From patchwork Fri Jan 12 14:14:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3563 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:a213:b0:100:d2e5:60d with SMTP id bs19csp2074394dyb; Fri, 12 Jan 2024 06:14:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IGSNzFXmGOnq+nS5vDszheGb10PtGQkohpOQY2rIld+PRFvBSINBobxP9Uv5xlE2dtO2yxC X-Received: by 2002:a17:902:c194:b0:1d4:be1e:f197 with SMTP id d20-20020a170902c19400b001d4be1ef197mr1893635pld.1.1705068880635; Fri, 12 Jan 2024 06:14:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705068880; cv=none; d=google.com; s=arc-20160816; b=0Ic5Y9+IIgQS/dmUDEuj/19IytElPwvylbBRBQkGw9v260qsIo+kyO/9gqbiSpHQwO XMXLsO4/ar0wXzCUpA+cfVWNoa8aJeu8s+BBZXzP3M294X9z60x92XrI1IPheTZAJ5mg X/H/jUZVcLDC84J0lP/P5Uuw8HDomFrzB653Lx8K5uFDB6lFg9rWdrWj/EECc+VXNFkH FdVEUOfWGl+OqTQ5zJzG4SgxjZEPWTHad+oz9SxOZEQjVJzTrI6g6yv55HPv/jpkqoU0 J2gyFlt/bVYCnbmgyNpWb6huhTZAGZBpI1UBYFxxyMNtWNTfa+KW0uBMmQjsMNM4VsGG EavQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=CVm+Ckj5h178j1X8JpyVmCuFeDsb3ZJD+Iav9393dSg=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=oyzh0JjF3FdcoXWldB6TECmgZ9e14c1rqBC9I2NUP0GYDlystT/jI2C5K1kZ1isb6e DlvojKWSW+o3GsEP3CyhcNUM+RNxgMcokrxQeJ3Fcs80RLR9IQqCuqA2FnU2kN90sUQ/ +gt3QPr2K6Cw4UA4IBPMp+/NaTBLl+D0V3OAM88lzCraiyJUYzOEHxVlGTQ4ai/a7KYr x06LtcelqSN+v7U0oOHBjUL3HhzEDVkXVLqTonbklX2O/rGW2anz4EtcXU7a9sgOo0do PA4F5U3W+dD+GJ/gvVQCB7VQUHifx6N4sH3zB0D3VCkRzf046wJbWoG2XXGrhR/bbktZ XGSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PGmIHocN; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=LCBEHAnG; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=VduitYUi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id o1-20020a170902d4c100b001d5a578df8csi1404276plg.311.2024.01.12.06.14.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jan 2024 06:14:40 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PGmIHocN; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=LCBEHAnG; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=VduitYUi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rOIId-0004bw-82; Fri, 12 Jan 2024 14:14:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rOIIc-0004bq-Ig for openvpn-devel@lists.sourceforge.net; Fri, 12 Jan 2024 14:14:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=92zKHRpMlXUeKeiN5nFDmjudX2YopOqCfYTe7bPQpic=; b=PGmIHocNWflQI29KvwDuO4o/ct HxW6tXfUOfX6u0umoe6K2T4alTyX69WXlSwRclURsV3luy4fc8iZ5rD4rrMgiWLJEeY+KXJ7v+mkS st32ykjqtzweh0/VowC+tnmphFdUGXYUHovUl1R+38I2wQwUqhagubQLbbm1wceZTxlg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=92zKHRpMlXUeKeiN5nFDmjudX2YopOqCfYTe7bPQpic=; b=L CBEHAnGOT7O1gpnjbKyLM9qgiRU5yQvrpBtcblk33TIwwNNlbtrthzboebnvXx9O6Kqwj3T9Wbx6u DAnrDoU1WRBpS2oep5xcx9zJR2eWLo/sZU6a4C1KsQ5LnXr03DHhS2URkmWXw1a+l/QPfLuUpzjfu /vYqJLxIeevBDCZE=; Received: from mail-wm1-f46.google.com ([209.85.128.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rOIIX-00083T-T5 for openvpn-devel@lists.sourceforge.net; Fri, 12 Jan 2024 14:14:18 +0000 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-40e68ca8e27so1810895e9.1 for ; Fri, 12 Jan 2024 06:14:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1705068848; x=1705673648; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=92zKHRpMlXUeKeiN5nFDmjudX2YopOqCfYTe7bPQpic=; b=VduitYUiXwJhDM/btD1dZk+EUwGecdApAfHYKT1yX7QqF9f8V33JG7Dl1o3+bEaEtS YFnObvJJbQNxlfZV8qdyZAGwhkSjPSgAqqL0eVywGyPxt+j3WG1Og+t64vdVCm9dgbta 91vp26HtlDHmRamFGdiTY4LlLtpTvHEBSSN2GRG84Fqhh84vYZQrzsZ+/Zmx/J5AvYS9 ssx+Vq3b6Xt7Bl5x7MmGPiInOHvTL5n2ybUf9b8idupIjKXH1jVqq5PT0TrWqq6m51dQ aPvZKzLfpFbijQHljFao2I2dlN4pz2w5Z5wjpU4zf96v6I9fQpIC0DSx+76tjbVU30Vu wJsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705068848; x=1705673648; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=92zKHRpMlXUeKeiN5nFDmjudX2YopOqCfYTe7bPQpic=; b=V7T4D8bUdMfvjFEsbFkntWnipijOa8ynV+y8I79jiKS4rteZKjCxCOsfK38sPtIz3S siqrleZjrxkSfkoE9KBNdVwxYN6EyTT855zrYqBVjKIk71vJu8rfSDejxwE+br3CC7op XdAeWa+xlNuqA7e1+CxEANvhBW3h1lIy8La5et+ma4GJaDbHhNWrCv8SmKNbb4oNfcDp GZpS4FNsQe88QOKipxJ00a6ypvUsSRcO7N9eQT1rjWMGIwrDRj7EnuqKSD03lExdOnb7 8+lLcUrTsUiVemcBcU+J0JEIe2wrJ3g2+J2jTz5GzVrXqnTVjfOEE9zOsx8jnZcC1jGG y0wg== X-Gm-Message-State: AOJu0YysLhGIku5i8/FiJoigysdi1AaWCVmmMKqM0T/uGhN7ZMJSewhU GseMc/Wydk3ISeqcxpxqvAAW0HTY/UEL6g== X-Received: by 2002:a05:600c:5194:b0:40e:6786:720 with SMTP id fa20-20020a05600c519400b0040e67860720mr442208wmb.46.1705068847918; Fri, 12 Jan 2024 06:14:07 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id l5-20020adfe9c5000000b0033673ddd81csm3986800wrn.112.2024.01.12.06.14.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Jan 2024 06:14:07 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Fri, 12 Jan 2024 14:14:07 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I7a754d0b4a76a9227bf922f65176cd9ec4d7670c X-Gerrit-Change-Number: 498 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 390ad32359e5eb5422af4221ab059b3c529e2cb1 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.46 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.46 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rOIIX-00083T-T5 Subject: [Openvpn-devel] [S] Change in openvpn[master]: proxy-options.rst: Add proper documentation for --http-proxy-user-pass X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1787894306583279160?= X-GMAIL-MSGID: =?utf-8?q?1787894306583279160?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/498?usp=email to review the following change. Change subject: proxy-options.rst: Add proper documentation for --http-proxy-user-pass ...................................................................... proxy-options.rst: Add proper documentation for --http-proxy-user-pass And extend examples section for authenticated HTTP proxies because is was misleading. Change-Id: I7a754d0b4a76a9227bf922f65176cd9ec4d7670c Signed-off-by: Frank Lichtenheld --- M doc/man-sections/proxy-options.rst 1 file changed, 32 insertions(+), 3 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/98/498/1 diff --git a/doc/man-sections/proxy-options.rst b/doc/man-sections/proxy-options.rst index 9cf311f..ad49c60 100644 --- a/doc/man-sections/proxy-options.rst +++ b/doc/man-sections/proxy-options.rst @@ -4,7 +4,7 @@ is required, a file name to an ``authfile`` file containing a username and password on 2 lines can be given, or :code:`stdin` to prompt from console. Its content can also be specified in the config file with the - ``--http-proxy-user-pass`` option. (See section on inline files) + ``--http-proxy-user-pass`` option (See `INLINE FILE SUPPORT`_). The last optional argument is an ``auth-method`` which should be one of :code:`none`, :code:`basic`, or :code:`ntlm2`. @@ -25,14 +25,43 @@ Examples: :: + # no authentication http-proxy proxy.example.net 3128 + # basic authentication, load credentials from file http-proxy proxy.example.net 3128 authfile.txt + # basic authentication, ask user for credentials http-proxy proxy.example.net 3128 stdin - http-proxy proxy.example.net 3128 auto basic - http-proxy proxy.example.net 3128 auto-nct ntlm2 + # NTLM authentication, load credentials from file + http-proxy proxy.example.net 3128 authfile.txt ntlm2 + # determine which authentication is required, ask user for credentials + http-proxy proxy.example.net 3128 auto + # determine which authentication is required, but reject basic + http-proxy proxy.example.net 3128 auto-nct + # determine which authentication is required, but set credentials + http-proxy proxy.example.net 3128 auto + http-proxy-user-pass authfile.txt + # basic authentication, specify credentials inline + http-proxy proxy.example.net 3128 "" basic + + username + password + Note that support for NTLMv1 proxies was removed with OpenVPN 2.7. +--http-proxy-user-pass userpass + Overwrite the username/password information for ``--http-proxy``. If specified + as an inline option (see `INLINE FILE SUPPORT`_), it will be interpreted as + username/password separated by a newline. When specified on the command line + it is interpreted as a filename same as the third argument to ``--http-proxy``. + + Example:: + + + username + password + + --http-proxy-option args Set extended HTTP proxy options. Requires an option ``type`` as argument and an optional ``parameter`` to the type. Repeat to set multiple