From patchwork Mon Mar 2 14:18:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4784 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:292f:b0:83c:d90d:321 with SMTP id f15csp1814792maw; Mon, 2 Mar 2026 06:18:27 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCV6XINk1Yv3BQ7jGY3h/DgVwhXRqQ5wsMH7DHzoeE6sk2mtTt5iMotR9ckh4wJXz1Fop7Ix/uLjVNg=@openvpn.net X-Received: by 2002:a05:6808:1719:b0:450:d5cf:2f49 with SMTP id 5614622812f47-464be9d59b4mr5593704b6e.17.1772461107379; Mon, 02 Mar 2026 06:18:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1772461107; cv=none; d=google.com; s=arc-20240605; b=HNE5qmfj0Z4n7+B4PY7NYP5AYlOgr6Febl9OKrD1FqCNbzVNqE1ILg99DOPL+mfzvw VeISebrOSqOG1tWb0utejTs0qA6g5xk8tLzNgirq2jK1phuypVgO3Q34EUYnwJ5QgFHp ufE5ameRn3j7uEwSSytPJURC/rR8mduCS8ZMhUNut67vKF5iz9d/kSYfsNpSV6+x0YrX MZuopLvR502eiCRKbqeFKL4ZaGkJHacn70tMVsbOdRQ1PEanaE+9tYpRRUeH/i0JWSwc D8NhUWI5eVhfCWndhrGnRw7NkAceR/1Xb1pu9up+5STFSe58lNIatY5MPWf+OUImMydz syLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=qrIfcyLoSAvHYoZiwu/9PAg67n6x1Hz4IBOGlZx/Emc=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=DnmzBGTVTdklz9GTMZaLBZhdBWfLNBkfg506gN2KYS7ysuEXQSNOMri483nqJBJ9rx NU7z8X75AgXdu9uOnVawpdbL9J3BlSFMqKIgXJwFvPua/SUMQy0/pFpDL0/9Ds5tAWFh x6xy5trqu0lM/LD/nB+0QM5JvdKj52G07fflYSoc4GPL+ivEz+PZIdL6lHC/YdTRm5Bu fPRcO6g7Yh2aO5dMJc86cVYUBDb2WlO3vwwHTIHeqPHNJ9vIzNF89noUbWiuUIrVPlD/ jIC02Dehbl7VEIQ6k1EzqDFf8qQBtgQ8gjyF5SOf+jR+qO1boilGGNAdvx/IRV26ZNc1 vzgg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=M4oEHxF2; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MWtL5C2r; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BGonMqZS; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-464bb37b7aesi6001675b6e.56.2026.03.02.06.18.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Mar 2026 06:18:27 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=M4oEHxF2; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MWtL5C2r; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BGonMqZS; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=qrIfcyLoSAvHYoZiwu/9PAg67n6x1Hz4IBOGlZx/Emc=; b=M4oEHxF2BC2uKRbqinPjzlrrhe Bju1aA/rtMpwGDMMm9wu2qtlfPVPiENHAT9hqcXu4LA+K7CwhHfvmaD2JHy9olezbR0e0sit5iD+l UB8qiE1FAMxGtvsIVP99SCwPjndAYo7mPoWeDv0mw+MgG7R++y63e4lMJUWRvPy6kSsQ=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vx46I-0005mf-9b; Mon, 02 Mar 2026 14:18:23 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vx46G-0005mO-3a for openvpn-devel@lists.sourceforge.net; Mon, 02 Mar 2026 14:18:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XP0hAjdFZOAZKn1++U/KIUSPWkUS5+tgbG8mVnOqZpU=; b=MWtL5C2rvszKZbVXmr4X/gR4GF LVVV9a2gV+ODHQ0JHCQoaepLQdKV4K0ga5WesZwEqLV65t4UuYyTRRyZEiMNL9xyRpbTg3PBrqKIV GfeADp2ZP8m/S1GeyrfgK/6T5sb46RKiPMjUa4o83Rd8NQaWI7Q3CNvsOYHDu5UiyhtI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=XP0hAjdFZOAZKn1++U/KIUSPWkUS5+tgbG8mVnOqZpU=; b=BGonMqZSMHnIOS490u2R6yQYCP xXGfN9A8C7r33lx2BAYMfuW/VK8UvODFjG+c4LRh4zLizIcjEY6mYJI9WFpjHDsFhUJaFW1CC62U8 X/7B4oQCJvh7efa4L/NXAQ/Bf2VKAp+POXBrWNOi+dlrmvoI14ItjbxKpn3AMV+x1Y6E=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vx46F-0001OL-J8 for openvpn-devel@lists.sourceforge.net; Mon, 02 Mar 2026 14:18:20 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 622EICQ0005719 for ; Mon, 2 Mar 2026 15:18:12 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 622EICpp005718 for openvpn-devel@lists.sourceforge.net; Mon, 2 Mar 2026 15:18:12 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 2 Mar 2026 15:18:02 +0100 Message-ID: <20260302141811.5697-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Also add an enum to keep track of client version updates. Change-Id: I1c01fa1bc7d65ac060b334724feb56ef4d0b5d35 Signed-off-by: Selva Nair Acked-by: Arne Schwabe Gerrit URL: https://gerrit.openvpn.net/c/openvpn [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vx46F-0001OL-J8 Subject: [Openvpn-devel] [PATCH v2] Document management client versions X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1858560178335490720?= X-GMAIL-MSGID: =?utf-8?q?1858560178335490720?= From: Selva Nair Also add an enum to keep track of client version updates. Change-Id: I1c01fa1bc7d65ac060b334724feb56ef4d0b5d35 Signed-off-by: Selva Nair Acked-by: Arne Schwabe Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1552 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1552 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 86b74f3..41e2a91 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -496,6 +496,10 @@ version. This was fixed starting version 4: clients should expect "SUCCESS: .. " message only when setting the version to >= 4. +Minimum client version required for certain features is listed below: + >PK_SIGN:[base64] -- version 2 or greater + >PK_SIGN:[base64],[alg] -- version 3 or greater + COMMAND -- auth-retry --------------------- diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 03ff5b3..d26c9b2 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -61,6 +61,17 @@ /* tag for blank username/password */ static const char blank_up[] = "[[BLANK]]"; +/* + * Management client versions indicating feature support in client. + * Append new values as needed but do not change exisiting ones. + */ +enum mcv +{ + MCV_DEFAULT = 1, + MCV_PKSIGN = 2, + MCV_PKSIGN_ALG = 3, +}; + struct management *management; /* GLOBAL */ /* static forward declarations */ @@ -1333,8 +1344,8 @@ if (version) { man->connection.client_version = atoi(version); - /* Prior to version 3, we missed to respond to this command. Acknowledge only if version >= 4 */ - if (man->connection.client_version >= 4) + /* Until MCV_PKSIGN_ALG, we missed to respond to this command. Acknowledge only if version is newer */ + if (man->connection.client_version > MCV_PKSIGN_ALG) { msg(M_CLIENT, "SUCCESS: Management client version set to %d", man->connection.client_version); } @@ -2656,7 +2667,7 @@ man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST); } - man->connection.client_version = 1; /* default version */ + man->connection.client_version = MCV_DEFAULT; /* default version */ /* * Listen/connect socket @@ -3776,14 +3787,14 @@ const char *desc = "pk-sign"; struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20); - if (man->connection.client_version <= 1) + if (man->connection.client_version <= MCV_DEFAULT) { prompt = "RSA_SIGN"; desc = "rsa-sign"; } buf_write(&buf_data, b64_data, (int)strlen(b64_data)); - if (man->connection.client_version > 2) + if (man->connection.client_version >= MCV_PKSIGN_ALG) { buf_write(&buf_data, ",", (int)strlen(",")); buf_write(&buf_data, algorithm, (int)strlen(algorithm));