Menu
▾
▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(24) |
May
(14) |
Jun
(29) |
Jul
(33) |
Aug
(3) |
Sep
(8) |
Oct
(18) |
Nov
(1) |
Dec
(10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(3) |
Feb
(33) |
Mar
(7) |
Apr
(28) |
May
(30) |
Jun
(5) |
Jul
(10) |
Aug
(7) |
Sep
(32) |
Oct
(41) |
Nov
(20) |
Dec
(10) |
| 2004 |
Jan
(24) |
Feb
(18) |
Mar
(57) |
Apr
(40) |
May
(55) |
Jun
(48) |
Jul
(77) |
Aug
(15) |
Sep
(56) |
Oct
(80) |
Nov
(74) |
Dec
(52) |
| 2005 |
Jan
(38) |
Feb
(42) |
Mar
(39) |
Apr
(56) |
May
(79) |
Jun
(73) |
Jul
(16) |
Aug
(23) |
Sep
(68) |
Oct
(77) |
Nov
(52) |
Dec
(27) |
| 2006 |
Jan
(27) |
Feb
(18) |
Mar
(51) |
Apr
(62) |
May
(28) |
Jun
(50) |
Jul
(36) |
Aug
(33) |
Sep
(47) |
Oct
(50) |
Nov
(77) |
Dec
(13) |
| 2007 |
Jan
(15) |
Feb
(8) |
Mar
(14) |
Apr
(18) |
May
(25) |
Jun
(16) |
Jul
(16) |
Aug
(19) |
Sep
(32) |
Oct
(17) |
Nov
(5) |
Dec
(5) |
| 2008 |
Jan
(64) |
Feb
(25) |
Mar
(25) |
Apr
(6) |
May
(28) |
Jun
(20) |
Jul
(10) |
Aug
(27) |
Sep
(28) |
Oct
(59) |
Nov
(37) |
Dec
(43) |
| 2009 |
Jan
(40) |
Feb
(25) |
Mar
(12) |
Apr
(57) |
May
(46) |
Jun
(29) |
Jul
(39) |
Aug
(10) |
Sep
(20) |
Oct
(42) |
Nov
(50) |
Dec
(57) |
| 2010 |
Jan
(82) |
Feb
(165) |
Mar
(256) |
Apr
(260) |
May
(36) |
Jun
(87) |
Jul
(53) |
Aug
(89) |
Sep
(107) |
Oct
(51) |
Nov
(88) |
Dec
(117) |
| 2011 |
Jan
(69) |
Feb
(60) |
Mar
(113) |
Apr
(71) |
May
(67) |
Jun
(90) |
Jul
(88) |
Aug
(90) |
Sep
(48) |
Oct
(64) |
Nov
(69) |
Dec
(118) |
| 2012 |
Jan
(49) |
Feb
(528) |
Mar
(351) |
Apr
(190) |
May
(238) |
Jun
(193) |
Jul
(104) |
Aug
(100) |
Sep
(57) |
Oct
(41) |
Nov
(47) |
Dec
(51) |
| 2013 |
Jan
(94) |
Feb
(57) |
Mar
(96) |
Apr
(105) |
May
(77) |
Jun
(102) |
Jul
(27) |
Aug
(81) |
Sep
(32) |
Oct
(53) |
Nov
(127) |
Dec
(65) |
| 2014 |
Jan
(113) |
Feb
(59) |
Mar
(104) |
Apr
(259) |
May
(70) |
Jun
(70) |
Jul
(146) |
Aug
(45) |
Sep
(58) |
Oct
(149) |
Nov
(77) |
Dec
(83) |
| 2015 |
Jan
(53) |
Feb
(66) |
Mar
(86) |
Apr
(50) |
May
(135) |
Jun
(76) |
Jul
(151) |
Aug
(83) |
Sep
(97) |
Oct
(262) |
Nov
(245) |
Dec
(231) |
| 2016 |
Jan
(131) |
Feb
(233) |
Mar
(97) |
Apr
(138) |
May
(221) |
Jun
(254) |
Jul
(92) |
Aug
(248) |
Sep
(168) |
Oct
(275) |
Nov
(477) |
Dec
(445) |
| 2017 |
Jan
(218) |
Feb
(217) |
Mar
(146) |
Apr
(172) |
May
(216) |
Jun
(252) |
Jul
(164) |
Aug
(192) |
Sep
(190) |
Oct
(143) |
Nov
(255) |
Dec
(182) |
| 2018 |
Jan
(295) |
Feb
(164) |
Mar
(113) |
Apr
(147) |
May
(64) |
Jun
(262) |
Jul
(184) |
Aug
(90) |
Sep
(69) |
Oct
(364) |
Nov
(102) |
Dec
(101) |
| 2019 |
Jan
(119) |
Feb
(64) |
Mar
(64) |
Apr
(102) |
May
(57) |
Jun
(154) |
Jul
(84) |
Aug
(81) |
Sep
(76) |
Oct
(102) |
Nov
(233) |
Dec
(89) |
| 2020 |
Jan
(38) |
Feb
(170) |
Mar
(155) |
Apr
(172) |
May
(120) |
Jun
(223) |
Jul
(461) |
Aug
(227) |
Sep
(268) |
Oct
(113) |
Nov
(56) |
Dec
(124) |
| 2021 |
Jan
(121) |
Feb
(48) |
Mar
(334) |
Apr
(345) |
May
(207) |
Jun
(136) |
Jul
(71) |
Aug
(112) |
Sep
(122) |
Oct
(173) |
Nov
(184) |
Dec
(223) |
| 2022 |
Jan
(197) |
Feb
(206) |
Mar
(156) |
Apr
(212) |
May
(192) |
Jun
(170) |
Jul
(143) |
Aug
(380) |
Sep
(182) |
Oct
(148) |
Nov
(128) |
Dec
(269) |
| 2023 |
Jan
(248) |
Feb
(196) |
Mar
(264) |
Apr
(36) |
May
(123) |
Jun
(66) |
Jul
(120) |
Aug
(48) |
Sep
(157) |
Oct
(198) |
Nov
(300) |
Dec
(273) |
| 2024 |
Jan
(271) |
Feb
(147) |
Mar
(207) |
Apr
(78) |
May
(107) |
Jun
(168) |
Jul
(151) |
Aug
(51) |
Sep
(438) |
Oct
(221) |
Nov
(302) |
Dec
(357) |
| 2025 |
Jan
(451) |
Feb
(219) |
Mar
(326) |
Apr
(232) |
May
(306) |
Jun
(181) |
Jul
(452) |
Aug
(216) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-03 14:13:01
|
Attention is currently required from: MaxF, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1041?usp=email ) Change subject: Use mbedtls_ssl_export_keying_material() ...................................................................... Patch Set 3: (1 comment) File CMakeLists.txt: http://gerrit.openvpn.net/c/openvpn/+/1041/comment/cb4b863e_7a90ad49 : PS2, Line 305: check_symbol_exists(mbedtls_ssl_export_keying_material mbedtls/ssl.h HAVE_MBEDTLS_SSL_EXPORT_KEYING_MATERIAL) > I saw your other commit and I think we can stop supporting TLS libraries that do not support export […] Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1041?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1204bc2ff85952160a86f0b9d1caae90e5065bc4 Gerrit-Change-Number: 1041 Gerrit-PatchSet: 3 Gerrit-Owner: MaxF <ma...@ma...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: cron2 <ge...@gr...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: MaxF <ma...@ma...> Gerrit-Comment-Date: Tue, 03 Jun 2025 14:12:47 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <arn...@rf...> Comment-In-Reply-To: MaxF <ma...@ma...> Gerrit-MessageType: comment |
|
From: Gert D. <ge...@gr...> - 2025-06-03 14:06:44
|
From: Max Fillinger <max...@fo...> We need mbedtls_ssl_export_keying_material() to support TLS 1.3. The workaround we use for TLS 1.2 does not work for TLS 1.3. Change-Id: If5e832866b312a2f8a1ce6b4e00d40e3dcf63681 Signed-off-by: Max Fillinger <max...@fo...> Acked-by: Gert Doering <ge...@gr...> Acked-by: Frank Lichtenheld <fr...@li...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1042 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> Frank Lichtenheld <fr...@li...> diff --git a/README.mbedtls b/README.mbedtls index c4f3924..a1012e9 100644 --- a/README.mbedtls +++ b/README.mbedtls @@ -26,5 +26,9 @@ ************************************************************************* -Mbed TLS 3 has implemented (parts of) the TLS 1.3 protocol, but we have disabled -support in OpenVPN because the TLS-Exporter function is not yet implemented. +Mbed TLS 3 has implemented TLS 1.3, but support in OpenVPN requires the +function mbedtls_ssl_export_keying_material() which is currently not in +any released version. It is available when building mbed TLS from source +(mbedtls-3.6 or development branch). + +Without this function, only TLS 1.2 is available. diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 0159166..b78439c 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1048,11 +1048,14 @@ int tls_version_max(void) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + /* We need mbedtls_ssl_export_keying_material() to support TLS 1.3. */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) + return TLS_VER_1_3; +#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) return TLS_VER_1_2; -#else /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ - #error "mbedtls is compiled without support for TLS 1.2." -#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ +#else + #error mbedtls is compiled without support for TLS 1.2 or 1.3 +#endif } /** |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-03 14:05:42
|
Attention is currently required from: MaxF. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1042?usp=email ) Change subject: mbedtls: Allow TLS 1.3 if available ...................................................................... Patch Set 3: Code-Review+2 (1 comment) Patchset: PS3: discussed with Arne, while a bit misleading (there is no "3.6 release" but a "3.6 development train, which will eventually see this" - something people exposed to mbedTLS know, while I didn't) the patch itself is good enough. We can put a specific version number in the README when we know one. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1042?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If5e832866b312a2f8a1ce6b4e00d40e3dcf63681 Gerrit-Change-Number: 1042 Gerrit-PatchSet: 3 Gerrit-Owner: MaxF <ma...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: MaxF <ma...@ma...> Gerrit-Comment-Date: Tue, 03 Jun 2025 14:05:27 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: Gert D. <ge...@gr...> - 2025-06-03 14:04:28
|
From: Max Fillinger <max...@fo...> Mbed TLS now has an implementation of the TLS-Exporter feature (though not yet in a released version). Use it if it's available. v2: Rebased, changed feature detection in configure.ac Change-Id: I1204bc2ff85952160a86f0b9d1caae90e5065bc4 Signed-off-by: Max Fillinger <max...@fo...> Acked-by: Frank Lichtenheld <fr...@li...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1041 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <fr...@li...> diff --git a/configure.ac b/configure.ac index 1b908e6..7fa2284 100644 --- a/configure.ac +++ b/configure.ac @@ -1072,7 +1072,10 @@ [AC_DEFINE([HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB], [0], [no])] ) if test "x$ac_cv_func_mbedtls_ssl_set_export_keys_cb" != xyes; then - AC_MSG_ERROR(This version of mbed TLS has no support for exporting key material.) + AC_CHECK_FUNC([mbedtls_ssl_export_keying_material]) + if test "x$ac_cv_func_mbedtls_ssl_export_keying_material" != xyes; then + AC_MSG_ERROR(This version of mbed TLS has no support for exporting key material.) + fi fi fi diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 6474f80..0159166 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -251,8 +251,8 @@ memcpy(cache->master_secret, secret, sizeof(cache->master_secret)); cache->tls_prf_type = tls_prf_type; } -#else /* if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */ -#error either mbedtls_ssl_conf_export_keys_ext_cb or mbedtls_ssl_set_export_keys_cb must be available in mbed TLS +#elif !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) +#error mbedtls_ssl_conf_export_keys_ext_cb, mbedtls_ssl_set_export_keys_cb or mbedtls_ssl_export_keying_material must be available in mbed TLS #endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */ bool @@ -262,6 +262,20 @@ { ASSERT(strlen(label) == label_size); +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) + /* Our version of mbed TLS has a built-in TLS-Exporter. */ + + mbedtls_ssl_context *ctx = session->key[KS_PRIMARY].ks_ssl.ctx; + if (mbed_ok(mbedtls_ssl_export_keying_material(ctx, ekm, ekm_size, label, label_size, NULL, 0, 0))) + { + return true; + } + else + { + return false; + } + +#else /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ struct tls_key_cache *cache = &session->key[KS_PRIMARY].ks_ssl.tls_key_cache; /* If the type is NONE, we either have no cached secrets or @@ -286,6 +300,7 @@ secure_memzero(ekm, session->opt->ekm_size); return false; } +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ } bool @@ -1226,7 +1241,7 @@ mbedtls_ssl_conf_max_tls_version(ks_ssl->ssl_config, version); } -#if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB +#if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB && !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) /* Initialize keying material exporter, old style. */ mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config, mbedtls_ssl_export_keys_cb, session); @@ -1241,7 +1256,7 @@ * verification. */ ASSERT(mbed_ok(mbedtls_ssl_set_hostname(ks_ssl->ctx, NULL))); -#if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB +#if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB && !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) /* Initialize keying material exporter, new style. */ mbedtls_ssl_set_export_keys_cb(ks_ssl->ctx, mbedtls_ssl_export_keys_cb, session); #endif diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h index 9ebb2ce..6354231 100644 --- a/src/openvpn/ssl_mbedtls.h +++ b/src/openvpn/ssl_mbedtls.h @@ -85,14 +85,21 @@ void *sign_ctx; }; -/** struct to cache TLS secrets for keying material exporter (RFC 5705). - * The constants (64 and 48) are inherent to TLS version and - * the whole keying material export will likely change when they change */ +#if !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) +/** + * struct to cache TLS secrets for keying material exporter (RFC 5705). + * Not needed if the library itself implements the keying material exporter. + * + * The constants 64 and 48 are inherent to TLS 1.2. For TLS 1.3, it is not + * possible to obtain the exporter master secret from mbed TLS. */ struct tls_key_cache { unsigned char client_server_random[64]; mbedtls_tls_prf_types tls_prf_type; unsigned char master_secret[48]; }; +#else /* !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ +struct tls_key_cache { }; +#endif /** * Structure that wraps the TLS context. Contents differ depending on the |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-06-03 13:39:06
|
Attention is currently required from: plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1038?usp=email ) Change subject: t_server_null: Test different permutations of --dh ...................................................................... Patch Set 2: This change is ready for review. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1038?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I480442a55025bfcce7cb68ec7564ff33b0b780e2 Gerrit-Change-Number: 1038 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Comment-Date: Tue, 03 Jun 2025 13:38:56 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-02 16:05:37
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email ) Change subject: Delete old sample-windows file and obsolete Windows sample handling ...................................................................... Delete old sample-windows file and obsolete Windows sample handling This file is apparently over 20 years old and was never updated besides fixing some obvious syntax errors with new versions. So let's just get rid of it. AFAICT the Windows installer does not use it. Only the {server,client}.ovpn. And even there, it just uses the files directly from the build directory and does not depend on us renaming them (which is obvious since we do not use the Makefile at all in the Windows build, only CMake). Github: Closes OpenVPN/openvpn#758 Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4 Signed-off-by: Frank Lichtenheld <fr...@li...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31850.html Signed-off-by: Gert Doering <ge...@gr...> --- M sample/Makefile.am D sample/sample-windows/sample.ovpn 2 files changed, 0 insertions(+), 117 deletions(-) diff --git a/sample/Makefile.am b/sample/Makefile.am index 9443cf3..4ed78a6e 100644 --- a/sample/Makefile.am +++ b/sample/Makefile.am @@ -18,20 +18,5 @@ EXTRA_DIST = \ sample-plugins \ sample-config-files \ - sample-windows \ sample-keys \ sample-scripts - -if WIN32 -sample_DATA = \ - client.ovpn \ - server.ovpn \ - sample-windows/sample.ovpn - -client.ovpn: sample-config-files/client.conf - -rm -f client.ovpn - cp "$(srcdir)/sample-config-files/client.conf" client.ovpn -server.ovpn: sample-config-files/server.conf - -rm -f server.ovpn - cp "$(srcdir)/sample-config-files/server.conf" server.ovpn -endif diff --git a/sample/sample-windows/sample.ovpn b/sample/sample-windows/sample.ovpn deleted file mode 100755 index be24faa..0000000 --- a/sample/sample-windows/sample.ovpn +++ /dev/null @@ -1,102 +0,0 @@ -# Edit this file, and save to a .ovpn extension -# so that OpenVPN will activate it when run -# as a service. - -# Change 'myremote' to be your remote host, -# or comment out to enter a listening -# server mode. -remote myremote - -# Uncomment this line to use a different -# port number than the default of 1194. -; port 1194 - -# Choose one of three protocols supported by -# OpenVPN. If left commented out, defaults -# to udp. -; proto [tcp-server | tcp-client | udp] - -# You must specify one of two possible network -# protocols, 'dev tap' or 'dev tun' to be used -# on both sides of the connection. 'tap' creates -# a VPN using the ethernet protocol while 'tun' -# uses the IP protocol. You must use 'tap' -# if you are ethernet bridging or want to route -# broadcasts. 'tun' is somewhat more efficient -# but requires configuration of client software -# to not depend on broadcasts. Some platforms -# such as Solaris, OpenBSD, and Mac OS X only -# support 'tun' interfaces, so if you are -# connecting to such a platform, you must also -# use a 'tun' interface on the Windows side. - -# Enable 'dev tap' or 'dev tun' but not both! -dev tap - -# This is a 'dev tap' ifconfig that creates -# a virtual ethernet subnet. -# 10.3.0.1 is the local VPN IP address -# and 255.255.255.0 is the VPN subnet. -# Only define this option for 'dev tap'. -ifconfig 10.3.0.1 255.255.255.0 - -# This is a 'dev tun' ifconfig that creates -# a point-to-point IP link. -# 10.3.0.1 is the local VPN IP address and -# 10.3.0.2 is the remote VPN IP address. -# Only define this option for 'dev tun'. -# Make sure to include the "tun-mtu" option -# on the remote machine, but swap the order -# of the ifconfig addresses. -;tun-mtu 1500 -;ifconfig 10.3.0.1 10.3.0.2 - -# If you have fragmentation issues or misconfigured -# routers in the path which block Path MTU discovery, -# lower the TCP MSS and internally fragment non-TCP -# protocols. -;fragment 1300 -;mssfix - -# If you have set up more than one TAP-Win32 adapter -# on your system, you must refer to it by name. -;dev-node my-tap - -# You can generate a static OpenVPN key -# by selecting the Generate Key option -# in the start menu. -# -# You can also generate key.txt manually -# with the following command: -# openvpn --genkey secret key.txt -# -# key must match on both ends of the connection, -# so you should generate it on one machine and -# copy it to the other over a secure medium. -# Place key.txt in the same directory as this -# config file. -secret key.txt - -# Uncomment this section for a more reliable -# detection when a system loses its connection. -# For example, dial-ups or laptops that travel -# to other locations. -# -# If this section is enabled and "myremote" -# above is a dynamic DNS name (i.e. dyndns.org), -# OpenVPN will dynamically "follow" the IP -# address of "myremote" if it changes. -; ping-restart 60 -; ping-timer-rem -; persist-tun -; resolv-retry 86400 - -# keep-alive ping -ping 10 - -# enable LZO compression -comp-lzo - -# moderate verbosity -verb 4 -mute 10 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4 Gerrit-Change-Number: 1036 Gerrit-PatchSet: 4 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-02 16:05:36
|
cron2 has uploaded a new patch set (#4) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email ) Change subject: Delete old sample-windows file and obsolete Windows sample handling ...................................................................... Delete old sample-windows file and obsolete Windows sample handling This file is apparently over 20 years old and was never updated besides fixing some obvious syntax errors with new versions. So let's just get rid of it. AFAICT the Windows installer does not use it. Only the {server,client}.ovpn. And even there, it just uses the files directly from the build directory and does not depend on us renaming them (which is obvious since we do not use the Makefile at all in the Windows build, only CMake). Github: Closes OpenVPN/openvpn#758 Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4 Signed-off-by: Frank Lichtenheld <fr...@li...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31850.html Signed-off-by: Gert Doering <ge...@gr...> --- M sample/Makefile.am D sample/sample-windows/sample.ovpn 2 files changed, 0 insertions(+), 117 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/36/1036/4 diff --git a/sample/Makefile.am b/sample/Makefile.am index 9443cf3..4ed78a6e 100644 --- a/sample/Makefile.am +++ b/sample/Makefile.am @@ -18,20 +18,5 @@ EXTRA_DIST = \ sample-plugins \ sample-config-files \ - sample-windows \ sample-keys \ sample-scripts - -if WIN32 -sample_DATA = \ - client.ovpn \ - server.ovpn \ - sample-windows/sample.ovpn - -client.ovpn: sample-config-files/client.conf - -rm -f client.ovpn - cp "$(srcdir)/sample-config-files/client.conf" client.ovpn -server.ovpn: sample-config-files/server.conf - -rm -f server.ovpn - cp "$(srcdir)/sample-config-files/server.conf" server.ovpn -endif diff --git a/sample/sample-windows/sample.ovpn b/sample/sample-windows/sample.ovpn deleted file mode 100755 index be24faa..0000000 --- a/sample/sample-windows/sample.ovpn +++ /dev/null @@ -1,102 +0,0 @@ -# Edit this file, and save to a .ovpn extension -# so that OpenVPN will activate it when run -# as a service. - -# Change 'myremote' to be your remote host, -# or comment out to enter a listening -# server mode. -remote myremote - -# Uncomment this line to use a different -# port number than the default of 1194. -; port 1194 - -# Choose one of three protocols supported by -# OpenVPN. If left commented out, defaults -# to udp. -; proto [tcp-server | tcp-client | udp] - -# You must specify one of two possible network -# protocols, 'dev tap' or 'dev tun' to be used -# on both sides of the connection. 'tap' creates -# a VPN using the ethernet protocol while 'tun' -# uses the IP protocol. You must use 'tap' -# if you are ethernet bridging or want to route -# broadcasts. 'tun' is somewhat more efficient -# but requires configuration of client software -# to not depend on broadcasts. Some platforms -# such as Solaris, OpenBSD, and Mac OS X only -# support 'tun' interfaces, so if you are -# connecting to such a platform, you must also -# use a 'tun' interface on the Windows side. - -# Enable 'dev tap' or 'dev tun' but not both! -dev tap - -# This is a 'dev tap' ifconfig that creates -# a virtual ethernet subnet. -# 10.3.0.1 is the local VPN IP address -# and 255.255.255.0 is the VPN subnet. -# Only define this option for 'dev tap'. -ifconfig 10.3.0.1 255.255.255.0 - -# This is a 'dev tun' ifconfig that creates -# a point-to-point IP link. -# 10.3.0.1 is the local VPN IP address and -# 10.3.0.2 is the remote VPN IP address. -# Only define this option for 'dev tun'. -# Make sure to include the "tun-mtu" option -# on the remote machine, but swap the order -# of the ifconfig addresses. -;tun-mtu 1500 -;ifconfig 10.3.0.1 10.3.0.2 - -# If you have fragmentation issues or misconfigured -# routers in the path which block Path MTU discovery, -# lower the TCP MSS and internally fragment non-TCP -# protocols. -;fragment 1300 -;mssfix - -# If you have set up more than one TAP-Win32 adapter -# on your system, you must refer to it by name. -;dev-node my-tap - -# You can generate a static OpenVPN key -# by selecting the Generate Key option -# in the start menu. -# -# You can also generate key.txt manually -# with the following command: -# openvpn --genkey secret key.txt -# -# key must match on both ends of the connection, -# so you should generate it on one machine and -# copy it to the other over a secure medium. -# Place key.txt in the same directory as this -# config file. -secret key.txt - -# Uncomment this section for a more reliable -# detection when a system loses its connection. -# For example, dial-ups or laptops that travel -# to other locations. -# -# If this section is enabled and "myremote" -# above is a dynamic DNS name (i.e. dyndns.org), -# OpenVPN will dynamically "follow" the IP -# address of "myremote" if it changes. -; ping-restart 60 -; ping-timer-rem -; persist-tun -; resolv-retry 86400 - -# keep-alive ping -ping 10 - -# enable LZO compression -comp-lzo - -# moderate verbosity -verb 4 -mute 10 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4 Gerrit-Change-Number: 1036 Gerrit-PatchSet: 4 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: Gert D. <ge...@gr...> - 2025-06-02 16:05:28
|
Out it goes, well done :-) - checked with "make distcheck" if all the
makefile magic agrees (it does).
Your patch has been applied to the master branch.
commit 1b6b1e33ed9646be97110f5cd1f31a8b2ba0dce8
Author: Frank Lichtenheld
Date: Mon Jun 2 17:38:54 2025 +0200
Delete old sample-windows file and obsolete Windows sample handling
Signed-off-by: Frank Lichtenheld <fr...@li...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg31850.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2025-06-02 15:39:13
|
From: Frank Lichtenheld <fr...@li...>
This file is apparently over 20 years old and
was never updated besides fixing some obvious
syntax errors with new versions.
So let's just get rid of it. AFAICT the Windows
installer does not use it. Only the
{server,client}.ovpn. And even there, it just uses
the files directly from the build directory and
does not depend on us renaming them (which is
obvious since we do not use the Makefile at all
in the Windows build, only CMake).
Github: Closes OpenVPN/openvpn#758
Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1036
This mail reflects revision 3 of this Change.
Acked-by according to Gerrit (reflected above):
diff --git a/sample/Makefile.am b/sample/Makefile.am
index 9443cf3..4ed78a6e 100644
--- a/sample/Makefile.am
+++ b/sample/Makefile.am
@@ -18,20 +18,5 @@
EXTRA_DIST = \
sample-plugins \
sample-config-files \
- sample-windows \
sample-keys \
sample-scripts
-
-if WIN32
-sample_DATA = \
- client.ovpn \
- server.ovpn \
- sample-windows/sample.ovpn
-
-client.ovpn: sample-config-files/client.conf
- -rm -f client.ovpn
- cp "$(srcdir)/sample-config-files/client.conf" client.ovpn
-server.ovpn: sample-config-files/server.conf
- -rm -f server.ovpn
- cp "$(srcdir)/sample-config-files/server.conf" server.ovpn
-endif
diff --git a/sample/sample-windows/sample.ovpn b/sample/sample-windows/sample.ovpn
deleted file mode 100755
index be24faa..0000000
--- a/sample/sample-windows/sample.ovpn
+++ /dev/null
@@ -1,102 +0,0 @@
-# Edit this file, and save to a .ovpn extension
-# so that OpenVPN will activate it when run
-# as a service.
-
-# Change 'myremote' to be your remote host,
-# or comment out to enter a listening
-# server mode.
-remote myremote
-
-# Uncomment this line to use a different
-# port number than the default of 1194.
-; port 1194
-
-# Choose one of three protocols supported by
-# OpenVPN. If left commented out, defaults
-# to udp.
-; proto [tcp-server | tcp-client | udp]
-
-# You must specify one of two possible network
-# protocols, 'dev tap' or 'dev tun' to be used
-# on both sides of the connection. 'tap' creates
-# a VPN using the ethernet protocol while 'tun'
-# uses the IP protocol. You must use 'tap'
-# if you are ethernet bridging or want to route
-# broadcasts. 'tun' is somewhat more efficient
-# but requires configuration of client software
-# to not depend on broadcasts. Some platforms
-# such as Solaris, OpenBSD, and Mac OS X only
-# support 'tun' interfaces, so if you are
-# connecting to such a platform, you must also
-# use a 'tun' interface on the Windows side.
-
-# Enable 'dev tap' or 'dev tun' but not both!
-dev tap
-
-# This is a 'dev tap' ifconfig that creates
-# a virtual ethernet subnet.
-# 10.3.0.1 is the local VPN IP address
-# and 255.255.255.0 is the VPN subnet.
-# Only define this option for 'dev tap'.
-ifconfig 10.3.0.1 255.255.255.0
-
-# This is a 'dev tun' ifconfig that creates
-# a point-to-point IP link.
-# 10.3.0.1 is the local VPN IP address and
-# 10.3.0.2 is the remote VPN IP address.
-# Only define this option for 'dev tun'.
-# Make sure to include the "tun-mtu" option
-# on the remote machine, but swap the order
-# of the ifconfig addresses.
-;tun-mtu 1500
-;ifconfig 10.3.0.1 10.3.0.2
-
-# If you have fragmentation issues or misconfigured
-# routers in the path which block Path MTU discovery,
-# lower the TCP MSS and internally fragment non-TCP
-# protocols.
-;fragment 1300
-;mssfix
-
-# If you have set up more than one TAP-Win32 adapter
-# on your system, you must refer to it by name.
-;dev-node my-tap
-
-# You can generate a static OpenVPN key
-# by selecting the Generate Key option
-# in the start menu.
-#
-# You can also generate key.txt manually
-# with the following command:
-# openvpn --genkey secret key.txt
-#
-# key must match on both ends of the connection,
-# so you should generate it on one machine and
-# copy it to the other over a secure medium.
-# Place key.txt in the same directory as this
-# config file.
-secret key.txt
-
-# Uncomment this section for a more reliable
-# detection when a system loses its connection.
-# For example, dial-ups or laptops that travel
-# to other locations.
-#
-# If this section is enabled and "myremote"
-# above is a dynamic DNS name (i.e. dyndns.org),
-# OpenVPN will dynamically "follow" the IP
-# address of "myremote" if it changes.
-; ping-restart 60
-; ping-timer-rem
-; persist-tun
-; resolv-retry 86400
-
-# keep-alive ping
-ping 10
-
-# enable LZO compression
-comp-lzo
-
-# moderate verbosity
-verb 4
-mute 10
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-02 15:38:55
|
Attention is currently required from: cron2, flichtenheld, plaisthos. cron2 has uploaded a new patch set (#3) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 The change is no longer submittable: Code-Review and checks~ChecksSubmitRule are unsatisfied now. Change subject: Delete old sample-windows file and obsolete Windows sample handling ...................................................................... Delete old sample-windows file and obsolete Windows sample handling This file is apparently over 20 years old and was never updated besides fixing some obvious syntax errors with new versions. So let's just get rid of it. AFAICT the Windows installer does not use it. Only the {server,client}.ovpn. And even there, it just uses the files directly from the build directory and does not depend on us renaming them (which is obvious since we do not use the Makefile at all in the Windows build, only CMake). Github: Closes OpenVPN/openvpn#758 Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4 Signed-off-by: Frank Lichtenheld <fr...@li...> --- M sample/Makefile.am D sample/sample-windows/sample.ovpn 2 files changed, 0 insertions(+), 117 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/36/1036/3 diff --git a/sample/Makefile.am b/sample/Makefile.am index 9443cf3..4ed78a6e 100644 --- a/sample/Makefile.am +++ b/sample/Makefile.am @@ -18,20 +18,5 @@ EXTRA_DIST = \ sample-plugins \ sample-config-files \ - sample-windows \ sample-keys \ sample-scripts - -if WIN32 -sample_DATA = \ - client.ovpn \ - server.ovpn \ - sample-windows/sample.ovpn - -client.ovpn: sample-config-files/client.conf - -rm -f client.ovpn - cp "$(srcdir)/sample-config-files/client.conf" client.ovpn -server.ovpn: sample-config-files/server.conf - -rm -f server.ovpn - cp "$(srcdir)/sample-config-files/server.conf" server.ovpn -endif diff --git a/sample/sample-windows/sample.ovpn b/sample/sample-windows/sample.ovpn deleted file mode 100755 index be24faa..0000000 --- a/sample/sample-windows/sample.ovpn +++ /dev/null @@ -1,102 +0,0 @@ -# Edit this file, and save to a .ovpn extension -# so that OpenVPN will activate it when run -# as a service. - -# Change 'myremote' to be your remote host, -# or comment out to enter a listening -# server mode. -remote myremote - -# Uncomment this line to use a different -# port number than the default of 1194. -; port 1194 - -# Choose one of three protocols supported by -# OpenVPN. If left commented out, defaults -# to udp. -; proto [tcp-server | tcp-client | udp] - -# You must specify one of two possible network -# protocols, 'dev tap' or 'dev tun' to be used -# on both sides of the connection. 'tap' creates -# a VPN using the ethernet protocol while 'tun' -# uses the IP protocol. You must use 'tap' -# if you are ethernet bridging or want to route -# broadcasts. 'tun' is somewhat more efficient -# but requires configuration of client software -# to not depend on broadcasts. Some platforms -# such as Solaris, OpenBSD, and Mac OS X only -# support 'tun' interfaces, so if you are -# connecting to such a platform, you must also -# use a 'tun' interface on the Windows side. - -# Enable 'dev tap' or 'dev tun' but not both! -dev tap - -# This is a 'dev tap' ifconfig that creates -# a virtual ethernet subnet. -# 10.3.0.1 is the local VPN IP address -# and 255.255.255.0 is the VPN subnet. -# Only define this option for 'dev tap'. -ifconfig 10.3.0.1 255.255.255.0 - -# This is a 'dev tun' ifconfig that creates -# a point-to-point IP link. -# 10.3.0.1 is the local VPN IP address and -# 10.3.0.2 is the remote VPN IP address. -# Only define this option for 'dev tun'. -# Make sure to include the "tun-mtu" option -# on the remote machine, but swap the order -# of the ifconfig addresses. -;tun-mtu 1500 -;ifconfig 10.3.0.1 10.3.0.2 - -# If you have fragmentation issues or misconfigured -# routers in the path which block Path MTU discovery, -# lower the TCP MSS and internally fragment non-TCP -# protocols. -;fragment 1300 -;mssfix - -# If you have set up more than one TAP-Win32 adapter -# on your system, you must refer to it by name. -;dev-node my-tap - -# You can generate a static OpenVPN key -# by selecting the Generate Key option -# in the start menu. -# -# You can also generate key.txt manually -# with the following command: -# openvpn --genkey secret key.txt -# -# key must match on both ends of the connection, -# so you should generate it on one machine and -# copy it to the other over a secure medium. -# Place key.txt in the same directory as this -# config file. -secret key.txt - -# Uncomment this section for a more reliable -# detection when a system loses its connection. -# For example, dial-ups or laptops that travel -# to other locations. -# -# If this section is enabled and "myremote" -# above is a dynamic DNS name (i.e. dyndns.org), -# OpenVPN will dynamically "follow" the IP -# address of "myremote" if it changes. -; ping-restart 60 -; ping-timer-rem -; persist-tun -; resolv-retry 86400 - -# keep-alive ping -ping 10 - -# enable LZO compression -comp-lzo - -# moderate verbosity -verb 4 -mute 10 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4 Gerrit-Change-Number: 1036 Gerrit-PatchSet: 3 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-MessageType: newpatchset |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-02 15:38:45
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email ) Change subject: Delete old sample-windows file and obsolete Windows sample handling ...................................................................... Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4 Gerrit-Change-Number: 1036 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Mon, 02 Jun 2025 15:38:30 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-02 15:30:57
|
cron2 has uploaded a new patch set (#2) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1037?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: Do not segfault on missing --dh in server config ...................................................................... Do not segfault on missing --dh in server config Change-Id: I0e13595c1057c680e1065eae84ca94b273ed9ca1 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31844.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/options.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/37/1037/2 diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0d648ba..b9708343 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3698,7 +3698,7 @@ if (o->tls_server) { - if (streq(o->dh_file, "none")) + if (o->dh_file && streq(o->dh_file, "none")) { o->dh_file = NULL; } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1037?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0e13595c1057c680e1065eae84ca94b273ed9ca1 Gerrit-Change-Number: 1037 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-02 15:30:53
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1037?usp=email ) Change subject: Do not segfault on missing --dh in server config ...................................................................... Do not segfault on missing --dh in server config Change-Id: I0e13595c1057c680e1065eae84ca94b273ed9ca1 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg31844.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/options.c 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0d648ba..b9708343 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3698,7 +3698,7 @@ if (o->tls_server) { - if (streq(o->dh_file, "none")) + if (o->dh_file && streq(o->dh_file, "none")) { o->dh_file = NULL; } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1037?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0e13595c1057c680e1065eae84ca94b273ed9ca1 Gerrit-Change-Number: 1037 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: Gert D. <ge...@gr...> - 2025-06-02 15:30:52
|
Apologies.
"The more trivial a patch looks, the more testing it warrants"...
Now *this* patch is rather trivial, and *have* verified that it, indeed,
makes a config "with no --dh in it" work with no segfault.
Your patch has been applied to the master branch.
commit 92b9cb5e0363a1c19b76a5a6e5f36c9891406590
Author: Frank Lichtenheld
Date: Mon Jun 2 17:21:08 2025 +0200
Do not segfault on missing --dh in server config
Signed-off-by: Frank Lichtenheld <fr...@li...>
Acked-by: Gert Doering <ge...@gr...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg31844.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2025-06-02 15:21:25
|
From: Frank Lichtenheld <fr...@li...> Change-Id: I0e13595c1057c680e1065eae84ca94b273ed9ca1 Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1037 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0d648ba..b9708343 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3698,7 +3698,7 @@ if (o->tls_server) { - if (streq(o->dh_file, "none")) + if (o->dh_file && streq(o->dh_file, "none")) { o->dh_file = NULL; } |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-02 15:21:13
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1037?usp=email ) Change subject: Do not segfault on missing --dh in server config ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1037?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0e13595c1057c680e1065eae84ca94b273ed9ca1 Gerrit-Change-Number: 1037 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Mon, 02 Jun 2025 15:20:59 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-06-02 14:58:40
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1037?usp=email
to review the following change.
Change subject: Do not segfault on missing --dh in server config
......................................................................
Do not segfault on missing --dh in server config
Change-Id: I0e13595c1057c680e1065eae84ca94b273ed9ca1
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M src/openvpn/options.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/37/1037/1
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 0d648ba..b9708343 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3698,7 +3698,7 @@
if (o->tls_server)
{
- if (streq(o->dh_file, "none"))
+ if (o->dh_file && streq(o->dh_file, "none"))
{
o->dh_file = NULL;
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1037?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0e13595c1057c680e1065eae84ca94b273ed9ca1
Gerrit-Change-Number: 1037
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-MessageType: newchange
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-06-02 14:58:39
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1038?usp=email
to review the following change.
Change subject: t_server_null: Test different permutations of --dh
......................................................................
t_server_null: Test different permutations of --dh
Change-Id: I480442a55025bfcce7cb68ec7564ff33b0b780e2
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M tests/t_server_null_default.rc
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/38/1038/1
diff --git a/tests/t_server_null_default.rc b/tests/t_server_null_default.rc
index ca8004a..9350fcc 100755
--- a/tests/t_server_null_default.rc
+++ b/tests/t_server_null_default.rc
@@ -40,7 +40,7 @@
SERVER_EXEC="${top_builddir}/src/openvpn/openvpn"
SERVER_BASE_OPTS="--daemon --local 127.0.0.1 --dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn"
SERVER_CIPHER_OPTS=""
-SERVER_CERT_OPTS="--ca ${CA} --dh ${DH} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0"
+SERVER_CERT_OPTS="--ca ${CA} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0"
SERVER_CONF_BASE="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS}"
TEST_SERVER_LIST="1 2 3"
@@ -61,7 +61,7 @@
SERVER_SERVER_3="--server 10.29.43.0 255.255.255.0"
SERVER_MGMT_PORT_3="11196"
SERVER_EXEC_3="${SERVER_EXEC}"
-SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC"
+SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --dh none --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC"
# Test client configurations
CLIENT_EXEC="${top_builddir}/src/openvpn/openvpn"
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1038?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I480442a55025bfcce7cb68ec7564ff33b0b780e2
Gerrit-Change-Number: 1038
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-MessageType: newchange
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-06-02 11:45:15
|
flichtenheld has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/1031?usp=email ) Change subject: git-pre-commit-uncrustify: Make sure to not run on branches with clang-format ...................................................................... Abandoned Not the wanted way forward -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1031?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: Ifd36651a3713dd6f2e585f0771f349178a494360 Gerrit-Change-Number: 1031 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: abandon |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-06-02 10:46:13
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email
to look at the new patch set (#2).
Change subject: Delete old sample-windows file and obsolete Windows sample handling
......................................................................
Delete old sample-windows file and obsolete Windows sample handling
This file is apparently over 20 years old and
was never updated besides fixing some obvious
syntax errors with new versions.
So let's just get rid of it. AFAICT the Windows
installer does not use it. Only the
{server,client}.ovpn. And even there, it just uses
the files directly from the build directory and
does not depend on us renaming them (which is
obvious since we do not use the Makefile at all
in the Windows build, only CMake).
Github: Closes #758
Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M sample/Makefile.am
D sample/sample-windows/sample.ovpn
2 files changed, 0 insertions(+), 117 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/36/1036/2
diff --git a/sample/Makefile.am b/sample/Makefile.am
index 9443cf3..4ed78a6e 100644
--- a/sample/Makefile.am
+++ b/sample/Makefile.am
@@ -18,20 +18,5 @@
EXTRA_DIST = \
sample-plugins \
sample-config-files \
- sample-windows \
sample-keys \
sample-scripts
-
-if WIN32
-sample_DATA = \
- client.ovpn \
- server.ovpn \
- sample-windows/sample.ovpn
-
-client.ovpn: sample-config-files/client.conf
- -rm -f client.ovpn
- cp "$(srcdir)/sample-config-files/client.conf" client.ovpn
-server.ovpn: sample-config-files/server.conf
- -rm -f server.ovpn
- cp "$(srcdir)/sample-config-files/server.conf" server.ovpn
-endif
diff --git a/sample/sample-windows/sample.ovpn b/sample/sample-windows/sample.ovpn
deleted file mode 100755
index be24faa..0000000
--- a/sample/sample-windows/sample.ovpn
+++ /dev/null
@@ -1,102 +0,0 @@
-# Edit this file, and save to a .ovpn extension
-# so that OpenVPN will activate it when run
-# as a service.
-
-# Change 'myremote' to be your remote host,
-# or comment out to enter a listening
-# server mode.
-remote myremote
-
-# Uncomment this line to use a different
-# port number than the default of 1194.
-; port 1194
-
-# Choose one of three protocols supported by
-# OpenVPN. If left commented out, defaults
-# to udp.
-; proto [tcp-server | tcp-client | udp]
-
-# You must specify one of two possible network
-# protocols, 'dev tap' or 'dev tun' to be used
-# on both sides of the connection. 'tap' creates
-# a VPN using the ethernet protocol while 'tun'
-# uses the IP protocol. You must use 'tap'
-# if you are ethernet bridging or want to route
-# broadcasts. 'tun' is somewhat more efficient
-# but requires configuration of client software
-# to not depend on broadcasts. Some platforms
-# such as Solaris, OpenBSD, and Mac OS X only
-# support 'tun' interfaces, so if you are
-# connecting to such a platform, you must also
-# use a 'tun' interface on the Windows side.
-
-# Enable 'dev tap' or 'dev tun' but not both!
-dev tap
-
-# This is a 'dev tap' ifconfig that creates
-# a virtual ethernet subnet.
-# 10.3.0.1 is the local VPN IP address
-# and 255.255.255.0 is the VPN subnet.
-# Only define this option for 'dev tap'.
-ifconfig 10.3.0.1 255.255.255.0
-
-# This is a 'dev tun' ifconfig that creates
-# a point-to-point IP link.
-# 10.3.0.1 is the local VPN IP address and
-# 10.3.0.2 is the remote VPN IP address.
-# Only define this option for 'dev tun'.
-# Make sure to include the "tun-mtu" option
-# on the remote machine, but swap the order
-# of the ifconfig addresses.
-;tun-mtu 1500
-;ifconfig 10.3.0.1 10.3.0.2
-
-# If you have fragmentation issues or misconfigured
-# routers in the path which block Path MTU discovery,
-# lower the TCP MSS and internally fragment non-TCP
-# protocols.
-;fragment 1300
-;mssfix
-
-# If you have set up more than one TAP-Win32 adapter
-# on your system, you must refer to it by name.
-;dev-node my-tap
-
-# You can generate a static OpenVPN key
-# by selecting the Generate Key option
-# in the start menu.
-#
-# You can also generate key.txt manually
-# with the following command:
-# openvpn --genkey secret key.txt
-#
-# key must match on both ends of the connection,
-# so you should generate it on one machine and
-# copy it to the other over a secure medium.
-# Place key.txt in the same directory as this
-# config file.
-secret key.txt
-
-# Uncomment this section for a more reliable
-# detection when a system loses its connection.
-# For example, dial-ups or laptops that travel
-# to other locations.
-#
-# If this section is enabled and "myremote"
-# above is a dynamic DNS name (i.e. dyndns.org),
-# OpenVPN will dynamically "follow" the IP
-# address of "myremote" if it changes.
-; ping-restart 60
-; ping-timer-rem
-; persist-tun
-; resolv-retry 86400
-
-# keep-alive ping
-ping 10
-
-# enable LZO compression
-comp-lzo
-
-# moderate verbosity
-verb 4
-mute 10
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4
Gerrit-Change-Number: 1036
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-MessageType: newpatchset
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-06-02 10:39:06
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email
to review the following change.
Change subject: Delete old sample-windows file
......................................................................
Delete old sample-windows file
This file is apparently over 20 years old and
was never updated besides fixing some obvious
syntax errors with new versions.
So let's just get rid of it. AFAICT the Windows
installer does not use it. Only the
{server,client}.ovpn.
Github: Closes #758
Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M sample/Makefile.am
D sample/sample-windows/sample.ovpn
2 files changed, 1 insertion(+), 105 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/36/1036/1
diff --git a/sample/Makefile.am b/sample/Makefile.am
index 9443cf3..36c3b44 100644
--- a/sample/Makefile.am
+++ b/sample/Makefile.am
@@ -18,15 +18,13 @@
EXTRA_DIST = \
sample-plugins \
sample-config-files \
- sample-windows \
sample-keys \
sample-scripts
if WIN32
sample_DATA = \
client.ovpn \
- server.ovpn \
- sample-windows/sample.ovpn
+ server.ovpn
client.ovpn: sample-config-files/client.conf
-rm -f client.ovpn
diff --git a/sample/sample-windows/sample.ovpn b/sample/sample-windows/sample.ovpn
deleted file mode 100755
index be24faa..0000000
--- a/sample/sample-windows/sample.ovpn
+++ /dev/null
@@ -1,102 +0,0 @@
-# Edit this file, and save to a .ovpn extension
-# so that OpenVPN will activate it when run
-# as a service.
-
-# Change 'myremote' to be your remote host,
-# or comment out to enter a listening
-# server mode.
-remote myremote
-
-# Uncomment this line to use a different
-# port number than the default of 1194.
-; port 1194
-
-# Choose one of three protocols supported by
-# OpenVPN. If left commented out, defaults
-# to udp.
-; proto [tcp-server | tcp-client | udp]
-
-# You must specify one of two possible network
-# protocols, 'dev tap' or 'dev tun' to be used
-# on both sides of the connection. 'tap' creates
-# a VPN using the ethernet protocol while 'tun'
-# uses the IP protocol. You must use 'tap'
-# if you are ethernet bridging or want to route
-# broadcasts. 'tun' is somewhat more efficient
-# but requires configuration of client software
-# to not depend on broadcasts. Some platforms
-# such as Solaris, OpenBSD, and Mac OS X only
-# support 'tun' interfaces, so if you are
-# connecting to such a platform, you must also
-# use a 'tun' interface on the Windows side.
-
-# Enable 'dev tap' or 'dev tun' but not both!
-dev tap
-
-# This is a 'dev tap' ifconfig that creates
-# a virtual ethernet subnet.
-# 10.3.0.1 is the local VPN IP address
-# and 255.255.255.0 is the VPN subnet.
-# Only define this option for 'dev tap'.
-ifconfig 10.3.0.1 255.255.255.0
-
-# This is a 'dev tun' ifconfig that creates
-# a point-to-point IP link.
-# 10.3.0.1 is the local VPN IP address and
-# 10.3.0.2 is the remote VPN IP address.
-# Only define this option for 'dev tun'.
-# Make sure to include the "tun-mtu" option
-# on the remote machine, but swap the order
-# of the ifconfig addresses.
-;tun-mtu 1500
-;ifconfig 10.3.0.1 10.3.0.2
-
-# If you have fragmentation issues or misconfigured
-# routers in the path which block Path MTU discovery,
-# lower the TCP MSS and internally fragment non-TCP
-# protocols.
-;fragment 1300
-;mssfix
-
-# If you have set up more than one TAP-Win32 adapter
-# on your system, you must refer to it by name.
-;dev-node my-tap
-
-# You can generate a static OpenVPN key
-# by selecting the Generate Key option
-# in the start menu.
-#
-# You can also generate key.txt manually
-# with the following command:
-# openvpn --genkey secret key.txt
-#
-# key must match on both ends of the connection,
-# so you should generate it on one machine and
-# copy it to the other over a secure medium.
-# Place key.txt in the same directory as this
-# config file.
-secret key.txt
-
-# Uncomment this section for a more reliable
-# detection when a system loses its connection.
-# For example, dial-ups or laptops that travel
-# to other locations.
-#
-# If this section is enabled and "myremote"
-# above is a dynamic DNS name (i.e. dyndns.org),
-# OpenVPN will dynamically "follow" the IP
-# address of "myremote" if it changes.
-; ping-restart 60
-; ping-timer-rem
-; persist-tun
-; resolv-retry 86400
-
-# keep-alive ping
-ping 10
-
-# enable LZO compression
-comp-lzo
-
-# moderate verbosity
-verb 4
-mute 10
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1036?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I15c730c9eb3f1338019577e7c665c0ca5b1edcd4
Gerrit-Change-Number: 1036
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-MessageType: newchange
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-06-02 10:25:37
|
Attention is currently required from: cron2, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/790?usp=email ) Change subject: Define a .clang-format file for the project ...................................................................... Patch Set 15: (1 comment) File .pre-commit-config.yaml: http://gerrit.openvpn.net/c/openvpn/+/790/comment/258aae77_531d3e83 : PS15, Line 9: > I don't really like this - call me oldfashioned, but requiring python to install something magic fro […] This is "take it or leave it". I really am not willing to maintain some sort-of-working shell code instead of a 3rd-party solution that comes with many additional features. Most importantly using the exact version of clang-format I specify. I maintain a dozen of repositories, I really will not maintain a hook in every one of those. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/790?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I40f6af10c5ee2f5aed4185d783fc622a2e3c19ff Gerrit-Change-Number: 790 Gerrit-PatchSet: 15 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Comment-Date: Mon, 02 Jun 2025 10:25:16 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: cron2 <ge...@gr...> Gerrit-MessageType: comment |
|
From: plaisthos (C. Review) <ge...@op...> - 2025-06-01 15:41:48
|
Attention is currently required from: MaxF, cron2. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1042?usp=email ) Change subject: mbedtls: Allow TLS 1.3 if available ...................................................................... Patch Set 3: (1 comment) File README.mbedtls: http://gerrit.openvpn.net/c/openvpn/+/1042/comment/bf3c99be_a1c3ac1a : PS3, Line 32: (mbedtls-3.6 or development branch). > this 3.6 here does not look right. FreeBSD ships 3.6. […] It is not released yet. You need the mbed TLS 3.6 development branch or the master developmenet branch. I used the 3.6 development branch since master breaks for different reasons -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1042?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If5e832866b312a2f8a1ce6b4e00d40e3dcf63681 Gerrit-Change-Number: 1042 Gerrit-PatchSet: 3 Gerrit-Owner: MaxF <ma...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: cron2 <ge...@gr...> Gerrit-Attention: MaxF <ma...@ma...> Gerrit-Comment-Date: Sun, 01 Jun 2025 15:41:32 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: cron2 <ge...@gr...> Gerrit-MessageType: comment |
|
From: cron2 (C. Review) <ge...@op...> - 2025-06-01 14:49:18
|
Attention is currently required from: MaxF. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1042?usp=email ) Change subject: mbedtls: Allow TLS 1.3 if available ...................................................................... Patch Set 3: Code-Review-1 (2 comments) Patchset: PS3: I'm confused about exact mbedTLS version numbers that I should test this against File README.mbedtls: http://gerrit.openvpn.net/c/openvpn/+/1042/comment/eb36c616_51198042 : PS3, Line 32: (mbedtls-3.6 or development branch). this 3.6 here does not look right. FreeBSD ships 3.6.2 in ports, and it does not have `mbedtls_ssl_export_keying_material()` (says our configure), and I downloaded `mbedtls-3.6.3.1.tar.bz2` which also does not have it (says "grep -R"). -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1042?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If5e832866b312a2f8a1ce6b4e00d40e3dcf63681 Gerrit-Change-Number: 1042 Gerrit-PatchSet: 3 Gerrit-Owner: MaxF <ma...@ma...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: MaxF <ma...@ma...> Gerrit-Comment-Date: Sun, 01 Jun 2025 14:49:08 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: cron2 (C. Review) <ge...@op...> - 2025-05-31 21:01:26
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/790?usp=email ) Change subject: Define a .clang-format file for the project ...................................................................... Patch Set 15: Code-Review-1 (1 comment) File .pre-commit-config.yaml: http://gerrit.openvpn.net/c/openvpn/+/790/comment/87528ad6_ed45d1b7 : PS15, Line 9: I don't really like this - call me oldfashioned, but requiring python to install something magic from an unknown github url into my most holy repo is not what I feel comfortable with. I'd really prefer to adjust the commit hook we have and keep all this "magic repo related stuff" *in* the repo. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/790?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I40f6af10c5ee2f5aed4185d783fc622a2e3c19ff Gerrit-Change-Number: 790 Gerrit-PatchSet: 15 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Sat, 31 May 2025 21:01:11 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
153 messages has been excluded from this view by a project administrator.
