From patchwork Thu Jan 18 16:49:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3581 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:2802:b0:101:b91e:57cc with SMTP id hj2csp463878dyb; Thu, 18 Jan 2024 08:49:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IEP4JjJu2Ipps51BR6JunMG4Zb+g7nQr8WOqcYBMB3iIpLBfx57xkoqLw+sBnos5f7egOSA X-Received: by 2002:a17:90b:1991:b0:290:239b:8f8e with SMTP id mv17-20020a17090b199100b00290239b8f8emr60443pjb.4.1705596579392; Thu, 18 Jan 2024 08:49:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705596579; cv=none; d=google.com; s=arc-20160816; b=X6rzWrG9S8+rV6G78WdpbWTtzIlfXkp19FVpUjKx7NT/aI8SfklpvY0lZwSHD16vQb 87tKAOB/PlGdyR42rLwVd2bDbq1zo2ND5V+5gsXLkOjOt9ZCeYhtWFWBxGD17qScg/Sr 7VWZ7aAYueaQPD0InrS9HWQaA+6QtaZTMuQbVstVXp+IXmME/9NmJiD9TKYDF3sl6UoW XbSboRjuiv3jzCIdONY7JfLjVMf1fgBjxPxMBhiHFeNtjpZ4BeaHXDST8hLzIEOwLNxD V3bASrL3jKFegvezcWEuxYv385Uz1Cn11YLKqi69fzd6sNE0VzAhlK6rLWoU9+puQcXI cU/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=S7QxJ+/eQsMR6NK77mrXOBawKVGRdc91azukFoCF4do=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=i3hfmH0kTQKgQM/pnr3krVyn1aAX1tA9saE/VSClTZn5jgavm/ogs+/vttplGAv53/ AgCwWOCvEwLqCXZAAYf0elR6N+TVz1x2fI4apqfm2qWdiHPBgFYpeiSKBewrP82eemej 8rwmWQn85qoexRfcKX+S9PN+Ts1gMM2LgJsxkROqvinl025fIsDtRLc5qZdS7lz6vE4M zRE2x/Oz9B2fsvLMOlcbcfTZAp6mmx7Hf/ZPM491OOfxIdc33q8NSpUIFwGuF24MeBVq KZI2ZU5T7pDe4lPKW7TdlKsyQikDvrM2Fph1WeZDOYGRUvcgTDtekol8nAwnoXFFo/dK trMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="eANT/BAo"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EaAB0raC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id y1-20020a17090a1f4100b0028e8e70e017si1681098pjy.154.2024.01.18.08.49.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Jan 2024 08:49:39 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="eANT/BAo"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EaAB0raC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rQVZv-0002rM-HH; Thu, 18 Jan 2024 16:49:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rQVZt-0002rE-SA for openvpn-devel@lists.sourceforge.net; Thu, 18 Jan 2024 16:49:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NsrIRgupXK6IyiX5yYPMLvnUDViv/+10ixjpYvK/fJU=; b=eANT/BAoeVxLxqmh3LY/Xh9538 ZTLPpbWo4Kb7W33L8r4CTJQIHneMAptv2zS1KIfPByvr82AIaI6ujx7Jp1lndiBYfcN0xk2jtuQoa hIErm6Tz3JCqdLJLAl3apCd2Ha2CcNzuUiZDa/pMHil5bSyd9vdQ2tmsbNW3SfzWkX2I=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=NsrIRgupXK6IyiX5yYPMLvnUDViv/+10ixjpYvK/fJU=; b=EaAB0raCP/reYr0lyL1ZuLGzoG VSl6JAoFbSO2hWUPU1W+gyoHRWmoh5p0i6kvXDJiknEd/e/HveRWat6MYywAIQjjNUMebgI2Anrvu qygaH2cZfu9f3wS5L1B2/gU4Yr12al+535qTkZSJUXHqlg62vIvOPCa+5WcjNqFHFAsw=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rQVZq-0003we-Rh for openvpn-devel@lists.sourceforge.net; Thu, 18 Jan 2024 16:49:17 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 40IGn8G1022536 for ; Thu, 18 Jan 2024 17:49:09 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 40IGn8f4022535 for openvpn-devel@lists.sourceforge.net; Thu, 18 Jan 2024 17:49:08 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 18 Jan 2024 17:49:03 +0100 Message-ID: <20240118164903.22519-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld And extend examples section for authenticated HTTP proxies because is was misleading. Change-Id: I7a754d0b4a76a9227bf922f65176cd9ec4d7670c Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rQVZq-0003we-Rh Subject: [Openvpn-devel] [PATCH v1] proxy-options.rst: Add proper documentation for --http-proxy-user-pass X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1788447638951151245?= X-GMAIL-MSGID: =?utf-8?q?1788447638951151245?= From: Frank Lichtenheld And extend examples section for authenticated HTTP proxies because is was misleading. Change-Id: I7a754d0b4a76a9227bf922f65176cd9ec4d7670c Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/498 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/doc/man-sections/proxy-options.rst b/doc/man-sections/proxy-options.rst index 9cf311f..ad49c60 100644 --- a/doc/man-sections/proxy-options.rst +++ b/doc/man-sections/proxy-options.rst @@ -4,7 +4,7 @@ is required, a file name to an ``authfile`` file containing a username and password on 2 lines can be given, or :code:`stdin` to prompt from console. Its content can also be specified in the config file with the - ``--http-proxy-user-pass`` option. (See section on inline files) + ``--http-proxy-user-pass`` option (See `INLINE FILE SUPPORT`_). The last optional argument is an ``auth-method`` which should be one of :code:`none`, :code:`basic`, or :code:`ntlm2`. @@ -25,14 +25,43 @@ Examples: :: + # no authentication http-proxy proxy.example.net 3128 + # basic authentication, load credentials from file http-proxy proxy.example.net 3128 authfile.txt + # basic authentication, ask user for credentials http-proxy proxy.example.net 3128 stdin - http-proxy proxy.example.net 3128 auto basic - http-proxy proxy.example.net 3128 auto-nct ntlm2 + # NTLM authentication, load credentials from file + http-proxy proxy.example.net 3128 authfile.txt ntlm2 + # determine which authentication is required, ask user for credentials + http-proxy proxy.example.net 3128 auto + # determine which authentication is required, but reject basic + http-proxy proxy.example.net 3128 auto-nct + # determine which authentication is required, but set credentials + http-proxy proxy.example.net 3128 auto + http-proxy-user-pass authfile.txt + # basic authentication, specify credentials inline + http-proxy proxy.example.net 3128 "" basic + + username + password + Note that support for NTLMv1 proxies was removed with OpenVPN 2.7. +--http-proxy-user-pass userpass + Overwrite the username/password information for ``--http-proxy``. If specified + as an inline option (see `INLINE FILE SUPPORT`_), it will be interpreted as + username/password separated by a newline. When specified on the command line + it is interpreted as a filename same as the third argument to ``--http-proxy``. + + Example:: + + + username + password + + --http-proxy-option args Set extended HTTP proxy options. Requires an option ``type`` as argument and an optional ``parameter`` to the type. Repeat to set multiple