[Openvpn-devel] [PATCH applied] Re: make dist: Ship ovpn_dco_freebsd.h, too

Acked-by: Gert Doering To see the actual failure, one needs to build a tarball ("make dist"), and from that tarball, compile with "configure --enable-dco", on FreeBSD - so a pure "make distcheck" did not see it. Apologies for that oversight. Your patch has been applied to the master and release

[Openvpn-devel] [PATCH 1/2] Improve signal handling using POSIX sigaction

From: Selva Nair Currently we use the old signal API which follows system-V or BSD semantics depending on the platform and/or feature-set macros. Further, signal has many weaknesses which makes proper masking (deferring) of signals during update not possible. Improve this: - Use sigaction to pr

[Openvpn-devel] [PATCH 2/2] signal_reset(): combine check and reset operations

From: Selva Nair - "if (sig == X) signal_reset(sig)" now becomes "signal_reset(sig, X)" so that the check and assignment can be done in one place where signals are masked. This is required to avoid change of signal state between check and reset operations. - Avoid resetting the signal ex

[Openvpn-devel] [PATCH 3/4] cryptoapi.c: remove pre OpenSSL-3.01 support

From: Selva Nair - Require xkey-provider (thus OpenSSL 3.01+) for --cryptoapicert Note: Ideally we should also make ENABLE_CRYPTOAPI conditional on HAVE_XKEY_PROVIDER but that looks hard unless we can agree to move HAVE_XKEY_PROVIDER to configure/config.h. Or move ENABLE_CRYPTOAPI out of

[Openvpn-devel] [PATCH 0/4] Improvements for cryptoapi.c

From: Selva Nair 1. Support selecting certificate using issuer name (goal: "planned obsolescence" of 2.6, already :) 2. Log the selected certificate's name 3. Remove Pre OpenSSL-3.01 support (goal: leaner and meaner) 4. Simplify parsing of thumbprint hex string doc/man-sections/window

[Openvpn-devel] [PATCH 4/4] cryptoapi.c: simplify parsing of thumbprint hex string

From: Selva Nair Signed-off-by: Selva Nair --- src/openvpn/cryptoapi.c | 44 +++-- 1 file changed, 12 insertions(+), 32 deletions(-) diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index 6ff4fcb5..9fd5aea9 100644 --- a/src/openvpn/cryptoapi.c

[Openvpn-devel] [PATCH 1/4] Option --cryptoapicert: support issuer name as a selector

From: Selva Nair - Certificate selection string can now specify a partial issuer name string as "--cryptoapicert ISSUER:" where is matched as a substring of the issuer (CA) name in the certificate. Partial case-insensitive matching against the "issuer name" is used. Here "issuer name"

[Openvpn-devel] [PATCH 2/4] cyryptapi.c: log the selected certificate's name

From: Selva Nair - With various ways of specifying the selector-string to the "--cryptoapicert" option, its not immediately obvious which certificate gets selected from the store. Log it. The "name" logged is a friendly name (if present), or a representative element of the subject (usual

Re: [Openvpn-devel] [PATCH applied] Re: make dist: Ship ovpn_dco_freebsd.h, too

Am 28.01.23 um 19:55 schrieb Gert Doering: Acked-by: Gert Doering To see the actual failure, one needs to build a tarball ("make dist"), and from that tarball, compile with "configure --enable-dco", on FreeBSD - so a pure "make distcheck" did not see it. Apologies for that oversight. Your pat