| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The win/msvc.mak.in file is used as basis for msvc.mak file which drives
openvpn.exe building. This change separates output file from LINK32_FLAGS and
adds helpful comments to the win/msvc.mak.in file.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The win/show.py tools is used to view build parameters interactively. This
changes it so that it displays parameters parsed from config-win32.h in addition
to those from win/settings.in.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds several helper functions to win/wb.py:
- config-win32.h parser (to read build configuration options)
- helper function to cd to service-win32 for openvpnserv.exe building
- code to dynamically generate TAP-driver -related variables from version.m4,
required by tap-win32/tapdrv.c
- configure.h generator to allow viewing build options using openvpn --version
- creation of temporary version.m4-based file to allow importing it's variables
to the NSI installer script (win/openvpn.nsi)
- helper function to rename files (used in win/make_dist.py)
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously parts of TAP-driver version information were stored in
win/settings.in. This patch moves all of it to version.m4. This patch also
cleans up and adds comments to win/settings.in
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds a nmake makefile (service-win32/msvc.mak) which allows building
openvpnserv.exe using the new Python-based buildsystem.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds ENABLE_PASSWORD_SAVE to config-win32.h. This option is also
defined in win/settings.in, but it does not have any effect there.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The declaration of SSL_get_current_cipher() has changed to be
return a const value. And this makes compilers a little bit grumpy.
gcc:
ssl.c: In function ‘print_details’:
ssl.c:1918: warning: assignment discards qualifiers from pointer target type
Visual C:
ssl.c (1918): warning C4019: '=' : different 'const' qualifiers
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 7bd3cea4c2f2aa8ed1bf548a3233ae2c3619d47d)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
execution of Windows net commands.
Version 2.1.3d
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6712 e7ae566f-a301-0410-adde-c780ea21d3b5
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 7621741b480f93411928c66735d2ee9c7f69de3b)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After some discussion [1] regarding an extension of this feature,
James Yonan wanted this extension to be an opt-in feature. However,
as it does not make sense to opt-in on a extension of a feature which
was discussed, this patch makes the base feature an opt-in instead.
The base feature comes from commit 2e8337de248ef0b5b48cbb2964 (beta2.2)
and commit 935c62be9c0c8a256112 (feat_misc).
[1] http://thread.gmane.org/gmane.network.openvpn.devel/4266
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: James Yonan <james@openvpn.net>
(cherry picked from commit 024972e2ced84c6e5cabc43620ab510e5693d1d4)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The macros used GCC's pre-C99 syntax, which could not be compiled with
Microsoft Visual Studio 2008.
Note this breaks compatibility with GCC versions before 3.0, which is
deemed safe in a discussion on IRC with David Sommerseth and Samuli
Seppänen on #openvpn-devel (RHEL 3 uses GCC 3.2 already).
Compiled tested on VS2008 by Samuli, on Cygwin GCC 3.4 and GCC 4.3 by myself.
Signed-off-by: Matthias Andree <matthias.andree@gmx.de>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 9469168e3abb09bd78297208a917ee4d9c025041)
|
| | |
| |
| |
| | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The new SOCKS auth code in socks.c contained a call to sprintf instead of
openvpn_sprintf. This caused build to fail if MS Visual Studio 2008 C compiler
was used. This change fixes that issue.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
acinclude.m4
config-win32.h
configure.ac
misc.c
thread.c
thread.h
- These conflicts was mainly due to feat_misc getting old
and mostly caused by the pthread clean-up patches in
feat_misc
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The add_host_route_if_nonlocal() function is too simple to really
benefit from calling add_bypass_address() when this function is the
only caller to this function.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Peter Stuge <peter@stuge.se>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The GNU C compiler gave warnings about these functions in the patch
not being used anywhere. Doing a git grep on the code turned out
there were no callers to these functions. Taking these functions out,
as there is not good reason why to carry dead code.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Peter Stuge <peter@stuge.se>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The GNU C compiler gave warnings about some functions not being used.
These functions where only used if certian #ifdef sections was enabled.
This patch encapsulates these function declarations with matching #ifdef's
to make it more clear when these functions are needed.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Peter Stuge <peter@stuge.se>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The GNU C compiler warned about a potential issue with an if()
expression missing an extra set of parentheses.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Peter Stuge <peter@stuge.se>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It has been reported that the Microsoft Visual C compiler complains if
a .c file do not contain any compilable code, which can happen if the
code has been #ifdef'ed out. To avoid this, these #ifdef sections have
a #else section which adds a static dummy() function which does nothing.
On the other hand, the GNU C compiler complains about unused functions when
it discovers this situation.
This patch tries to only add these dummy() functions if the Microsoft Visual C
compiler is detected, via the _MSC_VER macro.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Peter Stuge <peter@stuge.se>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit fc1fa9ffc7e3356458ec3 added a new function which needs to have a
stricter string formatting. This was detected due to a compiler warning.
This patch makes sure that the length of username and password is not longer
than 255 bytes. It also adds extra checks to avoid NULL pointer issues with
strlen() on these two parameters.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Removed even more function which where practically empty and took away
some function arguments which were not used.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These code paths was practically not needed with no locking mechanisms
enabled and was just bloating the source code.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This code was not activated at all, and hard coded as disabled in syshead.h
with this code snippet:
/*
* Pthread support is currently experimental (and quite unfinished).
*/
#if 1 /* JYFIXME -- if defined, disable pthread */
#undef USE_PTHREAD
#endif
So no matter if --enable-pthread when running ./configure or not, this feature
was never enabled in reality. Further, by removing the blocker code above made
OpenVPN uncompilable in the current state.
As the threading part needs to be completely rewritten and pthreading will not be
supported in OpenVPN 2.x, removing this code seems most reasonable.
In addition, a lot of mutex locking code was also removed, as they were practically
NOP functions, due to pthreading being forcefully disabled
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Modified win/build_all.py so that it parses command-line options using getopt.
Added option "-u / --unsigned" which allows forcing unsigned builds and a "-h /
--help" option. By default a signed build is generated, provided that the Python
SignTool module is installed. If not, the build is interrupted.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Peter Stuge <peter@stuge.se>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |\ \ \
| | | |/
| | |/| |
|
| | | | |
| | | |
| | | |
| | | | |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6656 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
not free, since it is allocated by OpenSSL.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6655 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
options.c
- Disagreements about a new included file (forward.h)
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Peter Korsgaard <jacmet@sunsite.dk> reported an issue [1] when compiling
with --disable-crypto activated. He suggested a patch, which only
partly solved the issue. SVN r6568 / commit 3cf9dd88fd84108 added a
new feature which further made it impossible to compile without crypto.
This patch fixes both issues, based on Peter Korsgaard's patch.
[1] <http://sourceforge.net/mailarchive/forum.php?thread_name=87fwx08bod.fsf%40macbook.be.48ers.dk&forum_name=openvpn-devel>
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jesse Young <jesse.young@gmail.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |\ \ \ \
| | |_|/
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The file containing CONFIGURE_DEFINES variable, configure.h, is not present if
openvpn is built using the Python + Visual C -based buildsystem. This causes the
build to fail. This patch adds a check to see if variable exists before trying
to use it.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Peter Stuge <peter@stuge.se>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
Makefile.am
openvpn.8
options.c
socket.c
ssl.c
- feat_misc is missing a lot of bugfix2.1 changes
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Kazuyoshi Aizawa, adding of local "connected subnet" route by me)
Tested on OpenSolaris/i386, no impact for other TARGETs.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
<admin2@whiteboard.ne.jp>.
See also http://www.whiteboard.ne.jp/~admin2/tuntap/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch adds support for SOCKS plain text (username/password)
authentication as described in RFC 1929. It adds an optional third
parameter to the socks-proxy option, which is a file containing the
login credentials.
I've been using this patch for two weeks now and it does not seem to
cause any problem. The only modifications are in the SOCKS handshake
handling and the options parser.
Signed-Off-By: Pierre Bourdon <delroth@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This comes in addition to commit 935c62be9c0c8a256112d after some
additional review comments.
Signed-off-by: Emilien Mantel <emilien.mantel@businessdecision.com>
Acked-by: Peter Stuge <peter@stuge.se>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For my company, we use a PKI (linked to a LDAP) with OpenVPN. We can't use "CN" to be
username (few people can have the same "CN"). In our case, we only use the UID.
With my patch, you can choose another field to be username with a new option called
--x509-username-field, the default value is "CN".
Signed-off-by: Emilien Mantel <emilien.mantel@businessdecision.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch fixes two bugs introduced in
commit 339f2a4d4b487afa53fa99d72c35b16f31e417d3
Author: David Sommerseth <dazo@users.sourceforge.net>
Date: Thu Apr 29 23:35:45 2010 +0200
David's patch replaced openvpn_execve() with openvpn_run_script() in two places,
but didn't adjust the return value handling. openvpn_run_script() returns true
or false, while openvpn_execve() returns the program's exit code.
Without the fix, the --tls-verify script and the --auth-user-pass-verify
script fail to run. (I noticed the latter, but haven't actually tested the
former.)
The return value handling is fine for the other places where
openvpn_run_script() is used, because those places previously used
openvpn_execve_check() (notice the "_check" suffix).
Signed-off-by: Fabian Knittel <fabian.knittel@avona.com>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING
over and over again, in addition to not show this warning when it should not
be a problem. This general warning should now only appear once, and only when
--script-security is not set, 0 or 1. In all other cases this warning should
not appear.
In addition, this warning will come close to the script-hook which most probably
will fail. It will also give a little bit more concrete hint on which script-hook
which failed. If --script-security is 2 or 3, only the execve failure itself will
be shown. This message will on the other hand be shown repeatedly.
This is a new rewritten version which simplifies the implementaion of the new
openvpn_run_script() function. It was considered to remove it completely, but
due to code clearity and easy of use it was decided to make this function a static
inline function instead. Anyhow, this function will enforce openvpn_execve_check()
to be called with the S_SCRIPT flag.
Patch ACKed on the developers meeting 2009-04-29.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is to satisfy those wanting to build openvpn for embedded devices
where every bytes matters.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Alon Bar-Lev indicated commit f27bf509315a48b0070294c3993a718df0c2626c
was missing proper dependency checking. This patch corrects this and
fixes an issue when creating configure.h via make distcheck.
This is an enhanced version of the one sent to the openvpn-devel mailing
list April 13, 2010 [1], after having received some feedback from Gert
Doering, cleaning up configure_log.awk further.
[1] <http://thread.gmane.org/gmane.network.openvpn.devel/3410/focus=3491>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch will create ./configure.h which will contain two new #define
strings. CONFIGURE_DEFINES will contain all USE, ENABLED, DISABLED and
DEPRECATED defines from ./config.h. CONFIGURE_CALL will contain the
complete ./configure line which was used when configuring the package
for building.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The pkitool script lacks the "--help" parameter to actually display the
usage statement; most people are conditioned to try that before running the
command without options. This patch adds that and "--version" to display
just the program name and version.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail&atid=454721&aid=1705407&group_id=48978>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Jan Just Keijser <janjust@nikhef.nl>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is a collection of 4 patches sent to the -devel mailing list:
* [PATCH] Frob the openvpn(8) man page tls-verify section to clarify
* [PATCH] More improvments to openvpn(8) --tls-verify
* [PATCH] Yet another tweak of openvpn(8) --tls-verify
* [PATCH] Final frobbing of openvpn(8) --tls-verify
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It should be nice to enhance tls-verify check possibilities against peer
cert during a pending TLS connection like :
- OCSP verification
- check any X509 extensions of the peer certificate
- delta CRL verification
- ...
This patch add a new "tls-export-cert" option which allow to get peer
certificate in PEM format and to store it in an openvpn temporary file.
Peer certificate is stored before tls-script execution and deleted after.
The name of the related temporary file is available under tls-verify
script by an environment variable "peer_cert".
The patch was made from OpenVPN svn Beta21 branches.
Here is a very simple exemple of Tls-verify script which provide OCSP
support to OpenVPN (with tls-export-cert option) without any OpenVPN
"core" modification :
X509=$2
openssl ocsp \
-issuer /etc/openvpn/ssl.crt/RootCA.pem \
-CAfile /etc/openvpn/ssl.capath/OpenVPNServeur-cafile.pem \
-cert $peer_cert \
-url http://your-ocsp-url
if [ $? -ne 0 ]
then
echo "error : OCSP check failed for ${X509}" | logger -t
"tls-verify"
exit 1
fi
This has been discussed here:
<http://thread.gmane.org/gmane.network.openvpn.devel/2492>
<http://thread.gmane.org/gmane.network.openvpn.devel/3150>
<http://thread.gmane.org/gmane.network.openvpn.devel/3217>
This patch has been modified by David Sommerseth, by fixing a few issues
which came up to during the code review process. The man page has been
updated and tmp_file in ssl.c is checked for not being NULL before calling
delete_file().
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
|
