[Openvpn-devel] DCO for FreeBSD

Hi, I’m working on adding OpenVPN DCO support on FreeBSD (primarily for use in pfSense). I have a few questions, mostly around what’s planned for DCO in OpenVPN 2. I’m currently working based on https://github.com/schwabe/openvpn.git but intend to rebase to https://github.com/OpenVPN/openvpn/t

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Hi, Thanks for testing. > original patch does not apply Indeed it doesn't apply anymore since recent changes to vcxproj files. I have rebased it. > minor build issues still there: test · chipitsine/openvpn@eeff765 (github.com) Those are likely because this was not applied https://www.mail-arch

[Openvpn-devel] [PATCH v2] msvc: adjust build options to harden binaries

From: Lev Stipakov - enable hardware-enforced stack protection on compatible hardware/software (/CETCOMPAT linker option) - hash object files with SHA256 (/ZH:SHA_256 compiler option) - enable SDL. The required to add _CRT_NONSTDC_NO_DEPRECATE _CRT_SECURE_NO_WARNINGS _WINSOCK_DE

[Openvpn-devel] [PATCH v2 release/2.5] msvc: adjust build options to harden binaries

From: Lev Stipakov - enable hardware-enforced stack protection on compatible hardware/software (/CETCOMPAT linker option) - hash object files with SHA256 (/ZH:SHA_256 compiler option) - enable SDL. The required to add _CRT_NONSTDC_NO_DEPRECATE _CRT_SECURE_NO_WARNINGS _WINSOCK_DE

Re: [Openvpn-devel] DCO for FreeBSD

Hi, On 17/02/2022 09:33, Kristof Provost wrote: Hi, I’m working on adding OpenVPN DCO support on FreeBSD (primarily for use in pfSense). This is very nice! I have a few questions, mostly around what’s planned for DCO in OpenVPN 2. I’m currently working based on https://github.com/schwabe

Re: [Openvpn-devel] DCO for FreeBSD

Am 17.02.22 um 10:25 schrieb Antonio Quartulli: Hi, On 17/02/2022 09:33, Kristof Provost wrote: Hi, I’m working on adding OpenVPN DCO support on FreeBSD (primarily for use in pfSense). This is very nice! Cool! A secondary question is how you’d prefer to receive patches, once I get thing

Re: [Openvpn-devel] [PATCH v2 release/2.5] msvc: adjust build options to harden binaries

I've missed that patch [Openvpn-devel] [PATCH v2 4/5] tapctl: Resolve MSVC C4996 warnings (mail-archive.com) I'll test updated patch soon. чт, 17 февр. 2022 г. в 14:03, Lev Stipakov : > From: Lev Stipakov > > - en

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

чт, 17 февр. 2022 г. в 13:53, Lev Stipakov : > Hi, > > Thanks for testing. > > > original patch does not apply > > Indeed it doesn't apply anymore since recent changes to vcxproj files. > I have rebased it. > > > minor build issues still there: test · chipitsine/openvpn@eeff765 ( > github.com) > >

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Hi, > can you please apply "pdb" patch to your branch ? > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > BinSkim uses pdb for analysis. > > probably, it makes sense to apply this patch to release/2.5 bran

Re: [Openvpn-devel] [PATCH 2.5] msvc: adjust build options to harden binaries

Ack from me. чт, 17 февр. 2022 г. в 16:55, Lev Stipakov : > Hi, > > > can you please apply "pdb" patch to your branch ? > > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 > > Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > > > BinSkim uses pdb for analy

[Openvpn-devel] [PATCH] crypto: unify key_type creation code

At the moment we have tls_crypt_kt() and auth_token_kt that basically do the same thing, but with different algorithms used to inizialise the structure. In order to avoid code duplication and copy/paste errors, unify code and make it parametric, so that it can be re-used in various places. Signed

[Openvpn-devel] [PATCH v3] Add warning about mbed TLS licensing problem

Signed-off-by: Max Fillinger --- README.mbedtls | 18 ++ 1 file changed, 18 insertions(+) diff --git a/README.mbedtls b/README.mbedtls index 4875822d..d3466fa9 100644 --- a/README.mbedtls +++ b/README.mbedtls @@ -11,6 +11,24 @@ This version depends on mbed TLS 2.0 (and requires a

[Openvpn-devel] [PATCH v2] crypto: unify key_type creation code

At the moment we have tls_crypt_kt() and auth_token_kt that basically do the same thing, but with different algorithms used to inizialise the structure. In order to avoid code duplication and copy/paste errors, unify code and make it parametric, so that it can be re-used in various places. Signed

[Openvpn-devel] [PATCH applied] Re: vcpkg: link lzo statically

Acked-by: Gert Doering That came out of the "shouldn't we simplify our build scripts to make lz4 dynamic"... turns out that dynamic libs used by a single binary only are particulary inefficient here. Thus, going the other way :) I have not tested this, just looked at it, and it looks reasonable

[Openvpn-devel] [PATCH applied] Re: Add warning about mbed TLS licensing problem

Acked-by: Gert Doering "Raising awareness", without putting in any hard dates / versions. Your patch has been applied to the master branch. commit 110eee0288cff0720952a2cf16c4fb191d0bd616 Author: Max Fillinger Date: Thu Feb 17 15:27:56 2022 +0100 Add warning about mbed TLS licensing pro

Re: [Openvpn-devel] [PATCH v2] crypto: unify key_type creation code

Am 17.02.22 um 15:32 schrieb Antonio Quartulli: At the moment we have tls_crypt_kt() and auth_token_kt that basically do the same thing, but with different algorithms used to inizialise the structure. Should be initialise or initialize depending on your dialect. In order to avoid code duplic

Re: [Openvpn-devel] [PATCH v2] crypto: unify key_type creation code

Hi, On Thu, Feb 17, 2022 at 03:32:41PM +0100, Antonio Quartulli wrote: > At the moment we have tls_crypt_kt() and auth_token_kt that basically do > the same thing, but with different algorithms used to inizialise the > structure. > > In order to avoid code duplication and copy/paste errors, unify

[Openvpn-devel] [PATCH v3] crypto: unify key_type creation code

At the moment we have tls_crypt_kt() and auth_token_kt that basically do the same thing, but with different algorithms used to initialise the structure. In order to avoid code duplication and copy/paste errors, unify code and make it parametric, so that it can be re-used in various places. Signed

[Openvpn-devel] [PATCH] Remove unused function cipher_var_key_size

This function has been accidentially not been deleted during the removal of last bits of variable key size. --- src/openvpn/crypto_openssl.c | 9 - 1 file changed, 9 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 8bc41792..1c99db0f 100644 --- a

[Openvpn-devel] [PATCH v3] Fix OpenVPN querying user/password if auth-token with user expires

The problematic behaviour happens when start a profile without auth-user-pass and connect to a server that pushes auth-token When the auth token expires OpenVPN asks for auth User and password again. The problem is that the auth_user_pass_setup sets auth_user_pass_enabled = true; This function is

[Openvpn-devel] [PATCH applied] Re: Remove unused function cipher_var_key_size

Acked-by: Gert Doering Easy enough. Your patch has been applied to the master branch. commit 9cfe02039f00ea1ff026967497695d4cc35b1706 Author: Arne Schwabe Date: Thu Feb 17 19:19:43 2022 +0100 Remove unused function cipher_var_key_size Acked-by: Gert Doering Message-Id: <2022