi Gert We recently updated OpenVPN to 2.5.2 and found that the PID is since [1] unconditionally deleted when OpenVPN exits. This breaks OpenVPN in our init. We relied on this file to get the PID to be able to check if the process actually started, or something went wrong during init, or to see i