openvpn

mirror of https://github.com/OpenVPN/openvpn.git synced 2026-06-09 00:42:51 -04:00

Author	SHA1	Message	Date
OpenVPN Renovate	b3c2076a78	chore(deps): update github actions	2026-06-02 17:47:01 +00:00
Frank Lichtenheld	2b8afc6c68	openvpnserv: always use W variant of RpcStringFree() Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details Probably not a real issue since it should always use the W version in our case, but still unclean. Fixes a cppcheck complaint. Change-Id: I3d391016dcd3c66e58f3f05b356bcd419224acb1 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Heiko Hund <heiko@openvpn.net> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1671 Message-Id: <20260514091918.18197-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36915.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-14 16:47:54 +02:00
Frank Lichtenheld	ae63905eb9	openvpnserv: Fix memory leak when loading DLLs Some checks are pending Build / mingw unittest options_parse - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest provider - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / libressl (push) Waiting to run Details Build / openssl4 (push) Waiting to run Details Build / mbedtls4 (push) Waiting to run Details Build / aws-lc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details Identified by cppcheck. Change-Id: Iad3f0c36ac3795fa6a13f2d63bd00ad9c2c30d48 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Heiko Hund <heiko@openvpn.net> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1670 Message-Id: <20260514091512.17662-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36913.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-14 15:12:45 +02:00
Frank Lichtenheld	b6f09d0151	buffer: Fix some issues with -DVERIFY_ALIGNMENT - Fix some uninitalised fields due to BUF_INIT_TRACKING (found by cppcheck and the original reason for this change). - Fix "unused functions" if only BUF_INIT_TRACKING is defined. - Fix conversion error Change-Id: I3ecb76d9022dcd7dae92eb5e9d62e5f018744883 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1666 Message-Id: <20260513092251.28857-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36901.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-14 12:40:19 +02:00
Frank Lichtenheld	50bcb9206b	openvpnserv: Address some uninitVariable warnings from cppcheck In the first case this is about helping cppcheck remember that msg->addr_len and addr_len are the same thing, but we use them in confusing ways. In the second case there is indeed a theoretical code path where we use an uninitialized buffer. So make the code safer. Change-Id: Ida6d4fa8c5c5ffbd7909d6afd51b1b6f32ca2d9f Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Heiko Hund <heiko@openvpn.net> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1674 Message-Id: <20260513150902.27447-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36908.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-14 12:30:30 +02:00
Frank Lichtenheld	d69a0dfe73	Do not use deprecated aliases on Windows Both these work perfectly fine but are discouraged and might cause warnings by compilers. Identified by cppcheck. Change-Id: I04e35928244e6ecda8c58285a812516662b50742 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Heiko Hund <heiko@openvpn.net> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1673 Message-Id: <20260513150838.27382-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36909.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-14 12:27:27 +02:00
Frank Lichtenheld	9922d2c3f3	multi: Remove useless checks Some checks are pending Build / mingw unittest options_parse - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest provider - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / libressl (push) Waiting to run Details Build / openssl4 (push) Waiting to run Details Build / mbedtls4 (push) Waiting to run Details Build / aws-lc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details If mi is NULL, the previous code lines already segfaulted. Identified by cppcheck. Change-Id: If58bb807842b7b95aeffe6849e7a7344e4925762 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1667 Message-Id: <20260513091710.28378-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36899.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-13 13:09:32 +02:00
Frank Lichtenheld	b887872524	pool: Fix a potential NULL pointer de-reference in test code Identified by cppcheck. Probably has been a long time since that code has been compiled, though. Change-Id: I09ebbf6f3555dd68ce8d75bfa844ecac518a0cf2 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1676 Message-Id: <20260508153156.13575-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36865.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-13 11:12:13 +02:00
Frank Lichtenheld	9beebd0a80	route: Clarify operator precedence in a & b ? c : d Some checks are pending Build / mingw unittest options_parse - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest provider - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / libressl (push) Waiting to run Details Build / openssl4 (push) Waiting to run Details Build / mbedtls4 (push) Waiting to run Details Build / aws-lc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details As suggested by cppcheck. Change-Id: I5c9b54dca0a14688a3bb7798cb086f5bde7311b8 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1668 Message-Id: <20260511200645.24711-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36880.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-12 15:49:49 +02:00
Frank Lichtenheld	1400926ada	tun: Remove one useless if check Some checks are pending Build / mingw unittest options_parse - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest provider - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / libressl (push) Waiting to run Details Build / openssl4 (push) Waiting to run Details Build / mbedtls4 (push) Waiting to run Details Build / aws-lc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details The condition was already checked in an outer if check. Identified by cppcheck. Change-Id: I0aeb4583707a80592ec2577fbb060f7fbcb73e48 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1677 Message-Id: <20260508153458.13848-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36867.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-11 19:03:43 +02:00
Frank Lichtenheld	af44c0f892	Fix some msg() calls with wrong number of arguments in Windows-only code Some checks are pending Build / mingw unittest options_parse - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest provider - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / libressl (push) Waiting to run Details Build / openssl4 (push) Waiting to run Details Build / mbedtls4 (push) Waiting to run Details Build / aws-lc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details For some reason neither MSVC nor MinGW complained? cppcheck did (once told that msg is a printf-style function). Change-Id: Ia688ec12e642de699811ced8668b40be9fbb6155 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1672 Message-Id: <20260508153108.13488-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36862.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-11 14:03:29 +02:00
Frank Lichtenheld	fcc34b1352	dco_freebsd: Add check_malloc_return after realloc cppcheck complained about a potential memleak due to realloc failure. But trying to handle that is probably not useful. Just abort like we do for other malloc failures. Change-Id: Icd8ea093dfe9f1888570f3d7b786b951b5262e47 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1669 Message-Id: <20260507075321.25123-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36842.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-07 10:56:35 +02:00
Frank Lichtenheld	74d39dfba2	sample: Fix cppcheck error invalidPrintfArgType_sint Change-Id: Ia7ad24181bd97dccbb77865c10e829778f72a506 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1662 Message-Id: <20260507075502.25473-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36844.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-07 10:41:13 +02:00
Selva Nair	c77d3e90d9	DNS server documentation update Github: OpenVPN/openvpn#937 Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1646 Message-Id: <20260430163249.13638-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36816.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-07 09:42:51 +02:00
Frank Lichtenheld	841ab0b216	t_client.sh: Do not use CA_CERT variable as indicator for good .rc file t_client.sh doesn't actually care about this variable, and our .rc files do not use it anymore. If you really want to dynamically skip running t_client.sh just set TEST_RUN_LIST to empty in the .rc file. Change-Id: I7cf7146c3c4f1a01b0bcb57e03d09b32f8b59780 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1664 Message-Id: <20260506145933.22301-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36827.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-05-06 18:59:34 +02:00
Frank Lichtenheld	64fbcb69a3	dns-scripts: Fix dnssec values in comments and Copyright statement format Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details - Fix the example value of dnssec to an actual valid one - Fix the formatting of the Copyright statements to be consistent with all other files in the project Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 Message-Id: <20260430130354.25337-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36800.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-30 15:19:34 +02:00
Selva Nair	919f5ced7d	dns: minimalist fix for dnssec setting Github: fixes OpenVPN/openvpn#1024 Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 Message-Id: <20260430124020.23066-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36797.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-30 15:08:24 +02:00
Frank Lichtenheld	1570877364	GHA: Add caching for vcpkg builds The nice automatic caching was removed last year, so go back to manual caching of the binary cache dir. While here, also update vcpkg to latest master. Change-Id: I933227aa4bc4f05b58d0e754b4330da807504d01 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Yuriy Darnobyt <yura.uddr@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1642 Message-Id: <20260429093938.23601-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36775.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-29 14:35:13 +02:00
Frank Lichtenheld	cc2926fd5d	GHA: Maintenance Update April 2026 - Updates GHA actions - Switch clang-format job to archive: false supported in new actions/upload-artifact version. This way the file is not encapsulated in a zip - Drop macos-14 builds. This runner is considered deprecated and will be removed later this year. Change-Id: I43851d96c28af0ebcf0c6beab21659e68919d0c6 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Yuriy Darnobyt <yura.uddr@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1641 Message-Id: <20260429093957.23705-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36776.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-29 13:22:12 +02:00
Luis Cruz	01d5562ed7	Fix pkgcs11 vcpkg port installing debug files on release builds Change-Id: Icfa559d9923d7dacb4b72e47b22688a4225c4708 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1640 Message-Id: <20260428124810.29709-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36762.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-28 15:54:16 +02:00
Frank Lichtenheld	ac62337dd5	configure: Remove --enable-strict Both -Wsign-compare (via -Wextra) and -Wuninitalized (via -Wall) are enabled by default. So this does not do anything anymore. While here also remove rest of --enable-strict-options which was mostly removed in commit `2104ea6243` Change-Id: I53e7b984980cb1e2b3f68e80358b61c9e1045725 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1590 Message-Id: <20260427174757.4075-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36752.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-28 14:58:23 +02:00
Max Fillinger	b2e3e0f0cf	Mbed TLS: Error out if we have no valid tls-groups Previously, when no valid groups were specified with the tls-groups option, the Mbed TLS build of OpenVPN would start up and run, but fail to complete a handshake, while the OpenSSL build would exit with an error. This commit changes the behavior of the Mbed TLS build to match the OpenSSL version. Change-Id: Ica5f37e525c3812609021750ecd3986c1420e2a4 Signed-off-by: Max Fillinger <maximilian.fillinger@sentyron.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1633 Message-Id: <20260421055357.21708-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36699.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-27 12:41:13 +02:00
Selva Nair	9ac9a41b82	Fixup: prompting password from management Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details Commit `b450414` added logic for reading password from management when not in file or inline, but it was made conditional on `response_from_stdin` which is always true! Fix by explicitly checking for `password_from_stdin`. Github: fixes OpenVPN/openvpn#1021 Change-Id: I4d46c3672691b159cbd98a17020c4f30782bc202 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1638 Message-Id: <20260424161840.5767-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36739.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-25 19:30:50 +02:00
Arne Schwabe	64fae9d829	Ensure that buffer of freed session are not used Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details In a race condition an old TLS session could still try to send a packet but also get replaced by a new session. In this case, the buffer of the new session is still referenced. Add the check_session_buf_not_used function to mitigate this problem. Also make the check if the to_link pointer is in one of the memory regions a bit better even though this not make a difference with the way we use these structs. But better safe than sorry. A better solution to remove the TM_INITIAL state and handle reconnecting session in their own complete tls_multi is a more involved fix that requires a lot more refactoring. CVE: 2026-40215 Reported-By: XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com) Reported-By: Guannan Wang (wgnbuaa@gmail.com Reported-By: Zhanpeng Liu (pkugenuine@gmail.com) Reported-By: Guancheng Li (lgcpku@gmail.com) Signed-off-by: Arne Schwabe <arne@rfc2549.org> Change-Id: I7c5fa2a7a2563b7a8955d386411f3ceffe5b092f Private-URL: https://github.com/OpenVPN/openvpn-private-issues/issues/112 Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-22 09:46:05 +02:00
Steffan Karger	fa129d7153	tls-crypt-v2: Avoid interpreting opcode as part of WKc The buffer we pass to tls_crypt_v2_extract_client_key contains the entire received control channel packet. We should skip the opcode before trying to read WKC. This logic error is a second bug behind the XlabAI finding, next too the too-strict ASSERT in tls_crypt_unwrap. Also remove a too strict ASSERT in tls_crypt_unwrap. We already check a few lines later for a too short packet and return a proper error ("packet too short"). XlabAI found a way of triggering this ASSERT that requires a tls-crypt-v2 client key that has a specific property (a specific byte need to have a specific value, about 1/256 probability). If an attacker can get hold of such a tls-crypt-v2 client key or observe a handshake using such a key, the attacker can trigger the ASSERT, crashing the server. Setups that do not use tls-crypt-v2 are not affected. Independently, Cisco Talos reported a way to trigger this ASSERT with any tls-crypt-v2 key but this requires the attacker to be also in possession of the private key part of the tls-crypt-v2 client key or to inject packet into a live session of a client session. CVE: 2026-35058 Reported-By: XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com) Reported-By: Guannan Wang (wgnbuaa@gmail.com Reported-By: Zhanpeng Liu (pkugenuine@gmail.com) Reported-By: Guancheng Li (lgcpku@gmail.com) Reported-By: Emma Reuter of Cisco ASIG (TALOS-2026-2381) Signed-off-by: Steffan Karger <steffan@karger.me> Signed-off-by: Arne Schwabe <arne@rfc2549.org> Change-Id: I623733c0476c98f436d19009ee8990693c1579b5 Private-URL: https://github.com/OpenVPN/openvpn-private-issues/issues/111 Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-22 09:46:05 +02:00
Frank Lichtenheld	0b7c295350	dev-tools: Add script to run cppcheck against the code-base Some checks are pending Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / libressl (push) Waiting to run Details Build / openssl4 (push) Waiting to run Details Build / mbedtls4 (push) Waiting to run Details Build / aws-lc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details Also add a suitable suppressions-list file to make it possible to run it without reporting errors. Tested with cppcheck 2.19.0 (Ubuntu 26.04). Change-Id: I125cf63f11257d7245ead2f7feafb86b841580a5 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1620 Message-Id: <20260419134205.21459-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36664.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-22 09:44:22 +02:00
Gert Doering	25a3cec98d	Fix copyright line in README Some checks are pending Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / libressl (push) Waiting to run Details Build / openssl4 (push) Waiting to run Details Build / mbedtls4 (push) Waiting to run Details Build / aws-lc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details 2022->2026 Github: OpenVPN/openvpn#1012 Change-Id: Ie838a5491089cc6b11970aee313a18ba52fc4856 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Yuriy Darnobyt <yura.uddr@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1629 Message-Id: <20260420174735.18824-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36696.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-21 08:17:48 +02:00
Frank Lichtenheld	8485518dce	GHA: Factor out building SSL libs to a reusable workflow Some checks are pending Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / libressl (push) Waiting to run Details Build / openssl4 (push) Waiting to run Details Build / mbedtls4 (push) Waiting to run Details Build / aws-lc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details We amassed a lot of code duplication there. Make it easier to track the differences between the libraries. Change-Id: I3d89016ccae297cfa596897c11a518f1ffbe3dc8 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Yuriy Darnobyt <yura.uddr@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1630 Message-Id: <20260420160732.9492-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36686.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-20 19:04:44 +02:00
Frank Lichtenheld	7f870c0753	dns: Change arguments to setenv_dns_option to avoid sign-compare warning The change is a bit big to fix just one compare warning, but that is due to the highly interdependent code. Change-Id: Ibfcc350c772227cfc0f2244fa2b1625dcb7e6fb5 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1558 Message-Id: <20260407094643.28090-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36531.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-19 18:19:10 +02:00
Frank Lichtenheld	22062deb5d	Remove various redundant conditionals These are all already proven to be true by surrounding code. Identified by cppcheck. Change-Id: Iacf06c113e8db5b7c78270f361ee76938ef1db47 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1613 Message-Id: <20260419135116.22170-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36666.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-19 17:51:47 +02:00
Frank Lichtenheld	6d54d7ca5d	tapctl: Remove unused function dont_mute Identified by cppcheck. Change-Id: I87c40dc94035345add1162e5029e51288811cb09 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1615 Message-Id: <20260419133947.21215-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36662.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-19 17:45:49 +02:00
Selva Nair	287acce1ac	Inlined credentials: read missing password from management interface When commit `39619b7fab` added support for inlining username only, fallback for password was from console. This is not ideal when graphical UI is in use as there is no console. Instead, query the management interface when possible. This patch just extends a similar fix when username is read from a file and password is missing. As before, any username read from file or inlined is not peserved as we currently have no way of locking the username in the management interface prompt. Change-Id: Ieeb2f980330d485739dbf3d722f107c1dbf704fc Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1599 Message-Id: <20260414055900.17132-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36608.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-19 16:00:59 +02:00
Selva Nair	c610746a2c	verify_x509_name: Improve the error message on failure Print the actual string that was used for the match instead of the whole subject. Github: closes OpenVPN/openvpn#992 Change-Id: I6e7947ab81cf229f0d27714dd563a07ace6bd38a Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1624 Message-Id: <20260414055830.17032-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36606.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-19 13:40:56 +02:00
Arne Schwabe	36174520e9	GHA: Add OpenSSL 4.0 build Change-Id: Ic9c993cb8dcfedfd6f99f416c286e0968eb45255 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1601 Message-Id: <20260417110942.16538-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36648.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-18 20:33:13 +02:00
Arne Schwabe	353ec724f9	OpenSSL 4.0: Use X509_check_certificate_times instead of X509_cmp_time The X509_cmp_time function is deprecated in OpenSSL 4.0. So we avoid it and use the new API. Change-Id: I6c2eda0e5bbb3a70b404f821e25ded81f0f5ddd5 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1595 Message-Id: <20260417164644.17897-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36651.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-18 20:05:25 +02:00
David Benjamin	2befad4de1	ssl_openssl: Fix some CRL mixups There are two ways to load CRLs in OpenSSL. They can be loaded at the X509_STORE, shared across verifications, or loaded per verification at the X509_STORE_CTX. OpenVPN currently does the former. However, it also supports CRL reloading, and tries to reload the CRL file before each connection. OpenSSL does not really have a good way to unload objects from an X509_STORE. OpenVPN currently does it by grabbing the STACK_OF(X509_OBJECT) out of the X509_STORE and manually deleting all the CRLs from it. This mutates an OpenSSL internal object which bumps into problems if OpenSSL ever switches to a more efficient representation. See https://github.com/openssl/openssl/pull/28599 (It's also not thread-safe, though it doesn't look like that impacts OpenVPN? Actually even reading that list doesn't work. See CVE-2024-0397. This OpenSSL API was simply broken.) Additionally, this seems to cause two OpenVPN features to not work together. I gather backend_tls_ctx_reload_crl is trying to clear the CRLs loaded from last time it ran. But tls_ctx_load_ca with a ca_file can also load CRLs. tls_ctx_load_ca with ca_path will also pick up CRLs and backend_tls_ctx_reload_crl actually ends up clobbering some state X509_LOOKUP_hash_dir internally maintains on the X509_STORE. Likewise, tls_verify_crl_missing can get confused between backend_tls_ctx_reload_crl's crl_file-based CRLs and CRLs from tls_ctx_load_ca. Avoid all this by tracking the two CRLs separately. crl_file-based CRLs now go onto a STACK_OF(X509_CRL) tracked on the tls_root_ctx. Now this field can be freely reloaded by OpenVPN without reconfiguring OpenSSL. Instead, pass the current value into OpenSSL at verification time. To do so, we need to use the SSL_CTX_set_cert_verify_callback, which allows swapping out the X509_verify_cert call, and also tweaking the X509_STORE_CTX configuration before starting certificate verification. Context: SSL_CTX_set_cert_verify_callback and the existing verify_callback are not the same. SSL_CTX_set_cert_verify_callback wraps the verification while verify_callback is called multiple times throughout verification. It's too late to reconfigure X509_STORE_CTX in verify_callback. verify_callback is usually not what you want. Sometimes current_cert and error_depth don't quite line up, and cert_hash_remember may end up called multiple times for a single certificate. I suspect some of the other verify_callback logic would also be better done in the new callback, but I've left it alone to keep this change minimal. verify_callback is really only usable for suppressing errors. Application bookkeeping is better down elsewhere. Add .clang-format section for STACK_OF since we otherwise format the line as STACK_OF(X509_CRL) * crls Github: see also openssl/openssl#28599 Signed-off-by: David Benjamin <davidben@google.com> Change-Id: I31ac2a763209114267c35c4a9182a12d8d82f6fe Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Acked-by: MaxF <max@max-fillinger.net> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1289 Message-Id: <20260416174142.28918-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36641.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-17 11:30:24 +02:00
Selva Nair	25c5c42ac2	Add unit tests for 'auth-user-pass username-only' Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details Input from stdin is tested. Change-Id: I1c18b3cf4a454444a61941d88a702a140b0ac23d Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1602 Message-Id: <20260414055805.16974-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36605.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-15 11:46:15 +02:00
Dorian Harmans	0188c62ac4	Add ARIA ciphersuite IANA name translations Signed-off-by: Dorian Harmans <me@dorianharmans.nl> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20260414142209.584424-1-me@dorianharmans.nl> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36613.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-15 11:20:25 +02:00
Frank Lichtenheld	9a6e364661	ssl_mbedtls: Fix format string in get_ssl_library_version Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details These are unsigned values, so treat them as such. Identified by cppcheck. Change-Id: I232fba91cfcca6c35d37696bc86890a366f5967f Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1626 Message-Id: <20260414055927.17252-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36607.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-14 18:41:26 +02:00
Luis Cruz	fbaf4a3837	build: Use info fetched from version.m4 Change-Id: I3157e1a228ac7058fca6a88f94076052e33d2e01 Signed-off-by: Luis Cruz <luis.cruz@nordsec.com> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1605 Message-Id: <20260414125637.42082-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36612.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-14 18:31:31 +02:00
Selva Nair	fd1fd077ea	Log when writing username/password to TLS buffer fails Currently we get an unhelpful "Key Method #2 failed" error. Add a more specific warning message. Change-Id: I9468811fd434e17645957fc12770aa2b9ed98fb8 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1600 Message-Id: <20260414055721.16857-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36604.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-14 18:23:04 +02:00
Frank Lichtenheld	0e1899971e	Change type of max_clients to uint32_t Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details peer_id is mostly this already (except in DCO context for some reason), and max_peerid was defined as uint32_t as well. So changing max_clients to uint32_t avoids many -Wsign-compare warnings. While here fix limit for max_clients in options parsing. It is not allowed to be MAX_PEER_ID exactly. Change-Id: I8d6b7bc1b7744dc6d57aaed3231b8901275752f2 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1564 Message-Id: <20260407112434.5588-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36535.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-12 17:13:28 +02:00
Frank Lichtenheld	9760928e39	networking_sitnl: Make sitnl_parse_rtattr* return void It returned a constant value so it didn't actually do anything. Identified by cppcheck. Change-Id: Idfe2afd9616e17f0f80a914ff054ae18f0b6972b Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1614 Message-Id: <20260408204213.9892-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36559.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-12 17:11:06 +02:00
Arne Schwabe	ab3ba0cab7	Optimise iterating over all clients by remembering highest peer id This keeps track of the highest peer id that is currently allocated to avoid iterating over the empty tail of the m->instances array. Change-Id: If797f3fe178fba3f43fb12898e5484bfb38f05c3 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1557 Message-Id: <20260412125356.32261-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36577.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-12 15:47:55 +02:00
Arne Schwabe	930968086d	Remove multi_context->iter The multi_context->iter is basically a hash with only one bucket. This makes m->iter a linear list. Instead of maintaining this extra list use m->instances instead. This is a fixed sized continuous array, so iterating over it should be very quick. When the number of connected clients approaches max_clients, iterating over a static array should be faster than a linked list, especially when considering cache locality. Of the several places where m->iter is used only one is potentially on a critical path: the usage of m->iter in multi_bcast. However this performance difference would be only visible with a lightly loaded server with very few clients. And even in this scenario I could not manage to measure a difference. Change-Id: Ibf8865e451866e1fffc8dbc8ad5ecf6bc5577ce4 Signed-off-by: Arne Schwabe <arne-openvpn@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1556 Message-Id: <20260313104955.16748-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36087.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-12 14:50:34 +02:00
Arne Schwabe	b4cb98b5bb	Try to emphasise the transition from old ovpn-dco to new ovpn module Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details This tries to ensure that the difference between the old and new module is clearer. Also removed a duplicate section about --disable-dco from the manual page. This also changes one instance of ovpn-dco to ovpn that is probably a bug when reusing a tun device. Change-Id: Iff9f6811fdf553f59f2afee0072d7bf90133d328 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1550 Message-Id: <20260411090625.18343-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36573.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-11 16:38:41 +02:00
Frank Lichtenheld	1491fc8e05	Clarify operator precedence in a & b ? c : d Some checks failed Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Has been cancelled Details Build / mingw unittest argv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest auth_token - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest buffer - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest crypto - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest misc - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ncp - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest openvpnserv - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest options_parse - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest packet_id - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest pkt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest provider - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest ssl - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Has been cancelled Details Build / mingw unittest user_pass - x86 - Release - OSSL (push) Has been cancelled Details Deploy Doxygen documentation to Pages / deploy (push) Has been cancelled Details As suggested by cppcheck. Change-Id: Ia153e0de888c0ee21199b192f3471ce4c08cb5c7 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1619 Message-Id: <20260407205235.31126-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36545.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-08 14:35:01 +02:00
Frank Lichtenheld	df430b03d5	openvpnserv: Remove redundant bit-wise operation Found by cppcheck. Change-Id: I7f983168c263e49da7665fc20bd1ecdd426c21d0 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1623 Message-Id: <20260407205344.31263-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36547.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-08 14:33:40 +02:00
Frank Lichtenheld	798884d6df	test_buffer: Add test for buf_null_terminate Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details Change-Id: I01683153a68e1809a4d7ab455eb346f53780e219 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1580 Message-Id: <20260407095044.28528-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36532.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-07 12:53:42 +02:00
Luca Boccassi	49ff16dd54	management: add base64 multi-line input for passwords Some checks are pending Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions Details Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run Details Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run Details Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run Details Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run Details Build / macos-14 - libressl - asan (push) Waiting to run Details Build / macos-14 - openssl@3 - asan (push) Waiting to run Details Build / macos-15 - libressl - asan (push) Waiting to run Details Build / macos-15 - openssl@3 - asan (push) Waiting to run Details Build / macos-26 - libressl - asan (push) Waiting to run Details Build / macos-26 - openssl@3 - asan (push) Waiting to run Details Build / macos-14 - libressl - normal (push) Waiting to run Details Build / macos-14 - openssl@3 - normal (push) Waiting to run Details Build / macos-15 - libressl - normal (push) Waiting to run Details Build / macos-15 - openssl@3 - normal (push) Waiting to run Details Build / macos-26 - libressl - normal (push) Waiting to run Details Build / macos-26 - openssl@3 - normal (push) Waiting to run Details Build / msbuild - amd64 - openssl (push) Waiting to run Details Build / msbuild - amd64-clang - openssl (push) Waiting to run Details Build / msbuild - arm64 - openssl (push) Waiting to run Details Build / msbuild - x86 - openssl (push) Waiting to run Details Build / msbuild - x86-clang - openssl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - libressl (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - libressl (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - mbedtls4 (push) Waiting to run Details Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run Details Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run Details Deploy Doxygen documentation to Pages / build (push) Waiting to run Details Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions Details Allow management clients to send long passwords via the usual multi-line base64 encoded protocol. A client declares MCV 5 support and sends a 'password <type>' line, followed by as many lines (each up to 1024 bytes) as needed, in base64 encoded format, terminated by 'END'. This is useful when a password is a JIT-generated use-once token. Declare management version 6 for this feature. Change-Id: Ib99f171fb69d51f2260b44edf8ebe21ac958f233 Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com> Acked-by: Selva Nair <selva.nair@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1593 Message-Id: <20260330180900.16608-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36360.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-06 12:38:55 +02:00

1 2 3 4 5 ...

4629 commits