summaryrefslogtreecommitdiffstats
path: root/configure.ac
Commit message (Collapse)AuthorAgeFilesLines
* get_default_gateway_ipv6(): Win32 implementation using GetBestRoute2()Gert Doering2015-10-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | To get access to that functionality, bump Windows API level for MinGW compilation from NTDDI_WINXP/_WIN32_WINNT_WINXP to ..._VISTA, and shuffle around WIN32 includes a bit in syshead.h MinGW 32 seems to be broken regarding MIB_TCP_STATE enum, so add typedef for that - surrounding #ifdefs found by googling do not work yet -> TODO! Extend add_route_ipv6() and delete_route_ipv6() to handle routes not on the tap adapter but on ifindex-addressed interfaces ("interface=nn"), and while at it, fix deletion of IPv6 routes with gateway address. NOTE: this breaks Windows XP compatibility as GetBestRoute2() is not available there, so even when not using IPv6, the binary will not run. (Lightly) tested on Win7/64. Signed-off-by: Gert Doering <gert@greenie.muc.de> Lazy-ACK-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1441985627-14822-11-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/10085
* Add custom check for inet_pton()/inet_ntop() on MinGW/WIN32Gert Doering2015-10-061-1/+23
| | | | | | | | | | | | | | | | | More recent MinGW versions have these functions (if compiling at _VISTA level or higher), but the normal AC_CHECK_FUNCS() check does not find them because the necessary header file is not #include'd and the libws2_32 not linked - and our compat functions are incompatible with the definitions in <ws2tcpip.h>, so compilation fails. Fix with a custom AC_LINK_IFELSE()/AC_LANG_PROGRAM() construct. Signed-off-by: Gert Doering <gert@greenie.muc.de> Tested-by: Heiko Hund <heiko.hund@sophos.com> Tested-by: Samuli Seppänen <samuli@openvpn.net> Lazy-ACK-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1442953884-54602-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/10165
* Fix out-of-tree builds; openvpn-plugin.h should be in AC_CONFIG_HEADERSSteffan Karger2015-07-271-2/+1
| | | | | | | | | | Was broken in commit 9de35d4. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1438027198-23305-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9964 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Provide OpenVPN runtime version information to plug-insDavid Sommerseth2015-07-271-0/+3
| | | | | | | | | | | | | | | | | | | | Also updated the log_v3 sample-plugin to demonstrate how this works. $ openvpn --plugin log_v3.so --dev tun Fri Jul 10 15:17:28 2015 OpenVPN 2.3_git [git:dev/plugin-version/f05d8623a29078bf+]..... ...more.openvpn.logging... log_v3: OpenVPN 2.3_git (Major: 2, Minor: 3, Patch: git:dev/plugin-version/f05d8623a29078bf+) ...more.openvpn.logging... $ Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1436534548-21507-3-git-send-email-openvpn.list@topphemmelig.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9904 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Provide compile time OpenVPN version information to plug-insDavid Sommerseth2015-07-271-0/+4
| | | | | | | | | | | This is to provide more fine grained information to plug-ins about the OpenVPN environment when OpenVPN was built. Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1436534548-21507-2-git-send-email-openvpn.list@topphemmelig.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9905 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Use configure.ac hack to apply serial_test AM option only if supported.Gert Doering2015-06-011-1/+15
| | | | | | | | | | | | | | | Inspired by libguestfs' configure.ac hack - test automake version, and if 1.12 or newer, use m4 magic to pass "serial_tests" option to AM_INIT_AUTOMAKE(). https://www.redhat.com/archives/libguestfs/2013-February/msg00102.html Trac #427 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: <1433185487-9724-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9769
* assume res_init() is always there.Gert Doering2015-05-231-6/+5
| | | | | | | | | | | | | | | | | | | | Previously, the code tried to find res_init(), and on some systems got it wrong in configure, silently not-using res_init(), leading to unexpected failures to re-init the resolver. We know that all supported OSes (except Windows) have res_init(), so change the call to "#ifndef WIN32", and adjust configure.ac to just find the library to link (if any). With that, failures to find res_init() are no longer "hidden" but clearly visible at link time. AC_SEARCH_LIBS() bits inspired by CUPS' cups_network.m4 (GPLv2) Fix (part of) trac #523 Signed-off-by: Gert Doering <gert@greenie.muc.de> Lazy-ACK-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1430162841-5840-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9614
* Use OPENVPN_ETH_P_* so that <netinet/if_ether.h> is unecessaryFelix Janda2015-05-161-1/+1
| | | | | | | | | | | | Fixes compilation error on linux with musl libc because of conflicting ethhdr declarations in <netinet/if_ether.h> and <linux/if_ether.h> which is included from <linux/if_tun.h> Signed-off-by: Felix Janda <felix.janda@posteo.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <20150516134604.GA2302@euler> URL: http://article.gmane.org/gmane.network.openvpn.devel/9690 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove ENABLE_SSL define (and --disable-ssl configure option)Steffan Karger2014-12-311-18/+3
| | | | | | | | | | | | | | | | | | | Remove the --disable-ssl configure option and accompanying ENABLE_SSL defines in the master/2.4 branch, to reduce the code and testing complexity a bit. This does not remove to runtime option to run without SSL, just the compile time option to not include any SSL-related code. During the community meeting in November 2014 there were no objections amongst he developers present. Also, this has been announced on the -users and -devel mailing lists two weeks ago, without any response whatsoever. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <54A4248A.1090501@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9371 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* pkcs11: Load p11-kit-proxy.so module by defaultDavid Woodhouse2014-12-271-0/+7
| | | | | | | | | | | | | | | If the user specifies --pkcs11-id or --pkcs-id-management but neglects to explicitly provide a --pkcs11-provider argument, and if the system has p11-kit installed, then load the p11-kit proxy module so that the system-configured tokens are available. Trac: 490 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1418303015.31745.78.camel@infradead.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/9342 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 6f1d3cf062d5c33cbad4d521d157d43d53ffc7d1)
* autotools: Fix wrong ./configure help screen default valuesDavid Sommerseth2014-11-301-3/+3
| | | | | | | | | | | | | | | enable_crypto_ofb_cfb is "yes" by default, so the --help screen should show --disable-ofb-cfb and not --enable-ofb-cfb. enable_small and enable_password_save are both "no" by default, so the --help screen should state "default: no". Now it says "yes" as default, but is really disabled in the reality. Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1416852578-7581-1-git-send-email-openvpn.list@topphemmelig.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9278 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* systemd: Use systemd functions to consider systemd availabilityDavid Sommerseth2014-10-071-1/+23
| | | | | | | | | | | | | | | | | | | | | This is another systemd implementation clean-up. It was found that SELinux will block OpenVPN from checking /sys/fs/cgroups. As OpenVPN only checked /sys/fs/cgroups and /sys/fs/cgroups/systemd to see if systemd was available or not, it was considered better to query systemd directly to see whether or not to query for usernames and passwords via systemd. This patch has been compile tested on Fedora 19 and Fedora 21 alpha and function tested on Fedora 19. v2 - Use PKG_CHECK_MODULES() + check for libsystemd before libystemd-daemon. systemd >= 209 use a unified library Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1412356567-27125-1-git-send-email-openvpn.list@topphemmelig.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/9072 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add configure check for the path to systemd-ask-passwordMike Gilbert2014-09-051-0/+3
| | | | | | | | | | | Gentoo Linux installs this in /usr/bin by default. Also, the user may have installed it in /usr/local/bin if building from source. Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1404419045-14728-1-git-send-email-floppym@gentoo.org URL: http://article.gmane.org/gmane.network.openvpn.devel/8825 Signed-off-by: David Sommerseth <davids@redhat.com>
* Always enable http-proxy and socks-proxyArne Schwabe2014-07-181-16/+0
| | | | | | | | Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1404735142-31420-2-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8840 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Define dummy SSL_OP_NO_TICKET flag if not present in OpenSSL.Steffan Karger2014-07-131-19/+0
| | | | | | | | | | | This restores support for pre-0.9.8f OpenSSL versions, which do not include stateless session resumption, and the accompanying SSL_OP_NO_TICKET flag. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <53C251E2.7050605@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8902 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.Steffan Karger2014-07-071-0/+8
| | | | | | | | | | | | Makes OFB/CFB compile time configurable, and fixes output of --show-ciphers to also show OFB/CFB ciphers along the way (becasue crypto.h was not included from crypto_openssl.c). Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1402244175-31462-2-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8781 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Recognize AIX, define TARGET_AIXGert Doering2014-07-071-0/+7
| | | | | | | | | | | | | | | | | | force "have_tap_header=yes", as configure won't like AIX headers otherwise (no tun related headers, just <net/if_tap.h>). force ROUTE to be "/usr/sbin/route" - not executable by non-root users, so configure testing for executables will not find it force "ac_cv_header_net_if_h=no", because AIX' <net/if.h> pulls in AIX' <net/route.h>, which #defines ROUTE_H, disabling our "route.h"... (and we don't need <net/if.h> on AIX anyway) Signed-off-by: Gert Doering <gd@medat.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1402409073-54067216-2-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8787 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* configure.ac: fix SSL_OP_NO_TICKET checkSteffan Karger2014-06-221-1/+2
| | | | | | | | | | | | | Only check for SSL_OP_NO_TICKET if building with --enable-ssl and using openssl. This fixes cross-compiling polarssl builds for Windows (where pkg-config would find the system openssl library, but the cross compiler would not have openssl for the target platform). Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1403461119-21440-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8795 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add (default disabled) --enable-werror option to configureSteffan Karger2014-06-011-0/+10
| | | | | | | | | | | Useful for example during development or automated builds, to make the build error out if new warnings are introduced. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401359947-31144-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8747 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Upgrade to PolarSSL 1.3Steffan Karger2014-04-211-2/+2
| | | | | | | | | | | | | | | This removes support for PolarSSL 1.2. The mimimum version of PolarSSL required is now 1.3.3. The upgrade brings OpenVPN-with-PolarSSL: * Support for EC-crypto in TLS (but not yet for external pkcs11/management keys) * Support for AES-NI (if PolarSSL is compiled with AES-NI support) Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Message-Id: <53528943.3090205@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8555 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* configure.ac: use CPPFLAGS for SSL_OP_NO_TICKET checkSteffan Karger2014-04-011-0/+3
| | | | | | | | | | | AC_EGREP_CPP uses CPPFLAGS, not CFLAGS. Make sure the macro can find OpenSSL by temporarily adding OPENSSL_CRYPTO_FLAGS to CPPFLAGS. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Heiko Hund <heiko.hund@sophos.com> Message-Id: <5339EFFC.6090908@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8419 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* configure.ac: check for SSL_OP_NO_TICKET flag in OpenSSLSteffan Karger2014-03-231-0/+15
| | | | | | | | | | | | SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption". This is something we do not want nor need, but could potentially be used for a future attack. OpenVPN 2.4 requires the flag to be set and will fail configure if the flag is not present. Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <CAA1AbxJh17KYmVU1BVa5kp4iJsUJT+xnXp0rVU_3g3c5hPnqDQ@mail.gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8389 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Bump minimum OpenSSL version to 0.9.8Steffan Karger2014-03-231-2/+2
| | | | | | | | | | | | | OpenSSL 0.9.7 and older are considered obsolete (see http://www.openssl.org/news/news.html). This patch updates configure.ac to require OpenSSL 0.9.8 or newer, and removes a number of #ifdefs that are now no longer needed. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1395582781-27966-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8392 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Adjusted autotools files to build more cleanly on newer autoconf/automake ↵David Sommerseth2014-03-231-4/+4
| | | | | | | | | | versions Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1389803764-5879-1-git-send-email-davids@redhat.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8239 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* make sure sa_family_t is definedHeiko Hund2014-01-171-0/+6
| | | | | | | | | | | On Windows there's no sa_family_t. This patch defines it in syshead.h is configure did not find it in the system headers. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1389972638-8006-1-git-send-email-heiko.hund@sophos.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/8242 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Provide LZ4 sources in src/compat/ and use if no system lz4 library found.Gert Doering2014-01-061-2/+3
| | | | | | | | | | | Bundle lz4.c and lz4.h from http://code.google.com/p/lz4/ (r109) as src/compat/compat-lz4.[ch], and use that (via #define NEED_COMPAT_LZ4) if autoconf cannot find lz4.h or -llz4 in the system. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1388613479-22377-2-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8154
* Implement LZ4 compression.Gert Doering2014-01-061-0/+50
| | | | | | | | | | | | | | | | | | Implement LZ4 compression, similar to the existing snappy / push-peer-info model: a LZ4 capable client will send IV_LZ4=1 to the server, and the algorithm is selected by pushing "compress lz4" back. LZ4 does not compress as well as LZO or Snappy, but needs far less CPU and is much faster, thus better suited for mobile devices. See https://code.google.com/p/lz4/ for more details. LZ4 include and library path can be specified by specifying LZ4_LIBS=... and LZ4_CFLAGS=... on the configure command line. Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1388613479-22377-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/8153
* pkcs11: use generic evp key instead of rsaAlon Bar-Lev2013-12-161-1/+1
| | | | | | | | | | | Enables DSA, ECDSA key usages with newer pkcs11-helper. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Tested-By: Sanaullah <sanaullah82@gmail.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1384209366-26170-1-git-send-email-alon.barlev@gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/7960 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Require a 1.2.x PolarSSL versionJosh Cepek2013-11-141-2/+2
| | | | | | | | | | | | | | Upstream policy on PolarSSL API compatibility does not guarantee stability between point-releases. For OpenVPN, we must verify a 1.2.x version with the current codebase. This fixes bug#343. Signed-off-by: Josh Cepek <josh.cepek@usa.net> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <5284F32D.3000206@usa.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/7968 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.Steffan Karger2013-10-241-2/+2
| | | | | | | | | | | | | PolarSSL 1.2.9 fixes a possible timing attack in PolarSSL's RSA-CRT implementation. See CVE-2013-5915 for details. This commit bumps the minimum polarssl version required by configure.ac to 1.2.10, because 1.2.9 also introduced a memory leak, which is fixed in 1.2.10. Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1382445917-2974-1-git-send-email-steffan.karger@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/7925 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix configure interaction with static OpenSSL librariesPeter Sagerson2013-08-231-1/+3
| | | | | | | | | | | | | Add "-lcrypto" to configure OpenSSL "-lssl" test (if no pkg-config found), otherwise linking with static OpenSSL libraries will fail. Trac ticket #305 Message-Id: <521668C9.5070003@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/7835 URL: https://community.openvpn.net/openvpn/ticket/305 Acked-By: Heiko Hund <heiko.hund@sophos.com> Signed-off-by: Gert Doering <gert@greenie.muc.de>
* autoconf: Fix typoDavid Sommerseth2013-07-031-1/+1
| | | | | | | | | | | | | | | | | | In config.h, it would state: /* Enable systemd support */ #define ENABLE_PLUGIN 1 instead of /* Enable plug-in support */ #define ENABLE_PLUGIN 1 Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1370600130-6075-1-git-send-email-dazo@users.sourceforge.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/7658 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove the --disable-eurephia configure optionDavid Sommerseth2013-07-031-8/+0
| | | | | | | | | | | | | | | | This "feature" has been enabled since OpenVPN 2.2 without any reports that this has been causing issues. All it does is to add an extra environment variable 'tls_digest_{n}' with the certificate SHA1 fingerprint/digest hash. Lets just simplify things by removing the possibility to disable this environment variable. Signed-off-by: David Sommerseth <davids@redhat.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1370600123-6029-1-git-send-email-dazo@users.sourceforge.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/7660 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add support of utun devices under Mac OS XArne Schwabe2013-07-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mac OS X 10.7+ natively supports tun devices (called utun). The "standard" utun.ko driver is sometimes problematic (e.g. VmWare Fusion 5 and tun.ko do not work together). When OpenVPN is compiled with utun support it will if no dev-node is given first try to use utun and if that is not available will try the traditional tun devices v2: Fixed tap support, get device name via ioctl, add manage v3.1: Fix compiling without if/utun.h, fix manage errors v4/v5: Don't try open to dynamically open utun0 -255 when early utun initialization fails, fix fallback to tun, give fatal error message when utun fails but no tun fallback should be done v6: add commit message change log, replace strstr with strncmp, move v7: Throw error if a user does the strange combination of --dev tun --dev-type tap and --dev-node utun A lot good input on earlier patches by Jonathan K. Bullard <jkbullard@gmail.com> Parts of the patches are inspired from Peter Sagerson's <psagers@ignorare.net> utun patch Signed-off-by: Arne Schwabe <arne@rfc2549.org> Tested-by: Jonathan K. Bullard <jkbullard@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1371811708-8528-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/7739 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Added support for the Snappy compression algorithmJames Yonan2013-05-191-9/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added support for the Snappy compression algorithm which has shown to have considerably better compression speed than LZO at a comparable compression ratio. To enable Snappy add: compress snappy to both client and server config files. Alternatively, enable compression framing on the client: compress and have the server selectively push "compress snappy" to the client. This change also extends the client capability handshake to include IV_SNAPPY so the server can be aware that a connecting client supports Snappy. Note that the Snappy implementation also includes an improved framing approach where the first byte of the compressed payload is replaced by the compression control byte (the first payload byte is moved to the end of the packet). This solves off-by-one alignment issues, which improves performance on ARM. By default, the configure script will try to build with Snappy support. To disable, use the --disable-snappy option. The --enable-lzo-stub configure directive is now --enable-comp-stub (because it's not actually "lzo" but "compression-enabled packet framing") Add compression overhead to extra buffer unconditionally, as long as USE_COMP is defined. OpenVPN SVN r8206 (2.1.21a) and r8212 (2.1.21b) Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1366393268-27392-3-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/7531 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fixed autoconf script to properly detect missing pkcs11 with polarssl.Steffan Karger2013-03-221-11/+43
| | | | | | | | | | | | When polarssl is compiled without pkcs11 support, or a required pkcs11-helper library is missing, configure will now issue an error. Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1363942465-3251-7-git-send-email-steffan.karger@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/7441 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* PolarSSL-1.2 supportSteffan Karger2013-03-221-2/+2
| | | | | | | | | | | | | | Add support for PolarSSL-1.2, which has changed the API in several places. This is a minimal port, new features have not been enabled. Only PolarSSL 1.2.5 and newer are accepted, as earlier versions contain unresolved (security) issues. Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com> Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Message-Id: <1363942465-3251-2-git-send-email-steffan.karger@fox-it.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/7436 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* fix build with automake 1.13(.1)Christian Hesse2013-03-061-1/+1
| | | | | | | | | | | | AM_CONFIG_HEADER has been deprecated for some time, finally it is removed on automake 1.13. The attached patch replaces it with AC_CONFIG_HEADERS and fixes build process with latest automake. Acked-by: Matthias Andree <matthias.andree@gmx.de> Message-Id: 20130108093912.7ae7c6f8@leda URL: http://article.gmane.org/gmane.network.openvpn.devel/7222 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix typo in ./configure messageJoachim Schipper2012-11-291-1/+1
| | | | | | | | Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: 1CED409804E2164C8104F9E623B08B901323D0B186@FOXDFT02.FOX.local URL: http://article.gmane.org/gmane.network.openvpn.devel/7142 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: plugins: set defaults based on platformAlon Bar-Lev2012-06-271-4/+15
| | | | | | | | | | | | pam cannot be compiled on OpenBSD and Windows. down-root cannot be compiled on Windows. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Samuli Seppänen <samuli@openvpn.net> Message-Id: 1340719406-12157-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6795 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: integrate plugins build into core buildAlon Bar-Lev2012-06-261-0/+63
| | | | | | | | | | | | | | | | | | As disucssed[1], keep plugins in repository. 1, Proper automake/libtool build. 2. Move example plugins to samples/sample-plugins. 3. Plugins are installed at LIBDIR/openvpn/plugins. [1] http://comments.gmane.org/gmane.network.openvpn.devel/6436 Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1337035323-27465-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6591 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: add --with-special-build to provide special build stringAlon Bar-Lev2012-06-131-0/+6
| | | | | | | | | | | | | | Special build string is printed when --version is specified. Empty = no special build. This is handy when building a snapshot or if not git repository. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1336204877-3564-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6435 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: do not support <polarssl-1.1.0Alon Bar-Lev2012-06-071-1/+1
| | | | | | | | | | Reported-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Adriaan de Jong <dejong@fox-it.com> Message-Id: 1339061824-16542-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6686 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: support platforms that does not need explicit tun headersAlon Bar-Lev2012-06-041-0/+2
| | | | | | | | | | | | | Both "generic" and Darwin have no special headers to use tap. Fixes commit 7cacdfd4b7. Reported-by: Arne Schwabe <arne@rfc2549.org> Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1338651109-15806-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6659 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: cleanup: yet another forgotten bracketsAlon Bar-Lev2012-06-011-1/+1
| | | | | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1336200540-10327-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6434 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: add git revision to --version output if build from git repositoryAlon Bar-Lev2012-06-011-0/+12
| | | | | | | | | | | If source is located at git repository, acquire branch and revision of head to be printed at --version output. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1336199983-9916-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6431 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: detect sys/wait.h required for *bsdAlon Bar-Lev2012-06-011-1/+1
| | | | | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: 1336813338-9219-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6532 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: check minimum polarssl versionAlon Bar-Lev2012-06-011-0/+21
| | | | | | | | | | | Pre 1.1 is unsupported, API was changed. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Reviewed-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1337598254-32641-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6613 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: fix typo in --enable-save-passwordAlon Bar-Lev2012-04-281-0/+1
| | | | | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1335534054-14895-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6371 Signed-off-by: David Sommerseth <davids@redhat.com>
* build: use stdbool.h if availableAlon Bar-Lev2012-04-281-1/+1
| | | | | | | | | | | | | | | | | If stdbool.h is available use it, otherwise create emulation. basic.h defines a type 'bool' that conflicts with the altivec keyword bool which has to be fixed upstream, see bugs[1][2]. [1] https://bugs.gentoo.org/show_bug.cgi?id=293840 [2] https://bugs.gentoo.org/show_bug.cgi?id=297854 Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1335528555-13225-1-git-send-email-alon.barlev@gmail.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6363 Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-03 19:04:21 +0000