summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* I've recently worked on a better version of pkcs11-helper. I've also mergedjames2006-04-0510-2353/+9422
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it into QCA (Qt Cryptographic Architecture), so that KDE 4 will finally be able to use smartcards. The changes allows the following features: 1. Thread safe, is activated if USE_PTHREAD. 2. Slot event - Will allow us in the future to disconnect VPN when smartcard is removed. In order to support this OpenVPN must support threading... At least SIGUSR1 from a different thread. Threading should be supported in both Windows and Linux. -- currently disabled. When I talk about threading support it is just support in configuration script and that the method that SIGUSR1 self can be called from a different thread. I already handle the monitor threads. 3. Certificate enumeration - Will allow us to finally have one configuration file for all users! When you add the plugin GUI stuff you talked about, we will be able to display a list of available certificates for the user to select. -- currently disabled. 4. Data object manipulation - Will allow us to store tls-auth on the smartcard as well. -- currently disabled. 5. Many other minor improvements. Alon Bar-Lev git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@990 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added man page entry for --setenv-safe.james2006-04-051-0/+12
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@989 e7ae566f-a301-0410-adde-c780ea21d3b5
* "topology subnet" fix for FreeBSD (Benoit Bourdin).james2006-04-051-2/+25
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@986 e7ae566f-a301-0410-adde-c780ea21d3b5
* Security Vulnerability -- An OpenVPN client connecting to ajames2006-04-053-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | | malicious or compromised server could potentially receive "setenv" configuration directives from the server which could cause arbitrary code execution on the client via a LD_PRELOAD attack. A successful attack appears to require that (a) the client has agreed to allow the server to push configuration directives to it by including "pull" or the macro "client" in its configuration file, (b) the client configuration file uses a scripting directive such as "up" or "down", (c) the client succesfully authenticates the server, (d) the server is malicious or has been compromised and is under the control of the attacker, and (e) the attacker has at least some level of pre-existing control over files on the client (this might be accomplished by having the server respond to a client web request with a specially crafted file). The fix is to disallow "setenv" to be pushed to clients from the server, and to add a new directive "setenv-safe" which is pushable from the server, but which appends "OPENVPN_" to the name of each remotely set environmental variable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@983 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor fixes for gcc (GCC) 4.0.2 warnings.james2006-02-234-5/+3
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@905 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_beta11 releasedjames2006-02-193-34/+41
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@904 e7ae566f-a301-0410-adde-c780ea21d3b5
* Port share proxy bug fixes.james2006-02-182-99/+61
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@903 e7ae566f-a301-0410-adde-c780ea21d3b5
* ps.c debug codejames2006-02-182-75/+155
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@902 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added comments to ps.c (port share proxy code).james2006-02-182-4/+64
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@901 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_beta10 releasedjames2006-02-175-9/+36
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@899 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_beta9 releasedjames2006-02-162-1/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@896 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 888:889 ↵james2006-02-163-6/+10
| | | | | | https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 21 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@894 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --port-share option for allowing OpenVPN and HTTPSjames2006-02-1624-42/+1122
| | | | | | | server to share the same port number. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@893 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "bytecount" command to management interface.james2006-02-105-2/+70
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@887 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added feature to --management-client to confirm connectionjames2006-02-0310-24/+112
| | | | | | | by writing IP addr and port to a file. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@885 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --management-client option to connect as a client tojames2006-01-2311-52/+155
| | | | | | | management GUI app rather than be connected to as a server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@884 e7ae566f-a301-0410-adde-c780ea21d3b5
* pkcs11 fixes.james2006-01-141-47/+96
| | | | | | | svn merge -r 879:881 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@882 e7ae566f-a301-0410-adde-c780ea21d3b5
* Small fixes:james2006-01-074-3/+20
| | | | | | | | | | | | * Fixed variable declaration in crypto.c that is not at the head of a block. * Added library to Visual C makefile. * In server.conf config sample, add additional comment text on "dev tap" usage. * Added some short documentation on revoke-full script. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@877 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_beta8 releasedjames2006-01-032-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@874 e7ae566f-a301-0410-adde-c780ea21d3b5
* incremented version number to 2.1_beta7bjames2006-01-031-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@872 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added patch to modify openvpn.nsi for buildingjames2005-12-301-0/+76
| | | | | | | a turnkey installer. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@866 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug with tls-auth and key-direction parameterjames2005-12-293-4/+6
| | | | | | | which was introduced in r844. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@865 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 854:863 $SO/trunk/openvpnjames2005-12-291-0/+8
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@864 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added OPENVPN_PLUGIN_TLS_FINAL plugin callback.james2005-12-283-2/+15
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@862 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor ChangeLog edit.james2005-12-231-3/+0
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@861 e7ae566f-a301-0410-adde-c780ea21d3b5
* Some PKCS11-related code wasn't properly #ifdefed.james2005-12-231-1/+5
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@860 e7ae566f-a301-0410-adde-c780ea21d3b5
* Man page and usage message changes to reflectjames2005-12-222-3/+10
| | | | | | | --ip-win32 adaptive and --route-method adaptive. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@859 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added new option --route-method adaptive (Win32)james2005-12-224-9/+38
| | | | | | | | | which tries IP helper API first, then falls back to route.exe. Made --route-method adaptive the default. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@858 e7ae566f-a301-0410-adde-c780ea21d3b5
* --ip-win32 adaptive is now the default.james2005-12-227-19/+252
| | | | | | | | | --ip-win32 netsh (or --ip-win32 adaptive when in netsh mode) can now set DNS/WINS addresses on the TAP-Win32 adapter. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@857 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug in automatic Win32 PATH setting code.james2005-12-171-5/+17
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@856 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 845:854 $SO/trunk/openvpn .james2005-12-1412-52/+137
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@855 e7ae566f-a301-0410-adde-c780ea21d3b5
* Don't warn user if he uses user/group/chroot andjames2005-12-131-2/+7
| | | | | | | | | did not specify persist-key but uses PKCS#11. svn merge -r 847:848 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@853 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --auto-proxy directive to auto-detect HTTP or SOCKSjames2005-12-1217-242/+539
| | | | | | | proxy settings (currently Windows only). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@850 e7ae566f-a301-0410-adde-c780ea21d3b5
* First attempt at automatic proxy detection,james2005-12-088-13/+291
| | | | | | | | Windows-only at this point. Proxy settings are taken from IE. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@846 e7ae566f-a301-0410-adde-c780ea21d3b5
* Inline file capability now works forjames2005-12-087-115/+215
| | | | | | | | | | | --secret and --tls-auth. For example: <secret> [ascii key data] </secret> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@844 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed some gcc 4 warnings in misc.c.james2005-12-081-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@843 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed segfault that occurred if remote_cert_eku is undefined and nojames2005-12-052-1/+5
| | | | | | | | | server certificate verification method was enabled. Don't declare pkcs11 variables in struct options unless pkcs11 support is enabled. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@833 e7ae566f-a301-0410-adde-c780ea21d3b5
* Patch to support --topology subnet on Mac OS X (Mathias Sundman).james2005-12-054-10/+36
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@832 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 780:820 $SO/trunk/openvpn .james2005-11-284-4/+13
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@828 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 823:825 $SO/contrib/alon/BETA21/openvpn .james2005-11-281-1/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@827 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified nonblocking connect code so that this works as it should:james2005-11-281-3/+14
| | | | | | | ./openvpn --dev tap --proto tcp-client --verb 4 --remote [Black-Hole-IP-Addr] --connect-retry-max 1 --remap-usr1 SIGTERM git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@826 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --connect-timeout option to control the timeoutjames2005-11-257-7/+122
| | | | | | | | | on TCP client connection attempts (doesn't work on all OSes). This patch also makes OpenVPN signalable during TCP connection attempts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@823 e7ae566f-a301-0410-adde-c780ea21d3b5
* --remap-usr1 will now also remap signals thrown during initialization.james2005-11-242-1/+9
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@822 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed minor man page formatting issue.james2005-11-241-2/+4
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@821 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged PKCS11 changes from Alon:james2005-11-191-6/+11
| | | | | | | svn merge -r 813:814 $SO/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@816 e7ae566f-a301-0410-adde-c780ea21d3b5
* Version 2.1_beta7 releasedjames2005-11-131-1/+24
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@806 e7ae566f-a301-0410-adde-c780ea21d3b5
* For Windows, set ip-win32 default back to dynamic.james2005-11-121-1/+1
| | | | | | | To use new adaptive mode, set explicitly. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@805 e7ae566f-a301-0410-adde-c780ea21d3b5
* PKCS#11 fixes to interact with new backtrack-hardenedjames2005-11-122-10/+12
| | | | | | | | openvpn_time function. svn merge -r 802:803 $SO/contrib/alon/BETA21/openvpn . git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@804 e7ae566f-a301-0410-adde-c780ea21d3b5
* Reduce sensitivity to system clock instabilityjames2005-11-129-11/+119
| | | | | | | and backtracks. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@799 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed minor typos in --remote-cert-* documentation.james2005-11-122-6/+6
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@798 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-11-19 04:32:32 +0000