Menu
▾
▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(24) |
May
(14) |
Jun
(29) |
Jul
(33) |
Aug
(3) |
Sep
(8) |
Oct
(18) |
Nov
(1) |
Dec
(10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(3) |
Feb
(33) |
Mar
(7) |
Apr
(28) |
May
(30) |
Jun
(5) |
Jul
(10) |
Aug
(7) |
Sep
(32) |
Oct
(41) |
Nov
(20) |
Dec
(10) |
| 2004 |
Jan
(24) |
Feb
(18) |
Mar
(57) |
Apr
(40) |
May
(55) |
Jun
(48) |
Jul
(77) |
Aug
(15) |
Sep
(56) |
Oct
(80) |
Nov
(74) |
Dec
(52) |
| 2005 |
Jan
(38) |
Feb
(42) |
Mar
(39) |
Apr
(56) |
May
(79) |
Jun
(73) |
Jul
(16) |
Aug
(23) |
Sep
(68) |
Oct
(77) |
Nov
(52) |
Dec
(27) |
| 2006 |
Jan
(27) |
Feb
(18) |
Mar
(51) |
Apr
(62) |
May
(28) |
Jun
(50) |
Jul
(36) |
Aug
(33) |
Sep
(47) |
Oct
(50) |
Nov
(77) |
Dec
(13) |
| 2007 |
Jan
(15) |
Feb
(8) |
Mar
(14) |
Apr
(18) |
May
(25) |
Jun
(16) |
Jul
(16) |
Aug
(19) |
Sep
(32) |
Oct
(17) |
Nov
(5) |
Dec
(5) |
| 2008 |
Jan
(64) |
Feb
(25) |
Mar
(25) |
Apr
(6) |
May
(28) |
Jun
(20) |
Jul
(10) |
Aug
(27) |
Sep
(28) |
Oct
(59) |
Nov
(37) |
Dec
(43) |
| 2009 |
Jan
(40) |
Feb
(25) |
Mar
(12) |
Apr
(57) |
May
(46) |
Jun
(29) |
Jul
(39) |
Aug
(10) |
Sep
(20) |
Oct
(42) |
Nov
(50) |
Dec
(57) |
| 2010 |
Jan
(82) |
Feb
(165) |
Mar
(256) |
Apr
(260) |
May
(36) |
Jun
(87) |
Jul
(53) |
Aug
(89) |
Sep
(107) |
Oct
(51) |
Nov
(88) |
Dec
(117) |
| 2011 |
Jan
(69) |
Feb
(60) |
Mar
(113) |
Apr
(71) |
May
(67) |
Jun
(90) |
Jul
(88) |
Aug
(90) |
Sep
(48) |
Oct
(64) |
Nov
(69) |
Dec
(118) |
| 2012 |
Jan
(49) |
Feb
(528) |
Mar
(351) |
Apr
(190) |
May
(238) |
Jun
(193) |
Jul
(104) |
Aug
(100) |
Sep
(57) |
Oct
(41) |
Nov
(47) |
Dec
(51) |
| 2013 |
Jan
(94) |
Feb
(57) |
Mar
(96) |
Apr
(105) |
May
(77) |
Jun
(102) |
Jul
(27) |
Aug
(81) |
Sep
(32) |
Oct
(53) |
Nov
(127) |
Dec
(65) |
| 2014 |
Jan
(113) |
Feb
(59) |
Mar
(104) |
Apr
(259) |
May
(70) |
Jun
(70) |
Jul
(146) |
Aug
(45) |
Sep
(58) |
Oct
(149) |
Nov
(77) |
Dec
(83) |
| 2015 |
Jan
(53) |
Feb
(66) |
Mar
(86) |
Apr
(50) |
May
(135) |
Jun
(76) |
Jul
(151) |
Aug
(83) |
Sep
(97) |
Oct
(262) |
Nov
(245) |
Dec
(231) |
| 2016 |
Jan
(131) |
Feb
(233) |
Mar
(97) |
Apr
(138) |
May
(221) |
Jun
(254) |
Jul
(92) |
Aug
(248) |
Sep
(168) |
Oct
(275) |
Nov
(477) |
Dec
(445) |
| 2017 |
Jan
(218) |
Feb
(217) |
Mar
(146) |
Apr
(172) |
May
(216) |
Jun
(252) |
Jul
(164) |
Aug
(192) |
Sep
(190) |
Oct
(143) |
Nov
(255) |
Dec
(182) |
| 2018 |
Jan
(295) |
Feb
(164) |
Mar
(113) |
Apr
(147) |
May
(64) |
Jun
(262) |
Jul
(184) |
Aug
(90) |
Sep
(69) |
Oct
(364) |
Nov
(102) |
Dec
(101) |
| 2019 |
Jan
(119) |
Feb
(64) |
Mar
(64) |
Apr
(102) |
May
(57) |
Jun
(154) |
Jul
(84) |
Aug
(81) |
Sep
(76) |
Oct
(102) |
Nov
(233) |
Dec
(89) |
| 2020 |
Jan
(38) |
Feb
(170) |
Mar
(155) |
Apr
(172) |
May
(120) |
Jun
(223) |
Jul
(461) |
Aug
(227) |
Sep
(268) |
Oct
(113) |
Nov
(56) |
Dec
(124) |
| 2021 |
Jan
(121) |
Feb
(48) |
Mar
(334) |
Apr
(345) |
May
(207) |
Jun
(136) |
Jul
(71) |
Aug
(112) |
Sep
(122) |
Oct
(173) |
Nov
(184) |
Dec
(223) |
| 2022 |
Jan
(197) |
Feb
(206) |
Mar
(156) |
Apr
(212) |
May
(192) |
Jun
(170) |
Jul
(143) |
Aug
(380) |
Sep
(182) |
Oct
(148) |
Nov
(128) |
Dec
(269) |
| 2023 |
Jan
(248) |
Feb
(196) |
Mar
(264) |
Apr
(36) |
May
(123) |
Jun
(66) |
Jul
(120) |
Aug
(48) |
Sep
(157) |
Oct
(198) |
Nov
(300) |
Dec
(273) |
| 2024 |
Jan
(271) |
Feb
(147) |
Mar
(207) |
Apr
(78) |
May
(107) |
Jun
(168) |
Jul
(151) |
Aug
(51) |
Sep
(438) |
Oct
(221) |
Nov
(302) |
Dec
(357) |
| 2025 |
Jan
(451) |
Feb
(219) |
Mar
(326) |
Apr
(232) |
May
(306) |
Jun
(181) |
Jul
(452) |
Aug
(282) |
Sep
(620) |
Oct
(793) |
Nov
(682) |
Dec
(373) |
| 2026 |
Jan
(355) |
Feb
(284) |
Mar
(602) |
Apr
(418) |
May
(5) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-05-04 14:42:32
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1618?usp=email
to look at the new patch set (#5).
Change subject: Rename variables that shadow other variables or functions
......................................................................
Rename variables that shadow other variables or functions
Identified by cppcheck.
Change-Id: I528f5fd200d877841e473e5e05b7ac7915fa2e33
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M src/openvpn/manage.c
M src/openvpn/options.c
M src/openvpn/push.c
M src/openvpn/tls_crypt.c
M src/openvpnserv/interactive.c
M tests/unit_tests/openvpn/test_dhcp.c
M tests/unit_tests/openvpn/test_push_update_msg.c
7 files changed, 47 insertions(+), 50 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/18/1618/5
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index f1dccc1..c082f51 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -1328,8 +1328,6 @@
static void
man_load_stats(struct management *man)
{
- extern counter_type link_read_bytes_global;
- extern counter_type link_write_bytes_global;
int nclients = 0;
if (man->persist.callback.n_clients)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 1d3d649..53fb060 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2689,12 +2689,12 @@
"may accept clients which do not present a certificate");
}
- const unsigned int tls_version_max =
+ const unsigned int tls_ver_max =
(options->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK;
- const unsigned int tls_version_min =
+ const unsigned int tls_ver_min =
(options->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) & SSLF_TLS_VERSION_MIN_MASK;
- if (tls_version_max > 0 && tls_version_max < tls_version_min)
+ if (tls_ver_max > 0 && tls_ver_max < tls_ver_min)
{
msg(M_USAGE, "--tls-version-min bigger than --tls-version-max");
}
@@ -3641,16 +3641,16 @@
{
struct dns_domain **entry = &dns->search_domains;
ALLOC_OBJ_CLEAR_GC(*entry, struct dns_domain, &dns->gc);
- struct dns_domain *new = *entry;
- new->name = dhcp->domain;
- entry = &new->next;
+ struct dns_domain *domain = *entry;
+ domain->name = dhcp->domain;
+ entry = &domain->next;
for (unsigned int i = 0; i < dhcp->domain_search_list_len; ++i)
{
ALLOC_OBJ_CLEAR_GC(*entry, struct dns_domain, &dns->gc);
- struct dns_domain *new = *entry;
- new->name = dhcp->domain_search_list[i];
- entry = &new->next;
+ struct dns_domain *search_domain = *entry;
+ search_domain->name = dhcp->domain_search_list[i];
+ entry = &search_domain->next;
}
struct dns_server *server = dns_server_get(&dns->servers, 0, &dns->gc);
@@ -3743,7 +3743,6 @@
static void
options_postprocess_mutate(struct options *o, struct env_set *es)
{
- int i;
/*
* Process helper-type options which map to other, more complex
* sequences of options.
@@ -3776,7 +3775,7 @@
* Convert remotes into connection list
*/
const struct remote_list *rl = o->remote_list;
- for (i = 0; i < rl->len; ++i)
+ for (int i = 0; i < rl->len; ++i)
{
const struct remote_entry *re = rl->array[i];
struct connection_entry ce = o->ce;
@@ -3798,14 +3797,14 @@
}
ASSERT(o->connection_list);
- for (i = 0; i < o->connection_list->len; ++i)
+ for (int i = 0; i < o->connection_list->len; ++i)
{
options_postprocess_mutate_ce(o, o->connection_list->array[i]);
}
if (o->ce.local_list)
{
- for (i = 0; i < o->ce.local_list->len; i++)
+ for (int i = 0; i < o->ce.local_list->len; i++)
{
options_postprocess_mutate_le(&o->ce, o->ce.local_list->array[i], o->mode);
}
@@ -3833,7 +3832,7 @@
}
/* use the same listen list for every outgoing connection */
- for (i = 0; i < o->connection_list->len; ++i)
+ for (int i = 0; i < o->connection_list->len; ++i)
{
o->connection_list->array[i]->local_list = o->ce.local_list;
}
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 564ce86..ae0f0e2 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -994,10 +994,10 @@
else if (tls_authentication_status(c->c2.tls_multi) == TLS_AUTHENTICATION_SUCCEEDED
&& c->c2.tls_multi->multi_state >= CAS_CONNECT_DONE)
{
- time_t now;
+ time_t local_now;
- openvpn_time(&now);
- if (c->c2.sent_push_reply_expiry > now)
+ openvpn_time(&local_now);
+ if (c->c2.sent_push_reply_expiry > local_now)
{
ret = PUSH_MSG_ALREADY_REPLIED;
}
@@ -1011,7 +1011,7 @@
if (send_push_reply(c, &push_list))
{
ret = PUSH_MSG_REQUEST;
- c->c2.sent_push_reply_expiry = now + 30;
+ c->c2.sent_push_reply_expiry = local_now + 30;
}
gc_free(&gc);
}
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index e91f80c..4f9d218 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -769,24 +769,24 @@
}
/* Sanity check: load client key (as "client") */
- struct key_ctx_bi test_client_key;
- struct buffer test_wrapped_client_key;
+ struct key_ctx_bi check_client_key;
+ struct buffer check_wrapped_client_key;
struct key2 keydata;
msg(D_GENKEY, "Testing client-side key loading...");
- tls_crypt_v2_init_client_key(&test_client_key, &keydata, &test_wrapped_client_key, client_file,
+ tls_crypt_v2_init_client_key(&check_client_key, &keydata, &check_wrapped_client_key, client_file,
client_inline);
- free_key_ctx_bi(&test_client_key);
+ free_key_ctx_bi(&check_client_key);
/* Sanity check: unwrap and load client key (as "server") */
- struct buffer test_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN, &gc);
- struct key2 test_client_key2 = { 0 };
+ struct buffer check_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN, &gc);
+ struct key2 check_client_key2 = { 0 };
free_key_ctx(&server_key);
tls_crypt_v2_init_server_key(&server_key, false, server_key_file, server_key_inline);
msg(D_GENKEY, "Testing server-side key loading...");
- ASSERT(tls_crypt_v2_unwrap_client_key(&test_client_key2, &test_metadata,
- test_wrapped_client_key, &server_key));
- secure_memzero(&test_client_key2, sizeof(test_client_key2));
- free_buf(&test_wrapped_client_key);
+ ASSERT(tls_crypt_v2_unwrap_client_key(&check_client_key2, &check_metadata,
+ check_wrapped_client_key, &server_key));
+ secure_memzero(&check_client_key2, sizeof(check_client_key2));
+ free_buf(&check_wrapped_client_key);
cleanup:
secure_memzero(&client_key, sizeof(client_key));
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index 473a8d3..ace25b9 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -540,19 +540,19 @@
static DWORD
InterfaceLuid(const char *iface_name, PNET_LUID luid)
{
- NETIO_STATUS status;
+ NETIO_STATUS convert_status;
LPWSTR wide_name = utf8to16(iface_name);
if (wide_name)
{
- status = ConvertInterfaceAliasToLuid(wide_name, luid);
+ convert_status = ConvertInterfaceAliasToLuid(wide_name, luid);
free(wide_name);
}
else
{
- status = ERROR_OUTOFMEMORY;
+ convert_status = ERROR_OUTOFMEMORY;
}
- return status;
+ return convert_status;
}
static BOOL
@@ -1174,8 +1174,8 @@
goto out;
}
- SERVICE_STATUS status;
- if (ControlService(dnssvc, SERVICE_CONTROL_PARAMCHANGE, &status) == 0)
+ SERVICE_STATUS control_status;
+ if (ControlService(dnssvc, SERVICE_CONTROL_PARAMCHANGE, &control_status) == 0)
{
MsgToEventLog(M_ERR, L"%S: ControlService call failed (%lu)", __func__, GetLastError());
goto out;
@@ -3644,12 +3644,12 @@
static DWORD WINAPI
ServiceCtrlInteractive(DWORD ctrl_code, DWORD event, LPVOID data, LPVOID ctx)
{
- SERVICE_STATUS *status = ctx;
+ SERVICE_STATUS *svc_status = ctx;
switch (ctrl_code)
{
case SERVICE_CONTROL_STOP:
- status->dwCurrentState = SERVICE_STOP_PENDING;
- ReportStatusToSCMgr(service, status);
+ svc_status->dwCurrentState = SERVICE_STOP_PENDING;
+ ReportStatusToSCMgr(service, svc_status);
if (exit_event)
{
SetEvent(exit_event);
diff --git a/tests/unit_tests/openvpn/test_dhcp.c b/tests/unit_tests/openvpn/test_dhcp.c
index 150a3aa..104fc9a 100644
--- a/tests/unit_tests/openvpn/test_dhcp.c
+++ b/tests/unit_tests/openvpn/test_dhcp.c
@@ -55,8 +55,8 @@
{
struct gc_arena gc = gc_new();
struct buffer out_buf = alloc_buf_gc(512, &gc);
- struct buffer clear_buf = alloc_buf_gc(512, &gc);
- buf_clear(&clear_buf);
+ struct buffer clean_buf = alloc_buf_gc(512, &gc);
+ buf_clear(&clean_buf);
bool error = false;
#define LONGDOMAIN "a-reaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaally-long-domain"
@@ -79,7 +79,7 @@
struct buffer small_buf = alloc_buf_gc(sizeof(output_1) - 1, &gc);
buf_clear(&small_buf);
write_dhcp_search_str(&small_buf, DHCP_DOMAIN_SEARCH, search_list, 2, &error);
- assert_memory_equal(BPTR(&small_buf), BPTR(&clear_buf), buf_forward_capacity_total(&small_buf));
+ assert_memory_equal(BPTR(&small_buf), BPTR(&clean_buf), buf_forward_capacity_total(&small_buf));
assert_true(error);
error = false;
@@ -103,13 +103,13 @@
buf_clear(&out_buf);
write_dhcp_search_str(&out_buf, DHCP_DOMAIN_SEARCH, search_list + 5, 1, &error);
- assert_memory_equal(BPTR(&out_buf), BPTR(&clear_buf), buf_forward_capacity_total(&clear_buf));
+ assert_memory_equal(BPTR(&out_buf), BPTR(&clean_buf), buf_forward_capacity_total(&clean_buf));
assert_true(error);
error = false;
buf_clear(&out_buf);
write_dhcp_search_str(&out_buf, DHCP_DOMAIN_SEARCH, search_list, 3, &error);
- assert_memory_equal(BPTR(&out_buf), BPTR(&clear_buf), buf_forward_capacity_total(&clear_buf));
+ assert_memory_equal(BPTR(&out_buf), BPTR(&clean_buf), buf_forward_capacity_total(&clean_buf));
assert_true(error);
error = false;
diff --git a/tests/unit_tests/openvpn/test_push_update_msg.c b/tests/unit_tests/openvpn/test_push_update_msg.c
index 219b476..eb5b22c 100644
--- a/tests/unit_tests/openvpn/test_push_update_msg.c
+++ b/tests/unit_tests/openvpn/test_push_update_msg.c
@@ -350,8 +350,8 @@
/* Message 1: first batch of routes, continuation 2 (more coming) */
struct buffer buf1 = alloc_buf(512);
- const char *msg1 = "PUSH_UPDATE, route 10.1.0.0 255.255.0.0, route 10.2.0.0 255.255.0.0, route 10.3.0.0 255.255.0.0,push-continuation 2";
- buf_write(&buf1, msg1, strlen(msg1));
+ const char *cmsg1 = "PUSH_UPDATE, route 10.1.0.0 255.255.0.0, route 10.2.0.0 255.255.0.0, route 10.3.0.0 255.255.0.0,push-continuation 2";
+ buf_write(&buf1, cmsg1, strlen(cmsg1));
assert_int_equal(process_incoming_push_msg(c, &buf1, c->options.pull, pull_permission_mask(c),
&option_types_found),
@@ -360,8 +360,8 @@
/* Message 2: more routes, continuation 2 (more coming) */
struct buffer buf2 = alloc_buf(512);
- const char *msg2 = "PUSH_UPDATE, route 10.4.0.0 255.255.0.0, route 10.5.0.0 255.255.0.0, route 10.6.0.0 255.255.0.0,push-continuation 2";
- buf_write(&buf2, msg2, strlen(msg2));
+ const char *cmsg2 = "PUSH_UPDATE, route 10.4.0.0 255.255.0.0, route 10.5.0.0 255.255.0.0, route 10.6.0.0 255.255.0.0,push-continuation 2";
+ buf_write(&buf2, cmsg2, strlen(cmsg2));
assert_int_equal(process_incoming_push_msg(c, &buf2, c->options.pull, pull_permission_mask(c),
&option_types_found),
@@ -370,8 +370,8 @@
/* Message 3: final batch of routes, continuation 1 (last message) */
struct buffer buf3 = alloc_buf(512);
- const char *msg3 = "PUSH_UPDATE, route 10.7.0.0 255.255.0.0, route 10.8.0.0 255.255.0.0, route 10.9.0.0 255.255.0.0,push-continuation 1";
- buf_write(&buf3, msg3, strlen(msg3));
+ const char *cmsg3 = "PUSH_UPDATE, route 10.7.0.0 255.255.0.0, route 10.8.0.0 255.255.0.0, route 10.9.0.0 255.255.0.0,push-continuation 1";
+ buf_write(&buf3, cmsg3, strlen(cmsg3));
assert_int_equal(process_incoming_push_msg(c, &buf3, c->options.pull, pull_permission_mask(c),
&option_types_found),
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1618?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I528f5fd200d877841e473e5e05b7ac7915fa2e33
Gerrit-Change-Number: 1618
Gerrit-PatchSet: 5
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
|
|
From: David S. <daz...@eu...> - 2026-05-04 11:41:08
|
On 04/05/2026 09:22, Дмитрий Романов via Openvpn-devel wrote: [...] > > Building openvpn3-linux v26 with protobuf 34.x and GCC 15 fails in > netcfg-dco.cpp: google::protobuf::MessageLite::ParseFromString is now > [[nodiscard]], and the project builds with -Werror, so ignoring the > return value becomes a hard error (-Werror=unused-result). > > Check the return value and throw NetCfgException on parse failure, > consistent with other error handling in this file. > > This should fix distributions that already ship protobuf 34 (e.g. Arch). > > If there is an existing issue on Codeberg for this (e.g. related to > nodiscard / protobuf 34), please link this patch there. > > Signed-off-by: Dmitriy Romanov <dro...@ma... > <mailto:dro...@ma...>> > Hi, Thanks a lot for this patch. This issue was reported quite recently while digging into some other issues. It is being tracked in Codeberg issue #96: <https://codeberg.org/OpenVPN/openvpn3-linux/issues/96> I'm following up on that ticket closely and will provide more updates in the days to come. -- kind regards, David Sommerseth |
|
From: Frank L. <fr...@li...> - 2026-05-04 11:33:15
|
The OpenVPN community project team is proud to release OpenVPN 2.7.4. This is a small bugfix release. Bugfixes: * using --dns server ... style configs on Windows with win-dco would lead to erroneously enabling "DnsSecValidationRequired : True", possibly breaking VPN DNS resolution. Pushing --dns server ... dnssec no can be used as a workaround until clients can be updated. (Github: openvpn#1024) * correct comments in the --dns-up-down platform scripts relating to dns_server_..._dnssec values. * fix release-only build of pkcs11-helper vcpkg port, do not try to install files from debug build. * mbedTLS builds will now provide a proper error message if a tls-group statement with no valid groups is encountered (used to run into SSL handshake failure later on). * --enable-strict and --enable-strict-options configure flags have been removed (because they did not actually do anything anymore) More details can be found in the Changes document: <https://github.com/OpenVPN/openvpn/blob/v2.7.4/Changes.rst> Source code and Windows installers can be downloaded from our download page: <https://openvpn.net/community/> Packages for Debian, Ubuntu, Fedora, RHEL, and openSUSE are available in the various official Community repositories: <https://community.openvpn.net/Pages/OpenVPN%20software%20repos> Kind regards, -- Frank Lichtenheld |
|
From: Дмитрий Р. <dro...@ma...> - 2026-05-04 07:23:29
|
-------- Пересылаемое сообщение -------- От кого: Дмитрий Романов <dro...@ma...> Кому: openvpn-devel <ope...@li...> Дата: Понедельник, 4 мая 2026, 10:19 +03:00 Тема: [PATCH] netcfg: handle ParseFromString result for protobuf 34 (nodiscard) Hi, Building openvpn3-linux v26 with protobuf 34.x and GCC 15 fails in netcfg-dco.cpp: google::protobuf::MessageLite::ParseFromString is now [[nodiscard]], and the project builds with -Werror, so ignoring the return value becomes a hard error (-Werror=unused-result). Check the return value and throw NetCfgException on parse failure, consistent with other error handling in this file. This should fix distributions that already ship protobuf 34 (e.g. Arch). If there is an existing issue on Codeberg for this (e.g. related to nodiscard / protobuf 34), please link this patch there. Signed-off-by: Dmitriy Romanov <dro...@ma...> DR DR |
|
From: Дмитрий Р. <dro...@ma...> - 2026-05-04 07:19:52
|
Hi, Building openvpn3-linux v26 with protobuf 34.x and GCC 15 fails in netcfg-dco.cpp: google::protobuf::MessageLite::ParseFromString is now [[nodiscard]], and the project builds with -Werror, so ignoring the return value becomes a hard error (-Werror=unused-result). Check the return value and throw NetCfgException on parse failure, consistent with other error handling in this file. This should fix distributions that already ship protobuf 34 (e.g. Arch). If there is an existing issue on Codeberg for this (e.g. related to nodiscard / protobuf 34), please link this patch there. Signed-off-by: Dmitriy Romanov <dro...@ma...> DR |
|
From: Gert D. <ge...@gr...> - 2026-04-30 16:32:58
|
From: Selva Nair <sel...@gm...> Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1646 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1646 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <fr...@li...> diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index 1664eed..3ad9104 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -216,7 +216,8 @@ DNS server options it must be between 0 and 127. The server id is used to group options and also for ordering the list of configured DNS servers; lower numbers come first. DNS servers being pushed to a client replace - already configured DNS servers with the same server id. + already configured DNS servers with the same server id. Only the group of + options corresponding to the lowest server id is applied. The ``address`` option configures the IPv4 and / or IPv6 address(es) of the DNS server. Up to eight addresses can be specified per DNS server. @@ -249,6 +250,19 @@ so that ``--dns`` overrides ``--dhcp-option``. Thus, ``--dns`` can be used today to migrate from ``--dhcp-option``. + Windows only: + + #. If tap-windows6 is in use, dns servers are set by DHCP by default. + In this case only ``--dns search-domains`` and ``--dns server n address ..`` + with the lowest value of ``n`` are interpreted. All other ``--dns`` options + are ignored. Use of the dco driver is the recommended way to make use of these + new features. + + #. If ``--dns server n resolve-domains`` is in use, the DNS server addresses + corresponding to ``n`` are set on the interface only if ``search-domains`` is + also specified. Otherwise these DNS addresses are used only for NRPT rules for + split-DNS. + --explicit-exit-notify n In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 15:49:34
|
Attention is currently required from: plaisthos, selvanair. flichtenheld has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email ) Change subject: DNS server documentation update ...................................................................... Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Gerrit-Change-Number: 1646 Gerrit-PatchSet: 2 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: selvanair <sel...@gm...> Gerrit-Comment-Date: Thu, 30 Apr 2026 15:49:23 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 15:36:58
|
Attention is currently required from: flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: DNS server documentation update
......................................................................
DNS server documentation update
Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402
Signed-off-by: Selva Nair <sel...@gm...>
---
M doc/man-sections/client-options.rst
1 file changed, 15 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/46/1646/2
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst
index 1664eed..3ad9104 100644
--- a/doc/man-sections/client-options.rst
+++ b/doc/man-sections/client-options.rst
@@ -216,7 +216,8 @@
DNS server options it must be between 0 and 127. The server id is used
to group options and also for ordering the list of configured DNS servers;
lower numbers come first. DNS servers being pushed to a client replace
- already configured DNS servers with the same server id.
+ already configured DNS servers with the same server id. Only the group of
+ options corresponding to the lowest server id is applied.
The ``address`` option configures the IPv4 and / or IPv6 address(es) of
the DNS server. Up to eight addresses can be specified per DNS server.
@@ -249,6 +250,19 @@
so that ``--dns`` overrides ``--dhcp-option``. Thus, ``--dns`` can be used today
to migrate from ``--dhcp-option``.
+ Windows only:
+
+ #. If tap-windows6 is in use, dns servers are set by DHCP by default.
+ In this case only ``--dns search-domains`` and ``--dns server n address ..``
+ with the lowest value of ``n`` are interpreted. All other ``--dns`` options
+ are ignored. Use of the dco driver is the recommended way to make use of these
+ new features.
+
+ #. If ``--dns server n resolve-domains`` is in use, the DNS server addresses
+ corresponding to ``n`` are set on the interface only if ``search-domains`` is
+ also specified. Otherwise these DNS addresses are used only for NRPT rules for
+ split-DNS.
+
--explicit-exit-notify n
In UDP client mode or point-to-point mode, send server/peer an exit
notification if tunnel is restarted or OpenVPN process is exited. In
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402
Gerrit-Change-Number: 1646
Gerrit-PatchSet: 2
Gerrit-Owner: selvanair <sel...@gm...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
|
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 15:36:51
|
Attention is currently required from: flichtenheld, plaisthos. selvanair has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email ) Change subject: DNS server documentation update ...................................................................... Patch Set 1: (1 comment) File doc/man-sections/client-options.rst: http://gerrit.openvpn.net/c/openvpn/+/1646/comment/db05ca2a_9fca3206?usp=email : PS1, Line 253: Windows only: (i) If tap-windows6 is in use, dns servers are set by DHCP by > Please make it an actual list in rst. Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Gerrit-Change-Number: 1646 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Thu, 30 Apr 2026 15:36:36 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 15:11:39
|
Attention is currently required from: plaisthos, selvanair. flichtenheld has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email ) Change subject: DNS server documentation update ...................................................................... Patch Set 1: Code-Review-1 (1 comment) File doc/man-sections/client-options.rst: http://gerrit.openvpn.net/c/openvpn/+/1646/comment/bec2e88f_3369753c?usp=email : PS1, Line 253: Windows only: (i) If tap-windows6 is in use, dns servers are set by DHCP by Please make it an actual list in rst. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Gerrit-Change-Number: 1646 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: selvanair <sel...@gm...> Gerrit-Comment-Date: Thu, 30 Apr 2026 15:11:19 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 14:16:24
|
Attention is currently required from: plaisthos. selvanair has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email ) Change subject: DNS server documentation update ...................................................................... Patch Set 1: (1 comment) Patchset: PS1: This was discussed in https://github.com/OpenVPN/openvpn/issues/937 but I forgot to submit it, it seems. Looks like its still relevant. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Gerrit-Change-Number: 1646 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Comment-Date: Thu, 30 Apr 2026 14:16:13 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 14:12:45
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email
to review the following change.
Change subject: DNS server documentation update
......................................................................
DNS server documentation update
Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402
Signed-off-by: Selva Nair <sel...@gm...>
---
M doc/man-sections/client-options.rst
1 file changed, 12 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/46/1646/1
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst
index 1664eed..5df881d 100644
--- a/doc/man-sections/client-options.rst
+++ b/doc/man-sections/client-options.rst
@@ -216,7 +216,8 @@
DNS server options it must be between 0 and 127. The server id is used
to group options and also for ordering the list of configured DNS servers;
lower numbers come first. DNS servers being pushed to a client replace
- already configured DNS servers with the same server id.
+ already configured DNS servers with the same server id. Only the group of
+ options corresponding to the lowest server id is applied.
The ``address`` option configures the IPv4 and / or IPv6 address(es) of
the DNS server. Up to eight addresses can be specified per DNS server.
@@ -249,6 +250,16 @@
so that ``--dns`` overrides ``--dhcp-option``. Thus, ``--dns`` can be used today
to migrate from ``--dhcp-option``.
+ Windows only: (i) If tap-windows6 is in use, dns servers are set by DHCP by
+ default. In this case only ``--dns search-domains`` and ``--dns server n address ..``
+ with the lowest value of ``n`` are interpreted. All other ``--dns`` options
+ are ignored. Use of the dco driver is the recommended way to make use of these
+ new features.
+ (ii) If ``--dns server n resolve-domains`` is in use, the DNS server addresses
+ corresponding to ``n`` are set on the interface only if ``search-domains`` is
+ also specified. Otherwise these DNS addresses are used only for NRPT rules for
+ split-DNS.
+
--explicit-exit-notify n
In UDP client mode or point-to-point mode, send server/peer an exit
notification if tunnel is restarted or OpenVPN process is exited. In
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402
Gerrit-Change-Number: 1646
Gerrit-PatchSet: 1
Gerrit-Owner: selvanair <sel...@gm...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
|
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 13:41:22
|
selvanair has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: abandon Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:24:00
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email ) Change subject: dns-scripts: Fix dnssec values in comments and Copyright statement format ...................................................................... dns-scripts: Fix dnssec values in comments and Copyright statement format - Fix the example value of dnssec to an actual valid one - Fix the formatting of the Copyright statements to be consistent with all other files in the project Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg36800.html Signed-off-by: Gert Doering <ge...@gr...> --- M distro/dns-scripts/haikuos_file-dns-updown.sh M distro/dns-scripts/macos-dns-updown.sh M distro/dns-scripts/openresolv-dns-updown.sh M distro/dns-scripts/resolvconf_file-dns-updown.sh M distro/dns-scripts/systemd-dns-updown.sh 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh index 6da0954..e19b2b7 100644 --- a/distro/dns-scripts/haikuos_file-dns-updown.sh +++ b/distro/dns-scripts/haikuos_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying Haiku OS resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index fb17b2b0..fccc6b5 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -2,7 +2,7 @@ # # dns-updown - add/remove openvpn provided DNS information # -# (C) Copyright 2025 OpenVPN Inc <sa...@op...> +# Copyright (C) 2025-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/openresolv-dns-updown.sh b/distro/dns-scripts/openresolv-dns-updown.sh index 1404819..4aca99f 100644 --- a/distro/dns-scripts/openresolv-dns-updown.sh +++ b/distro/dns-scripts/openresolv-dns-updown.sh @@ -1,8 +1,8 @@ #!/bin/sh # # Simple OpenVPN up/down script for openresolv integration -# (C) Copyright 2016 Baptiste Daroussin -# 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2016 Baptiste Daroussin +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -22,7 +22,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/resolvconf_file-dns-updown.sh b/distro/dns-scripts/resolvconf_file-dns-updown.sh index 70872c7..8d23ed6 100644 --- a/distro/dns-scripts/resolvconf_file-dns-updown.sh +++ b/distro/dns-scripts/resolvconf_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying /etc/resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/systemd-dns-updown.sh b/distro/dns-scripts/systemd-dns-updown.sh index f91cde6..553056b 100644 --- a/distro/dns-scripts/systemd-dns-updown.sh +++ b/distro/dns-scripts/systemd-dns-updown.sh @@ -29,7 +29,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Gerrit-Change-Number: 1645 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: Gert D. <ge...@gr...> - 2026-04-30 13:23:55
|
Comments only, but a bugfix nonetheless... well spotted.
Your patch has been applied to the master and release/2.7 branch.
commit 64fbcb69a38b7ae6e7e712e22192c64479fc7759 (master)
commit 6528ae0152c07b1710f9c1a892b0b50ea61d8c93 (release/2.7)
Author: Frank Lichtenheld
Date: Thu Apr 30 15:03:48 2026 +0200
dns-scripts: Fix dnssec values in comments and Copyright statement format
Signed-off-by: Frank Lichtenheld <fr...@li...>
Acked-by: Gert Doering <ge...@gr...>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg36800.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:23:54
|
cron2 has uploaded a new patch set (#2) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: dns-scripts: Fix dnssec values in comments and Copyright statement format ...................................................................... dns-scripts: Fix dnssec values in comments and Copyright statement format - Fix the example value of dnssec to an actual valid one - Fix the formatting of the Copyright statements to be consistent with all other files in the project Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg36800.html Signed-off-by: Gert Doering <ge...@gr...> --- M distro/dns-scripts/haikuos_file-dns-updown.sh M distro/dns-scripts/macos-dns-updown.sh M distro/dns-scripts/openresolv-dns-updown.sh M distro/dns-scripts/resolvconf_file-dns-updown.sh M distro/dns-scripts/systemd-dns-updown.sh 5 files changed, 10 insertions(+), 10 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1645/2 diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh index 6da0954..e19b2b7 100644 --- a/distro/dns-scripts/haikuos_file-dns-updown.sh +++ b/distro/dns-scripts/haikuos_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying Haiku OS resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index fb17b2b0..fccc6b5 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -2,7 +2,7 @@ # # dns-updown - add/remove openvpn provided DNS information # -# (C) Copyright 2025 OpenVPN Inc <sa...@op...> +# Copyright (C) 2025-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/openresolv-dns-updown.sh b/distro/dns-scripts/openresolv-dns-updown.sh index 1404819..4aca99f 100644 --- a/distro/dns-scripts/openresolv-dns-updown.sh +++ b/distro/dns-scripts/openresolv-dns-updown.sh @@ -1,8 +1,8 @@ #!/bin/sh # # Simple OpenVPN up/down script for openresolv integration -# (C) Copyright 2016 Baptiste Daroussin -# 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2016 Baptiste Daroussin +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -22,7 +22,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/resolvconf_file-dns-updown.sh b/distro/dns-scripts/resolvconf_file-dns-updown.sh index 70872c7..8d23ed6 100644 --- a/distro/dns-scripts/resolvconf_file-dns-updown.sh +++ b/distro/dns-scripts/resolvconf_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying /etc/resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/systemd-dns-updown.sh b/distro/dns-scripts/systemd-dns-updown.sh index f91cde6..553056b 100644 --- a/distro/dns-scripts/systemd-dns-updown.sh +++ b/distro/dns-scripts/systemd-dns-updown.sh @@ -29,7 +29,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Gerrit-Change-Number: 1645 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 13:23:29
|
Attention is currently required from: d12fk, plaisthos, selvanair. flichtenheld has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Patch Set 1: (1 comment) File src/openvpn/dns.h: http://gerrit.openvpn.net/c/openvpn/+/1643/comment/41584b3e_2dda66f8?usp=email : PS1, Line 32: DNS_SECURITY_UNSET, > Well, in that case, UNSET stays, and with the immediate fix in, nothing in this patch may be abandon […] I would say so. If someone actually asks for DNS_SECURITY_OPTIONAL support on Windows, we could certainly look into it, but it feels like not worth the additional complexity to me at this point. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Attention: selvanair <sel...@gm...> Gerrit-Comment-Date: Thu, 30 Apr 2026 13:23:12 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Comment-In-Reply-To: selvanair <sel...@gm...> |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 13:14:25
|
Attention is currently required from: d12fk, flichtenheld, plaisthos. selvanair has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Patch Set 1: (1 comment) File src/openvpn/dns.h: http://gerrit.openvpn.net/c/openvpn/+/1643/comment/7125ebe8_1117383f?usp=email : PS1, Line 32: DNS_SECURITY_UNSET, > "UNSET is not handled anywhere." I looked into that and this is not true. […] Well, in that case, UNSET stays, and with the immediate fix in, nothing in this patch may be abandoned isn't it? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Thu, 30 Apr 2026 13:14:08 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Comment-In-Reply-To: selvanair <sel...@gm...> |
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:12:46
|
cron2 has uploaded a new patch set (#2) to the change originally created by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: dns: minimalist fix for dnssec setting ...................................................................... dns: minimalist fix for dnssec setting Github: fixes OpenVPN/openvpn#1024 Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg36797.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dns.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/44/1644/2 diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index ce23f1f..954ed52 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -442,7 +442,7 @@ .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t), 0 }, .iface = { .index = tt->adapter_index, .name = "" }, - .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec, + .flags = server->dnssec == DNS_SECURITY_YES ? nrpt_dnssec : 0, }; strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name)); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Gerrit-Change-Number: 1644 Gerrit-PatchSet: 2 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:12:44
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email ) Change subject: dns: minimalist fix for dnssec setting ...................................................................... dns: minimalist fix for dnssec setting Github: fixes OpenVPN/openvpn#1024 Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg36797.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dns.c 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index ce23f1f..954ed52 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -442,7 +442,7 @@ .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t), 0 }, .iface = { .index = tt->adapter_index, .name = "" }, - .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec, + .flags = server->dnssec == DNS_SECURITY_YES ? nrpt_dnssec : 0, }; strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name)); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Gerrit-Change-Number: 1644 Gerrit-PatchSet: 2 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: Gert D. <ge...@gr...> - 2026-04-30 13:12:25
|
Thanks for coming up with a minimal patch quickly, until we have decided
what "we really want there" and "what windows does".
Frank has tested this, and I have fixed my testbed to actually *show* the
problem - we do windows tests, but the way I had set up the "hidden DNS
things that only resolve if --dns is applied correctly" (unbound with a
local zone) was IPSEC-agnostic - if you ask "the authoritative server"
it will always tell you "yeah, all is valid!". So now we have an unbound
recursor in front of a local bind, with no DNSSEC, and "windows with
dnssec yes" will actually fail to resolve that...
.. and with your patch, we're back to "the system tests pass", so, good.
(Staring at the change also seems to make sense, but I said so for
the other fix as well... so I'm glad we have good before/after tests
this time)
Your patch has been applied to the master and release/2.7 branch.
commit 919f5ced7d2863d51981979a336407b6e0818fcd (master)
commit 9683e1fe273db94ab92e1da2fe55c7929fa7291a (release/2.7)
Author: Selva Nair
Date: Thu Apr 30 14:40:14 2026 +0200
dns: minimalist fix for dnssec setting
Signed-off-by: Selva Nair <sel...@gm...>
Acked-by: Frank Lichtenheld <fr...@li...>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg36797.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2026-04-30 13:04:23
|
From: Frank Lichtenheld <fr...@li...> - Fix the example value of dnssec to an actual valid one - Fix the formatting of the Copyright statements to be consistent with all other files in the project Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh index 6da0954..e19b2b7 100644 --- a/distro/dns-scripts/haikuos_file-dns-updown.sh +++ b/distro/dns-scripts/haikuos_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying Haiku OS resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index fb17b2b0..fccc6b5 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -2,7 +2,7 @@ # # dns-updown - add/remove openvpn provided DNS information # -# (C) Copyright 2025 OpenVPN Inc <sa...@op...> +# Copyright (C) 2025-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/openresolv-dns-updown.sh b/distro/dns-scripts/openresolv-dns-updown.sh index 1404819..4aca99f 100644 --- a/distro/dns-scripts/openresolv-dns-updown.sh +++ b/distro/dns-scripts/openresolv-dns-updown.sh @@ -1,8 +1,8 @@ #!/bin/sh # # Simple OpenVPN up/down script for openresolv integration -# (C) Copyright 2016 Baptiste Daroussin -# 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2016 Baptiste Daroussin +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -22,7 +22,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/resolvconf_file-dns-updown.sh b/distro/dns-scripts/resolvconf_file-dns-updown.sh index 70872c7..8d23ed6 100644 --- a/distro/dns-scripts/resolvconf_file-dns-updown.sh +++ b/distro/dns-scripts/resolvconf_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying /etc/resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/systemd-dns-updown.sh b/distro/dns-scripts/systemd-dns-updown.sh index f91cde6..553056b 100644 --- a/distro/dns-scripts/systemd-dns-updown.sh +++ b/distro/dns-scripts/systemd-dns-updown.sh @@ -29,7 +29,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # |
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:03:45
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email ) Change subject: dns-scripts: Fix dnssec values in comments and Copyright statement format ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Gerrit-Change-Number: 1645 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Thu, 30 Apr 2026 13:03:23 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 12:48:05
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email
to review the following change.
Change subject: dns-scripts: Fix dnssec values in comments and Copyright statement format
......................................................................
dns-scripts: Fix dnssec values in comments and Copyright statement format
- Fix the example value of dnssec to an actual valid one
- Fix the formatting of the Copyright statements to be
consistent with all other files in the project
Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M distro/dns-scripts/haikuos_file-dns-updown.sh
M distro/dns-scripts/macos-dns-updown.sh
M distro/dns-scripts/openresolv-dns-updown.sh
M distro/dns-scripts/resolvconf_file-dns-updown.sh
M distro/dns-scripts/systemd-dns-updown.sh
5 files changed, 10 insertions(+), 10 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1645/1
diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh
index 6da0954..e19b2b7 100644
--- a/distro/dns-scripts/haikuos_file-dns-updown.sh
+++ b/distro/dns-scripts/haikuos_file-dns-updown.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
# Simple OpenVPN up/down script for modifying Haiku OS resolv.conf
-# (C) Copyright 2024 OpenVPN Inc <sa...@op...>
+# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...>
#
# SPDX-License-Identifier: BSD-2-Clause
#
@@ -21,7 +21,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh
index fb17b2b0..fccc6b5 100644
--- a/distro/dns-scripts/macos-dns-updown.sh
+++ b/distro/dns-scripts/macos-dns-updown.sh
@@ -2,7 +2,7 @@
#
# dns-updown - add/remove openvpn provided DNS information
#
-# (C) Copyright 2025 OpenVPN Inc <sa...@op...>
+# Copyright (C) 2025-2026 OpenVPN Inc <sa...@op...>
#
# SPDX-License-Identifier: BSD-2-Clause
#
@@ -21,7 +21,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
diff --git a/distro/dns-scripts/openresolv-dns-updown.sh b/distro/dns-scripts/openresolv-dns-updown.sh
index 1404819..4aca99f 100644
--- a/distro/dns-scripts/openresolv-dns-updown.sh
+++ b/distro/dns-scripts/openresolv-dns-updown.sh
@@ -1,8 +1,8 @@
#!/bin/sh
#
# Simple OpenVPN up/down script for openresolv integration
-# (C) Copyright 2016 Baptiste Daroussin
-# 2024 OpenVPN Inc <sa...@op...>
+# Copyright (C) 2016 Baptiste Daroussin
+# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...>
#
# SPDX-License-Identifier: BSD-2-Clause
#
@@ -22,7 +22,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
diff --git a/distro/dns-scripts/resolvconf_file-dns-updown.sh b/distro/dns-scripts/resolvconf_file-dns-updown.sh
index 70872c7..8d23ed6 100644
--- a/distro/dns-scripts/resolvconf_file-dns-updown.sh
+++ b/distro/dns-scripts/resolvconf_file-dns-updown.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
# Simple OpenVPN up/down script for modifying /etc/resolv.conf
-# (C) Copyright 2024 OpenVPN Inc <sa...@op...>
+# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...>
#
# SPDX-License-Identifier: BSD-2-Clause
#
@@ -21,7 +21,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
diff --git a/distro/dns-scripts/systemd-dns-updown.sh b/distro/dns-scripts/systemd-dns-updown.sh
index f91cde6..553056b 100644
--- a/distro/dns-scripts/systemd-dns-updown.sh
+++ b/distro/dns-scripts/systemd-dns-updown.sh
@@ -29,7 +29,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b
Gerrit-Change-Number: 1645
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
|
|
From: Gert D. <ge...@gr...> - 2026-04-30 12:40:35
|
From: Selva Nair <sel...@gm...> Github: fixes OpenVPN/openvpn#1024 Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 This mail reflects revision 1 of this Change. Signed-off-by line for the author was added as per our policy. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <fr...@li...> diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index ce23f1f..954ed52 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -442,7 +442,7 @@ .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t), 0 }, .iface = { .index = tt->adapter_index, .name = "" }, - .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec, + .flags = server->dnssec == DNS_SECURITY_YES ? nrpt_dnssec : 0, }; strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name)); |
154 messages has been excluded from this view by a project administrator.
