| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Came in as github pull request #15
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-By: Arne Schwabe <arne@rfc2549.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create_socket() and sub-functions assume that the ai_protocol value
returned by getaddrinfo() is IPPROTO_UDP or IPPROTO_TCP. On Solaris,
it is "0", because Solaris's socket() call will then "select the right
protocol" - but it breaks our code. So remove ASSERT()s on ai_protocol,
and also accept properly set ai_socktype (SOCK_DGRAM/SOCK_STREAM) values
if ai_protocol is not set.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20140407201711.GN16637@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8428
|
|
|
|
|
|
|
|
|
|
| |
This slipped in with commit d0085293.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1396346803-31772-1-git-send-email-heiko.hund@sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8421
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
| |
AC_EGREP_CPP uses CPPFLAGS, not CFLAGS. Make sure the macro can find
OpenSSL by temporarily adding OPENSSL_CRYPTO_FLAGS to CPPFLAGS.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Heiko Hund <heiko.hund@sophos.com>
Message-Id: <5339EFFC.6090908@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8419
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change "local" argument to socket_do_listen() to avoid calling
"local->ai_addr" in the caller for the "do_listen == FALSE" case,
in which case it could be NULL.
Also, ensure "ai" is always initialized in socket_listen_accept() for
the "!remote_dynamic" case - otherwise it will sometimes(!) crash in
addrlist_match() later on.
Get rid of spurious operator precedence warning concerning
GETADDR_CACHE_MASK.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1396181376-32022-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8412
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-12-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8369
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Let socket_create take struct addrinfo as argument and use the entries of
addrinfo to create the socket.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-11-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8370
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption".
This is something we do not want nor need, but could potentially be used
for a future attack. OpenVPN 2.4 requires the flag to be set and will fail
configure if the flag is not present.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <CAA1AbxJh17KYmVU1BVa5kp4iJsUJT+xnXp0rVU_3g3c5hPnqDQ@mail.gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8389
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This explicitly disables a number of tls ciphers that OpenVPN has currently
no support for. OpenSSL will automatically detect this during negotiation,
but --show-tls would erroneously show a number of unsupported ciphers.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1393684575-28112-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8318
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a number of commonly used cipher list names to ssl.c, which makes
OpenVPN not give a "translation not found" warning when using these.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1393684575-28112-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8316
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 0.9.7 and older are considered obsolete (see
http://www.openssl.org/news/news.html). This patch updates configure.ac to
require OpenSSL 0.9.8 or newer, and removes a number of #ifdefs that are
now no longer needed.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1395582781-27966-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8392
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-9-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8368
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
connection_list defined.
Entries in options->ce are never used and overwritten by the first usable
connection profile on initialisation.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-8-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8377
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-7-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8371
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and --http-proxy
Also introduce x_gc_addspeical function that allows to add objects with a
custom free function to the gc.
Some additional addrinfo cleanup
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395576786-17507-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8386
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
versions
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1389803764-5879-1-git-send-email-davids@redhat.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8239
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
message
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-5-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8374
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Android 4.4 it is not possible to open a new tun device and then close
the old tun device without breaking the whole VPNService stack until the
device is rebooted.
Add new management method to ask the UI what method should be taken to
ensure the optimal solution for the situation. Then do open-before-close
or close-before-open inside open_tun() as requested.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-4-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8373
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-3-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8372
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
Do not protect the link socket when connecting to localhost. Also only
call the protect function on valid socket
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395407925-25518-2-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8375
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stateless session resumption.
OpenVPN doesn't want or need SSL session renegotiation or
resumption, as it handles renegotiation on its own.
For this reason, OpenVPN always disables the SSL session cache:
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)
However, even with the above code, stateless session resumption
is still possible unless explicitly disabled with the
SSL_OP_NO_TICKET flag. This patch does this.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1395017376-24554-1-git-send-email-james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8346
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
Format the message to be more like the other deprecated options
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395060345-30870-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8354
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1395061013-1802-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8353
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the need for the --max-routes option. Instead of
allocating a fixed size array for the route(-option)s they are
managed in linked lists instead.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1392746395-19246-1-git-send-email-heiko.hund@sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8295
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
| |
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
| |
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This one place was forgotten when the elements type was changed
from bool to int in the dual stack patch 23d61c56.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389972638-8006-2-git-send-email-heiko.hund@sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8243
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows there's no sa_family_t. This patch defines it in
syshead.h is configure did not find it in the system headers.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389972638-8006-1-git-send-email-heiko.hund@sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8242
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code for FreeBSD, Dragonfly, OpenBSD and NetBSD contained copies
of structures from <net/route.h> (struct rt_msghdr in particular).
OpenBSD changed some structure elements, making OpenVPN incompatible,
depending on the specific OpenBSD version. Clean up: remove copied
definitions, replace by including <net/route.h> directly - this could
not be done originally due to a conflict with "struct route" in OpenVPN
and <net/route.h>, cleaned up by the previous commit.
Tested on FreeBSD 9.1-RELEASE, NetBSD 5.1, OpenBSD 4.9 (route.c compiles
with no warnings, and "openvpn --show-gateway" works, which is the only
part of the code that uses the structures in question).
Fix trac #340
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389650074-18455-2-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8230
|
|
|
|
|
|
|
|
|
|
|
|
| |
To fix trac #340, we need to rename our "struct route" to avoid a
collision with "struct route" from <net/route.h> on *BSD.
No functional changes.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389650074-18455-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8231
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Made some type casts explicit.
* Changed type of sha256_hash to unsigned char[], because polar expects
that.
* Added missing error.h include.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1389555572-6210-4-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8225
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1389555572-6210-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8222
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
| |
Issue a warning instead of ignoring a failed write() completely.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1389555572-6210-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8223
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
| |
See trac#218
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1389441036-12538-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8213
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Get rid of all "if (ir6->netbits>=0)" checks, as those are always true
(unlike ir->netbits for IPv4, we don't do the special case for "if it's
a host, put -1 in there" for IPv6).
Merge mroute_helper_{add,del}_iroute and mroute_helper_{add,del}_iroute6
into unified mroute_helper_{add,del}_iroute46() function as they did the
same thing anyway, just with slightly different parameters.
Make Arne happy.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389371142-26705-2-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8198
|
|
|
|
|
|
|
|
| |
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389371142-26705-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8197
|
|
|
|
|
|
|
|
|
|
| |
Use shorter variable name to signal the same thing (see f3a2cd255a3bc73)
to save space in the buffer used by the collective IV_ info sent to server.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389296891-1487-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8183
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Documentation examples, description and code were disagreeing on what
this option actually does. Now they will all agree that it will
*prepend* a random-byte string to the hostname name before resolving
to work around DNS caching (needs a "*" wildcard record in the zone).
Fix trac #143
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1384698620-27946-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7999
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function incoming_push_message(...) in push.c uses a local variable
option_types_found, that gets passed to do_up(...).
If the server push got split into several parts, only the last part
(PUSH_MSG_REPLY) option_types_found is used for do_up (initilized as 0
locally), the previous ones (PUSH_MSG_CONTINUATION) are ignored.
So e.g. a ping config, pushed by the server in the first push, followed
by a lot of "push route" configs, causing a second push message, will
have the do_up() called, but without e.g. the OPT_P_TIMER flag, so those
options will be silently ignored.
The patch resolves that, by introducing "push_option_types_found" in
"c->options" and using that as storage.
Fix trac bug #349.
Acked-by: Gert Doering <gert@greenie.muc.de>
URL: https://community.openvpn.net/openvpn/ticket/349
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
| |
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1389012640-24174-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8178
|
|
|
|
|
|
|
|
|
|
|
| |
Bundle lz4.c and lz4.h from http://code.google.com/p/lz4/ (r109) as
src/compat/compat-lz4.[ch], and use that (via #define NEED_COMPAT_LZ4)
if autoconf cannot find lz4.h or -llz4 in the system.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1388613479-22377-2-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8154
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement LZ4 compression, similar to the existing snappy / push-peer-info
model: a LZ4 capable client will send IV_LZ4=1 to the server, and the
algorithm is selected by pushing "compress lz4" back.
LZ4 does not compress as well as LZO or Snappy, but needs far less CPU
and is much faster, thus better suited for mobile devices. See
https://code.google.com/p/lz4/ for more details.
LZ4 include and library path can be specified by specifying LZ4_LIBS=...
and LZ4_CFLAGS=... on the configure command line.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1388613479-22377-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8153
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Export ciphers are deliberately weak ciphers, and not fully supported by
OpenVPN since ephemeral RSA support has been removed a few commits ago.
This commit removes them from the default cipher list to avoid confusion.
PolarSSL does not support export ciphers, so no action required there.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388607026-12297-7-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8146
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds some ifs to check for NULL in tls_ctx_restrict_ciphers() to
prepare
for disabling export ciphers by default in OpenVPN 2.4+.
Also let tls_ctx_restrict_ciphers always be called, also when *cipher_list
is
NULL.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <52C8922E.3030607@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8173
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
| |
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388760580-7548-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8167
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code would not really generate ephemeral keys every time it is called,
but a single key that would be reused during process lifetime and returned
each time the function was called; probably not what users would expect.
TLS allowes ephemeral keys to be used only when no other key exchange, such
as (ephemeral) Diffie-Hellman, is performed. The end result is that it was
only used by a number of (weak) export ciphers, which could give users a
false sense of security.
So, instead of fixing a weak cipher mode, we'll just remove support for it
completely. Plenty of better alternatives are available in TLS.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388607026-12297-5-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8152
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows to check the available TLS ciphers for a specific configuration
by supplying both --tls-cipher and --show-tls options.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388607026-12297-4-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8150
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4b67f98 changed call to TLSv1_{client,server}_method() to
SSLv23_{client,server}_method(), this commit updates the corresponding
error messages to match the changes in the code.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388607026-12297-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8147
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4b67f98 changed calls to TLSv1_{sever,client}_method() to
SSLv23_{client,server}_method() to enable TLS version negotiation. This
commit does the same for two calls of TLSv1_method() from support code.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388607026-12297-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8148
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 2.3 some options that were allowed only in global config before have
been moved to connection blocks. This changes the behaviour if the
variables were defined after connection block. This patch adds a warning
to catch these mistakes.
Also let warnings errors show [CONNECTION-OPTIONS] instead of [CMD-LINE]
for connection blocks
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1387275767-10303-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8117
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|