| Message ID | 20251204134521.20025-1-gert@greenie.muc.de |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:6c3:b0:7b1:439f:bdf with SMTP id j3csp9283244maw;
Thu, 4 Dec 2025 05:45:39 -0800 (PST)
X-Forwarded-Encrypted: i=2;
AJvYcCW4uN0udWfkVrhRBqk2CBvJw/FMhuJDvMMyiO/kRQqFpbBJKfFJiGFEAx4OBTmgWYwMiEC5Fj2a/lQ=@openvpn.net
X-Google-Smtp-Source:
AGHT+IHscw8ogBzZ+K8PUYFBGU7CU1Sv8GPqPwRBEYhoP8NnbdKjWuQrjfeGKdxy8z+3YyuP7ED8
X-Received: by 2002:a05:6870:2414:b0:3e8:8ec1:eba1 with SMTP id
586e51a60fabf-3f1693e5ad3mr3309958fac.36.1764855939425;
Thu, 04 Dec 2025 05:45:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1764855939; cv=none;
d=google.com; s=arc-20240605;
b=DxOZZRx1BvCI4KHMM7e05Ae/u68XHFuo6vIcPb/wrrPockD8ZTm1Lgv0UbRLgn2WTJ
iTTKrMrH6eejkfPFrwURI5uLzO+cZjc3JqVEkGKN5ID9eYoznsjZXXV7USkv3cNlxAPw
t0JaBW29iDylzzU+6glKGnTD/JCpVGhxRYLG54WfzIKMJUGeHhehyRuB4580fZp1F2rQ
IevrUaRZjRxAOOrVBpFlYe/Io8d4OxkzsRhFhlieSR9j6uMTkNZY79dYNosx0VFGUmNg
MvGU4Xv4DeJPovbJcGnnX8k7x/TJgkvPD3pHv4UZaisJsdyGcO5nnFTETMKrhGVmGMs4
r1Kw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature;
bh=bFVjrRpkzwFGatw5ueqE2J47jNMPNKhYPPzdKprRtiM=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=kOTugLlP0/vxEoL04EkIzM2EIXGhnTuuSrVaeO80R67fK4Dm4XXHOopunEVZtEgkP7
xaHmL/s4DAdPBtgTawT4z3KotUIm6gfm3Jr6yrUNf8oHjzQOSZhU5i9dWyL7i6yHPXY+
hmjW9E4IbcJzN/ZzXZJF5Jv1G/JD2lDTiT3FfPSCuDA11Yv4js6UZXF0bdWKLfuvOHiD
qIPWqlNbvc4wwVOMfVpEgLB3mtq6gooohuY5S0u1DJvNqk4KVExL8kgIJvU/VgBEjgQH
wNZwyL7KMxkynhqlC6FlY5yDwtzAGSsuxlPWKQyiXg7X5jE5Xz6Cek71ANraCk+JuPgs
Pgbw==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=KsMLtSPR;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=PFHUnLuE;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=UXoMSszg;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
586e51a60fabf-3f50b51469esi353837fac.449.2025.12.04.05.45.39
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Thu, 04 Dec 2025 05:45:39 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=KsMLtSPR;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=PFHUnLuE;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=UXoMSszg;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=bFVjrRpkzwFGatw5ueqE2J47jNMPNKhYPPzdKprRtiM=; b=KsMLtSPRPwhGCvRfKgKEeNxogB
j5mQYtS1tGG7KS9g11IqpnvbviSN3gBETB66LqGR7aqe+gWVjQfV3u4PxoBhW1Hz+4UqPdo0rWuAg
XDDbo1MKyeBcMeouJaawGvgxaxtic/0zHXWfFJvtP1WucOPaYh7jCVa0ON4X3dSd5mAY=;
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1vR9eK-0003HR-5h;
Thu, 04 Dec 2025 13:45:36 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gert@blue4.greenie.muc.de>) id 1vR9eI-0003HL-Ms
for openvpn-devel@lists.sourceforge.net;
Thu, 04 Dec 2025 13:45:34 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Asdh2gkDzyCgRszCMz3qVMxFQTML8Hwt86cl9s3a948=; b=PFHUnLuEndet9WdLo8LxMFv3qQ
Pr2FJOU4GfgJj0rn95HvEU0k3IzTz8MHjrN5RQyUfXZT4vMRxjaOnUDPGiqX/pw4utKBUQZlyd38o
vrQo9Z+7eq130Ut+LbUnjcNON7oQEd0rE/sTGCQ1je2/UdDepUUMnNpmqS6l0+Q0cZOk=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=Asdh2gkDzyCgRszCMz3qVMxFQTML8Hwt86cl9s3a948=; b=UXoMSszgDC/X8uOPP+Op0lmR09
yC9pwp8WMAvmi0NML+12g+TYcs8jMjzhO8/EaqCSBrTTi+HCgE78ZvqOlJv/p2hP1zIGh5jXDIWGW
rg6eQrz0RMrs7ewCVH1mikWG0lfjzZA0ZmJAEntMkmt9MBLTtExD9WpRHBthTVLkokx8=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1vR9eH-0000EW-HW for openvpn-devel@lists.sourceforge.net;
Thu, 04 Dec 2025 13:45:34 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5B4DjLsq020045
for <openvpn-devel@lists.sourceforge.net>; Thu, 4 Dec 2025 14:45:21 +0100
Received: (from gert@localhost)
by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5B4DjLpv020044
for openvpn-devel@lists.sourceforge.net; Thu, 4 Dec 2025 14:45:21 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Thu, 4 Dec 2025 14:45:16 +0100
Message-ID: <20251204134521.20025-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.51.2
In-Reply-To:
<gerrit.1762945572000.I1104044701145fa37cea857e2e0e0fcac7a2bee3@gerrit.openvpn.net>
References:
<gerrit.1762945572000.I1104044701145fa37cea857e2e0e0fcac7a2bee3@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-2.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Arne Schwabe <arne@rfc2549.org> This is a corner case
and only the FreeBSD DCO module support the none encryption but as long as
it supports it, we should only enable it when the configuration actually
allows to enable it.
Content analysis details: (1.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1vR9eH-0000EW-HW
Subject: [Openvpn-devel] [PATCH v2] Fix dco with null cipher being enabled
without auth none
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1850585581516176768?=
X-GMAIL-MSGID: =?utf-8?q?1850585581516176768?=
|
| Series |
[Openvpn-devel,v2] Fix dco with null cipher being enabled without auth none
|
expand
|
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 7abdad3..6a1a5c9 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -474,6 +474,18 @@ gc_free(&gc); return false; } + /* FreeBSD supports none as cipher type but requires auth none to be + * be also enabled */ + if (strcmp(token, "none") == 0 && strcmp(o->authname, "none") != 0) + { + msg(msglevel, + "Note: cipher '%s' in --data-ciphers is only supported " + "with --auth=none by ovpn-dco, disabling data channel " + "offload.", + token); + gc_free(&gc); + return false; + } } gc_free(&gc);