]>
git.ipfire.org Git - thirdparty/openvpn.git/log
james [Sat, 19 Jul 2008 03:33:27 +0000 (03:33 +0000)]
Modified extract_x509_field_ssl to return a status value indicating
success/error, and any truncation of output due to an insufficiently
large output buffer will be cause for error.
In verify_callback, read X509 Subject Name without truncation.
In verify_callback, rather than silently truncating Common Name at
64 bytes, throw an error if Common Name is larger than 64 bytes.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3084
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 19 Jul 2008 00:29:31 +0000 (00:29 +0000)]
Replace leading dash ('-') characters in an X509 name with underbars ('_')
before calling user-defined scripts, to preclude the chance of a leading
dash being interpreted as an option prefix.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 18 Jul 2008 23:49:50 +0000 (23:49 +0000)]
Added a warning when plugins are specified without
an absolute pathname.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3082
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 18 Jul 2008 20:46:06 +0000 (20:46 +0000)]
Reverted some recent buffer.[ch] changes, including r3058 (except for
likely() and unlikely() macro additions to syshead.h) and r3061.
I would like to give more thought to the bigger issue of fortifying
buffer.[ch] through the use of additional defensive programming techniques.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 18 Jul 2008 07:25:47 +0000 (07:25 +0000)]
Fixed format string issue in read_inline_file,
used in the config file parser.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3078
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 18 Jul 2008 07:15:27 +0000 (07:15 +0000)]
status_printf function will now set error flag on
output truncation or failure of write() to write the
expected number of bytes.
Raised STATUS_PRINTF_MAXLEN to 512 (from 256).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3077
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 18 Jul 2008 00:55:59 +0000 (00:55 +0000)]
gen_path will no longer silently truncate the generated
filename at 256 bytes.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3076
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 18 Jul 2008 00:42:37 +0000 (00:42 +0000)]
Fixed code inclusion bug that was erroneously testing
defined(P2MP_SERVER) rather than P2MP_SERVER.
Fixed compile issues when USE_CRYPTO is undefined.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3075
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 18 Jul 2008 00:32:40 +0000 (00:32 +0000)]
Modified create_temp_filename to create unpredictable
filenames.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3074
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 23:31:16 +0000 (23:31 +0000)]
Previously, OpenVPN might log a client's auth-user-pass
password if the verbosity was set to a high debug level
such as 7 or higher. Normally this would only be used by
developers. Now, even at high debug levels, the password
will not be output.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 22:41:15 +0000 (22:41 +0000)]
gen_path now rejects filenames that match Windows
device names such as CON, NUL, LPT1, etc.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3072
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 20:57:42 +0000 (20:57 +0000)]
Call prng_init after fork in background process
created by port_share_open, so as to ensure
a newly seeded PRNG sequence. This is strictly
defensive programming since port_share_proxy
currently does not use the PRNG.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3070
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 20:47:12 +0000 (20:47 +0000)]
Added warning when using chroot without specifying user and group.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3069
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 20:10:18 +0000 (20:10 +0000)]
Check for multiplication overflow on ALLOC_ARRAY* functions.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3068
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 19:07:41 +0000 (19:07 +0000)]
Removed old version of extract_x509_field.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3066
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 18:56:09 +0000 (18:56 +0000)]
Support wraparound of reliable.[ch] packet IDs. In
practice, wraparound of the packet ID sequence is
extremely unlikely since the sequence is restarted
for each mid-session TLS renegotiation. But we will
support it for completeness.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3065
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 05:09:27 +0000 (05:09 +0000)]
Fixed a potential information leak in the new NTLM phase 3 code,
as well as a failure of the code to check the return value from
base64_decode.
Fixed compiler warnings in the new NTLM phase 3 code about implicit
casting between signed and unsigned char *.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3064
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 17 Jul 2008 04:25:50 +0000 (04:25 +0000)]
Fixed issue in read_key_file, where the return value of
read() wasn't being checked for errors.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3063
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 16 Jul 2008 23:11:29 +0000 (23:11 +0000)]
Added SOCKET_SND_RCV_BUF_MAX constant (set to
1000000 ) to limit the
maximum size passed to setsockopt SNDBUF/RCVBUF.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3062
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 16 Jul 2008 22:37:09 +0000 (22:37 +0000)]
In the Windows version of tun_finalize, on errors that would
return -1, set buf->len to 0 rather than -1. While downstream
code is set up to consider the buffer invalidated if its length
is <= 0, this change makes the code cleaner and safer.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3061
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 16 Jul 2008 21:50:43 +0000 (21:50 +0000)]
Used unlikely() macro to tell compiler that msg() will
usually be silent.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3060
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 16 Jul 2008 20:36:54 +0000 (20:36 +0000)]
Added likely() and unlikely() branch prediction hint macros
to syshead.h
Introduced BUF_MAX constant to limit struct buffer offset and length
values. BUF_MAX has been set to 2^20.
Use likely() and unlikely() macros in buffer.h code to allow the
compiler to generate more efficient code.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3058
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 14 Jul 2008 18:59:09 +0000 (18:59 +0000)]
Copyright change OpenVPN Solutions LLC -> Telethra, Inc.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 13 Jun 2008 07:53:51 +0000 (07:53 +0000)]
Version 2.1_rc8
On Windows, use -leay32 and -lssl32 to link with OpenSSL.
On Windows, bundle pkcs11-helper-1.06-beta1.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2997
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 11 Jun 2008 21:59:26 +0000 (21:59 +0000)]
Updated copyright notice to 2008.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 11 Jun 2008 21:38:07 +0000 (21:38 +0000)]
Updated version & changelog.
Updated build-pkcs11-helper.sh to build
from OpenSSL 0.9.8h.
Added pkcs11-related fixes to easy-rsa/2.0/vars.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2994
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 11 Jun 2008 10:48:50 +0000 (10:48 +0000)]
Merged connection profiles from
http://svn.openvpn.net/projects/openvpn/test/conn
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 11 Jun 2008 08:45:09 +0000 (08:45 +0000)]
Updated version to 2.1_rc7e.
Added client authentication and packet filtering capability
to management interface.
Extended packet filtering capability to work on both --dev tun
and --dev tap tunnels.
Updated valgrind-suppress file.
Made "Linux ip addr del failed" error nonfatal.
Amplified --client-cert-not-required warning.
Added #pragma pack to proto.h.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 4 Jun 2008 10:53:57 +0000 (10:53 +0000)]
Added support for building and linking with
openssl-0.9.8h on Windows.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2982
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 4 Jun 2008 07:23:20 +0000 (07:23 +0000)]
Fixed unbounded memory growth bug in
environmental variable code that could
have caused long-running OpenVPN sessions
with many TLS renegotiations to incrementally
increase memory usage over time.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2981
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 4 Jun 2008 06:17:53 +0000 (06:17 +0000)]
Fixed an issue in extract_x509_field_ssl where the extraction
would fail on the first field of the subject name, such as
the common name in:
/CN=foo/emailAddress=foo@bar.com
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2980
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 4 Jun 2008 06:00:42 +0000 (06:00 +0000)]
In auth-pam authentication module, even when in debug mode,
never output passwords to stderr.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2979
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 4 Jun 2008 05:16:44 +0000 (05:16 +0000)]
Incremented version to 2.1_rc7d.
Support asynchronous authentication by plugins by allowing
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return
OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in
openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH.
Added a simple packet filter functionality that can be driven by
a plugin. See comments in openvpn-plugin.h for documentation.
Enabled by ENABLE_PF.
See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH
and ENABLE_PF.
"TLS Error: local/remote TLS keys are out of sync" is no longer a
fatal error for TCP-based sessions, since the error can arise
normally in the course of deferred authentication. In a related
change, allow packet-id sequence to begin at some number n > 0 for
TCP sessions, rather than strictly requiring sequence to begin
at 1.
Added a test to configure.ac for LoadLibrary function on Windows.
Modified "make dist" function to include all files from
install-win32 so that ./domake-win can be run from a
tarball-expanded directory.
setenv and setenv-safe directives may now omit a value argument
which defaults to "".
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sun, 25 May 2008 22:31:25 +0000 (22:31 +0000)]
Fixed a bug in plugin.c that caused openvpn_plugin_client_destructor_v1
to not be called for the top-level "generic" client template.
Added additional documentation to openvpn-plugin.h that more clearly
illustrates the full sequence and ordering of plugin callbacks
(plugin/defer/simple.c was extended to provide the raw data for this
documentation).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2973
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 24 May 2008 23:26:11 +0000 (23:26 +0000)]
Support asynchronous/deferred authentication in
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler.
See documentation in openvpn-plugin.h and example
usage in plugin/defer/simple.c.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 24 May 2008 19:17:12 +0000 (19:17 +0000)]
Did:
svn propset svn:ignore -F .svnignore .
on the modified .svnignore files.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2967
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 24 May 2008 19:05:59 +0000 (19:05 +0000)]
Modified .svnignore to only ignore files generated
by the auto* tools and make.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2966
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 12 May 2008 20:31:43 +0000 (20:31 +0000)]
Moved branch into official BETA21 position.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Tue, 11 Mar 2008 06:03:12 +0000 (06:03 +0000)]
Misc XGUI fixes.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2836
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Tue, 11 Mar 2008 05:58:39 +0000 (05:58 +0000)]
Set tool defaults in pkitool.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2835
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 10 Mar 2008 10:02:20 +0000 (10:02 +0000)]
First working version of XGUI inclusion.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2834
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 5 Mar 2008 01:48:30 +0000 (01:48 +0000)]
Added new OpenVPN icon and installer graphic.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2783
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 18 Feb 2008 17:47:13 +0000 (17:47 +0000)]
Version 2.1_rc7a.
Minor Windows build system changes:
* Fall back to prebuilt-binary if gcc is not available.
* Documentation changes in ./domake-win
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2760
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sun, 17 Feb 2008 08:27:34 +0000 (08:27 +0000)]
Clarified tcp-queue-limit man page entry
(Matti Linnanvuori).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2750
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sun, 17 Feb 2008 08:21:28 +0000 (08:21 +0000)]
The new function extract_x509_field_ssl tends to break
in early versions of OpenSSL 0.9.6. Now we will fall
back to the old function extract_x509_field for OpenSSL
0.9.6.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2749
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sun, 17 Feb 2008 07:05:49 +0000 (07:05 +0000)]
Cleanup IP address for persistence interfaces for tap and also using
ifconfig, gentoo#209055 (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2748
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 1 Feb 2008 19:44:53 +0000 (19:44 +0000)]
Changes to Windows build system: added GENOUT_PREBUILT mode
to allow building an OpenVPN installer with a reduced set
of prerequisites. See comments in domake-win for more info.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2711
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 1 Feb 2008 10:13:59 +0000 (10:13 +0000)]
Changes to Windows build system to make it easier to do
partial builds, where only a subset of OpenVPN installer
components are built. See ./domake-win comments.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2710
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 30 Jan 2008 00:37:54 +0000 (00:37 +0000)]
Version 2.1_rc7
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2702
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 26 Jan 2008 04:43:13 +0000 (04:43 +0000)]
Fixup null interface on close, don't use ip addr flush
(Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2683
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 25 Jan 2008 01:01:51 +0000 (01:01 +0000)]
Added a few extra files that exist in the svn repo
but were not being copied into the tarball by
make dist.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2674
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 24 Jan 2008 07:44:49 +0000 (07:44 +0000)]
VERSION 2.1_rc6
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2666
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 24 Jan 2008 00:58:14 +0000 (00:58 +0000)]
Fixed pkcs11_private_mode undef.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2664
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 23 Jan 2008 21:08:22 +0000 (21:08 +0000)]
VERSION 2.1_rc5
Updated ChangeLog.
Cleaned up start menu shortcuts in the Windows
installer.
Make sure that the uninstaller deletes SAMPCONF
files.
Minor uninstaller fixes to prevent files from
being left behind after uninstall.
Updated Windows notes.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2660
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 23 Jan 2008 11:00:58 +0000 (11:00 +0000)]
Forgot to put struct WIN2K_NDIS_MINIPORT_BLOCK outside
of #if ENABLE_NONADMIN block.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2658
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 23 Jan 2008 09:37:25 +0000 (09:37 +0000)]
Squashed Win2K TAP bug that was introduced by Vista fixes.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2657
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 23 Jan 2008 05:03:57 +0000 (05:03 +0000)]
Incremented TAP version number to 9.4.
Added SAMPCONF macros to settings.in and
openvpn.nsi to allow a default configuration
to be loaded by the installer.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2656
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 23 Jan 2008 00:19:51 +0000 (00:19 +0000)]
Added --management-forget-disconnect option -- forget
passwords when management session disconnects (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2652
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Tue, 22 Jan 2008 23:52:08 +0000 (23:52 +0000)]
Upgraded TAP build scripts to use WDK 6001.17121
(Windows 2008 Server pre-RTM).
Fixed typo of DESC_SecPKCS11DLLs in openvpn.nsi.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2651
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Tue, 22 Jan 2008 22:08:35 +0000 (22:08 +0000)]
Incremented version number to 2.1_rc4a.
Windows changes:
Incremented included OpenSSL version to openssl-0.9.7m.
Updated openssl.patch for openssl-0.9.7m and added some
brief usage comments to the head of the patch.
Added build-pkcs11-helper.sh for building the pkcs11-helper
library.
Integrated inclusion of pkcs11-helper into Windows build
system.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2649
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 19:59:58 +0000 (19:59 +0000)]
Changed ASSERT(0) to a more descriptive fatal error in tun.c
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2641
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 19:38:41 +0000 (19:38 +0000)]
Fixed --disable-iproute2 in ./configure to actually disable
iproute2 usage (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2640
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 19:34:13 +0000 (19:34 +0000)]
Allow OpenVPN to run completely unprivileged under Linux
by allowing openvpn --mktun to be used with --user and --group
to set the UID/GID of the tun device node. Also added --iproute
option to allow an alternative command to be executed in place
of the default iproute2 command (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 19:09:56 +0000 (19:09 +0000)]
Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS
to allow forward slash characters ("/") in the X509 common name
(Pavel Shramov).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2638
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 19:00:43 +0000 (19:00 +0000)]
Added PLUGIN_LIBDIR preprocessor string to prepend a default plugin
directory to the dlopen search list when the user specifies the basename
of the plugin only (Marius Tomaschewski).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2637
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 03:45:07 +0000 (03:45 +0000)]
Define ALLOW_NON_CBC_CIPHERS for people who don't
want to use a CBC cipher for OpenVPN's data channel.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2636
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 03:39:01 +0000 (03:39 +0000)]
Simple fix where options->ca_file was used without
first being checked against NULL.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2635
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 03:33:53 +0000 (03:33 +0000)]
epoll driver in event.c should be prepared to handle an
EPOLLHUP event in the same way as it handles
EPOLLIN, EPOLLPRI, or EPOLLERR events.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2634
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 03:26:45 +0000 (03:26 +0000)]
Fixed interim memory growth issue in TCP connect loop where
"TCP: connect to %s failed, will try again in %d seconds: %s"
is output.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2633
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 21 Jan 2008 03:13:57 +0000 (03:13 +0000)]
Added note about alternative version of easy-rsa
that supports subjectAltName for multi-domain
web certificates.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2632
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 26 Oct 2007 15:20:32 +0000 (15:20 +0000)]
PKCS-11 fixups (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2438
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 22 Oct 2007 20:06:14 +0000 (20:06 +0000)]
Use pkcs11-helper as external library, can be downloaded
from https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2418
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 22 Oct 2007 19:19:21 +0000 (19:19 +0000)]
Modified command line and config file parser to allow
quoted strings using single quotes ('') (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2414
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 22 Oct 2007 19:12:54 +0000 (19:12 +0000)]
Added --management-signal option to signal SIGUSR1 when the management
interface disconnects (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2413
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 22 Oct 2007 19:02:21 +0000 (19:02 +0000)]
Add "forget-passwords" command to the management interface (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2412
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 17 Aug 2007 08:22:42 +0000 (08:22 +0000)]
AUTO_USERID feature -- if the auth-user-pass option is used
with some argument ARG, then -ARG will be appended to the
username string that is sent to the server.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2259
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Tue, 14 Aug 2007 19:36:29 +0000 (19:36 +0000)]
config-win32.h and install-win32/openvpn.nsi are no longer generated
(i.e. they are now original sources), therefore doclean should not
delete them.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2249
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 18 Jul 2007 03:16:04 +0000 (03:16 +0000)]
updated icon
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2120
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 11 Jun 2007 21:06:11 +0000 (21:06 +0000)]
Fixed a variable declaration that wasn't at the start
of a block.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2026
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 26 Apr 2007 13:50:24 +0000 (13:50 +0000)]
script comment changes
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1900
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 25 Apr 2007 23:52:12 +0000 (23:52 +0000)]
Version 2.1_rc4
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1881
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 25 Apr 2007 23:23:27 +0000 (23:23 +0000)]
Fixed 64-bit portability bug in time_string function (Thomas Habets).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1880
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 25 Apr 2007 22:58:21 +0000 (22:58 +0000)]
misc Windows build system changes
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1875
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 25 Apr 2007 21:37:49 +0000 (21:37 +0000)]
TAP driver now passes signing tests on Vista x64.
Added new settings to settings.in to better control
build process.
Removed some unneeded JYFIXMEs from source code.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1874
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 23 Apr 2007 06:49:36 +0000 (06:49 +0000)]
Forgot to add changelog item about OpenVPN GUI being
included in 2.1-rc3.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1869
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Mon, 23 Apr 2007 01:55:10 +0000 (01:55 +0000)]
Version 2.1_rc3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1868
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sun, 22 Apr 2007 08:21:16 +0000 (08:21 +0000)]
Version is now specified in version.m4 for both
unix and windows versions.
Reworked the Windows build scripting system, with
settings (other than version #) specified in settings.in.
Moved the native scripting grammar as defined by trans.pl
away from NSIS and to something more generic.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1867
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 21 Apr 2007 22:19:48 +0000 (22:19 +0000)]
Moved OpenVPN version number from configure.ac
to version.m4
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1866
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 21 Apr 2007 21:01:38 +0000 (21:01 +0000)]
Added a Windows README file to the installer than
contains quick-start instructions.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1864
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 21 Apr 2007 19:58:11 +0000 (19:58 +0000)]
Added OpenVPN GUI (Mathias Sundman version) as install
option in Windows installer.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1863
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 21 Apr 2007 18:28:59 +0000 (18:28 +0000)]
The easy-rsa directory installed by the windows installer comes with the
old easy-rsa 1.0 files. (even current openvpn-2.1_rc2-install.exe)
This bug is not that critical, but it is annoying that easy-rsa still
creates server certificates without extended key usage per default
(openssl.cnf), making the windows user wonder about error messages if
the recommended "remote-cert-tls" option is used. (In this case simply
copying the openssl.cnf from the 2.0 directory did the job, for regular
usage the path to opensc in the newly added pkcs11 section should be
changed).
And if possible please add the following three files to the "Windows"
directory if easy-rsa. They allow to build password protected versions
of the keys (I just copied the files and remove the "-nodes" parameter).
Except of build-key-server-pass.bat i think that they are vital for
security (e.g. the key files are in an unencrypted directory and
physical access is possible). -- Daniel Zauft
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1862
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 21 Apr 2007 17:59:40 +0000 (17:59 +0000)]
Clean up configure on FreeBSD for recent autotool versions that
require that all .h files have to be compiled.
Also, FreeBSD install does not support GNU long options which the
Makefile in easy-rsa/2.0 uses (not checked the others as we don't
install those on Gentoo) -- Roy Marples
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1861
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 19 Apr 2007 22:03:54 +0000 (22:03 +0000)]
Use Server 2003 rather than Vista as x64 target for tap/tapinstall.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1853
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 19 Apr 2007 10:20:57 +0000 (10:20 +0000)]
Updated build system and tap driver to work with
version 5600 of the Windows DDK.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1851
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Sat, 14 Apr 2007 10:35:25 +0000 (10:35 +0000)]
Added options to version.nsi that allow prebuilt
amd64 tap/tapinstall to be specified.
Verify that tapinstall directory exists before trying
to build it.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1838
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Fri, 16 Mar 2007 20:39:04 +0000 (20:39 +0000)]
Revert r1773
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1776
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Thu, 8 Mar 2007 09:37:45 +0000 (09:37 +0000)]
Don't build special x64 version of tapinstall.exe
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1773
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 7 Mar 2007 10:09:53 +0000 (10:09 +0000)]
Windows TAP driver license text changes.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1764
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Wed, 7 Mar 2007 07:08:49 +0000 (07:08 +0000)]
Cleaned up Windows build scripts.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1763
e7ae566f -a301-0410-adde-
c780ea21d3b5
james [Tue, 6 Mar 2007 12:06:57 +0000 (12:06 +0000)]
Forgot to svn add buildinstaller before last commit.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1762
e7ae566f -a301-0410-adde-
c780ea21d3b5
projects / thirdparty / openvpn.git / log
