openvpn.git/sample, branch release/2.3 Copy of the official OpenVPN git repo Modernize sample keys and sample configs 2014-11-23T18:29:06+00:00 Steffan Karger steffan@karger.me 2014-10-22T22:14:29+00:00 b77c27a1d945d740c7e7f6b64b1227d5d9077aa5 I kept most of the certificate properties equal to the old certs, since some people's test scripts might rely on them (and it does not require any creativity from my part). Changes: * Add script to generate fresh test/sample keys (but keep sample keys in git for simple testing) * Switch from 1024 to 4096 bits RSA CA * Switch from 1024 to 2048 bits client/server RSA keys * Switch from 1024 to 2048 bits Diffie-Hellman parameters * Generate EC client and server cert, but sign with RSA CA (lets us test EC <-> RSA interoperability) * Remove 3DES cipher from 'sample' config * Add 'remote-cert-tls server' to client config * Update config files to deprecate nsCertType in favour of the keyUsage and extendedKeyUsage extensions. * Make naming more consistent Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <54721611.4020103@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9271 Signed-off-by: Gert Doering <gert@greenie.muc.de> 
I kept most of the certificate properties equal to the old
certs, since some people's test scripts might rely on them (and
it does not require any creativity from my part).

Changes:
 * Add script to generate fresh test/sample keys
   (but keep sample keys in git for simple testing)
 * Switch from 1024 to 4096 bits RSA CA
 * Switch from 1024 to 2048 bits client/server RSA keys
 * Switch from 1024 to 2048 bits Diffie-Hellman parameters
 * Generate EC client and server cert, but sign with RSA CA
   (lets us test EC <-> RSA interoperability)
 * Remove 3DES cipher from 'sample' config
 * Add 'remote-cert-tls server' to client config
 * Update config files to deprecate nsCertType in favour of the
   keyUsage and extendedKeyUsage extensions.
 * Make naming more consistent

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <54721611.4020103@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9271
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Add topology in sample server configuration file 2014-07-13T13:57:04+00:00 Philipp Hagemeister phihag@phihag.de 2014-07-11T08:00:24+00:00 6fa97d03de3c70efc59e9fa8a606de12e2135620 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) On modern systems, topology subnet should always be set, but it's missing in the configuration file. Add it with a short explanation. Signed-off-by: Philipp Hagemeister <phihag@phihag.de> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <53BF9998.5020906@phihag.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8878 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit c277757fcf7fb4c2713db154439f937d48cfae61) 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
On modern systems, topology subnet should always be set, but it's
missing in the configuration file.
Add it with a short explanation.

Signed-off-by: Philipp Hagemeister <phihag@phihag.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <53BF9998.5020906@phihag.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8878
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit c277757fcf7fb4c2713db154439f937d48cfae61)
Fix typo in sample build script to use LDFLAGS 2014-04-13T11:29:03+00:00 kangsterizer kang@insecure.ws 2014-04-13T11:15:00+00:00 e8d8e50f4da33af6e81675174fcfbf0fd8642b91 Came in as github pull request #15 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-By: Arne Schwabe <arne@rfc2549.org> (cherry picked from commit a95358af543b9106f4ef481e4556d1d03459d058) 
Came in as github pull request #15

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-By: Arne Schwabe <arne@rfc2549.org>
(cherry picked from commit a95358af543b9106f4ef481e4556d1d03459d058)
plugin: Extend the plug-in v3 API to identify the SSL implementation used 2013-07-03T19:22:12+00:00 David Sommerseth davids@redhat.com 2013-07-03T19:17:10+00:00 570da542877a1f42ed6549a6ca3f54df9ec53c1f OpenVPN would segfault unexpectedly if it would be compiled against PolarSSL and the plug-in would expect OpenSSL, or vice-versa. This segfault would not appear before the plug-in would try to access functions which would be available if the plug-in and OpenVPN uses the same SSL implementation. This patch adds a member to the plug-in initialisation function, which identifies the SSL implementation. The log_v3 plug-in is updated accordingly + a simple fix to make it buildable again using the ./build script. A minor documentation error in the openvpn-plugin.h was also corrected, where it mentioned OPENVPN_PLUGIN_VERSION instead of OPENVPN_PLUGINv3_STRUCTVER. v2 - add const ovpnSSLAPI ssl_api at the end of struct openvpn_plugin_args_open_in and not in the "middle" v3 - fix bug in plug-in init, as the SSLAPI was located wrong in the args struct sent to the openvpn_plugin_open_v3() function. v4 - Ensure SSLAPI got a sane/known value if SSL is disabled or unknown Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1372879030-10576-1-git-send-email-dazo@users.sourceforge.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/7754 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 587df08abda3c8f1f85ccdba4d8b82a736c11e2d) 
OpenVPN would segfault unexpectedly if it would be compiled against
PolarSSL
and the plug-in would expect OpenSSL, or vice-versa.  This segfault would
not appear before the plug-in would try to access functions which would
be available if the plug-in and OpenVPN uses the same SSL implementation.

This patch adds a member to the plug-in initialisation function, which
identifies the SSL implementation.

The log_v3 plug-in is updated accordingly + a simple fix to make it
buildable again using the ./build script.

A minor documentation error in the openvpn-plugin.h was also
corrected, where it mentioned OPENVPN_PLUGIN_VERSION instead of
OPENVPN_PLUGINv3_STRUCTVER.

 v2 - add const ovpnSSLAPI ssl_api at the end of
      struct openvpn_plugin_args_open_in and not in the "middle"

 v3 - fix bug in plug-in init, as the SSLAPI was located wrong in the
      args struct sent to the openvpn_plugin_open_v3() function.

 v4 - Ensure SSLAPI got a sane/known value if SSL is disabled or unknown

Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1372879030-10576-1-git-send-email-dazo@users.sourceforge.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7754
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 587df08abda3c8f1f85ccdba4d8b82a736c11e2d)
build: integrate plugins build into core build 2012-06-26T09:29:02+00:00 Alon Bar-Lev alon.barlev@gmail.com 2012-05-14T22:42:03+00:00 ce8271f5d435be963c79945f8d7eb6ea2e4369fa As disucssed[1], keep plugins in repository. 1, Proper automake/libtool build. 2. Move example plugins to samples/sample-plugins. 3. Plugins are installed at LIBDIR/openvpn/plugins. [1] http://comments.gmane.org/gmane.network.openvpn.devel/6436 Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1337035323-27465-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6591 Signed-off-by: David Sommerseth <davids@redhat.com> 
As disucssed[1], keep plugins in repository.

1, Proper automake/libtool build.

2. Move example plugins to samples/sample-plugins.

3. Plugins are installed at LIBDIR/openvpn/plugins.

[1] http://comments.gmane.org/gmane.network.openvpn.devel/6436

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1337035323-27465-1-git-send-email-alon.barlev@gmail.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6591
Signed-off-by: David Sommerseth <davids@redhat.com>
build: distribute samples in windows 2012-03-23T23:14:23+00:00 Alon Bar-Lev alon.barlev@gmail.com 2012-02-29T20:12:21+00:00 880a2ae97c44d75a3529adda8a11e266fb61092e Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com> 
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
build: standard directory layout 2012-03-22T21:07:08+00:00 Alon Bar-Lev alon.barlev@gmail.com 2012-02-29T20:11:59+00:00 34cb9132ef2dae08f91a66015ea5437539a4b557 Suitable for mature project. root - administrative stuff doc - documents src - sources tests - tests distro - distro specific files sample - samples SIDE EFFECT: many changes to rpm spec. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com> 
Suitable for mature project.

root   - administrative stuff
doc    - documents
src    - sources
tests  - tests
distro - distro specific files
sample - samples

SIDE EFFECT: many changes to rpm spec.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>