openvpn.git, branch release/2.3 Copy of the official OpenVPN git repo Fix commit a3160fc1bd7368395745b9cee6e40fb819f5564c 2015-10-15T14:57:07+00:00 Arne Schwabe arne@rfc2549.org 2015-10-14T13:05:56+00:00 f417db630353648a0bd1cd9d634413ce446fe900 Move things to the proper place, ensure that line_ptr is actually properly initialized for *every* line read, not just for the first one Acked-by: Lev Stipakov <lstipakov@gmail.com> Message-Id: 1444827956-2169-1-git-send-email-arne@rfc2549.org URL: http://article.gmane.org/gmane.network.openvpn.devel/10271 Signed-off-by: David Sommerseth <davids@redhat.com> (cherry picked from commit cba33989101175ac07434b9c5cceba116bf38127) 
Move things to the proper place, ensure that line_ptr is actually properly
initialized for *every* line read, not just for the first one

Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: 1444827956-2169-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/10271
Signed-off-by: David Sommerseth <davids@redhat.com>
(cherry picked from commit cba33989101175ac07434b9c5cceba116bf38127)
Fix "White space before end tags can break the config parser" 2015-10-11T07:58:11+00:00 janjust janjust@nikhef.nl 2015-10-10T16:12:49+00:00 a3160fc1bd7368395745b9cee6e40fb819f5564c trac #569 Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1444493569-24026-1-git-send-email-janjust@nikhef.nl> URL: http://article.gmane.org/gmane.network.openvpn.devel/10249 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit c67acea173dc9ee37220f5b9ff14ede081181992) 
trac #569

Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1444493569-24026-1-git-send-email-janjust@nikhef.nl>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10249

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit c67acea173dc9ee37220f5b9ff14ede081181992)
Add CONTRIBUTING.rst 2015-10-10T13:50:51+00:00 Samuli Seppänen samuli@openvpn.net 2015-10-10T13:41:14+00:00 6c45f8c9c268910da104b25e242c6465bb0bb54a Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1444484474-6471-1-git-send-email-samuli@openvpn.net> Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 0c1d92291e4c1829bf503067e1f9d39328d01ee9) 
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1444484474-6471-1-git-send-email-samuli@openvpn.net>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 0c1d92291e4c1829bf503067e1f9d39328d01ee9)
Increase control channel packet size for faster handshakes 2015-10-04T20:01:27+00:00 Steffan Karger steffan@karger.me 2015-06-30T19:44:56+00:00 29b65ffdb2e7ed3d3b7bcac4048f6cd919ed13b3 Instead of limiting the control channel TCP/UDP packet payload size at '100 bytes + real control channel overhead' (~140 bytes ethernet payload), increase the max TCP/UDP payload size to '1250 bytes - calculated overhead' (~1210 bytes ethernet payload). Note that this patch does *not* yield an optimal solution, but it is a simple and rather safe change that will improve connection setup times significantly. v2: use the mininum value of --link-mtu and 1250 to give the user a way to reduce control packet size if really needed. trac #545 Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1435693496-10931-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9841 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit fc91d4b0071178e298052078431fb86f03be84fc) 
Instead of limiting the control channel TCP/UDP packet payload size at
'100 bytes + real control channel overhead' (~140 bytes ethernet payload),
increase the max TCP/UDP payload size to '1250 bytes - calculated overhead'
(~1210 bytes ethernet payload).

Note that this patch does *not* yield an optimal solution, but it is a
simple and rather safe change that will improve connection setup times
significantly.

v2: use the mininum value of --link-mtu and 1250 to give the user a way to
    reduce control packet size if really needed.

trac #545

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1435693496-10931-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9841
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit fc91d4b0071178e298052078431fb86f03be84fc)
Check return value of ms_error_text() 2015-10-04T19:58:12+00:00 Steffan Karger steffan@karger.me 2015-09-21T20:04:19+00:00 ad71fe5f79ffbd4c86afa79d4559b08617b41dfb ms_error_text() may return NULL, and it is unclear (or, at least undocumented) whether the OpenSSL ERR code (and our code using the ERR code) can deal with esd->string being NULL. So, just to be sure, check that ms_error_text() succeeded before passing the result to ERR_load_strings(). Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <561130FC.8090008@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/10176 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 5584b738a332d0abc740d9303c275764c2ca13f1) 
ms_error_text() may return NULL, and it is unclear (or, at least
undocumented) whether the OpenSSL ERR code (and our code using the ERR
code) can deal with esd->string being NULL.  So, just to be sure, check
that ms_error_text() succeeded before passing the result to
ERR_load_strings().

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <561130FC.8090008@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10176
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5584b738a332d0abc740d9303c275764c2ca13f1)
Replace strdup() calls for string_alloc() calls 2015-10-04T19:58:06+00:00 Steffan Karger steffan@karger.me 2015-09-21T18:48:33+00:00 6d4920e9d36675ff515da17c1eb301d22d07b489 As reported by Bill Parker in trac #600, strdup() return values are not always correctly checked for failed allocations. This patch adds missing checks by using string_alloc(), which performs the required checks. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <561130FC.8090008@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/10176 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit ddc7692d245017c71adc40ad5cc195617e39fce0) 
As reported by Bill Parker in trac #600, strdup() return values are not
always correctly checked for failed allocations.  This patch adds missing
checks by using string_alloc(), which performs the required checks.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <561130FC.8090008@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10176
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit ddc7692d245017c71adc40ad5cc195617e39fce0)
Repair test_local_addr() on WIN32 2015-09-25T07:42:54+00:00 Gert Doering gert@greenie.muc.de 2015-09-25T06:36:10+00:00 60287662bbdb1a29d9bd6244917a050410fa6b49 Intermediate result was stored in a "bool" variable, but the actual range of results is 0/1/2 - so "2" (TLA_LOCAL) never worked. Change to "int". Diagnosed by "dferbas" in trac #609 (thanks). Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1443162970-38210-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/10168 (cherry picked from commit c40f088e52132273f6d4e83d05fa64bbaedd860f) 
Intermediate result was stored in a "bool" variable, but the actual
range of results is 0/1/2 - so "2" (TLA_LOCAL) never worked.  Change
to "int".

Diagnosed by "dferbas" in trac #609 (thanks).

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1443162970-38210-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10168
(cherry picked from commit c40f088e52132273f6d4e83d05fa64bbaedd860f)
Replace unaligned 16bit access to TCP MSS value with bytewise access 2015-09-21T19:31:33+00:00 Gert Doering gert@greenie.muc.de 2015-08-27T13:00:02+00:00 9a2ab2fbebb1c6712e23c98cb06a93d40d378fcd TCP options are not always word-aligned, and accessing a 16bit value at an odd memory address will cause a "bus error" crash on some architectures, e.g. Linux/Sparc(64) Trac #497 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1440680402-96548-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/10056 (cherry picked from commit 2e2a34181962b33d70c34c28dcb1e1977c2fd54e) 
TCP options are not always word-aligned, and accessing a 16bit value
at an odd memory address will cause a "bus error" crash on some
architectures, e.g. Linux/Sparc(64)

Trac #497

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1440680402-96548-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10056
(cherry picked from commit 2e2a34181962b33d70c34c28dcb1e1977c2fd54e)
Log serial number of revoked certificate 2015-09-20T16:48:58+00:00 Boris Lytochkin lytboris@yandex-team.ru 2015-09-20T14:05:22+00:00 1e4a3ba3e751017e29db37676e7d3b78d46a97a2 In most of situations admin of OpenVPN server needs to know which particular certificate is used by client. In the case when certificate is OK, environment variable can be used for that but once it is revoked, no user scripts are invoked so there is no way to get serial number: only subject is printed in logs. So we log certificate serial in case it is revoked. Sponsored-by: Yandex LLC Signed-off-by: Boris Lytochkin <lytboris@yandex-team.ru> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <55FEBF7E.3010209@yandex-team.ru> URL: http://article.gmane.org/gmane.network.openvpn.devel/10154 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 767e4c56becbfeea525e4695a810593f373883cd) 
In most of situations admin of OpenVPN server needs to know which
particular certificate is used by client.
In the case when certificate is OK, environment variable can be used for
that but once it is revoked, no user scripts are invoked so there is
no way to get serial number: only subject is printed in logs.

So we log certificate serial in case it is revoked.

Sponsored-by: Yandex LLC

Signed-off-by: Boris Lytochkin <lytboris@yandex-team.ru>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <55FEBF7E.3010209@yandex-team.ru>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10154

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 767e4c56becbfeea525e4695a810593f373883cd)
Show extra-certs in current parameters. 2015-08-08T12:57:36+00:00 Arne Schwabe arne@rfc2549.org 2015-08-08T12:57:36+00:00 d7ab314c57a0b851e0e714c903c2bc5ececac3ae Closes ticket #591 Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1438859835-3977-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/10005 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 291c227d2ccecaa92602eaa5259a23c7093e30e5) 
Closes ticket #591

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1438859835-3977-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10005

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 291c227d2ccecaa92602eaa5259a23c7093e30e5)