Re: [Openvpn-devel] [Feedback needed] Fix cross compile support

penvpn. I've only cursorily been following the increased list traffic lately until the changed-procedure threads would have settled a bit, and the thread didn't catch my eye right away. Best regards -- Matthias Andree

Re: [Openvpn-devel] [PATCH] On TARGET_LINUX define _GNU_SOURCE if not defined

s a requisite, but run in the RPM's "prep" section rather than "build". Most distros today would have %configure macros to feed their distribution default options in (directory layout, CFLAGS for hardening, and thereabouts). HTH -- Matthias Andree

Re: [Openvpn-devel] [PATCH] On TARGET_LINUX define _GNU_SOURCE if not defined

o build the binaries from a tarball generated with "make dist" (what the release manager uploads and the end user usually downloads from sourceforge or other distribution sites), no autoconf/automake/libtool are required. -- Matthias Andree

Re: [Openvpn-devel] [Feedback needed] Fix cross compile support

Am 14.03.2010, 12:19 Uhr, schrieb Gert Doering : Hi, On Sun, Mar 14, 2010 at 12:13:26AM +0100, Matthias Andree wrote: No offense, but do you think it's within objective discussion to call the patch "mostly-religious change" (which is a non-objective comment in my book)

[Openvpn-devel] PATCH: remove bashisms from easy-rsa

;t support test -e or [ -e. My patch does not address this. Please apply. Best regards Matthias Andree Index: 2.0/build-ca === --- 2.0/build-ca (Revision 5689) +++ 2.0/build-ca (Arbeitskopie) @@ -1,4 +1,4 @@ -#!/bin/bash

Re: [Openvpn-devel] PATCH v2: remove bashisms from easy-rsa

Am 05.06.2010, 22:23 Uhr, schrieb David Sommerseth: On 05/06/10 00:49, Matthias Andree wrote: Note that some parts of the scripts may be Solaris /bin/sh unfriendly, for instance, Solaris's sh doesn't support test -e or [ -e. My patch does not address this. This makes me very relu

Re: [Openvpn-devel] PATCH: remove bashisms from easy-rsa

On Sun, 06 Jun 2010, Davide Brini wrote: > Some systems don't install bash or a POSIX sh in /bin, so it may also be > necessary to create symlinks on those systems. I think it's the easiest > tradeoff, and should be done anyway, because on such systems many other > #!/bin/sh or #!/bin/bash scri

Re: [Openvpn-devel] Patch for compile-time problems on NetBSD and OpenBSD (trac #17)

never seen this with GNU make though - providing your automake is new enough and you don't add options so that the user must add --enable-maintainer-mdoe (I don't see it on the 2.2beta branch in Git though). -- Matthias Andree

Re: [Openvpn-devel] [PATCH] Test framework improvment - Do not FAIL if t_client.rc is missing

gt; -. ./t_client.rc > -elif [ -r "${srcdir}"/t_client.rc ] ; then > -. "${srcdir}"/t_client.rc > -else > -echo "cannot find 't_client.rc' in current directory or" >&2 > -echo "source dir ('${srcdir}'). FAIL." >&2 > -exit 1 > -fi > - > if [ -z "$CA_CERT" ] ; then > echo "CA_CERT not defined in 't_client.rc'. SKIP test." >&2 > exit 0 -- Matthias Andree

Re: [Openvpn-devel] [PATCH] Test framework improvment - Do not FAIL if t_client.rc is missing

Am 18.08.2010 14:27, schrieb David Sommerseth: > This is to avoid 'make check' fail if this extra test case is not > configured. The patch gives a PASS, but will notify the user that > this test was skipped. The other question is how t_client.rc can go missing... -- Matthias Andree

Re: [Openvpn-devel] [PATCH] Test framework improvment - Do not FAIL if t_client.rc is missing

Am 18.08.2010 14:58, schrieb David Sommerseth: > On 18/08/10 14:36, Matthias Andree wrote: >> Am 18.08.2010 14:27, schrieb David Sommerseth: >>> This is to avoid 'make check' fail if this extra test case is not >>> configured. The patch gives a PASS, but wi

Re: [Openvpn-devel] [PATCH v2] Test framework improvment - Do not FAIL if t_client.rc is missing

t; -echo "cannot find 't_client.rc' in current directory or" >&2 > -echo "source dir ('${srcdir}'). FAIL." >&2 > - exit 1 > -fi > - > if [ -z "$CA_CERT" ] ; then > echo "CA_CERT not defined in 't_client.rc'. SKIP test." >&2 > exit 0 I think you missed this "exit 0" - should also be 77 instead - and please check if there are more (I've not been looking at the source script for lack of time). -- Matthias Andree

Re: [Openvpn-devel] [PATCH] More t_client.sh updates - exit with SKIP when we want to skip

ting this out. My pleasure. -- Matthias Andree

Re: [Openvpn-devel] use extv3 extensions such as subjectAltName as common_name

ts failure (aka "return false;") and the caller deals with that in case there are embedded NULs, IOW strlen() != ia5.size. For safer example code, see, for instance, the strlen vs. length comparison at <http://gitorious.org/fetchmail/fetchmail/blobs/846ffbb938c7ecf6819a5c3b844adf306bf87f02/socket.c#line682> -- Matthias Andree

Re: [Openvpn-devel] use extv3 extensions such as subjectAltName as common_name

Am 30.11.2010 16:50, schrieb Matthias Andree: > Make sure that the extraction reports failure (aka "return false;") and the > caller deals with that in case there are embedded NULs, IOW strlen() != > ia5.size. That ia5.size should be read as "ia5->length". Sorry

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

ity. > > most distro switch from openssl to nss. is there any reason you switch > to polarssl in stead of nss? > What do you base the "most distro" assessment on? Are you aware of any website discussing the advantages of the "big" SSL providers (OpenSSL, Mozilla NSS, GnuTLS, PolarSSL, CyaSSL, ...)? -- Matthias Andree

Re: [Openvpn-devel] Error C2010 in openvpnserv.c during VS2008 build

riadic-Macros.html#Variadic-Macros for an explanation. Please try the attached patch - note I haven't been able to test this beyond making sure it compiles on GCC 4.3. HTH. Best regards Matthias From c54a7fa98f4c8d567c26ce3bd6d80f3a68173bd8 Mon Sep 17 00:00:00 2001 From: Matthias Andree List-P

Re: [Openvpn-devel] Error C2010 in openvpnserv.c during VS2008 build

Am 04.12.2010 03:55, schrieb Matthias Andree: > Am 03.12.2010 16:22, schrieb Samuli Seppänen: >> Hi, >> >> I've managed to extend the Python build system so that it now tries to >> build the Windows service wrapper, "openvpnserv.exe", after building &g

Re: [Openvpn-devel] Error C2010 in openvpnserv.c during VS2008 build

IRC with David Sommerseth and yourself on 2010-12-04 around 11:08 UTC that we deem it unnecessary to keep GCC < 3.0 compatibility for this new Windows-only code. Best -- Matthias Andree >From 0374c641d4086dfea91bd64c22bb5280bbddf346 Mon Sep 17 00:00:00 2001 From: Matthias Andree List-Post

[Openvpn-devel] [PATCH] Remove excess semicolon (invalid C99).

Signed-off-by: Matthias Andree --- misc.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/misc.h b/misc.h index 3f22ca0..f449601 100644 --- a/misc.h +++ b/misc.h @@ -143,7 +143,7 @@ openvpn_run_script (const struct argv *a, const struct env_set *es, const unsign

Re: [Openvpn-devel] [PATCH] Remove excess semicolon (invalid C99).

Am 04.12.2010 14:02, schrieb Matthias Andree: > Signed-off-by: Matthias Andree > --- > misc.h |2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) This applies to the beta2.2 branch and affects this code section: 138 139 static inline bool 140 openvpn_run_s

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL PKCS #11 Support Preview [8/8]

free to ask details if you can't get to terms with the Git tutorials or my comments. Best regards -- Matthias Andree

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL PKCS #11 Support Preview [8/8]

nch. I'm holding off > until I get the go ahead on the stability of the tree though :). Hi Adriaan, I seem to recall that Mercurial also has some kind of email command or extension, however, I don't know if plays together with MQ. HTH -- Matthias Andree

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

ome > later time. > > Having the branch in git allows iterating over the commits with great > ease. OTOH, Adriaan has the patches in Mercurial Queues for now, so let's not waste time discussing this over and over again. :) -- Matthias Andree

Re: [Openvpn-devel] Using certificate chains

il/blobs/master/README.SSL-SERVER It also applies with exchanged roles for client-to-server authentication with X.509 certificates. Since it's GPL-licensed, feel free to take parts of it for the OpenVPN documentation. -- Matthias Andree

Re: [Openvpn-devel] [OpenVPN 2.1.4 BUG]: hard-coded values in Makefiles for down-root and auth-pam plugins prevent cross compilation

Am 26.12.2010 18:32, schrieb Mr Dash Four: > Due to the fact that I have spent the last two and a half hours trying > to find a place where to submit a bug report via the Trac system > (https://community.openvpn.net/openvpn) - and failing, miserably so - I > am submitting it here! > > In this v

Re: [Openvpn-devel] [OpenVPN 2.1.4 BUG]: hard-coded values in Makefiles for down-root and auth-pam plugins prevent cross compilation

Am 30.12.2010 22:04, schrieb Mr Dash Four: > >> I think it would be good to integrate this with automake if the whole >> setup is >> to be integrated and these plugins are supposed to be built more or >> less officially. >> > Yep, that's what I meant. Better still, autogen can be utilised to do

Re: [Openvpn-devel] [PATCH] Changed snprintf to _snprintf in service-win32/openvpnserv.c

Am 05.01.2011 14:21, schrieb Samuli Seppänen: > This fixes a generic Windows/VC++ issue: > > > > Does this change affect the automake/gcc-based Windows builds? NAK. Do not mess with the names

[Openvpn-devel] [PATCH 2/2] Hook auth-pam and down-root to the build.

libltdl stuff that can possibly link the plugin +dnl statically, but I suppose that takes changes to plugin.? code, +dnl too. -- Matthias Andree, 2011-01-06 if test "${WIN32}" = "yes"; then AC_ARG_VAR([MAN2HTML], [man2html utility]) @@ -379,7 +385,9 @@ if test "

[Openvpn-devel] [PATCH 1/2] Cleanup: move AC_GNU_SOURCE to quench autotools warnings.

--- configure.ac |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configure.ac b/configure.ac index e30f990..e1ca65e 100644 --- a/configure.ac +++ b/configure.ac @@ -32,6 +32,7 @@ AC_CONFIG_SRCDIR(syshead.h) dnl Guess host type. AC_CANONICAL_HOST +AC_GNU_SOURCE AM_INIT

[Openvpn-devel] beta2.2: automake support for plugin build

Greetings, this is the beta2.2 patch pair for hooking the auth-pam and down-root plugins to the build. The bugfix2.1 patch pair has been sent earlier. Looking for review, ACK and NAK. Best regards Matthias

[Openvpn-devel] [PATCH 1/2] Cleanup: move AC_GNU_SOURCE to quench autotools warnings.

--- configure.ac |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configure.ac b/configure.ac index 4777108..529abd3 100644 --- a/configure.ac +++ b/configure.ac @@ -32,6 +32,7 @@ AC_CONFIG_SRCDIR(syshead.h) dnl Guess host type. AC_CANONICAL_HOST +AC_GNU_SOURCE AM_INIT

[Openvpn-devel] [PATCH 2/2] Hook auth-pam and down-root to the build.

I suppose that takes changes to plugin.? code, +dnl too. -- Matthias Andree, 2011-01-06 if test "${WIN32}" = "yes"; then AC_ARG_VAR([MAN2HTML], [man2html utility]) @@ -373,7 +379,9 @@ if test "${WIN32}" != "yes"; then netinet/tcp.h arp

[Openvpn-devel] bugfix2.1: automake support for plugin build

Greetings, following up the "[OpenVPN 2.1.4 BUG]: hard-coded values in Makefiles for down-root and auth-pam plugins prevent cross compilation" bug, I am providing patches for review and test in cross-compilation environments. I have tested these on native compiles with Ubuntu Linux 10.10 32-bit,

Re: [Openvpn-devel] bugfix2.1: automake support for plugin build

Am 06.01.2011 21:42, schrieb Mr Dash Four: > >> I suppose you need to modify the .spec file to make sure you're running >> autoreconf twice up front (or libtoolize, aclocal, autoconf, automake, >> possibly autoheader). >> >> Note you'll want to remove the .la files from the destdir, and list the >

Re: [Openvpn-devel] beta2.2: automake support for plugin build

Am 06.01.2011 22:50, schrieb David Sommerseth: > On 06/01/11 18:13, Matthias Andree wrote: > | Greetings, > | > | this is the beta2.2 patch pair for hooking the auth-pam and down-root > | plugins to the build. > | > | The bugfix2.1 patch pair has been sent earlier. > | >

Re: [Openvpn-devel] bugfix2.1: automake support for plugin build

you could. ./configure CC="gcc -m32" would normally do, but I haven't gotten around to test drive things on F14. Well, for patch testing that's the thing. For the next releases, we'll have to wait what James, David, Samuli decide. HTH Best regards -- Matthias Andree

Re: [Openvpn-devel] bugfix2.1: automake support for plugin build

;> $plugin ..." is no longer needed for these two guys. >> > I just removed the loop to see if it works - NO! The source for the 2 > plugins won't even compile and make install obviously fails. > Can you toss your .spec file around? -- Matthias Andree

Re: [Openvpn-devel] bugfix2.1: automake support for plugin build

s, except where the appropriate CCFLAGS or > LDFLAGS are hard-coded (which is very bad program practice by the way) > in a propriety Makefile as is the case with the OpenVPN plugins. Which means that it's still somehow in your build. -- Matthias Andree

Re: [Openvpn-devel] further mysnprintf discussion (was: Summary of the IRC meeting (6th Jan 2011))

e a separate file that gets #include "..."-d by buffer.c and by service-win32/openvpnserv.c, then at least you don't have the headaches to remember to change two places when fixing a bug. HTH & best regards -- Matthias Andree

Re: [Openvpn-devel] OpenVPN documentation (man page) review

actually reduces confusion this way. Basically what you want is more (a) a concise HOWTO (more or less in place on the website), and (b) an exhaustive reference, no? -- Matthias Andree

Re: [Openvpn-devel] OpenVPN documentation (man page) review

ip, ifconfig, route, brctl, etc, it might help new users to understand a > little bit more as well. And needs to be system-specific in that very instant because the tools are. > Another thing, just as a side note, easy-rsa could really use a man page > as well. True enough, but better placed in a separate thread on the lists, and I suppose you'll collect volunteers much more easily for this much smaller project :) -- Matthias Andree

Re: [Openvpn-devel] configure not finding lzo (Solaris, NetBSD)

t; way to get it > fixed? Same story on FreeBSD. Should be fixed, but those fixes likely belong into autoconf proper, rather than each and every package that uses autoconf. Such workarounds don't belong into OpenVPN. Until that time, passing CPPFLAGS and LDFLAGS on the ./configure command line like ./configure CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib would do the trick. -- Matthias Andree

Re: [Openvpn-devel] configure not finding lzo (Solaris, NetBSD)

se :-) - there's even > "--with-lzo-header=..." and "--with-lzo-lib=..." - but I still wonder if > life shouldn't be easier for the 95%-case on a given distribution. The 95% case on a given distribution is that the distributor packages OpenVPN and the user doesn't care beyond that point. > "If other packages can get this automatically, why do we need switches > for OpenVPN"? Document that and be done. It helps the user much more than convenience hacks. -- Matthias Andree

Re: [Openvpn-devel] [PATCH 1/1] Fix warning: format not a string literal and no format arguments

Am 16.02.2011 22:55, schrieb Gilles Espinasse: > Seen with gcc-4.4.5 and -Wformat -Wformat-security > > Signed-off-by: Gilles Espinasse > --- > options.c |6 +++--- > push.c|4 ++-- > 2 files changed, 5 insertions(+), 5 deletions(-) Good catch, patch approved. -- Matthias Andree

Re: [Openvpn-devel] [PATCH] fix 2.2.0 build failure when management interface disabled

45efa (aka 2.1.3s), and that is obviously only needed if management > is enabled. > > So: ACK from me. > > Samuli: we need buildbot variants with/without management, it seems... Cutting down complexity (i. e. cutting out branches in the decision and/or option trees) is going to help more than just trying to cure the symptoms. -- Matthias Andree

Re: [Openvpn-devel] [PATCH] Fixes to easy-rsa/2.0

Am 30.06.2011 09:59, schrieb sam...@openvpn.net: > From: Samuli Seppänen > > As support for OpenSSL 1.0.0 requires a modified openssl.cnf file, it was > decided to rename openssl.cnf to openssl-1.0.0.cnf for clarity and better > support of different OpenSSL versions. The old openssl.cnf was renam

Re: [Openvpn-devel] [PATCH] Fixes to easy-rsa/2.0

Am 01.07.2011 10:26, schrieb David Sommerseth: > Agreed, and we decided yesterday in the developers meeting to remove 0.9.6 > support. However we found it better to remove that support first in > OpenVPN 2.3, as we will then go through the source code and remove all > 0.9.6 related stuff in the s

Re: [Openvpn-devel] [PATCH] Fixes for the plugin system:

Am 07.07.2011 09:27, schrieb Adriaan de Jong: > - Removed the dependency on an SSL library for USE_SSL when creating non-SSL > plugins > - Fixed example plugin code to include USE_SSL when needed > > Signed-off-by: Adriaan de Jong > diff --git a/openvpn-plugin.h b/openvpn-plugin.h > index 9cce

Re: [Openvpn-devel] [PATCH] Further improvements to plugin support:

Am 07.07.2011 10:19, schrieb Adriaan de Jong: > - Renamed struct entries to explicitly show them as disabled > - Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or > ssl_verify_polarssl.h is included > - If neither of those files is included, disable ssl support for a pl

[Openvpn-devel] [PATCH] Skip rather than fail test in addressless FreeBSD jails.

Signed-off-by: Matthias Andree --- t_cltsrv.sh |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/t_cltsrv.sh b/t_cltsrv.sh index 808d719..5bcbfc7 100755 --- a/t_cltsrv.sh +++ b/t_cltsrv.sh @@ -33,7 +33,7 @@ case `uname -s` in echo "###"

Re: [Openvpn-devel] configure patch for MacOS 10.7

Am 07.02.2012 11:24, schrieb Gert Doering: > Hi, > > I'm forwarding this "as-is", as I do not have enough understanding of > autoconf to say whether this is necessary, or "the right fix" - but > anyway, I've been told that this is needed to make our configure > behave on MacOS 10.7. Looks useful

Re: [Openvpn-devel] build against openssl 1.1.0

Am 13.02.2017 um 20:50 schrieb Christian Hesse: > And a lot more has to be done... There's a long list of packages to be > fixed. Sadly openssl developers do not care about ABI and API stability > or compatibility. :( Much frustration can be muttered and uttered about OpenSSL and more so of its s

Re: [Openvpn-devel] build against openssl 1.1.0

Am 17.02.2017 um 17:35 schrieb Emmanuel Deloget: > I understand that I'm the new guy in town, but can you allow me to > make the formal request to ditch OpenSSL 0.9.8, 1.0.0 and 1.0.1 and > require at least version 1.0.2? 1.0.1 has also gone out of support, and I propose to let the distros sort ou

Re: [Openvpn-devel] Reviewer(s) for French translation fixes in OpenVPN GUI?

Am 13.03.2017 um 18:26 schrieb Samuli Seppänen: > Hi, > > Is anyone interested in reviewing some French-language fixes to OpenVPN GUI? > > > > If we don't get any review, we'll have to merge the PR with a lazy-ACK. > > Any help would be appreciated!

Re: [Openvpn-devel] [PATCH] Require minimum OpenSSL 1.0.1

Am 11.04.2017 um 23:56 schrieb David Sommerseth: > On 11/04/17 23:20, Steffan Karger wrote: >> For release/2.4: I wonder whether we need to keep 0.9.8 support, as >> SLES11 still ships with 0.9.8h, and has general support until 31 Mar 2019. > While it is James who insisted on RHEL being the oldest

[Openvpn-devel] [PATCH] Make openvpn-plugin.h self-contained again.

2.4.2 introduced a declaration that references size_t, so use the C99 way of declaring it, and add #include . Note this may break on non-C99-compliant versions of MS Visual Studio. Signed-off-by: Matthias Andree --- include/openvpn-plugin.h.in | 1 + 1 file changed, 1 insertion(+) diff --git

Re: [Openvpn-devel] security/openvpn23 tarball size mismatch

Am 16.05.2017 um 14:00 schrieb Renato Botelho: > On 16/05/17 08:54, Renato Botelho wrote: >> Hello Mathias, >> >> I was trying to get openvpn23 installed from quarterly branch and got >> the following error: >> >> root@buildbot1:/usr/local/poudriere/ports/pfSense_v2_3/security/openvpn23 >> # make c

Re: [Openvpn-devel] Please check the 2.3.15 downloads

Am 19.05.2017 um 10:47 schrieb Gert Doering: > > Apologies for the 2.3.15 mishap (and thanks to Mathias Andree for raising > this issue yesterday already). I just spread the word, originator of the information was Renato Botelho aka. garga@ in the FreeBSD project. --

Re: [Openvpn-devel] [PATCH release/2.4] configure.ac: fix building against static openssl

Am 31.05.2017 um 02:31 schrieb David Sommerseth: > > I do however vaguely remember someone mentioning some BSD distros still > being on 0.9.8 ... or was it some other OS? ... Anyhow, do we need to > care for them? This is release/2.4 we're talking about after all. The oldest OpenSSL version in u

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

Am 21.06.2017 um 16:33 schrieb Samuli Seppänen: > On 21/06/2017 17:06, Simon Matter wrote: >>> On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen >>> wrote: The OpenVPN community project team is proud to release OpenVPN 2.4.3. It can be downloaded from here:

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

Am 21.06.2017 um 18:02 schrieb Gert Doering: > Hi, > > On Wed, Jun 21, 2017 at 05:58:18PM +0200, David Sommerseth wrote: >> Hmmm ... not a bad idea. But do we really need tar.gz at all these >> days? Why not just make autotools generate tar.xz by default and be >> done with it? > "distcheck" tend

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

Am 21.06.2017 um 18:53 schrieb Илья Шипицин: > > > 2017-06-21 21:48 GMT+05:00 Matthias Andree <mailto:matthias.and...@gmx.de>>: > > Am 21.06.2017 um 16:33 schrieb Samuli Seppänen: > > On 21/06/2017 17:06, Simon Matter wrote: > >>> On Wed

Re: [Openvpn-devel] [patch] Fix time_t printing - NAK

Am 05.10.2017 um 01:47 schrieb Jeremie Courreges-Anglas: > When building openvpn-2.4.4 on OpenBSD, I noticed the following warning: > > --8<-- > cc -DHAVE_CONFIG_H -I. > -I/usr/ports/pobj/openvpn-2.4.4/openvpn-2.4.4/src/openvpn -I../.. > -I../../include -I/usr/ports/pobj/openvpn-2.4.4/openvpn-2.

[Openvpn-devel] FreeBSD -CURRENT (unreleased) issues with TAP known?

ave chosen it's too early for me to dig deeply, given that the OS (FreeBSD-current) is currently still a moving target. Best regards, -- Matthias Andree -- Check out the vibrant tech community on one of the world&

Re: [Openvpn-devel] [PATCH v2] ssl_verify: define label only when required

Am 15.08.2018 um 08:12 schrieb Antonio Quartulli: > The "cleanup" label in ssl_verify.c:verify_user_pass_plugin() is used > only when PLUGIN_DEF_AUTH is defined, therefore make the label > definition dependent on the same define. > > Fixes the following warning when PLUGIN_DEF_AUTH is not defined:

Re: [Openvpn-devel] [PATCH] Add support for tls-ciphersuites for TLS 1.3

Hi Arne, I haven't looked at the code, only at strings for now, and I'd like to pick a few nits. Am 26.09.18 um 15:44 schrieb Arne Schwabe: > OpenSSL 1.1.1 introduces a seperate list for TLS 1.3 ciphers. As these > interfaces are meant to be user facing or not exposed at all and we > expose the

Re: [Openvpn-devel] SIGSEGV (NULL ptr deref) in PolarSSL-based build if noTLS ciphers specified (was: OpenVPN 2.3.11 released)

Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.11. > It can be downloaded from here: > > > > This release fixes two vulnerabilities: a port-share bug with DoS > potent

Re: [Openvpn-devel] [PATCH v2 (2.3)] Restrict default TLS cipher list

Am 17.04.2016 um 20:23 schrieb Steffan Karger: > In the past years, the internet has been moving forward wrt deprecating > older and less secure ciphers. Let's follow this example in OpenVPN and > also restrict the default list of negotiable TLS ciphers in 2.3.x. > > This disables the following:

Re: [Openvpn-devel] [PATCH applied] Re: Fix polarssl / mbedtls builds

Am 13.05.2016 um 09:32 schrieb Gert Doering: > ACK. Tested on FreeBSD 9.3, all 3 tests in "make check", works. > > It is in line with the much better tested code in master, and with the > man page: > > "The default for --tls-cipher is to use PolarSSL's default cipher > list when using PolarS

Re: [Openvpn-devel] OpenVPN 2.3.11 released

Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.11. > It can be downloaded from here: > > > > This release fixes two vulnerabilities: a port-share bug with DoS > potent

Re: [Openvpn-devel] Valgring findings

Am 07.06.2016 um 15:47 schrieb Илья Шипицин: > Hello, > > I played with valgrind a bit > > https://travis-ci.org/chipitsine/openvpn/jobs/135869065 > > Looks like there are leaks in openssl code, should we suppress it? Not that I've found the "leaks" you're reporting; however: I seem to recall

Re: [Openvpn-devel] [PATCH] Enable -D_SVR4_2 for compilation on Solaris

Am 10.10.2016 um 09:39 schrieb Gert Doering: > + CPPFLAGS="$CPPFLAGS -D_XPG4_2" NAK. Description mismatches content. Please revert and reapply with proper description. -- Check out the vibrant tech community on

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

Am 14.10.2016 um 17:28 schrieb Samuli Seppänen: > Hi, > > Should we have a separate apt repository for "unstable" apt packages? > Right now our apt repositories hold 2.3.x packages, meaning that > upgrades have historically been fairly minor. > > That said, users who use _our_ apt repositories ha

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

Am 14.10.2016 um 21:51 schrieb Steffan Karger: > > On 14 Oct 2016 9:14 p.m., "Matthias Andree" <mailto:matthias.and...@gmx.de>> wrote: > > > > Am 14.10.2016 um 17:28 schrieb Samuli Seppänen: > > > > Would 2.3.12 -> 2.4-alpha1 be too big an

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

Am 15.10.2016 um 12:11 schrieb David Sommerseth: > b) Have the package exclude each other to block both being installed >at the same time. That's the path normally chosen and that I'd recommend for DEB/APT-based packages because solvers can usually figure that part out. I think the RPM world n

Re: [Openvpn-devel] [PATCH applied] Re: Repair topology subnet on FreeBSD 11

Am 09.11.2016 um 21:14 schrieb Gert Doering: > Thanks for testing & review :-) > > Patch has been applied to the master and release/2.3 branch. > > commit a433b3813d8c38b491d2baa7b433973f2d6cd7c6 (master) > commit 446ef5bda4cdc75d4cb955e274846faff0181fd3 (release/2.3) > Author: Gert Doering > Date:

Re: [Openvpn-devel] [PATCH applied] Re: Repair topology subnet on FreeBSD 11

Am 11.11.2016 um 23:10 schrieb Gert Doering: > I might be tempted to do a quick 2.3.14 release in between - there's two > important platform fixes in that branch now (FreeBSD and OpenBSD topology > subnet :-) ) and Lev's recursive routing patch. Add to that the windows > block-outside-dns patch th

Re: [Openvpn-devel] FreeBSD port versions

Am 06.12.2016 um 22:02 schrieb Gert Doering: > Hi, > > On Sat, Nov 12, 2016 at 05:43:56AM +0100, Matthias Andree wrote: >> Am 11.11.2016 um 23:10 schrieb Gert Doering: >>> I might be tempted to do a quick 2.3.14 release in between - there's two >>> impor

[Openvpn-devel] CFT: OpenVPN 2.4 port update for FreeBSD

Greetings, I've put up an OpenVPN 2.4-rc1 port for FreeBSD up for testing. Get it from https://people.freebsd.org/~mandree/openvpn-2.4.r1-v1.tar.xz Or review the diff at https://reviews.freebsd.org/D8813 Cheers, Matthias signature.asc Description: OpenPGP digital signature --

[Openvpn-devel] man page --proto needs info on udp6/tcp6 in OpenVPN 2.4

see Subject. There's a related Trac-ker item against 2.3: -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://s

[Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD

Greetings, I've put up a new OpenVPN 2.4-rc2 port for FreeBSD for testing. Get it from . This time, it also contains the openvpn23 and openvpn23-polarssl ports (as modified copies of what we have now) that I plan to keep for the firs

Re: [Openvpn-devel] Google Summer of Code

Am 19.12.2016 um 11:01 schrieb Илья Шипицин: > > it seems, it depends on network-manager version. > on fedora 23 I cannot import files, but on ubuntu I can. Fedora 23 goes out of support these days (it's now more than 4 weeks after Fedora 25 release), so it's time to upgrade... --

Re: [Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD, now with TUNNELBLICK

Am 16.12.2016 um 21:21 schrieb Matthias Andree: > Greetings, > > I've put up a new OpenVPN 2.4-rc2 port for FreeBSD for testing. > > Get it from <https://people.freebsd.org/~mandree/openvpn-2.4_rc2-v1.tar.xz>. > > This time, it also contains the openvpn23 an

Re: [Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD, now with TUNNELBLICK

Am 22.12.2016 um 11:24 schrieb Gert Doering: > Hi, > > On Thu, Dec 22, 2016 at 09:58:07AM +0100, Matthias Andree wrote: >> I have an updated version with TUNNELBLICK patch re-enabled up for >> testing at >> <https://people.freebsd.org/~mandree/openvpn-2.4-rc

Re: [Openvpn-devel] OpenVPN 2.4.0 released

On 27.12.2016 15:16, Samuli Seppänen wrote: > The OpenVPN community project team is proud to release OpenVPN 2.4.0. It > can be downloaded from here: > > > > Compared to OpenVPN 2.3 this is a major update with a large number of > new fea

Re: [Openvpn-devel] [PATCH] cleanup: remove C++ comments

Am 26.04.2012 18:06, schrieb Alon Bar-Lev: > On Thu, Apr 26, 2012 at 3:33 PM, Fabian Knittel > wrote: >> Hi Alon, >> >> 2012/4/7 Alon Bar-Lev : >>> Signed-off-by: Alon Bar-Lev >>> --- >>> src/openvpnserv/openvpnserv.c |6 +++--- >>> 1 files changed, 3 insertions(+), 3 deletions(-) >>> >>> di

[Openvpn-devel] [PATCH] Enable TCP_NODELAY configuration on FreeBSD.

Listening for incoming TCP connection on [undef] Sat Jan 12 13:39:18 2013 Socket flags: TCP_NODELAY=1 succeeded Obtained from: https://community.openvpn.net/openvpn/ticket/158 Credits to: M. Nottebrock Signed-off-by: Matthias Andree --- src/openvpn/syshead.h | 4 1 file changed, 4 insertions

Re: [Openvpn-devel] OpenVPN 2.3.0 released

Am 08.01.2013 15:14, schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN > 2.3.0. It can be downloaded from here: > > > > This release includes two bug fixes. A full list of changes is available > here

Re: [Openvpn-devel] fix build with automake 1.13(.1)

Am 08.01.2013 09:39, schrieb Christian Hesse: > AM_CONFIG_HEADER has been deprecated for some time, finally it is removed on > automake 1.13. The attached patch replaces it with AC_CONFIG_HEADERS and > fixes build process with latest automake. Please apply. ACK. signature.asc Description: Op

Re: [Openvpn-devel] [PATCH] Enable TCP_NODELAY configuration on FreeBSD.

Am 12.01.2013 21:13, schrieb Gert Doering: > Hi, > > On Sat, Jan 12, 2013 at 01:41:17PM +0100, Matthias Andree wrote: >> The missing #include causes a defined(TCP_NODELAY) to >> fail. I have added the patch to the FreeBSD ports OpenVPN 2.2.2 and >> 2.3.0, and confirm

[Openvpn-devel] easy-rsa status?

Greetings, I have just added the easy-rsa package to the FreeBSD ports collection, security/easy-rsa, and security/openvpn is now optionally (default: yes) depending on security/easy-rsa so people get this, as they did with 2.2.2. However, I found it hard to collect together the few scattered pie

Re: [Openvpn-devel] compiling with visual studio

Am 16.01.2013 11:11, schrieb Gert Doering: > Hi, > > On Tue, Jan 15, 2013 at 09:03:07PM +0200, Athanasios Douitsis wrote: >> Trying to compile 2.3 with visual studio 2010. I am getting the following >> error: >> >> init.c(186): error C2143: syntax error : missing ';' before 'type' >> [C:\openvpn4\

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

Is there any important system where requiring PolarSSL >= 1.2.3 is not an option, besides "admin is too lazy or can't convince his manager that he needs to upgrade"? This #ifdef stuff makes the whole story a bit inconcise. It might be suitable for 2.3.X, but not to base 2.4 or newer releases on.

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

Am 21.01.2013 14:23, schrieb Gert Doering: > Hi, > > just for the sake of those not following the discussion on IRC... > > On Mon, Jan 21, 2013 at 11:23:17AM +0100, Gert Doering wrote: >> I'm more concernced about maintainability of the OpenVPN code base, and >> having more #ifdef in there is not

Re: [Openvpn-devel] Topics for next weeks meeting

Am 10.04.2013 13:47, schrieb Samuli Seppänen: > Hi all, > > After a fairly long pause, the community meetings are starting again. > Next one is on Thursday 18th Apr 2013. The preliminary agenda is here: > > > > Best regards, > Woul

Re: [Openvpn-devel] OpenVPN 2.3.2 tagged and source packages ready

Am 31.05.2013 14:35, schrieb Samuli Seppänen: > Hi all, > > OpenVPN 2.3.2 is now tagged, but I won't have time to make a proper > release until next Monday. However, here are the source packages for > your enjoyment: > > >

Re: [Openvpn-devel] RFD - block-ipv6

Am 17.08.2013 12:30, schrieb Gert Doering: > So, what I'm hoping to hear from you... > > - should we include this in 2.3.3? > - if yes, are changes needed? Well, it would take huge warning banners because it might disrupt existing setups (which would be insecure through the "connect around

Re: [Openvpn-devel] [PATCH] t_client.sh: Check for fping/fping6 availability

Am 15.11.2013 18:12, schrieb David Sommerseth: > From: David Sommerseth > > Check if fping and fping6 is available before running the real tests, > to avoid misleading test failures. > > Signed-off-by: David Sommerseth > --- > tests/t_client.sh.in | 12 > 1 file changed, 12 insert

Re: [Openvpn-devel] [PATCH] t_client.sh: Write errors to stderr and document requirements

ACK. Am 16.11.2013 11:23, schrieb David Sommerseth: > From: David Sommerseth > > Signed-off-by: David Sommerseth > --- > INSTALL | 4 > tests/t_client.sh.in | 4 ++-- > 2 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/INSTALL b/INSTALL > index 61dc975..2ef79

  1   2   3   >