summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version 2.1_rc9v2.1_rc9james2008-08-011-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3155 e7ae566f-a301-0410-adde-c780ea21d3b5
* In Windows build, package a statically linked openssl.exe to work aroundjames2008-07-314-13/+6
| | | | | | | | observed instabilities in the dynamic build since the migration to OpenSSL 0.9.8h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3149 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated ChangeLog and version number.james2008-07-312-1/+22
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3147 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional warnings for:james2008-07-271-0/+7
| | | | | | | | | | | * --tls-remote -- some people misunderstand the semantics * --script-security -- warn if script-security will allow user-defined scripts to be called, and also warn separately if passwords may be passed to scripts via the environment git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3129 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional defensive programming to buffer.[ch] functions.james2008-07-272-26/+118
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3128 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added a warning message when passwords are cached in memory.james2008-07-271-0/+4
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3127 e7ae566f-a301-0410-adde-c780ea21d3b5
* Perform additional input validation on options pulledjames2008-07-267-64/+230
| | | | | | | by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed compiler warnings in Windows build (MinGW).james2008-07-266-5/+8
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3125 e7ae566f-a301-0410-adde-c780ea21d3b5
* Completely revamped the system for calling external programs and scripts:james2008-07-2623-420/+1098
| | | | | | | | | | | | | | | | | | | | | | * All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added argv_x functions to buffer.[ch] to be used to safely buildjames2008-07-233-0/+265
| | | | | | | | up argv strings for execve without the possibility of truncation or misinterpretation of mid-argument spacing. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3107 e7ae566f-a301-0410-adde-c780ea21d3b5
* buf_printf will now return false on errors, such as truncationjames2008-07-192-3/+8
| | | | | | | due to overflow. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3085 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified extract_x509_field_ssl to return a status value indicatingjames2008-07-191-37/+41
| | | | | | | | | | | | | success/error, and any truncation of output due to an insufficiently large output buffer will be cause for error. In verify_callback, read X509 Subject Name without truncation. In verify_callback, rather than silently truncating Common Name at 64 bytes, throw an error if Common Name is larger than 64 bytes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3084 e7ae566f-a301-0410-adde-c780ea21d3b5
* Replace leading dash ('-') characters in an X509 name with underbars ('_')james2008-07-193-0/+19
| | | | | | | | before calling user-defined scripts, to preclude the chance of a leading dash being interpreted as an option prefix. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added a warning when plugins are specified withoutjames2008-07-183-1/+28
| | | | | | | an absolute pathname. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3082 e7ae566f-a301-0410-adde-c780ea21d3b5
* Reverted some recent buffer.[ch] changes, including r3058 (except forjames2008-07-183-64/+21
| | | | | | | | | | likely() and unlikely() macro additions to syshead.h) and r3061. I would like to give more thought to the bigger issue of fortifying buffer.[ch] through the use of additional defensive programming techniques. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed format string issue in read_inline_file,james2008-07-181-1/+1
| | | | | | | used in the config file parser. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3078 e7ae566f-a301-0410-adde-c780ea21d3b5
* status_printf function will now set error flag onjames2008-07-182-7/+24
| | | | | | | | | | output truncation or failure of write() to write the expected number of bytes. Raised STATUS_PRINTF_MAXLEN to 512 (from 256). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3077 e7ae566f-a301-0410-adde-c780ea21d3b5
* gen_path will no longer silently truncate the generatedjames2008-07-182-1/+15
| | | | | | | filename at 256 bytes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3076 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed code inclusion bug that was erroneously testingjames2008-07-182-6/+9
| | | | | | | | | defined(P2MP_SERVER) rather than P2MP_SERVER. Fixed compile issues when USE_CRYPTO is undefined. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3075 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified create_temp_filename to create unpredictablejames2008-07-181-5/+12
| | | | | | | filenames. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3074 e7ae566f-a301-0410-adde-c780ea21d3b5
* Previously, OpenVPN might log a client's auth-user-passjames2008-07-173-2/+19
| | | | | | | | | | password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
* gen_path now rejects filenames that match Windowsjames2008-07-173-1/+72
| | | | | | | device names such as CON, NUL, LPT1, etc. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3072 e7ae566f-a301-0410-adde-c780ea21d3b5
* Call prng_init after fork in background processjames2008-07-171-0/+4
| | | | | | | | | | created by port_share_open, so as to ensure a newly seeded PRNG sequence. This is strictly defensive programming since port_share_proxy currently does not use the PRNG. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3070 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added warning when using chroot without specifying user and group.james2008-07-171-0/+3
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3069 e7ae566f-a301-0410-adde-c780ea21d3b5
* Check for multiplication overflow on ALLOC_ARRAY* functions.james2008-07-172-4/+16
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3068 e7ae566f-a301-0410-adde-c780ea21d3b5
* Removed old version of extract_x509_field.james2008-07-171-40/+0
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3066 e7ae566f-a301-0410-adde-c780ea21d3b5
* Support wraparound of reliable.[ch] packet IDs. Injames2008-07-171-12/+44
| | | | | | | | | | practice, wraparound of the packet ID sequence is extremely unlikely since the sequence is restarted for each mid-session TLS renegotiation. But we will support it for completeness. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3065 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed a potential information leak in the new NTLM phase 3 code,james2008-07-172-8/+21
| | | | | | | | | | | as well as a failure of the code to check the return value from base64_decode. Fixed compiler warnings in the new NTLM phase 3 code about implicit casting between signed and unsigned char *. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3064 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue in read_key_file, where the return value ofjames2008-07-171-1/+3
| | | | | | | read() wasn't being checked for errors. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3063 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added SOCKET_SND_RCV_BUF_MAX constant (set to 1000000) to limit thejames2008-07-162-5/+16
| | | | | | | maximum size passed to setsockopt SNDBUF/RCVBUF. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3062 e7ae566f-a301-0410-adde-c780ea21d3b5
* In the Windows version of tun_finalize, on errors that wouldjames2008-07-161-1/+6
| | | | | | | | | return -1, set buf->len to 0 rather than -1. While downstream code is set up to consider the buffer invalidated if its length is <= 0, this change makes the code cleaner and safer. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3061 e7ae566f-a301-0410-adde-c780ea21d3b5
* Used unlikely() macro to tell compiler that msg() willjames2008-07-161-1/+1
| | | | | | | usually be silent. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3060 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added likely() and unlikely() branch prediction hint macrosjames2008-07-164-21/+68
| | | | | | | | | | | | | to syshead.h Introduced BUF_MAX constant to limit struct buffer offset and length values. BUF_MAX has been set to 2^20. Use likely() and unlikely() macros in buffer.h code to allow the compiler to generate more efficient code. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3058 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james2008-07-14153-159/+159
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc8v2.1_rc8james2008-06-132-5/+13
| | | | | | | | | On Windows, use -leay32 and -lssl32 to link with OpenSSL. On Windows, bundle pkcs11-helper-1.06-beta1. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2997 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated copyright notice to 2008.james2008-06-11150-152/+152
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated version & changelog.james2008-06-114-4/+77
| | | | | | | | | | Updated build-pkcs11-helper.sh to build from OpenSSL 0.9.8h. Added pkcs11-related fixes to easy-rsa/2.0/vars. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2994 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged connection profiles fromjames2008-06-1123-582/+1076
| | | | | | | http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated version to 2.1_rc7e.james2008-06-1130-569/+2495
| | | | | | | | | | | | | | | | | | | Added client authentication and packet filtering capability to management interface. Extended packet filtering capability to work on both --dev tun and --dev tap tunnels. Updated valgrind-suppress file. Made "Linux ip addr del failed" error nonfatal. Amplified --client-cert-not-required warning. Added #pragma pack to proto.h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added support for building and linking withjames2008-06-046-6/+91
| | | | | | | openssl-0.9.8h on Windows. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2982 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed unbounded memory growth bug injames2008-06-043-2/+18
| | | | | | | | | | environmental variable code that could have caused long-running OpenVPN sessions with many TLS renegotiations to incrementally increase memory usage over time. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2981 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed an issue in extract_x509_field_ssl where the extractionjames2008-06-041-1/+1
| | | | | | | | | | would fail on the first field of the subject name, such as the common name in: /CN=foo/emailAddress=foo@bar.com git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2980 e7ae566f-a301-0410-adde-c780ea21d3b5
* In auth-pam authentication module, even when in debug mode,james2008-06-041-2/+8
| | | | | | | never output passwords to stderr. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2979 e7ae566f-a301-0410-adde-c780ea21d3b5
* Incremented version to 2.1_rc7d.james2008-06-0426-108/+1210
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support asynchronous authentication by plugins by allowing OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH. Added a simple packet filter functionality that can be driven by a plugin. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_PF. See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH and ENABLE_PF. "TLS Error: local/remote TLS keys are out of sync" is no longer a fatal error for TCP-based sessions, since the error can arise normally in the course of deferred authentication. In a related change, allow packet-id sequence to begin at some number n > 0 for TCP sessions, rather than strictly requiring sequence to begin at 1. Added a test to configure.ac for LoadLibrary function on Windows. Modified "make dist" function to include all files from install-win32 so that ./domake-win can be run from a tarball-expanded directory. setenv and setenv-safe directives may now omit a value argument which defaults to "". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed a bug in plugin.c that caused openvpn_plugin_client_destructor_v1james2008-05-256-13/+136
| | | | | | | | | | | | to not be called for the top-level "generic" client template. Added additional documentation to openvpn-plugin.h that more clearly illustrates the full sequence and ordering of plugin callbacks (plugin/defer/simple.c was extended to provide the raw data for this documentation). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2973 e7ae566f-a301-0410-adde-c780ea21d3b5
* Support asynchronous/deferred authentication injames2008-05-2419-101/+456
| | | | | | | | | | OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler. See documentation in openvpn-plugin.h and example usage in plugin/defer/simple.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
* Did:james2008-05-240-0/+0
| | | | | | | | svn propset svn:ignore -F .svnignore . on the modified .svnignore files. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2967 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified .svnignore to only ignore files generatedjames2008-05-243-46/+18
| | | | | | | by the auto* tools and make. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2966 e7ae566f-a301-0410-adde-c780ea21d3b5
* Moved branch into official BETA21 position.james2008-05-1290-1274/+2241
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
* Misc XGUI fixes.james2008-03-114-20/+24
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2836 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-06-02 14:03:20 +0000