openvpn

mirror of https://github.com/OpenVPN/openvpn.git synced 2026-04-15 22:20:38 -04:00

Author	SHA1	Message	Date
Selva Nair	25c5c42ac2	Add unit tests for 'auth-user-pass username-only' Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details Input from stdin is tested. Change-Id: I1c18b3cf4a454444a61941d88a702a140b0ac23d Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1602 Message-Id: <20260414055805.16974-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36605.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-15 11:46:15 +02:00
Dorian Harmans	0188c62ac4	Add ARIA ciphersuite IANA name translations Signed-off-by: Dorian Harmans <me@dorianharmans.nl> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20260414142209.584424-1-me@dorianharmans.nl> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36613.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-15 11:20:25 +02:00
Frank Lichtenheld	9a6e364661	ssl_mbedtls: Fix format string in get_ssl_library_version Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details These are unsigned values, so treat them as such. Identified by cppcheck. Change-Id: I232fba91cfcca6c35d37696bc86890a366f5967f Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1626 Message-Id: <20260414055927.17252-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36607.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-14 18:41:26 +02:00
Luis Cruz	fbaf4a3837	build: Use info fetched from version.m4 Change-Id: I3157e1a228ac7058fca6a88f94076052e33d2e01 Signed-off-by: Luis Cruz <luis.cruz@nordsec.com> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1605 Message-Id: <20260414125637.42082-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36612.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-14 18:31:31 +02:00
Selva Nair	fd1fd077ea	Log when writing username/password to TLS buffer fails Currently we get an unhelpful "Key Method #2 failed" error. Add a more specific warning message. Change-Id: I9468811fd434e17645957fc12770aa2b9ed98fb8 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1600 Message-Id: <20260414055721.16857-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36604.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-14 18:23:04 +02:00
Frank Lichtenheld	0e1899971e	Change type of max_clients to uint32_t Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details peer_id is mostly this already (except in DCO context for some reason), and max_peerid was defined as uint32_t as well. So changing max_clients to uint32_t avoids many -Wsign-compare warnings. While here fix limit for max_clients in options parsing. It is not allowed to be MAX_PEER_ID exactly. Change-Id: I8d6b7bc1b7744dc6d57aaed3231b8901275752f2 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1564 Message-Id: <20260407112434.5588-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36535.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-12 17:13:28 +02:00
Frank Lichtenheld	9760928e39	networking_sitnl: Make sitnl_parse_rtattr* return void It returned a constant value so it didn't actually do anything. Identified by cppcheck. Change-Id: Idfe2afd9616e17f0f80a914ff054ae18f0b6972b Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1614 Message-Id: <20260408204213.9892-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36559.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-12 17:11:06 +02:00
Arne Schwabe	ab3ba0cab7	Optimise iterating over all clients by remembering highest peer id This keeps track of the highest peer id that is currently allocated to avoid iterating over the empty tail of the m->instances array. Change-Id: If797f3fe178fba3f43fb12898e5484bfb38f05c3 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1557 Message-Id: <20260412125356.32261-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36577.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-12 15:47:55 +02:00
Arne Schwabe	930968086d	Remove multi_context->iter The multi_context->iter is basically a hash with only one bucket. This makes m->iter a linear list. Instead of maintaining this extra list use m->instances instead. This is a fixed sized continuous array, so iterating over it should be very quick. When the number of connected clients approaches max_clients, iterating over a static array should be faster than a linked list, especially when considering cache locality. Of the several places where m->iter is used only one is potentially on a critical path: the usage of m->iter in multi_bcast. However this performance difference would be only visible with a lightly loaded server with very few clients. And even in this scenario I could not manage to measure a difference. Change-Id: Ibf8865e451866e1fffc8dbc8ad5ecf6bc5577ce4 Signed-off-by: Arne Schwabe <arne-openvpn@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1556 Message-Id: <20260313104955.16748-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36087.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-12 14:50:34 +02:00
Arne Schwabe	b4cb98b5bb	Try to emphasise the transition from old ovpn-dco to new ovpn module Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details This tries to ensure that the difference between the old and new module is clearer. Also removed a duplicate section about --disable-dco from the manual page. This also changes one instance of ovpn-dco to ovpn that is probably a bug when reusing a tun device. Change-Id: Iff9f6811fdf553f59f2afee0072d7bf90133d328 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1550 Message-Id: <20260411090625.18343-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36573.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-11 16:38:41 +02:00
Frank Lichtenheld	1491fc8e05	Clarify operator precedence in a & b ? c : d Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details As suggested by cppcheck. Change-Id: Ia153e0de888c0ee21199b192f3471ce4c08cb5c7 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1619 Message-Id: <20260407205235.31126-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36545.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-08 14:35:01 +02:00
Frank Lichtenheld	df430b03d5	openvpnserv: Remove redundant bit-wise operation Found by cppcheck. Change-Id: I7f983168c263e49da7665fc20bd1ecdd426c21d0 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1623 Message-Id: <20260407205344.31263-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36547.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-08 14:33:40 +02:00
Frank Lichtenheld	798884d6df	test_buffer: Add test for buf_null_terminate Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details Change-Id: I01683153a68e1809a4d7ab455eb346f53780e219 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1580 Message-Id: <20260407095044.28528-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36532.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-07 12:53:42 +02:00
Luca Boccassi	49ff16dd54	management: add base64 multi-line input for passwords Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details Allow management clients to send long passwords via the usual multi-line base64 encoded protocol. A client declares MCV 5 support and sends a 'password <type>' line, followed by as many lines (each up to 1024 bytes) as needed, in base64 encoded format, terminated by 'END'. This is useful when a password is a JIT-generated use-once token. Declare management version 6 for this feature. Change-Id: Ib99f171fb69d51f2260b44edf8ebe21ac958f233 Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com> Acked-by: Selva Nair <selva.nair@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1593 Message-Id: <20260330180900.16608-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36360.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-06 12:38:55 +02:00
Frank Lichtenheld	5d7068fa18	push: Make prepare_push_reply return void It returned a constant value so it didn't actually mean anything. While here also make it static. Identified by cppcheck. Change-Id: Ied966413948cf3c935a8a1eb91172ef7a6948bdd Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1616 Message-Id: <20260406072617.27790-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36514.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-06 12:01:28 +02:00
Frank Lichtenheld	cdb0fbde26	test_packet_id: Add a check after malloc to ensure value is valid cppcheck complains about a potential null pointer dereference in reliable_get_num_output_sequenced_available. That is mostly theoretical, but still add a check. Change-Id: I64da2328591ef2b9ee7502e574c878651cdf356a Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1621 Message-Id: <20260406074729.29903-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36516.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-06 12:00:30 +02:00
Frank Lichtenheld	08a19843a1	win: Fix nrpt_dnssec flag handling Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details By default the first enum value is 0. But we check whether we set the flag by doing BOOL dnssec = (msg->flags & nrpt_dnssec) != 0; This can't ever be true. Found by cppcheck. Change-Id: Iff5be978817bfc0cd4d78818e7be7b90bad71f3c Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1606 Message-Id: <20260405102209.31528-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36487.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-05 16:28:20 +02:00
Frank Lichtenheld	7b44e01b96	crypto_backend: Remove md_full There was only one user for mbedtls < 4.0, so remove all the unused implementations. Identified by cppcheck. Change-Id: Ie2285f5bf52f5c669fb01f9ae36d6aa1674f0929 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1612 Message-Id: <20260405103110.32401-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36495.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-05 16:25:18 +02:00
Frank Lichtenheld	d44ed886c2	mtcp: Remove noop statement in multi_tcp_process_outgoing_link_ready Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details Assigning to a parameter here has no effect. I can see no obvious alternative statement that might have been intended. Found by cppcheck. Change-Id: I04a01cf536ee6d48d54ba623dda460c4a98859f9 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1609 Message-Id: <20260404203335.30650-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36478.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-05 12:26:48 +02:00
Frank Lichtenheld	b6cea99f4a	Remove various unused structs Change-Id: I46499ff1f40dbdb94b84d58d17457d0ccdd75288 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1607 Message-Id: <20260404203615.30863-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36468.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-05 12:19:12 +02:00
Frank Lichtenheld	4494a34396	openvpnmsica: Fix setting of iTicks in schedule_adapter_delete Increase the integer, not the pointer. Found by cppcheck. Change-Id: I4d6501ddfb321f57a76841f29ff92c5a412908bb Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1608 Message-Id: <20260404203525.30790-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36476.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-05 12:15:41 +02:00
Arne Schwabe	59934618e7	Do not access internals of ASN1_INTEGER to print hex of serial Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details OpenSSL 4.0 does not allow internal access to to these data structures anymore. So use public methods to get the serial data and convert it to hex. Change-Id: I5158fbb0762443ea4954e5745f520e83e019ed30 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1589 Message-Id: <20260404155726.7696-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36459.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-04 22:12:46 +02:00
Frank Lichtenheld	ecda555404	doc: Remove some explanations for pre-2.3 configurations Just streamline the documentation a bit. Change-Id: Ieaaf3a79642c8f7914f9bfc6762ad601c4f5695b Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1603 Message-Id: <20260402120435.39983-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36434.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-04 17:51:44 +02:00
Arne Schwabe	9b663a0824	OpenSSL 4.0: Make X509 objects const In OpenSSL 4.0 a lot of the APIs have changed to return const objects. Adjust our source code to use const objects as well. Change-Id: Iea1d13c160599f134587c6f1c2f4a90e7f5e3991 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1596 Message-Id: <20260402121049.41102-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36437.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-04 17:24:04 +02:00
Arne Schwabe	27d1b9a0da	Add unit test for printing various details of certificates These unit tests will ensure that refactoring of these methods does not change the output. Change-Id: Iacbd8195cdedc7226bddc686ca8dccf9f25f8842 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1598 Message-Id: <20260331173403.3082-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36389.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-04 16:08:29 +02:00
Arne Schwabe	579046470f	Rename key* to privkey* in cert_data.h The name key2 conflicts with our struct key2 and prevents these test keys from being used in test_ssl.c Change-Id: Id8680e6555a66024417d6eb9322d4fde79922453 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1597 Message-Id: <20260401102247.21915-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36401.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-04 16:01:05 +02:00
Arne Schwabe	8ce6f8d166	Use ASN1_BIT_STRING_get_bit to check for netscape certificate usage The ASN_BIT_STRING object has become opaque in OpenSSL 4.0. So instead of accessing the internal, we have to use a method now to check these attributes. The bit counting in ASN.1 and of this method is a bit strange and it will count bits from the left instead of the right, so the previous mask of 0x80 for clients is now 0 and 0x40 for server is now 1. Change-Id: I77500d435f212a4bf42ee8cfca07d0285fe694f2 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1587 Message-Id: <20260404072336.30014-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36446.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-04 15:45:46 +02:00
Greg Cox	c39742d1a7	Update --learn-address man page with ipv6 information Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details The `--learn-address` option is very v4-specific in its man page. This expands the docs based on things I tripped over when bringing up a dual-stack server. Signed-off-by: Greg Cox <gcox@mozilla.com> Github: closes OpenVPN/openvpn#1009 Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20260330231355.84547-2-gcox@mozilla.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36363.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-31 15:51:44 +02:00
Frank Lichtenheld	3ba7602243	ssl_ncp: Fix type of "found" parameter of check_pull_client_ncp Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details In commit `91fd9614f9` type of "found" was changed to uint64_t. But due to -Wconversion not yet enabled in all of init.c one occurence of the old type was missed. Change-Id: I1a6dfc175075636bc7a5761215547077a9dc397a Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1594 Message-Id: <20260331060112.5195-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36364.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-31 09:59:22 +02:00
Frank Lichtenheld	bee158db0f	buffer: Avoid sign-compare warnings Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details - Switch buffer_list size and max_size to size_t - Guard some unavoidable size_t -> int conversions Change-Id: Iecc3e3d5d13cb85c1f287ad4816e1e6a7b2bcdef Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1561 Message-Id: <20260330113648.19896-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36335.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-30 14:55:32 +02:00
Frank Lichtenheld	88325a9a75	wfp_block: Avoid sign-compare warning with Fwpm* return types FWP_E_ALREADY_EXISTS is explictly casted to HRESULT which is LONG. But Fwpm* return DWORD. So if you compare an expected result with the actual result you get an sign-compare warning... Change-Id: I2f6502da1832edcb273a0dfa9b3ef940bec2d711 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1506 Message-Id: <20260330113826.20057-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36337.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-30 14:53:04 +02:00
Selva Nair	dfbf80b0a0	Add an optional username-only flag for auth-user-pass Specify "--auth-user-pass username-only" for openvpn to prompt for only username, not password. Prompt via management interface uses the usual ">PASSWORD 'Auth' " prompt with type "username" instead of "username/password". Internally, the password gets set as "[[BLANK]]" which is currently used as tag for blank password. Not compatible with --static-challenge or when username and password are inlined or read from a file. In such cases, the user hard-code a dummy password in the file instead. Change-Id: I788f76e6a70a9c20bca3367140d2741bd0551582 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1548 Message-Id: <20260303142819.6123-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35855.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-30 13:58:45 +02:00
Gianmarco De Gregori	7ac5f89023	socket: restore per-connection lport override over global default OpenVPN 2.7.x introduced a regression where --lport specified inside a <connection> block did not override a globally defined local port. As a result, the socket was bound to the global default port instead of the per-connection value. Adjust the socket local_port selection logic to honour local_port_defined when set for the active connection profile. This change restores the documented and previously working behaviour from 2.6.x, where connection-level lport takes precedence over global defaults. Github: closes OpenVPN/openvpn#995 Change-Id: I7cf5d5ef7e2531f397ad97baf4663e3763072f6b Signed-off-by: Gianmarco De Gregori <gianmarco@mandelbit.com> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1555 Message-Id: <20260316134841.28362-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36164.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-30 13:08:40 +02:00
Haixiao Yan	690aace41a	tests: skip test execution when cross-compiling The auth-pam unit test Makefile.am unconditionally assigns the TESTS variable, causing test execution to fail during cross-compilation because the target binaries are not executable on the build host. Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Acked-By: Frank Lichtenheld <frank@lichtenheld.com> Message-Id: <20260326062016.3856597-1-haixiao.yan.cn@windriver.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36288.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-30 13:05:14 +02:00
Arne Schwabe	91fd9614f9	Change type of option flag from unsigned int to uint64_t Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details We currently use all 32 bits of the unsigned int for option classes. While we can probably can retire 2-3 of the existing options, at some point we will hit the limit again. Instead of fully rewriting this logic to use a different approach or structure, changing the type from unsigned int to uint64_t seem to be a lot less intrusive approach. Change-Id: I8ca07e2bbb5de229204191d61e90f084a58969af Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1583 Message-Id: <20260325124338.123477-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36266.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-27 18:46:29 +01:00
Frank Lichtenheld	5933af1620	auth_token: Clean up type handling in verify_auth_token and its UT Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details First of all remove the testing of renegotiation_seconds. Commit `9a51617041` made it irrelevant for verify_auth_token but still left UTs for it. But AFAICT these UTs only test that renegotiation_seconds is bigger than auth_token_renewal, so it tests the UT setup routine... Also improve the code to require less casts under -Wsign-compare. Add a comment that this code is not y38 safe if time_t is 32bit. Probably nothing we want to do from our side since in that case everything that uses "now" is borked. So we trust in the OS here... Change-Id: I73dba29719ea685f0427a3c479e7f1f176f09eba Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1510 Message-Id: <20260312173144.15602-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36079.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-26 17:46:10 +01:00
Arne Schwabe	7b5ebf7c44	Increase default size of internal hash maps to 4 * --max-clients Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details The default of 256 seems quite low as with (at least) 1024 possible entries (the --max-clients default setting) we have a guaranteed collisions. Using 4 times the number of possible entries for real addresses should reduce collisions quite a bit while also leaving some headroom for the virtual addresses hash where a client might have more than one address. A reason to keep the limit so low are the memory requirements. Each bucket has the size of one linked-list pointer (4 byte or 32 bit and 8 byte for 64 bit). So 256 buckets use 1 or 2 kB while 4096 will use 16 kB or 32 kB. When the current limit was set 20 years ago this might have been a meaningful memory saving but today the collision probability is more important. Change-Id: Ia699b0dfa407ac377970bb130434298eaaec592b Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1563 Message-Id: <20260325124526.124049-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36268.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-26 15:45:49 +01:00
Arne Schwabe	3316a18ebe	Use const specifices in extract_x509_field_ssl The new OpenSSL 4.0 will return const objects from these objects, so make them const in our code as well. Change-Id: Ia43bb88d9ddf2e82c638011353a64c770f2c2c0a Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1588 Message-Id: <20260326110658.25741-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36291.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-26 15:16:40 +01:00
Arne Schwabe	07954eea05	Do not support tls_ctx_set_cert_profile on AWS-LC SSL_CTX_set_security_level does nothing on AWS-LC and gives a deprecated warning on compile. It is better to give the user a warning than to effectively silently ignore it as well. Change-Id: I74841d3611c62d3c59fc839bc73a0c83ce025262 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1579 Message-Id: <20260322111207.8346-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36243.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-26 15:08:10 +01:00
Rudi Heitbaum	dc4a9255f1	ssl_verify_openssl: use official ASN1_STRING_ API ASN1_STRING are now opaque types in OpenSSL 4.x — the internal data and length fields are no longer directly accessible. Use the accessor API instead. Accessors have been available since OpenSSL 1.1.0 The ASN1_STRING_length accessor is already in use, but not consistently applied. Standardise on using ASN1_STRING_length and ASN1_STRING_get0_data which allows for successful build of OpenSSL 4.x Change-Id: I8adffc3152b5b502a820a8ae0f901717e4831f81 Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1584 Message-Id: <20260323121908.730-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36254.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-26 15:01:25 +01:00
Arne Schwabe	ee2af6655d	Use openssl_err_t typedef to deal with difference between TLS libraries Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details AWS-LC and OpenSSL disagree on the type of that errors are reported in. Instead of having a lot of glue code and casting back and forth, use a typedef to always use the right type. Change-Id: I4adbdf0c8b82fd7de309aa5f6f3b0c8157c5ffe7 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1578 Message-Id: <20260322111131.8251-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36242.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-22 12:59:19 +01:00
Arne Schwabe	a84f8cf60c	GHA: Cache built crypto libraries Semver code changes by Frank Change-Id: Ie21fdb01b843a7af09fcd469b08c775eee7e3745 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1577 Message-Id: <20260322103820.4717-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36238.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-22 11:40:53 +01:00
Frank Lichtenheld	a04a3cedd4	ssl_mbedtls: Avoid conversion and sign-compare warnings Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details Change-Id: I777a3a5f4f137432a19746972e2aad1732184feb Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1559 Message-Id: <20260314170948.2898-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36137.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-16 15:01:04 +01:00
Arne Schwabe	369c751078	Remove unnecessary OpenSSL init and cleanup commands in unit tests After the removal of OpenSSL 1.0.2 support these instructions are no longer needed and the main OpenVPN program also no longer calls them in init_ssl_lib or free_ssl_lib. Also remove them from the unit tests. This also solves a deprecation warning on EVP_cleanup when compiling with aws-lc Change-Id: I228f6fd9ff18256f09d4348df1fc48853f8e7306 Signed-off-by: Arne Schwabe <arne-openvpn@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1568 Message-Id: <20260316121148.25189-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36153.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-16 14:43:01 +01:00
Frank Lichtenheld	b0c2174a9e	crypto: Change cipher_kt_*_size to return unsigned instead of int Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details OpenSSL uses int but never returns negative values. mbedTLS < 4 uses size_t and mbedTLS >= 4 doesn't have its own implementation, so we can choose. We chose unsigned int since size_t seems a bit silly for values that are never even close to UINT_MAX. Making it unsigned makes it easier in most cases to write code that doesn't have sign-compare issues. Also change cipher_ctx_iv_length and cipher_ctx_block_size to return an unsigned value for similar reasons. v7: - switch to unsigned int instead of size_t Change-Id: I1bc576c4c7ffacbb9300608d98b06b22f2475fd9 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1508 Message-Id: <20260313175209.12024-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36114.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-14 18:01:22 +01:00
Heiko Hund	c26437c0d3	doc: fix typo with --ingore-unknown-option Change-Id: Ie502c982bda67d55ee74e4f2f66c26ea82698e60 Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1575 Message-Id: <20260313104615.15951-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36085.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-14 17:53:56 +01:00
Heiko Hund	3459f09f49	doc: improve Windows-specific options section Change-Id: I29a33ac23f3c1a7cf16196aecc46ec3597a22175 Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1574 Message-Id: <20260313103707.14534-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36084.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-14 17:52:26 +01:00
Frank Lichtenheld	c02964f0b2	systemd: Change LimitNPROC to TasksMax and increase limit There were some complaints about valid setups that ran into problems with LimitNPROC. This is especially true since LimitNPROC limits the total amounts of threads running for the same uid, so if multiple openvpn services run under the same user, they will compete for resources. As suggested in the systemd documentation change this to TasksMax which really counts the threads running in one specific service. Also increase the limit. When using e.g. resolvconf for DNS configuration the limit can be exhausted just due to the amount of nested shell scripts. Github: Fixes OpenVPN/openvpn#929 Change-Id: Ic877f9a9c6459c6eb97cde1099f47f0b196b8084 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1539 Message-Id: <20260313223833.3813-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36123.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-14 11:48:20 +01:00
Arne Schwabe	a659605d8c	Show version and double check we use the right TLS library in Github Actions Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details We recently discovered that the AWS-LC builds in Github Actions were actually using OpenSSL. This will now cause an error if something like this happens in the future again. Change-Id: Ia929c949cceaabe21a2937ad3217052aec4b2b4c Signed-off-by: Arne Schwabe <arne-openvpn@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1566 Message-Id: <20260313175324.12121-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36115.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-13 23:25:17 +01:00
Arne Schwabe	30c1c8cd61	GHA: Install aws-lc under /opt/aws-lc The previous installation inside the OpenVPN workspace directory caused the AWS-LC installation to be deleted. And that caused to OpenSSL to be used instead of AWS-LC during the build This also removes the --enable-werror flag from AWS-LC because it currently not even close to build without warnings. Change-Id: I090f5b201d67f51d2e42df1914a8466bcfcb6bf8 Signed-off-by: Arne Schwabe <arne-openvpn@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1565 Message-Id: <20260313153007.31810-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36106.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-03-13 18:41:28 +01:00

1 2 3 4 5 ...

4593 commits