summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version 2.1_rc13v2.1_rc13james2008-10-0810-30/+43
| | | | | | | Minor fixes to Windows build scripts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3417 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright notice changed to reflect change in name ofjames2008-10-06157-198/+194
| | | | | | | Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
* Management interface can now listen on a unixjames2008-09-3016-45/+693
| | | | | | | | | | | | | domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc12v2.1_rc12james2008-09-232-1/+10
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3349 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed --lladdr bug introduced in 2.1-rc9 where input validation codejames2008-09-193-2/+42
| | | | | | | | was incorrectly expecting the lladdr parameter to be an IP address when it is actually a MAC address (HoverHell). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3339 e7ae566f-a301-0410-adde-c780ea21d3b5
* Patched Makefile.am so that the new t_cltsrv-down.sh script becomesjames2008-09-152-2/+3
| | | | | | | part of the tarball (Matthias Andree). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3332 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc11v2.1_rc11james2008-09-154-10/+38
| | | | | | | | Fixed a bug that can cause SSL/TLS negotiations in UDP mode to fail if UDP packets are dropped. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc10v2.1_rc10james2008-09-102-1/+94
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3323 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc9bjames2008-09-081-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3318 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug in intra-session TLS key rollover that was introduced withjames2008-09-083-18/+68
| | | | | | | deferred authentication features in 2.1_rc8. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3316 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified ip_or_dns_addr_safe, which validates pulled DNS names,james2008-09-062-4/+16
| | | | | | | | | | | | to more closely conform to RFC 3696: * DNS name length must not exceed 255 characters * DNS name characters must be limited to alphanumeric, dash ('-'), and dot ('.') git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
* 2.1_rc8 and earlier did implicit shell expansion on scriptjames2008-09-069-363/+350
| | | | | | | | | | | | | | | | | | | | | | | | arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --allow-pull-fqdn option which allows client to pull DNS namesjames2008-09-045-12/+45
| | | | | | | | | | | from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed minor compile issue in ntlm.c (mid-block declaration).james2008-08-111-2/+4
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3222 e7ae566f-a301-0410-adde-c780ea21d3b5
* LZO compression buffer overflow errors will now invalidatejames2008-08-111-1/+7
| | | | | | | the packet rather than trigger a fatal assertion. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3221 e7ae566f-a301-0410-adde-c780ea21d3b5
* Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, whichjames2008-08-102-5/+2
| | | | | | | the new implementation of extract_x509_field_ssl depends on. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3220 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed build issue with ./configure --disable-socks --disable-http.james2008-08-103-4/+4
| | | | | | | | | | Fixed separate compile errors in options.c and ntlm.c that occur on strict C compilers (such as old versions of gcc) that require that C variable declarations occur at the start of a {} block, not in the middle. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3219 e7ae566f-a301-0410-adde-c780ea21d3b5
* Tagged security fix in 2.1-rc9 as CVE-2008-3459.james2008-08-101-0/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3218 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated openvpn/t_cltsrv.sh (used by "make check") to conform to newjames2008-08-102-14/+44
| | | | | | | | --script-security rules. Also adds retrying if the addresses are in use (Matthias Andree). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3217 e7ae566f-a301-0410-adde-c780ea21d3b5
* Reverted r3181, accomplish the same thing via a special casejames2008-08-053-21/+16
| | | | | | | | | | for Windows stdcall functions in configure.ac (Alon Bar-Lev). Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO and USE_SSL flags are enabled (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3183 e7ae566f-a301-0410-adde-c780ea21d3b5
* Workaround for MinGW autoconf issue where HAVE_SETSOCKOPT,james2008-08-051-0/+12
| | | | | | | | HAVE_GETSOCKOPT, and HAVE_POLL are undefined even though the underlying functions are present. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3181 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional warnings to flag common gotchas:james2008-08-055-27/+133
| | | | | | | | | | | | | | | | | | | | | | * Warn when ethernet bridging that the IP address of the bridge adapter is probably not the same address that the LAN adapter was set to previously. * When running as a server, warn if the LAN network address is the all-popular 192.168.[0|1].x, since this condition commonly leads to subnet conflicts down the road. * Primarily on the client, check for subnet conflicts between the local LAN and the VPN subnet. Added a 'netmask' parameter to get_default_gateway, to return the netmask of the adapter containing the default gateway. Only implemented on Windows so far. Other platforms will return 255.255.255.0. Currently the netmask information is only used to warn about subnet conflicts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3179 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed minor issue with --redirect-gateway bypass-dhcp or bypass-dnsjames2008-08-041-1/+1
| | | | | | | | on Windows. If the bypass IP address is 0.0.0.0 or 255.255.255.255, ignore it. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3177 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "--server-bridge" (without parameters) to enablejames2008-08-0214-34/+427
| | | | | | | | | | | | | | | | | | | DHCP proxy mode: Configure server mode for ethernet bridging using a DHCP-proxy, where clients talk to the OpenVPN server-side DHCP server to receive their IP address allocation and DNS server addresses. Added "--route-gateway dhcp", to enable the extraction of the gateway address from a DHCP negotiation with the OpenVPN server-side LAN. Modified client.conf and server.conf to reflect new option modes. Incremented version to 2.1_rc9a. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3164 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_rc9v2.1_rc9james2008-08-011-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3155 e7ae566f-a301-0410-adde-c780ea21d3b5
* In Windows build, package a statically linked openssl.exe to work aroundjames2008-07-314-13/+6
| | | | | | | | observed instabilities in the dynamic build since the migration to OpenSSL 0.9.8h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3149 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated ChangeLog and version number.james2008-07-312-1/+22
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3147 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional warnings for:james2008-07-271-0/+7
| | | | | | | | | | | * --tls-remote -- some people misunderstand the semantics * --script-security -- warn if script-security will allow user-defined scripts to be called, and also warn separately if passwords may be passed to scripts via the environment git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3129 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional defensive programming to buffer.[ch] functions.james2008-07-272-26/+118
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3128 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added a warning message when passwords are cached in memory.james2008-07-271-0/+4
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3127 e7ae566f-a301-0410-adde-c780ea21d3b5
* Perform additional input validation on options pulledjames2008-07-267-64/+230
| | | | | | | by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed compiler warnings in Windows build (MinGW).james2008-07-266-5/+8
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3125 e7ae566f-a301-0410-adde-c780ea21d3b5
* Completely revamped the system for calling external programs and scripts:james2008-07-2623-420/+1098
| | | | | | | | | | | | | | | | | | | | | | * All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added argv_x functions to buffer.[ch] to be used to safely buildjames2008-07-233-0/+265
| | | | | | | | up argv strings for execve without the possibility of truncation or misinterpretation of mid-argument spacing. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3107 e7ae566f-a301-0410-adde-c780ea21d3b5
* buf_printf will now return false on errors, such as truncationjames2008-07-192-3/+8
| | | | | | | due to overflow. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3085 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified extract_x509_field_ssl to return a status value indicatingjames2008-07-191-37/+41
| | | | | | | | | | | | | success/error, and any truncation of output due to an insufficiently large output buffer will be cause for error. In verify_callback, read X509 Subject Name without truncation. In verify_callback, rather than silently truncating Common Name at 64 bytes, throw an error if Common Name is larger than 64 bytes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3084 e7ae566f-a301-0410-adde-c780ea21d3b5
* Replace leading dash ('-') characters in an X509 name with underbars ('_')james2008-07-193-0/+19
| | | | | | | | before calling user-defined scripts, to preclude the chance of a leading dash being interpreted as an option prefix. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added a warning when plugins are specified withoutjames2008-07-183-1/+28
| | | | | | | an absolute pathname. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3082 e7ae566f-a301-0410-adde-c780ea21d3b5
* Reverted some recent buffer.[ch] changes, including r3058 (except forjames2008-07-183-64/+21
| | | | | | | | | | likely() and unlikely() macro additions to syshead.h) and r3061. I would like to give more thought to the bigger issue of fortifying buffer.[ch] through the use of additional defensive programming techniques. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed format string issue in read_inline_file,james2008-07-181-1/+1
| | | | | | | used in the config file parser. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3078 e7ae566f-a301-0410-adde-c780ea21d3b5
* status_printf function will now set error flag onjames2008-07-182-7/+24
| | | | | | | | | | output truncation or failure of write() to write the expected number of bytes. Raised STATUS_PRINTF_MAXLEN to 512 (from 256). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3077 e7ae566f-a301-0410-adde-c780ea21d3b5
* gen_path will no longer silently truncate the generatedjames2008-07-182-1/+15
| | | | | | | filename at 256 bytes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3076 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed code inclusion bug that was erroneously testingjames2008-07-182-6/+9
| | | | | | | | | defined(P2MP_SERVER) rather than P2MP_SERVER. Fixed compile issues when USE_CRYPTO is undefined. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3075 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified create_temp_filename to create unpredictablejames2008-07-181-5/+12
| | | | | | | filenames. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3074 e7ae566f-a301-0410-adde-c780ea21d3b5
* Previously, OpenVPN might log a client's auth-user-passjames2008-07-173-2/+19
| | | | | | | | | | password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
* gen_path now rejects filenames that match Windowsjames2008-07-173-1/+72
| | | | | | | device names such as CON, NUL, LPT1, etc. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3072 e7ae566f-a301-0410-adde-c780ea21d3b5
* Call prng_init after fork in background processjames2008-07-171-0/+4
| | | | | | | | | | created by port_share_open, so as to ensure a newly seeded PRNG sequence. This is strictly defensive programming since port_share_proxy currently does not use the PRNG. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3070 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added warning when using chroot without specifying user and group.james2008-07-171-0/+3
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3069 e7ae566f-a301-0410-adde-c780ea21d3b5
* Check for multiplication overflow on ALLOC_ARRAY* functions.james2008-07-172-4/+16
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3068 e7ae566f-a301-0410-adde-c780ea21d3b5
* Removed old version of extract_x509_field.james2008-07-171-40/+0
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3066 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-05-11 00:36:17 +0000