summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove unneeded defines (were needed for pre-0.9.7 OpenSSL).Steffan Karger2014-05-261-8/+0
| | | | | | | | | Since we now require OpenSSL 0.9.8, we don't need these anymore. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401045501-12343-4-git-send-email-steffan@karger.me> Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove unneeded wrapper functions in crypto_openssl.cSteffan Karger2014-05-261-16/+4
| | | | | | | | | | Both EVPCipherInit_ov() and EVPCipherUpdate_ov() wrapped OpenSSL functions without any changes, so lets just use the functions directly. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401045501-12343-3-git-send-email-steffan@karger.me> Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove function without effect (cipher_ok() always returned true).Steffan Karger2014-05-261-8/+2
| | | | | | | Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401045501-12343-2-git-send-email-steffan@karger.me> Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Use SSL_MODE_RELEASE_BUFFERS if availableCristian Rodriguez2014-05-251-0/+3
| | | | | | | | | | | | | | | | Sets SSL_MODE_RELEASE_BUFFERS if available, to keep openSSL memory usage as low as possible. For more info, see http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html https://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html See also trac #157 Signed-off-by: Cristian Rodriguez <crrodriguez@opensuse.org> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <5381FEFF.1040609@karger.me> Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fixed some compile issues with show_library_versions()James Yonan2014-05-205-9/+14
| | | | | | | | | | | | | | | | | | | * Refactored show_library_versions to work around the fact that some compilers (such as MSVC 2008) can't handle #ifdefs inside of macro references. * Declare show_library_versions() in options.h because it's referenced by other files such as openvpn.c. * Declare get_ssl_library_version() as returning const char *, to avoid loss of const qualifier in ssl_openssl.c. Signed-off-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1399589436-8730-7-git-send-email-james@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/8711 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit a91a2d6ad7b139ec78d61c8616b8447847e9ecc6)
* Define PATH_SEPARATOR for MSVC builds.James Yonan2014-05-201-0/+3
| | | | | | | | | Signed-off-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1399589436-8730-6-git-send-email-james@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/8714 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 3e8e496008f6634234d5867a22d7a1c03a5bf164)
* Conditionalize calls to print_default_gateway on !ENABLE_SMALLGert Doering2014-04-302-2/+2
| | | | | | | | | | | | | Calls to print_default_gateway() depended on #ifdef ENABLE_DEBUG, but the actual function wasn't compiled in #ifdef ENABLE_SMALL, so the combination "configure --enable-small --enable-debug" didn't work. Fix. Fix trac #397 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1398805779-29376-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8670
* Fix is_ipv6 in case of tap interface.Dmitrij Tejblum2014-04-291-1/+1
| | | | | | | | | | | | | While checking a packet on a TAP interface, is_ipv_X() in proto.c insist that the ethertype must be OPENVPN_ETH_P_IPV4, even if the protocol is IPv6. So the protocol never match, and, thus, mssfix doesn't work for IPv6 on TAP interface. Fix that. Signed-off-by: Dmitrij Tejblum <dt@yandex.ru> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1391873629-14388-1-git-send-email-dt@yandex.ru> URL: http://article.gmane.org/gmane.network.openvpn.devel/8259 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix build system to accept non-system crypto library locations for plugins.Steffan Karger2014-04-272-3/+5
| | | | | | | | | | | | Flags like {OPEN,POLAR}SSL_CFLAGS were used by the core build, but not by the plugins. However, all plugins include openvpn-plugin.h, which need crypto/ssl headers. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1398080238-19662-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8576 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* More IPv6-related updates to the openvpn man page.Gert Doering2014-04-271-6/+10
| | | | | | | | | | | | | | Point to correct kernel version for --multihome and IPv4-mapped addresses (3.15, Tore Anderson). Remove old reference to http://www.greenie.net/ from the IPv6 section, as the code and documentation in here is more current than on that site. Some more additions and clarifications. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Tore Anderson <tore@fud.no> Message-Id: <1398511854-3609-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8642
* Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.Steffan Karger2014-04-275-2/+76
| | | | | | | | | | | | | | | This changes the representation of the tls_serial_{n} environment variable from hex to decimal for PolarSSL builds, to match OpenSSL build behaviour. Because hex representation for serials makes sense too, and to ease transition for PolarSSL users, added tls_serial_hex_{n} that exports the serial in hex represenation for both crypto library backends. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1398588561-18964-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8649 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix OCSP_check.sh to also use decimal for stdout verification.Steffan Karger2014-04-271-3/+3
| | | | | | | | | | | This is an extra fix needed on top of 959d607, which already changes the serial parameter to correctly use decimal representation. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1398588561-18964-2-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8650 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.Steffan Karger2014-04-271-1/+1
| | | | | | | | | | | hash was cast from char * to unsigned char * at the return of the function. This patch removes the implicit cast by declaring hash as unsigned char * . Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1398585348-7969-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8647 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Rewrite manpage section about --multihomeGert Doering2014-04-251-12/+16
| | | | | | | | | | | | Part of the information was confusing, part was outdated, and part was just not making sense. Pointed out in trac#348. Also add note about Linux IPv4-mapped issues as per trac#306. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1398453555-19706-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8635
* Repair --multihome on FreeBSD for IPv4 sockets.Gert Doering2014-04-251-2/+6
| | | | | | | | | | | | | | | | The code in link_socket_write_udp_posix_sendmsg() for the IP_RECVDESTADDR case was sending a too-large control message (sizeof openvpn_pktinfo, which is a union for IPv4+IPv6) instead of just openvpn_in4_pktinfo, leading to sendmsg() refusing to send the packet. Use RFC 2292 macros for alignment + size calculation. Fix trac#327 Signed-off-by: Gert Doering <gert@greenie.muc.de> Lazy-Ack-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1390164697-1590-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8250
* Fix man page and OSCP script: tls_serial_{n} is decimalArne Schwabe2014-04-252-4/+4
| | | | | | | | | | | | Commit 7d5e26cbb53 fixed extracting serial but did not change the format, which always has been decimal. This patch fixes the manpage and OSCP.sh script to conform with the implementation. Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1396001222-5033-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8409 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add an elliptic curve testing cert chain to the sample keysSteffan Karger2014-04-257-3/+156
| | | | | | | | Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1398293018-8581-3-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8601 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add support for elliptic curve diffie-hellmann key exchange (ECDH)Steffan Karger2014-04-259-1/+229
| | | | | | | | | | | | | | | | | | | | | | | | This patch is based on Jan Just Keijser's patch from Feb 7, 2012. When OpenSSL 1.0.2+ or PolarSSL is used, lets the crypto library do the heavy lifting. For OpenSSL builds, if a user specifies a curve using --ecdh-curve, it first tries to override automatic selection using that curve. For older OpenSSL, tries the following things (in order of preference): * When supplied, use the ecdh curve specified by the user. * Try to extract the curve from the private key, use the same curve. * Fall back on secp384r1 curve. Note that although a curve lookup might succeed, OpenSSL 1.0.0 and older do *not* support TLSv1.1 or TLSv1.2, which means no that no EC-crypto can be used. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <53597BEA.6080408@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8625 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Minor t_client.sh cleanupsGert Doering2014-04-212-2/+2
| | | | | | | | | | | - remove built tests/t_client.sh script on "make clean" - ignore Linux iproute2 "ssthresh <n>" output that sometimes shows up in "ip -6 route show" and breaks before/after comparison Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1398019261-30180-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8557
* Use native strtoull() with MSVC 2013.James Yonan2014-04-211-0/+3
| | | | | | | | | | | MSVC 2013 C library now defines strtoull() function, so use the native implementation when available. Signed-off-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1398064204-26476-3-git-send-email-james@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/8561 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Update openvpn-plugin.h for PolarSSL 1.3.Steffan Karger2014-04-211-2/+2
| | | | | | | | Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <5354F0F2.5080200@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8567 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Improve error reporting during key/cert loading with PolarSSL.Steffan Karger2014-04-211-4/+14
| | | | | | | | Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Message-Id: <53528943.3090205@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8555 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Upgrade to PolarSSL 1.3Steffan Karger2014-04-2110-195/+167
| | | | | | | | | | | | | | | This removes support for PolarSSL 1.2. The mimimum version of PolarSSL required is now 1.3.3. The upgrade brings OpenVPN-with-PolarSSL: * Support for EC-crypto in TLS (but not yet for external pkcs11/management keys) * Support for AES-NI (if PolarSSL is compiled with AES-NI support) Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Message-Id: <53528943.3090205@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8555 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add SSL library version reporting.Gert Doering2014-04-186-0/+42
| | | | | | | | | | | | Print the version of the SSL and LZO library (if any) used. SSL library version is also sent as IV_SSL=<version> to the server if --push-peer-info is enabled. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <20140416152456.GI16637@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8537
* IPv6 address/route delete fix for Win8Gert Doering2014-04-132-2/+12
| | | | | | | | | | | | | Use "store=active" for IPv6 address and route deletion - seems to be required on Windows 8 and up, and not doing it will break OpenVPN reconnection (old addresses are not properly deleted, thus address can not be configured on connect). Reported-by: Cedric <cedric+openvpn@bgtn.net> Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Cedric Tabary <cedric+openvpn@bgtn.net> Message-Id: <20140413170648.GU16637@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8499
* Fix SOCKSv5 method selectionYawning Angel2014-04-131-3/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So, RFC 1928 doesn't say anything about the METHODS field in the Method Selection message being ordered in terms of preference or anything, and the server is free to pick any of the METHODS offered by the client. Always sending a Method Selection message with NO AUTHENTICATION REQUIRED and USERNAME/PASSWORD set is broken on two fronts: * If the OpenVPN client can't handle the server picking USERNAME/PASSWORD due to the credentials being missing, it shouldn't offer it to the server. * If the OpenVPN client has credentials, then it should always attempt to authenticate. This is a security product. "You can misconfigure it and it will work" is not acceptable. Setting a username/password when the SOCKS server doesn't require/support that as an option is the user not configuring it correctly, and should be treated as such. Also verify that the SOCKS server returned the auth that was requested. URL: https://github.com/OpenVPN/openvpn/pull/14 Fix trac #377, trac #148 Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20140413130102.GR16637@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8488 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix typo in sample build script to use LDFLAGSkangsterizer2014-04-131-1/+1
| | | | | | | Came in as github pull request #15 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-By: Arne Schwabe <arne@rfc2549.org>
* Work around Solaris getaddrinfo() returing ai_protocol=0Arne Schwabe2014-04-101-5/+2
| | | | | | | | | | | | | | | | Create_socket() and sub-functions assume that the ai_protocol value returned by getaddrinfo() is IPPROTO_UDP or IPPROTO_TCP. On Solaris, it is "0", because Solaris's socket() call will then "select the right protocol" - but it breaks our code. So remove ASSERT()s on ai_protocol, and also accept properly set ai_socktype (SOCK_DGRAM/SOCK_STREAM) values if ai_protocol is not set. Signed-off-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20140407201711.GN16637@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8428
* fix route struct nameHeiko Hund2014-04-011-1/+1
| | | | | | | | | | This slipped in with commit d0085293. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1396346803-31772-1-git-send-email-heiko.hund@sophos.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8421 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* configure.ac: use CPPFLAGS for SSL_OP_NO_TICKET checkSteffan Karger2014-04-011-0/+3
| | | | | | | | | | | AC_EGREP_CPP uses CPPFLAGS, not CFLAGS. Make sure the macro can find OpenSSL by temporarily adding OPENSSL_CRYPTO_FLAGS to CPPFLAGS. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Heiko Hund <heiko.hund@sophos.com> Message-Id: <5339EFFC.6090908@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8419 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix crash when using --inetd.Gert Doering2014-03-302-6/+7
| | | | | | | | | | | | | | | | | | Change "local" argument to socket_do_listen() to avoid calling "local->ai_addr" in the caller for the "do_listen == FALSE" case, in which case it could be NULL. Also, ensure "ai" is always initialized in socket_listen_accept() for the "!remote_dynamic" case - otherwise it will sometimes(!) crash in addrlist_match() later on. Get rid of spurious operator precedence warning concerning GETADDR_CACHE_MASK. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1396181376-32022-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8412
* Fix assert when using port-shareArne Schwabe2014-03-261-1/+1
| | | | | | | | Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-12-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8369 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Clean up of socket code.Arne Schwabe2014-03-263-103/+95
| | | | | | | | | | | Let socket_create take struct addrinfo as argument and use the entries of addrinfo to create the socket. Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-11-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8370 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* configure.ac: check for SSL_OP_NO_TICKET flag in OpenSSLSteffan Karger2014-03-231-0/+15
| | | | | | | | | | | | SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption". This is something we do not want nor need, but could potentially be used for a future attack. OpenVPN 2.4 requires the flag to be set and will fail configure if the flag is not present. Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <CAA1AbxJh17KYmVU1BVa5kp4iJsUJT+xnXp0rVU_3g3c5hPnqDQ@mail.gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8389 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Disable unsupported TLS cipher modes by default, cleans --show-tls output.Steffan Karger2014-03-231-2/+2
| | | | | | | | | | | | This explicitly disables a number of tls ciphers that OpenVPN has currently no support for. OpenSSL will automatically detect this during negotiation, but --show-tls would erroneously show a number of unsupported ciphers. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1393684575-28112-3-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8318 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add openssl-specific common cipher list names to ssl.c.Steffan Karger2014-03-231-0/+13
| | | | | | | | | | | This adds a number of commonly used cipher list names to ssl.c, which makes OpenVPN not give a "translation not found" warning when using these. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1393684575-28112-2-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8316 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Bump minimum OpenSSL version to 0.9.8Steffan Karger2014-03-237-54/+2
| | | | | | | | | | | | | OpenSSL 0.9.7 and older are considered obsolete (see http://www.openssl.org/news/news.html). This patch updates configure.ac to require OpenSSL 0.9.8 or newer, and removes a number of #ifdefs that are now no longer needed. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1395582781-27966-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8392 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add gateway and device to android control messagesArne Schwabe2014-03-231-3/+6
| | | | | | | | Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-9-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8368 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Don't show the connection profile store in options->ce if there is a ↵Arne Schwabe2014-03-231-2/+5
| | | | | | | | | | | | | connection_list defined. Entries in options->ce are never used and overwritten by the first usable connection profile on initialisation. Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-8-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8377 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix for server selecting address familyArne Schwabe2014-03-231-12/+12
| | | | | | | | Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-7-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8371 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Introduce an option to resolve dns names in advance for --remote, --local ↵Arne Schwabe2014-03-2310-139/+415
| | | | | | | | | | | | | | | and --http-proxy Also introduce x_gc_addspeical function that allows to add objects with a custom free function to the gc. Some additional addrinfo cleanup Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395576786-17507-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8386 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Adjusted autotools files to build more cleanly on newer autoconf/automake ↵David Sommerseth2014-03-232-5/+5
| | | | | | | | | | versions Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1389803764-5879-1-git-send-email-davids@redhat.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8239 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Implement an easy parsable log output that allows access to flags of the log ↵Arne Schwabe2014-03-225-1/+44
| | | | | | | | | | message Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-5-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8374 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Workaround broken Android 4.4 VpnService API for persist-tun modeArne Schwabe2014-03-224-13/+68
| | | | | | | | | | | | | | | | In Android 4.4 it is not possible to open a new tun device and then close the old tun device without breaking the whole VPNService stack until the device is rebooted. Add new management method to ask the UI what method should be taken to ensure the optimal solution for the situation. Then do open-before-close or close-before-open inside open_tun() as requested. Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-4-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8373 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Move the initialization of the environment to the top so c2.es is initializedArne Schwabe2014-03-211-4/+4
| | | | | | | | Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-3-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8372 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix connecting to localhost on AndroidArne Schwabe2014-03-212-3/+35
| | | | | | | | | | Do not protect the link socket when connecting to localhost. Also only call the protect function on valid socket Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395407925-25518-2-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8375 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS ↵James Yonan2014-03-171-1/+1
| | | | | | | | | | | | | | | | | | | | | stateless session resumption. OpenVPN doesn't want or need SSL session renegotiation or resumption, as it handles renegotiation on its own. For this reason, OpenVPN always disables the SSL session cache: SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF) However, even with the above code, stateless session resumption is still possible unless explicitly disabled with the SSL_OP_NO_TICKET flag. This patch does this. Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1395017376-24554-1-git-send-email-james@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/8346 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix warning for max-routes: do not quit when parsing an old configuration. ↵Arne Schwabe2014-03-171-2/+4
| | | | | | | | | | Format the message to be more like the other deprecated options Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395060345-30870-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8354 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Introduce safety check for http proxy optionsArne Schwabe2014-03-171-0/+2
| | | | | | | | Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1395061013-1802-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8353 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* grow route lists dynamicallyHeiko Hund2014-02-236-184/+130
| | | | | | | | | | | | | This removes the need for the --max-routes option. Instead of allocating a fixed size array for the route(-option)s they are managed in linked lists instead. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1392746395-19246-1-git-send-email-heiko.hund@sophos.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8295 Signed-off-by: Gert Doering <gert@greenie.muc.de>
generated by cgit (git 2.34.1) at 2025-09-26 21:24:17 +0000