summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Refactored key_state read code (including bio_read())Adriaan de Jong2011-10-213-122/+155
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored print_detailsAdriaan de Jong2011-10-213-46/+63
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored key_state free codeAdriaan de Jong2011-10-213-9/+21
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored initalisation of key_statesAdriaan de Jong2011-10-213-42/+82
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored tls_options, key_state, and key_source data structuresAdriaan de Jong2011-10-215-237/+234
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored cipher restriction codeAdriaan de Jong2011-10-213-6/+19
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored CA and extra certs codeAdriaan de Jong2011-10-213-190/+248
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored external key loading from managementAdriaan de Jong2011-10-193-142/+159
| | | | | | | | | Fixed a bug in external key loading, where if no certificate file was specified, the program would still try to use an external private key. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored private key loading codeAdriaan de Jong2011-10-193-59/+92
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored load certificate functionsAdriaan de Jong2011-10-193-129/+135
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored windows cert loadingAdriaan de Jong2011-10-193-5/+26
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored PKCS#11 loadingAdriaan de Jong2011-10-193-20/+37
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored PKCS#12 key loadingAdriaan de Jong2011-10-195-86/+120
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored root TLS option settingsAdriaan de Jong2011-10-195-71/+118
| | | | | | | | | - Started merge of new feature (x509_altnames), will continue in a future patch Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored DH paramater loadingAdriaan de Jong2011-10-193-28/+58
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored new external key codeAdriaan de Jong2011-10-191-7/+6
| | | | | | | | | - To make patch application easier in the future Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored root SSL context initialisationAdriaan de Jong2011-10-197-43/+119
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored get_highest_preference_tls_cipherAdriaan de Jong2011-10-194-28/+27
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored tls_show_available_ciphersAdriaan de Jong2011-10-194-31/+32
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored TLS_PRF to new hmac and md primitivesAdriaan de Jong2011-10-191-46/+58
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored SSL initialisation functionsAdriaan de Jong2011-10-195-51/+97
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Added stubs for new filesAdriaan de Jong2011-10-1910-2/+354
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added a check for Openssl or PolarSSL definesAdriaan de Jong2011-10-191-0/+3
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed stale OpenSSL defines from crypto.hAdriaan de Jong2011-10-193-119/+5
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Moved crypto.h inline functions to end of fileAdriaan de Jong2011-10-191-10/+11
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added PRNG doxygenAdriaan de Jong2011-10-191-0/+29
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored cipher functionsAdriaan de Jong2011-10-194-65/+218
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored cipher key typesAdriaan de Jong2011-10-195-48/+181
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored HMAC functionsAdriaan de Jong2011-10-194-50/+155
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored message digest functionsAdriaan de Jong2011-10-197-73/+190
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored message digest type functionsAdriaan de Jong2011-10-195-47/+103
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored NTLM DES key generationAdriaan de Jong2011-10-193-8/+27
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored DES key manipulation functionsAdriaan de Jong2011-10-195-82/+142
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored crypto initialisation functionsAdriaan de Jong2011-10-196-162/+193
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored SSL_clear_error()Adriaan de Jong2011-10-193-3/+11
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored show_available_* functionsAdriaan de Jong2011-10-194-91/+127
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored maximum cipher and hmac length constantsAdriaan de Jong2011-10-194-36/+46
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored OpenSSL-specific constantsAdriaan de Jong2011-10-195-23/+42
| | | | | | | | [David S: Fixed a few whitespace errors before merging] Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored to rand_bytes for OpenSSL-independencyAdriaan de Jong2011-10-198-9/+166
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Changed configure to accept --with-ssl-type=opensslAdriaan de Jong2011-10-191-69/+84
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Move block for "stale-routes-check" config inside #ifdef P2MP_SERVER blockGert Doering2011-10-091-19/+19
| | | | | | | | | options->stale_routes_ageing_time etc. are not defined otherwise, and compilation fails. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Davide Guerri <d.guerri@caspur.it> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* New feauture: Add --stale-routes-checkDavide Guerri2011-09-305-0/+97
| | | | | | | | | | | | | | | | | | This patch adds a stale-routes-check option that takes 2 parameters: a ageing time (in seconds) and a check interval (in seconds). The latter defaults to the former if it's not present. Internally, a new "check" is added in multi_process_per_second_timers_dowork(). This check deletes stale routes and it is inspired to the function multi_reap_range(). We're running a very large connectivity infrastructure based on openVPN (more than 4000 different clients connected per day per server), so we can throughly check this patch (or, of course, any variant of it). Signed-off-by: Davide Guerri <d.guerri@caspur.it> Reviewed-by: David Sommerseth <davids@redhat.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Platform cleanup for NetBSDGert Doering2011-09-212-16/+72
| | | | | | | | | | | | | make TAP devices work (need to go via multiplex device /dev/tap) cleanup TUN devices at program end ("ifconfig tunX destroy") correctly setup TUN devices for "topology subnet" don't try to put TAP devices into TUNSIFHEAD mode (get rid of error message) Tested on NetBSD 5.1_STABLE / Sparc64 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* fix ipv6 compilation under macosx >= 1070 - v3JuanJo Ciarlante2011-09-214-8/+19
| | | | | | | | | | | | | - use __APPLE_USE_RFC_3542 for macosx build environment >= 1070 - define SOL_IP from IPPROTO_IP if it's missing In Linux man 7 ip says: "Using SOL_IP socket options level isn't portable, BSD-based stacks use IPPROTO_IP level." Signed-off-by: JuanJo Ciarlante <jjo+ml@google.com> Tested-by: Eric F Crist <ecrist@secure-computing.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed compile issues on FreeBSD and SolarisDavid Sommerseth2011-09-211-9/+8
| | | | | | | | | | | | In commit 7fb0e07ec3f7c5f6514523085dbe struct route changed and this change was not fixed in all places in tun.c, which caused a compilation error. A few whitespace fixes is added as well. OSX needs to be fixed as well, but this will be done in a separate patch. Tested-by: Eric F Crist <ecrist@secure-computing.net> (FreeBSD) Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed management interface bug where >FATAL notifications wereJames Yonan2011-09-051-5/+9
| | | | | | | | | | not being output properly because the management interface socket was being closed before the >FATAL notification could be transmitted. Version 2.1.14 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7587 e7ae566f-a301-0410-adde-c780ea21d3b5
* Minor fix to CC_PRINT char class -- treat DEL (ascii 127)James Yonan2011-09-011-1/+1
| | | | | | | | as a control char. Version 2.1.13. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7581 e7ae566f-a301-0410-adde-c780ea21d3b5
* add --mark option to set SO_MARK sockoptHeiko Hund2011-08-316-0/+38
| | | | | | Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* define IN6_ARE_ADDR_EQUAL macro for WIN32Heiko Hund2011-08-311-0/+6
| | | | | | | | | Windows headers do not define the IN6_ARE_ADDR_EQUAL macro. It needs to be defined locally when building for WIN32. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* lowercase include header name in syshead.hHeiko Hund2011-08-311-1/+1
| | | | | | | | | | | | | | | Cross compiling for Windows is broken since commit 739fa9881f12e67dc8b9cadc7230e59e7fe42423 added the mixed case header name "NtDDNdis.h" to the file. While this header exists in a MinGW build environment it's lowercase there. Windows doesn't mind the case of a file name, but Linux does. So, lowercasing the filename will make openvpn build in both worlds. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2024-09-28 21:32:11 +0000