OpenVPN/IRC meetings/Topics-2010-03-18

From Secure Computing Wiki
Jump to navigation Jump to search
  1. Community comments
    1. Implement a solution for deprecating warnings like:
      • "WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page)."
      • "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"
      • Suggestion: Introduce a new configure option to allow filtering of different start-up warnings.
        • Do not remove all messages by one entry, but add a possibility to filter each message separately. This way newer warnings will be shown and needs to be disabled explicitly.

  1. Old patches/issues
    1. Removing support for old autotools in OpenVPN?
      • No complains, lots of workarounds. Mattock suggests ACK.
    2. UTF-8 man-page patch
      • Works on all tested Linux distros, old (2) or modern (3). Mattock suggests ACK.
    3. 802.1Q --passtos patch
      • No test reports from users yet
  1. Possible bugs/issues
    1. Jan Just Keiser's potential man-page/openvpn problem (private response to this mail)
    2. Linux tun/tap performance issues
    3. Assertion fails in socket.c:429 in p2p mode due to Debian ipv6 patch
  1. trackers
    1. bug? wrong CN in client-disconnect with username-as-common-name
    2. --win-sys env
    3. Should multiple usages of options result in warnings?
    4. buffer.{h,c} isn't defensively programmed (SECURITY?)
    5. OpenVPN will not connect through certain HTTP proxies
    6. [tiny] typo in HOWTO on - 'mimimal'