Hi,
On Mon, Jan 23, 2017 at 4:55 AM, Samuli Seppänen wrote:
>
>> Checked this on win7. Process explorer shows ASLR flag is set on the
>> executable. But ASLR is not really active. The GUI is loaded at the same
>> address each time (as per vmmap from sysinternals). I see no address
>> randomizati
Hi,
On Sat, Jan 14, 2017 at 4:16 PM, wrote:
> From: Selva Nair
>
> Currently the username unqualified by the domain is used to validate
> a user which fails for domain users. Instead authorize the user
>
> (i) if the built-in admin group or ovpn_admin group is in the process
On Fri, Jan 27, 2017 at 10:08 AM, David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 27/01/17 14:56, Илья Шипицин wrote:
> >
>
> >
> > may I ask you something in turn ?
> > I cannot read other people thoughts, if there's something wrong with my
> > patch, there's no other known way,
Hi,
On Sat, Jan 28, 2017 at 3:06 AM, Ilya Shipitsin
wrote:
> MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both
> .travis.yml and .travis/build-deps.sh files, the last one
> defined OPENSSL_VERSION via nonexistent OPENSSL_VERION
> variable, which lead us to use openssl-1.0.1 instead
On Sun, Jan 29, 2017 at 1:58 AM, Ilya Shipitsin
wrote:
> MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both
> .travis.yml and .travis/build-deps.sh files, the last one
> defined OPENSSL_VERSION via nonexistent OPENSSL_VERION
> variable, which lead us to use openssl-1.0.1 instead of
>
Hi,
On Tue, Jan 31, 2017 at 1:22 PM, Antonio Quartulli wrote:
> iff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
> index b0ed3279..27f34bed 100644
> --- a/src/openvpn/proxy.c
> +++ b/src/openvpn/proxy.c
> @@ -256,7 +256,16 @@ username_password_as_base64(const struct
> http_proxy_info *p,
>
On Wed, Feb 1, 2017 at 3:33 AM, Antonio Quartulli wrote:
> On Wed, Feb 01, 2017 at 11:04:55AM +0800, Antonio Quartulli wrote:
> > > That said, there is one issue with this approach. Looks like SIGUSR1
> > > restarts will now always prompt for proxy password, which is not
> proper.
> >
> > Right!
From: Selva Nair
- Keep the username even if auth-nocache is specified so that
any auth_token pushed by the server could be utilized
- When auth-token is received, set nocache = false in user_pass
Note: When handling of auth failure due to token expiry is fixed, remember
to re-instate nocache
Hi,
On Wed, Feb 8, 2017 at 10:01 PM, Antonio Quartulli wrote:
> On Wed, Feb 08, 2017 at 02:25:44PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > - Keep the username even if auth-nocache is specified so that
> > any auth_token pushed by the server
Hi,
On Mon, Feb 13, 2017 at 3:55 PM, Olivier W wrote:
> >> That's a not exactly helpful error message... :( - I tend to just turn
> >> off SSL on stuff that goes to public mailing lists anyway if it causes
> >> issues...
> >
> > OpenSSL errors requires quite some efforts to get used to. And in
On Mon, Feb 20, 2017 at 7:18 AM, Gert Doering wrote:
> On Sat, Jan 14, 2017 at 04:16:29PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > Currently the username unqualified by the domain is used to validate
> > a user which fails for domain users.
Hi,
On Wed, Mar 15, 2017 at 11:37 AM, Илья Шипицин wrote:
> >
>> > well, it makes sense that it might be required for running openvpn. but
>> why
>> > to check it during build ?
>>
>> To find the path that we're going to call the binary with. We do not
>> rely on $PATH resolution at runtime.
>>
> fe80::8 value. Only do this for "on tap adapter" routes.
>
> Pinpointed by Selva Nair.
>
> Trac #850
>
> Signed-off-by: Gert Doering
> ---
> src/openvpn/route.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/openvpn/r
On Mon, Apr 3, 2017 at 4:43 PM, David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 03/04/17 16:12, Jan Just Keijser wrote:
> > Hi Samuli,
> >
> > On 03/04/17 15:53, Samuli Seppänen wrote:
> >> On 02/04/2017 10:57, Steffan Karger wrote:
>
snip..
> >>> DSA is _not_ a preferred choi
Hi,
On Tue, Apr 4, 2017 at 3:48 AM, Steffan Karger wrote:
> From the openssl man page:
>
> "Beware that with such DSA-style DH parameters, a fresh DH key should
> be created for each use to avoid small-subgroup attacks that may be
> possible otherwise."
>
> This means that if for some reason a n
While cleaning up my local branches this one came up..
Any comments? -- a NAK will do as well so that I can delete it :)
Selva
On Fri, Nov 25, 2016 at 12:21 AM, Selva Nair wrote:
> This was missing on Windows when interactive service is in use.
>
> - Added route_ipv6_clear_host_bi
I did not get this mail
https://sourceforge.net/p/openvpn/mailman/message/35789733/
Something up with the list or is it only me?
Selva
--
Check out the vibrant tech community on one of the world's most
engaging tech site
On Sat, Apr 15, 2017 at 5:17 PM, ValdikSS wrote:
> Should I try to re-post it? Could it be because of 7z archive?
Possibly gmail blocked it in my case -- I thought 7z will be blocked only
if contained an executable (.exe, .bat etc..)
Please do post again -- the registry entry may be added as a
On Tue, Apr 25, 2017 at 4:40 PM, ValdikSS wrote:
> Please check updated version
> https://github.com/ValdikSS/openvpn-with-patches/commit/
> 80345eac823326299c5428a8db45dc06a8d10f7b
>
> set_interface_metric() needs to be called from interactive service but the
> service doesn't include win32.h/c
From: Selva Nair
If static challenge is in use, the password passed to the plugin by openvpn
is of the form "SCRV1:base64-pass:base64-response". Parse this string to
separate it into password and response and use them to respond to queries
in the pam conversation function.
On
From: Selva Nair
This adds a minimal secure_memzero()
Signed-off-by: Selva Nair
---
src/plugins/auth-pam/auth-pam.c | 2 ++
src/plugins/auth-pam/utils.h| 16
2 files changed, 18 insertions(+)
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
On Fri, May 5, 2017 at 3:01 PM, David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 05/05/17 20:28, Gert Doering wrote:
> > Hi,
> >
> > On Fri, May 05, 2017 at 02:24:01PM -0400, selva.n...@gmail.com wrote:
> >> From: Selva Nair
> >
Hi,
On Thu, May 4, 2017 at 1:36 PM, ValdikSS wrote:
>
> Windows 10 before Creators Update used to resolve DNS using all available
> adapters and IP addresses in parallel.
> Now it still resolves addresses using all available adapters but in a
> round-robin way, beginning with random adapter.
>
Hi,
Thanks for the patch exporting base64_encode/decode
A quick question/comment though: quoting from your sample base64.c
On Fri, May 5, 2017 at 5:46 PM, David Sommerseth wrote:
> +/* Which callbacks to intercept. */
> +ret->type_mask =
> +OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_
Hi,
Thanks for the follow up with details. I also put some further thought into
this overnight and totally agree with your observations. With one exception
:)
On Mon, May 8, 2017 at 9:56 AM, David Sommerseth wrote:
> I think it is a bit too risky to actually fix the plug-in API to fix
> this.
Hi,
On Mon, May 8, 2017 at 10:19 AM, David Sommerseth
wrote:
> *
> * STRUCT MEMBERS
> *
> - * *type_mask : The plug-in should set this value to the logical OR of
> all script
> + * type_mask : The plug-in should set this value to the logical OR of
> all script
> * types whi
Hi,
Please bear with me for making a few more comments. This close to final so
only
a few minor issues.
On Thu, May 4, 2017 at 1:36 PM, ValdikSS wrote:
>
> Windows 10 before Creators Update used to resolve DNS using all available
> adapters and IP addresses in parallel.
> Now it still resolves a
Hi,
On Mon, May 8, 2017 at 10:57 AM, David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 08/05/17 16:38, Selva Nair wrote:
> > Hi,
> >
>
On Mon, May 8, 2017 at 10:19 AM, David Sommerseth
>> wrote:
>> *
>> * STRUCT MEMBERS
>> *
Hi,
On Fri, May 5, 2017 at 2:46 PM, David Sommerseth wrote:
> The provides plug-ins with a safe and secure way to santize sensitive
> information such as passwords, by re-using the secure_memzero()
> implementation in OpenVPN.
>
> Signed-off-by: David Sommerseth
> ---
> include/openvpn-plugin.
From: Selva Nair
v2: Change the plugin open to use v3 API so that
openvpn_secure_memzero() exported from OpenVPN can be used.
Note: context is cast as (openvpn_plugin_handle_t *) for consistency
with the current plugin header. If/when the header is fixed, change
this cast as well.
Signed-off
Hi,
On Tue, May 9, 2017 at 1:34 PM, David Sommerseth wrote:
> If the plug-in built and packaged separately and that build is not tied
> to OpenVPN itself, this can make this plug-in fail without any
> particular real reason if the OpenVPN binary gets updated independently.
>
> Even though not ex
Hi,
On Tue, May 9, 2017 at 1:47 PM, David Sommerseth wrote:
> That said, I think we should fix secure_memzero() to just return if the
> input pointer is NULL. And even though most compilers do initialize
> variables, I think it's good to be defensive here and initialize `up` too.
>
No, compile
From: Selva Nair
v2: Change the plugin open to use v3 API so that secure_memzero()
exported from OpenVPN can be used.
v3: Relaxe API compatibility check: struct version 4 or higher
will have secure_memzero exported.
Note: context is cast as (openvpn_plugin_handle_t *) for consistency
Hi,
Looks good except for some typos:
On Tue, May 9, 2017 at 2:42 PM, Steffan Karger
wrote:
> The tls-crypt commit message contained an elaborate discussion on the
> function's security properties. This commit adds the gist of that
> discussion, "rotate keys periodically" to the man page.
>
>
On Wed, May 10, 2017 at 12:08 PM, ValdikSS wrote:
>
> InitializeIpInterfaceEntry() is missing in all but very recent mingw32
> versions
> (their commit logs show it was added in early 2015) so we may need
> to declare it in block_dns.c. I use Debian jessie (8.7) -- mingw gcc 4.9.1
> and its
> not
On Wed, May 10, 2017 at 2:47 PM, ValdikSS wrote:
>
> Windows 10 before Creators Update used to resolve DNS using all
> available adapters and IP addresses in parallel. Now it still
> resolves addresses using all available adapters but in a round-robin
> way, beginning with random adapter.
> This
From: Selva Nair
Fixes finding 5.6 of OSTIF/Quarkslab audit
Signed-off-by: Selva Nair
---
src/openvpn/win32.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index 0cbf5fd..9a03681 100644
--- a/src/openvpn/win32.c
+++ b/src
On Sat, May 13, 2017 at 2:17 PM, Gert Doering wrote:
> ACK, thanks. (No tests run whatsoever, but we've had a discussion about
> that on the security@ lists, and there was agreement that _countof is
> the thing to use - just nobody did it before, so thanks again :-) ).
>
> Your patch has been ap
From: Selva Nair
Also replace MAX_PATH by _countof(openvpnpath) as the latter
is arguably more robust.
Signed-off-by: Selva Nair
---
src/openvpn/win32.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index b271597..56c3a1d
From: Selva Nair
- This is an opaque pointer so the change should not affect existing plugins.
But it makes the code consistent and clears up the documentation as the handle
pointer is treated as of type "openvpn_plugin_handle_t" in the rest of the
code.
Signed-off-by:
Hi,
Copying the -devel list:
On Sun, May 28, 2017 at 10:16 AM, ValdikSS wrote:
> Pavel, a friend of mine, made a service to circumvent Ukrainian blocks of
> Russian websites. He configured OpenVPN TCP without persist-tun on the
> client side and pushes block-outside-dns from server.
>
> When he
1AM -0700, Selva Nair wrote:
> > As I said, get openvpn to report route errors in the status and then we
> can
> > add a warning to the status popup, turn the icon red etc instead of the
> > current misleading "successfully connected" behaviour.
>
> This is actu
On Sat, Jun 3, 2017 at 4:13 PM, ValdikSS wrote:
>
> You can skip through comments on https://zaborona.help/ to see some
> screenshots and logs.
> Like this one: https://zaborona.help/faq.html#comment-3328754341
I did not find any related to failure to remove WFP filters. That specific
comment l
On Mon, Jun 12, 2017 at 2:14 PM, Gert Doering wrote:
> Hi,
>
> wading through my heap of mails that did not get proper attention...
>
> On Fri, May 05, 2017 at 02:24:02PM -0400, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > If static challenge is i
On Wed, Jun 7, 2017 at 12:41 PM, debbie10t wrote:
> Hi,
>
> I have a basic setup and discovered that my W10 client was assigning a
> second IPv6 address to TAP even though it is *not* being pushed by the
> server. The second address is an old address from a server that I
> sometimes connect to.
On Tue, Jun 13, 2017 at 1:25 PM, Илья Шипицин wrote:
> I decided to try some tests .. in fact I only did one test.
> I rebooted the PC and now the second IP address has gone.
> (Windows Fast shutdown/reboot disabled .. so full reboot)
>
> I also tried to recreate the problem but so far cannot ..
On Tue, Jun 13, 2017 at 2:01 PM, debbie10t wrote:
> As client:
>Config-1 assigns 12fc:1918::10:36:101:110/112 to TAP (in tun mode)
>Config-2 assigns 12fc:1918::10:8:0:110/112 to TAP (in tun mode)
>
> Following:
>
> 1. Administrator command prompt - execute openvp config-1.ovpn
>TAP is
On Tue, Jun 13, 2017 at 3:25 PM, Gert Doering wrote:
> > I haven't tested this, but if both connections use the same adapter, this
> > looks possible as you kill the first process without giving it a chance
> to
> > remove the IP first. Addresses are added with store=active so would
> > disappear
On Tue, Jun 13, 2017 at 3:54 PM, Arne Schwabe wrote:
> >
> >
> > if user is administrator, interactive service is not used.
> > well, I did miss that about interactive service.
> >
>
> I wonder we should always use the interactive service if available and
> add (dont-use-interactive) option, so b
On Tue, Jun 13, 2017 at 3:37 PM, Gert Doering wrote:
> On Tue, Jun 13, 2017 at 03:33:35PM -0400, Selva Nair wrote:
> > Right :) But we could probably do better using Set instead of Add while
> > the address is set using the service. I'm not that familiar with ipapi,
On Tue, Jun 13, 2017 at 4:30 PM, Илья Шипицин wrote:
> 2017-06-14 1:05 GMT+05:00 Selva Nair :
>
>>
>> On Tue, Jun 13, 2017 at 3:54 PM, Arne Schwabe wrote:
>>
>>> >
>>> >
>>> > if user is administrator, interactive service is not
On Thu, Jun 15, 2017 at 8:32 AM, David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
> On 13/06/17 22:51, Selva Nair wrote:
> > It takes only a few line sof code to exploit this on XP -- I have not
> > been able to exploit this on Vista but not 100% sure it has been
On Mon, Jun 12, 2017 at 2:28 PM, Selva Nair wrote:
> On Mon, Jun 12, 2017 at 2:14 PM, Gert Doering wrote:
>
>> Hi,
>>
>> wading through my heap of mails that did not get proper attention...
>>
>> On Fri, May 05, 2017 at 02:24:02PM -0400, selva.n...@gm
On Wed, Jul 12, 2017 at 10:45 AM, Илья Шипицин wrote:
> 2017-07-12 18:54 GMT+05:00 Selva Nair :
>
>>
>> On Wed, Jul 12, 2017 at 4:46 AM, Илья Шипицин
>> wrote:
>>
>>> No interest ?
>>>
>>> 9 июл. 2017 г. 19:46 пользователь "Ilya Sh
Hi,
On Thu, Jul 20, 2017 at 4:36 AM, Илья Шипицин wrote:
> any news ?
>
> 2017-07-12 20:50 GMT+05:00 Илья Шипицин :
>
>>
>>
>> 2017-07-12 20:06 GMT+05:00 Selva Nair :
>>
>>>
>>> On Wed, Jul 12, 2017 at 10:45 AM, Илья Шипицин
>
Hi,
On Wed, Jul 26, 2017 at 1:28 PM, Karl Mueller wrote:
>
> >
> > I have no idea what the effect would be ("will it stop doing ethernet
> > framing? no more ARP?"), but it's an interesting idea to try.
> >
>
> Thanks, seems OpenVPN is not the only VPN client that may recognize this
> as an iss
Hi,
On Thu, Jul 27, 2017 at 2:01 PM, Karl Mueller wrote:
>
> I think it is due to the redirect-gateway, and def1 does not change the
> behavior. I believe it’s because Windows sends NCSI internet probes to
> determine if an adapter has “Internet” access. If you’re not redirecting
> your gateway,
Hi Simon,
Adding to what I wrote in my reply to your private email:
> I am developing an eduVPN client for Windows. Imagine the eduVPN client as
> a custom OpenVPN GUI. The client uses openvpn.exe for connecting, the
> configuration file is provided by eduVPN server once user authenticates
> usi
Hi,
> But that would open the OpenVPN Interactive Service to any user and
> application. This is why we would like your opinion first.
>
> Yes the service will then launch openvpn with arbitrary configs as any
> user, but that is what you want isn't it?
>
>
>
> True, I want that indeed. I was ju
Hi,
On Fri, Aug 11, 2017 at 6:21 AM, Pasi Kärkkäinen wrote:
> Hi,
>
> On Wed, Aug 09, 2017 at 02:31:58PM +, Simon Rozman via Openvpn-devel
> wrote:
> >Hi!
> >
> >I am developing an eduVPN client for Windows. Imagine the eduVPN
> client as
> >a custom OpenVPN GUI. The client uses
On Fri, Aug 11, 2017 at 5:07 AM, Antonio Quartulli wrote:
> From: Antonio Quartulli
>
> Signed-off-by: Antonio Quartulli
> ---
> src/openvpn/ps.c | 2 +-
> src/openvpn/ssl_openssl.c| 2 +-
> src/openvpn/ssl_verify_openssl.c | 4 ++--
> 3 files changed, 4 insertions(+),
On Fri, Aug 11, 2017 at 10:05 AM, Simon Rozman via Openvpn-devel <
openvpn-devel@lists.sourceforge.net> wrote:
>
> But that's what I wanted in the first place, as I believe Interactive
> Service "security" scheme makes no sense.
>
> Why does OpenVPN restrict non-admin users from using Interactive
From: Selva Nair
Eliminate the confusing message that says "explicit-exit-notify is ignored by
previous blocks" when the option is pushed.
Reported by: Eike Lohmann e.lohm...@ic3s.de
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg04052.html
Signed-off-by:
From: Selva Nair
In particular, this eliminates the message that says "explicit-exit-notify
is ignored by previous blocks" when the option is pushed.
Note: pull_mode is identified as "allowed & OPT_P_PULL_MODE" matching with the
definition in add_options().
Reported
From: Selva Nair
- Use utf8to16 from common.c for utf8 to wide conversion and
check its return value
Signed-off-by: Selva Nair
---
src/openvpnserv/interactive.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/openvpnserv/interactive.c b/src
From: Selva Nair
- If only 1 byte is read from the interactive service client pipe, that
evaluates to zero wide characters and subsequent check for NUL
termination in the data buffer segfaults.
Fix: reject clients that send less than a complete wide character.
Signed-off-by: Selva Nair
From: Selva Nair
Currently a route addition using IPAPI or service is skipped if the
route gateway is reachable by multiple interfaces. This changes that
to use the interface with lowest metric.
Reported by Jan Just Keijser
Signed-off-by: Selva Nair
---
src/openvpn/route.c | 3 +--
src
From: Selva Nair
Currently a route addition using IPAPI or service is skipped if the
route gateway is reachable by multiple interfaces. This changes that
to use the interface with lowest metric. Implemented by
(i) Do not over-write the return value with TUN_ADAPTER_INDEX_INVALID in
From: Selva Nair
Not all installations need registry values such as log_dir and
config_dir especially if automatic service is not in use.
This patch provides reasonable defaults for registry values.
- Read the default value of HKLM\Software\PACKAGE_NAME to get the
install path and construct
From: Selva Nair
- Strings stored in registry are not guaranteed to be null-terminated.
So, use RegGetValue() instead of RegQueryValueEx() as the former
adds null termination to the returned string if missing.
(Needs Windows Vista+)
- While at it also add a default value parameter to
From: Selva Nair
- This is an opaque pointer so the change should not affect
existing plugins. But it makes the code consistent and clears up
the documentation as the handle pointer is treated as of type
"openvpn_plugin_handle_t" in the rest of the code.
Signed-off-by: Selva Nai
Hi
On Thu, Nov 23, 2017 at 1:34 PM, fragmentux wrote:
>
> Hi,
>
> I would like to suggest that, instead of having to run the GUI to
> retrieve the help, like so:
>
> 'C:\Program Files\Openvpn\bin\openvpn-gui --help'
>
> the 'help window' can be retrieved via the GUI itself.
> A menu option or Hel
Cross-posting to users and devel as this may be of interest to both.
Hi,
I have made a draft implementation of this feature that was discussed in a
previous thread. A test executable (GUI only) is in this pre-release:
https://github.com/selvanair/openvpn-gui/releases/tag/v11-echo-msg
It would b
Hi Jon,
On Thu, Nov 30, 2017 at 8:41 PM, Jonathan K. Bullard
wrote:
> Thanks, Selva,
>
> On Wed, Nov 29, 2017 at 9:03 PM, Selva Nair wrote:
> >
> > I have made a draft implementation of this feature that was discussed in
> a previous thread. A test executable (GUI only
Hi,
On Fri, Dec 1, 2017 at 8:53 AM, Arne Schwabe wrote:
> Am 30.11.2017 um 03:03 schrieb Selva Nair:
>
> Cross-posting to users and devel as this may be of interest to both.
>
> Hi,
>
> I have made a draft implementation of this feature that was discussed in a
>
Hi
On Sat, Dec 2, 2017 at 7:08 AM, Jonathan K. Bullard
wrote:
> Hi,
>
> On Fri, Dec 1, 2017 at 10:58 AM, Selva Nair wrote:
> >
> > Hi,
> >
> > On Fri, Dec 1, 2017 at 8:53 AM, Arne Schwabe wrote:
> >>
>
..
> >>
> >> Could we have
Hi,
On Sat, Dec 2, 2017 at 3:54 AM, Antonio Quartulli wrote:
> Similarly to ifconfig(-push), its IPv6 counterpart is now able to
> accept hostnames as well instead of IP addresses in numeric form.
>
If dns names currently work for ifconfig-push (I didn't know), makes sense
to
support it for ip
oops forgot to cc the list..
-- Forwarded message --
From: Selva Nair
Date: Sat, Dec 2, 2017 at 10:16 PM
Subject: Re: [Openvpn-devel] [PATCH v2] ifconfig-ipv6(-push): allow using
hostnames
To: Antonio Quartulli
Hi,
On Sat, Dec 2, 2017 at 9:25 PM, Antonio Quartulli wrote
Hi,
Responding to this old version just to be on record.
I realized patch this was assigned to Gert on patchwork too late after
started responding on my own. Sorry for jumping the gun. Have to make
keeping an eye on patchwork a habit..
I'll leave the latest v4 alone.
cheers,
Selva
Hi Simon,
IIRC, this patch is waiting for a new version to take care of the static
const as
agreed below:
On Thu, Nov 9, 2017 at 11:12 AM, Selva wrote:
> Hi Simon,
>
> On Thu, Nov 9, 2017 at 3:33 AM, Simon Rozman wrote:
>
>> Hi,
>>
>> > But then making the variable static just to keep a valid
Hi Simon,
And this one:
On Mon, Nov 13, 2017 at 11:26 AM, Selva wrote:
> Hi,
>
> Thanks for the v2
>
> On Mon, Nov 13, 2017 at 4:49 AM, Simon Rozman wrote:
>
>> Data size arithmetic was reviewed according to 64-bit MSVC complaints.
>>
>> The warnings were addressed by migrating to size_t, rewr
Hi Simon,
Thanks. The v3 has just arrived in patchwork -- for some reason not in my
mailbox yet, probably its coming..
Looks like v3 is an exact copy of v2 -- no check for empty ext which was
the only change required.
Am I missing something?
Thanks,
Selva
On Sun, Dec 3, 2017 at 12:19 PM, Simo
Hi,
On Thu, Nov 23, 2017 at 6:59 PM, Selva Nair wrote:
> Hi
>
> On Thu, Nov 23, 2017 at 1:34 PM, fragmentux wrote:
> >
> > Hi,
> >
> > I would like to suggest that, instead of having to run the GUI to
> > retrieve the help, like so:
> >
> &g
On Sun, Dec 3, 2017 at 1:54 PM, Gert Doering wrote:
> Hi,,
>
> On Sat, Dec 02, 2017 at 11:38:28PM -0500, Selva Nair wrote:
> > Responding to this old version just to be on record.
> >
> > I realized patch this was assigned to Gert on patchwork too late after
>
ize_t ncmdline = wcslen(fmt) + wcslen(if_name) + wcslen(addr) + 32 +
> 1;
> wchar_t *cmdline = malloc(ncmdline*sizeof(wchar_t));
> if (!cmdline)
> {
> @@ -1571,7 +1571,7 @@ RunOpenvpn(LPVOID p)
> {
> DWORD written;
> WideCharToMultiByte(CP
; +{
> +if (get_addr_generic(AF_INET6, GETADDR_RESOLVE, hostname, network,
> netbits,
> + 0, NULL, msglevel) < 0)
> +{
> +return false;
> +}
> +
> +return true; /* parsing OK, values set */
> +}
&
ehaviour is unaffected and
the possibility of named instances will help projects like eduVPN use
official binary releases.
So, I recommend this for 2.4 as well..
Reviewed by: SelvaNair
Acked-by: Selva Nair
--
Check out th
From: Selva Nair
- Instead of returning metric = 0 when automatic metric is in use
return the actual metric and flag automatic metric through a
parameter. This makes the function reusable elsewhere.
- Ensure return value can be correctly cast to int and return -1 on
error.
Signed-off-by
Hi Simon,
On Tue, Dec 5, 2017 at 4:44 AM, Simon Rozman wrote:
> Hi,
>
>> On Wed, Nov 08, 2017 at 06:46:53PM +, Simon Rozman wrote:
>> > > The best time to re-factor a function would be when a a new use
>> > > case needs to change its semantics. Apart from the ill-chosen -err
>> > > as a retu
On Wed, Dec 6, 2017 at 8:28 AM, Илья Шипицин wrote:
>
>
> 2017-11-06 6:14 GMT+05:00 :
>>
>>
..
>> +/**
>> + * Given an interface index return the interface metric.
>> + *
>> + * Arguments:
>> + * index : The index of the interface
>> + * family: AF_INET for IPv4 or AF_INET6 for
Hi,
On Wed, Dec 6, 2017 at 12:18 PM, Simon Rozman wrote:
> Hi,
>
> I have briefly reviewed this patch. If you look at each
> get_interface_metric() call you'll notice exactly the same repeating
> pattern:
>
> tap_metric_v4 = get_interface_metric(index, AF_INET, &is_auto);
> if (i
Hi,
On Wed, Dec 6, 2017 at 12:10 PM, Simon Rozman wrote:
> Hi,
>
>> > The get_interface_metric() function should get a more thorough rewrite
>> than just a compiler warning shut-up. So the patch will probably get divided
>> in two - the simple signed/unsigned fixes and get_interface_metric()
>> r
Hi,
On Fri, Dec 8, 2017 at 5:33 AM, Steffan Karger wrote:
> From: Steffan Karger
>
> As with create_temp_file(), this function is called on client connects and
> should not cause fatal errors when I/O (possibly temporarily) fails.
>
> The callers of this function are already fixed in the commit
Hi,
On Thu, Dec 7, 2017 at 12:32 PM, Gisle Vanem wrote:
> Simon Rozman wrote:
>
>> However, I did stare-review your code:
>> - It does not introduce any new Windows API calls it has not used before.
>> - It compiles fine.
>
> It also builds fine here with cl v19.11.
> But using clang-cl v5, I'm g
Hi Jon,
Thanks for starting this process.
On Thu, Dec 14, 2017 at 10:42 AM, Jonathan K. Bullard
wrote:
> Hi,
>
> On Sat, Dec 2, 2017 at 7:08 AM, Jonathan K. Bullard
> wrote:
>> Hi,
>>
>> On Fri, Dec 1, 2017 at 10:58 AM, Selva Nair wrote:
...snipped..
>>
Hi,
On Sat, Dec 16, 2017 at 1:57 PM, Michael Karvan
wrote:
> ---
> src/plugins/auth-pam/auth-pam.c | 9 -
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
> index ae514d7..c64e14b 100644
> --- a/src/plugin
Hi,
On Fri, Dec 29, 2017 at 5:18 AM, Steffan Karger
wrote:
> As with create_temp_file(), this function is called on client connects and
> should not cause fatal errors when I/O (possibly temporarily) fails.
>
> The callers of this function are already fixed in the commit that does the
> same for
; b/src/openvpn/ssl_verify_openssl.c
> index 02850fc..238292f 100644
> --- a/src/openvpn/ssl_verify_openssl.c
> +++ b/src/openvpn/ssl_verify_openssl.c
> @@ -767,7 +767,7 @@ x509_write_pem(FILE *peercert_file, X509 *peercert)
> {
> if (PEM_write_X509(peercert_file
Hi,
I expected an error message saying only RSA certs are supported for
--management-external-key, but openvpn appears to segfault if a cert
with an ECC key is used with that option.
A stack trace shows it fails in ssl_openssl.c line 1117 when trying to
copy n and e. In fact the call
pub_rsa = E
From: Selva Nair
- Currently a pointer to potentially uninitialized IP_ADAPTER_INFO
struct is returned on error causing ill-defined behaviour.
Signed-off-by: Selva Nair
---
There have been some reports of unexpected failure in GetAdaptersInfo.
When and why that happens is still unclear but
1 - 100 of 1455 matches
Mail list logo
