Adriaan de Jong [Wed, 29 Jun 2011 14:51:16 +0000 (16:51 +0200)]
Refactored PKCS#12 key loading
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong [Wed, 29 Jun 2011 13:45:44 +0000 (15:45 +0200)]
Refactored new external key code
- To make patch application easier in the future
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong [Wed, 29 Jun 2011 13:30:34 +0000 (15:30 +0200)]
Refactored root SSL context initialisation
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong [Mon, 27 Jun 2011 07:44:47 +0000 (09:44 +0200)]
Refactored tls_show_available_ciphers
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong [Mon, 27 Jun 2011 07:22:08 +0000 (09:22 +0200)]
Refactored TLS_PRF to new hmac and md primitives
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong [Thu, 23 Jun 2011 15:31:19 +0000 (17:31 +0200)]
Refactored cipher key types
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong [Thu, 23 Jun 2011 10:45:29 +0000 (12:45 +0200)]
Refactored DES key manipulation functions
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
This patch adds a stale-routes-check option that takes 2 parameters: a ageing
time (in seconds) and a check interval (in seconds). The latter defaults to the
former if it's not present. Internally, a new "check" is added in
multi_process_per_second_timers_dowork(). This check deletes stale routes and
it is inspired to the function multi_reap_range().
We're running a very large connectivity infrastructure based on openVPN (more
than 4000 different clients connected per day per server), so we can throughly
check this patch (or, of course, any variant of it).
Signed-off-by: Davide Guerri <d.guerri@caspur.it> Reviewed-by: David Sommerseth <davids@redhat.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
Gert Doering [Fri, 16 Sep 2011 17:51:09 +0000 (19:51 +0200)]
Platform cleanup for NetBSD
make TAP devices work (need to go via multiplex device /dev/tap)
cleanup TUN devices at program end ("ifconfig tunX destroy")
correctly setup TUN devices for "topology subnet"
don't try to put TAP devices into TUNSIFHEAD mode (get rid of error message)
Tested on NetBSD 5.1_STABLE / Sparc64
Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
- use __APPLE_USE_RFC_3542 for macosx build environment >= 1070
- define SOL_IP from IPPROTO_IP if it's missing
In Linux man 7 ip says:
"Using SOL_IP socket options level isn't portable, BSD-based
stacks use IPPROTO_IP level."
Signed-off-by: JuanJo Ciarlante <jjo+ml@google.com> Tested-by: Eric F Crist <ecrist@secure-computing.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
David Sommerseth [Mon, 19 Sep 2011 14:43:04 +0000 (16:43 +0200)]
Fixed compile issues on FreeBSD and Solaris
In commit 7fb0e07ec3f7c5f6514523085dbe struct route changed and
this change was not fixed in all places in tun.c, which caused
a compilation error. A few whitespace fixes is added as well.
OSX needs to be fixed as well, but this will be done in a separate patch.
Tested-by: Eric F Crist <ecrist@secure-computing.net> (FreeBSD) Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
James Yonan [Fri, 2 Sep 2011 23:49:45 +0000 (23:49 +0000)]
Fixed management interface bug where >FATAL notifications were
not being output properly because the management interface
socket was being closed before the >FATAL notification could
be transmitted.
Heiko Hund [Wed, 31 Aug 2011 14:38:08 +0000 (14:38 +0000)]
lowercase include header name in syshead.h
Cross compiling for Windows is broken since commit 739fa9881f12e67dc8b9cadc7230e59e7fe42423 added the mixed
case header name "NtDDNdis.h" to the file. While this header
exists in a MinGW build environment it's lowercase there.
Windows doesn't mind the case of a file name, but Linux does.
So, lowercasing the filename will make openvpn build in both
worlds.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
JuanJo Ciarlante [Thu, 26 May 2011 17:01:42 +0000 (19:01 +0200)]
USE_PF_INET6 by default for v2.3
- put all #ifdef'd code in place, kill the cpp symbol,
- thus in v2.3 it's not actually possible to --disable-ipv6 :)
RATIONALE:
#1 some wacky compilers choke on #ifdef'd constructions for
concatenated strings, and given that:
#2 v2.3 has already transport ipv6 by default
=> doesn't justify putting effort on #1 to keep USE_PF_INET6
ifdef wraps.
Signed-off-by: JuanJo Ciarlante <jjo+ml@google.com> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
Gert Doering [Sat, 28 May 2011 20:50:40 +0000 (22:50 +0200)]
Replace 32-bit-based add_in6_addr() implementation by an 8-bit based one
Windows has no 32-bit accessor to the union inside "struct in6_addr",
and the 8-bit accessor is the only common denominator across BSD, Solaris,
Linux and Windows...
Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
David Sommerseth [Thu, 26 May 2011 13:23:03 +0000 (16:23 +0300)]
Fix Microsoft Visual Studio incompatibility in plugin.c
MS Visual Studio don't like to have struct members named in the
variable declaration. Without this fix, Visual Studio is not able
to compile the new v3 plug-in API.
Signed-off-by: David Sommerseth <davids@redhat.com> Tested-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de>
Samuli Seppänen [Thu, 11 Aug 2011 16:00:57 +0000 (19:00 +0300)]
Merged TODO.IPv6 with TODO.ipv6 and README.IPv6 with README.ipv6
Prior to this patch were two sets of IPv6 README/TODO files: one from payload
and one from transport patchset. Unfortunately Git on Windows gets very confused
of these files, as they only differ in case. This patch merges these sets into
one.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
Heiko Hund [Thu, 18 Aug 2011 12:17:50 +0000 (12:17 +0000)]
add .gitignore to official repository
This .gitignore make the output of git status a lot more readable. It was
made from the dynamically generated files that showed after using both
build system.
Signed-off-by: Samuli Seppänen <samuli@openvpn.ne> Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-By: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
James Yonan [Fri, 19 Aug 2011 03:15:25 +0000 (03:15 +0000)]
"status" management interface command (version >= 2) will now
include the username for each connected user. This should
generally be backward compatible with existing management
interface clients since the new username field is added
to the CLIENT_LIST header as well.
James Yonan [Fri, 19 Aug 2011 03:10:08 +0000 (03:10 +0000)]
CC_PRINT character class now allows any 8-bit character value >= 32.
This is done to allow UTF-8 and restrict the use of control characters
in usernames, passwords, common names, etc.
James Yonan [Fri, 19 Aug 2011 03:07:27 +0000 (03:07 +0000)]
Fixed issue where redirect-gateway block-local code was not
correctly calculating the two halves of the subnet if the
gateway was in the upper half (Gert Doering).
projects / thirdparty / openvpn.git / log
