We used to ship git submodule instructions to build a local copy of
cmocka in vendor/cmocka/ and use that (if cmake is installed) to build
unit tests. With the network test driver this turns out to be a
LD_LIBRARY_PATH vs. SUDO complication which is really outweighing the
benefit of a local build today - so, use the system-wide installation
if available (querying pgk-config). Do not build unit-tests otherwise.
v2: (inspired by patch from David Sommerseth)
introduce "configure --disable-unit-test" switch
simplify configure.ac logic
use CMOCKA_LIBS and CMOCKA_INCLUDE (set by PKG_CHECK)
v3:
repair conflict with commit 7473f32636
CMOCKA_INCLUDE is not correct, must be CMOCKA_CFLAGS (see config.status)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20190623183210.6005-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18570.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The man page states that when using --capath, the user is required to
provide CRLs for CAs. This is not true and providing CRLs is optional -
both in case of --capath as well as --crl-verify options. When relevant
CRL is not found OpenVPN simply logs the warning in the logs while
allowing the connection, e.g.:
VERIFY WARNING: depth=0, unable to get certificate CRL
This patch clarifies the behavior.
Signed-off-by: Michal Soltys <soltys@ziu.info>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20190409143438.25348-2-soltys@ziu.info>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18343.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This fixes "make check" builds on systems with lzo on a non-standard
location.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20190602101831.21216-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18482.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
1) Building the networking unit-test when SITNL is not enabled does not
make much sense right now.
Make compilation dependent on having SITNL configured.
2) Remove some no-op mock_msg function calls.
3) Remove obsolete comment and declarations
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20190618163435.26431-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18556.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The current script is performing a test on the "kill" command, but this
is not useful to the t_net.sh script as it never really executes it.
Rather test that "sudo <unit-test-binary>" really works.
<unit-test-binary> has to be added to the sudoers file if this test
has to be performend unattanded. The path is:
./unit_tests/openvpn/networking_testdriver
On top of that, print a simple OK for every test that is succesful.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190615230213.14888-2-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18548.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The t_net script currently has #!/bin/sh but it implicitly assume to
be using bash.
This is fine on most distros, but some do not have sh pointing to bash
by default, thus breaking the script.
Explicitly use bash to avoid failures.
On the other hand, run this unit-test only if SITNL was enabled at
compile time. This test was designed with SITNL in mind and it is
not yet ready for other backends.
Running only when SITNL is enabled implies running on Linux only
therefore we are guaranteed that bash will always work.
While at it, also add a comment as of why the t_client.rc file is
sourced.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190615230213.14888-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18547.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
While the existing code is not wrong and will never cause an overflow,
it will copy (on a too-long source string) "maxlen" bytes to dest, and
then overwrite the last byte just copied with "0" - which causes a
warning in gcc 9 about filling the target buffer "up to the end,
with no room for a trailing 0 anymore".
Reducing the maximum bytes-to-be-copied to "maxlen -1", because the
last byte will be stamped with 0 anyway.
v2: do not ASSERT() on "maxlen == 0", but move the strncpy() call inside
the if() clause - so "just do nothing" on maxlen == 0, as before.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20190608075622.11589-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18502.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This patch introduces a new unit test that is not executed
by the cmocka framework, but rather used by a new t_net.sh
bash script.
The idea behind this test is to ensure that invoking sitnl
functions or running iproute commands leads to the same
networking (interface and routing table) state.
To achieve this, the t_net.sh script first runs a binary
implemented invoking sitnl functions and then takes a
"screenshot" of the state. Subsequently a series of
iproute commands, expected to mimic exactly the same behaviour
as the sitnl functions invoked before, are executed.
The final state is then compared with the screenshot
previously taken.
If no mismatching is found, the test is passed.
The current unit_test, however, does not cover all the
sitnl functionalities and it is expected to be extended
in the future.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20181219050118.6568-7-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18027.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
By switching to the networking API (for Linux) openvpn will
now use any of the available implementations to handle the
routing table.
At the moment only iproute2 is implemented.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20181219050118.6568-5-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18029.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
By switching to the networking API (for Linux) openvpn will
now use any of the available implementations to handle the tun
interface.
At the moment only iproute2 and sitnl (NetLink) is implemented.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20181219050118.6568-4-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18028.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This patch introduces a tiny netlink interface, optimized
for the openvpn use case.
It basically exposes all those operations that are currently
handled by directly calling the /sbin/ip command (or even
ifconfig/route, if configured).
By using netlink, openvpn won't need to spawn new processes
when configuring the tun interface or routes.
This new approach will also allow openvpn to be granted
CAP_NET_ADMIN and be able to properly work even though it
dropped the root privileges (currently handled via workarounds).
By moving this logic into the sitnl module, tun.c and route.c
also benefit from some code simplification
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20181219050118.6568-3-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18030.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Commit 62063162 change the include from sys/poll.h to just poll.h but
forgot to also change all occurrences of HAVE_SYS_POLL_H to HAVE_POLL_H.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190524090236.10760-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18475.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
iproute2 is the first user of the new networking API and
its one of the two currently supported functionalities on
Linux (the other being net-tools).
This patch simply copies the current code from tun.c/route.c
to networking_iproute2.c without introducing any funcional
change to the code.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20181219050118.6568-2-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18031.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
tun.c and route.c contain all the code used by openvpn
to manage the tun interface and the routing table on all
the supported platforms.
Across the years, this resulted in a longer functions
and series of ifdefs.
This patch introduces a new "networking API" which aims at
creating a simple abstraction between the tun/route logic
and the platform dependent code.
The is API expected to be implemented outside of tun.c/route.c
by using platform specific functionalities.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190514081159.12192-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18458.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This patch fixes "unused variable/unreferenced format parameter"
warnings in different places, kudos to Visual Studio compiler
for discoveing some of those.
This also also removes unneeded uninit_management_callback_multi()
wrapper.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1540889615-24868-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17855.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Triggered by the report from Ilya, that if base64 is missing, the tests
would still report success:
Testing tls-crypt-v2 key generation (max length
metadata)..../t_lpback.sh: base64: not found
OK
PASS: t_lpback.sh
The easiest way to fix that, is to remove the dependency on base64 (which
is it's current form wouldn't work on OSX anyway, because their base64
doesn't understand "-w0").
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <E1hON0G-0007yB-3H@sfs-ml-4.v29.lw.sourceforge.com>
URL: https://www.mail-archive.com/search?l=mid&q=E1hON0G-0007yB-3H@sfs-ml-4.v29.lw.sourceforge.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The mock_msg.h file was not enlisted in the _SOURCES lists in
Makefile.am for the unit tests. This caused the mock_msg.h file to not
be present in the .tar.gz file created by 'make dist'.
This was not noticed earlier as we haven't really tried much to run git
clone of the cmocka project manually in vendor/ from an unpacked
tarball.
With this fix the cmocka unit tests can also run from tarballs, with
manually extracting/fetching the cmocka source code in vendor/cmocka.
Signed-off-by: David Sommerseth <davids@openvpn.net>
----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
How to test:
- Create a tarball: make distcheck (or just 'dist')
- Extract openvpn-2.5_git.tar.gz in a clean directory
- cd openvpn-2.5_git/vendor
- git clone https://git.cryptomilk.org/projects/cmocka.git
- ./configure
- make check
- Observe that the cmocka unit tests ran as expected
Depending on the CMake version, you might want to check out cmocka git
commit b2732b52202ae48f; which is the one we use in the git submodule.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20190417203015.1903-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18380.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Simplifies the build scripts, and fixes my CI, where paths on the test
slave can be different from paths on the build slave.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20181028145449.12676-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17849.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
The INSTALL file contained several minor errors, typos and was generally
not up-to-date in regards to what ./configure provides today. In
addition, several URL references have moved around to new homes.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190327120604.21101-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18307.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
osx image used for builds, i.e. xcode7.3 is outdated, we
can switch to "default" xcode9.4 and use more fast brew
travis-ci plugin
Signed-off-by: Ilya Shipitsin <chipitsine@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20190311133620.18278-4-chipitsine@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18269.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Ubuntu Trusty reaches End of Life on April 30, 2019
Let us switch to xenial. Also, it simplifies mingw builds.
We do not need to add xenial mingw manually anymore
Signed-off-by: Ilya Shipitsin <chipitsine@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20190311133620.18278-3-chipitsine@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18270.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
- TLS 1.3 is not ready yet in LibreSSL. Also there is a theoretical
possibility of OpenSSL >=1.1.1 built without TLS 1.3 support.
- EC_KEY_METHOD API and SSL_get1_supported_ciphers are added into LibreSSL
master (not yet released in 2.9.0).
- Some methods that are available since LibreSSL 2.7.0 were thrown away
in ssl_openssl.c regardless of LibreSSL version. Use them with newer
LibreSSL.
Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20190225183531.27399-1-stefan.strogin@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18239.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
- Add a new return value (-2) for openvpn_execve() when external
program execution is not allowed due to a low script-security
setting.
- Add a corresponding error message
Errors and warnings in such cases will now display as
"WARNING: failed running command (<cmd>) :" followed by
"disallowed by script-security setting" on all platforms
instead of the current
"external program did not execute -- returned error code -1"
on Windows and
"external program fork failed" on other platforms.
The error is FATAL for some scripts and that behaviour is unchanged.
This helps the Windows GUI to detect when a connection failure
results from a safer script-security setting enforced by the GUI,
and show a relevant message.
v2 changes as suggested by <davds@openvpn.net>
- define macros for return values of openvpn_execve()
- replace if/else by switch() in system_error_message()
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1550709982-19319-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18223.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Linux packaging is quite a comprehensive task these days, with many
Linux distributions and each with their own packaging guidelines. In
addition OpenVPN is packaged for most important Linux distributions
already.
The OpenVPN developers is not capable of keeping track of how all the
various recommend packaging guidelines evoloves and our RPM build
process is no longer consistent with guidelines from Fedora, RHEL or
SUSE packaging. We also don't receive any updates improving this
situation. Most likely due to packaging being handled fairly well by
the Linux distributions directly.
In addition comes systemd into play, which more and more Linux
distributions embraces - and even our own RPM openvpn.spec file didn't
account for that move.
This removes all RPM related packaging files and updates the INSTALL
file with pointers to several popular Linux distributions with
accessible information of the OpenVPN packages they provide. Linux
distributions is most likely much better at keeping the packaging
up-to-shape much better than we.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190220131906.22970-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18222.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Note: Hardware ID check is used selectively. When naming the adapter, we
still need to check all existing adapters to prevent duplicate names.
When listing or removing adapters by name, the operation is limited to
TUN-Windows6 adapters only.
This patch follows Gert's recommendations from [openvpn-devel].
Signed-off-by: Simon Rozman <simon@rozman.si>
Message-ID: <20190120130813.GY962@greenie.muc.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190224181621.27020-1-simon@rozman.si>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18234.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This patch follows Gert's recommendations from [openvpn-devel].
Signed-off-by: Simon Rozman <simon@rozman.si>
Message-ID: <201901181957.x0IJvlQ2003900@chekov.greenie.muc.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190224185500.45300-1-simon@rozman.si>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18235.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The code was standardized to avoid "E1072: a declaration cannot have a
label" warning of Visual Studio 2017 IntelliSense.
Furthermore, a comment explaining what `dwStartType <=
SERVICE_AUTO_START` condition is about.
This patch follows Gert's recommendations from [openvpn-devel].
Signed-off-by: Simon Rozman <simon@rozman.si>
Message-ID: <201901181944.x0IJiGuV003728@chekov.greenie.muc.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190224181544.17232-1-simon@rozman.si>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18233.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Extra NULL checks were added after malloc() calls to display out-of-
memory error and try to exit gracefully.
Function msica_op_create_*() now return NULL in out-of-memory condition
too. Since their output is directly used in msica_op_seq_add_head() and
msica_op_seq_add_tail() functions, later were extended to check for NULL
pointer arguments.
This patch follows Gert's recommendations from [openvpn-devel].
Signed-off-by: Simon Rozman <simon@rozman.si>
Message-ID: <20190117155829.GA92142@greenie.muc.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190224181400.42524-1-simon@rozman.si
20190117155829.GA92142@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18231.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Since OpenVPN is security software, "TLS" usually stands for Transport
Layer Security.
Furthermore, repetitive copy&paste code was refactored using a macro.
This patch follows Gert's recommendations from [openvpn-devel].
Signed-off-by: Simon Rozman <simon@rozman.si>
Message-ID: <20190117155829.GA92142@greenie.muc.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190224181252.43996-1-simon@rozman.si
20190117155829.GA92142@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18230.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The second argument is the entire subject DN, not just the CN.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20190201204348.22326-1-openvpn-devel=lists.sourceforge.net@thomas.quinot.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18195.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
For PSS padding, CNG requires the digest to be signed
and the digest algorithm in use, which are not accessible
via the rsa_sign and rsa_priv_enc callbacks of OpenSSL.
This patch uses the EVP_KEY interface to hook to
evp_pkey_sign callback if OpenSSL version is > 1.1.0.
To test this code path, both the server and client should
be built with OpenSSL 1.1.1 and use TLS version >= 1.2
Tested on Windows 7 client against a Linux server.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1548863600-491-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18188.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Also add a function to map OpenSSL padding identifier to
corresponding CNG constant.
This is to help add support for additional padding
types: only refactoring, no functional changes.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1544210258-8754-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17999.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The function is fairly generic and to avoid duplicating the same
functionality move the function to crypto.c and change fixed string to
be the same as the pem_name parameter.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190122150333.1061-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20190122150333.1061-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
When no TUN/TAP driver is installed a interface cannot be created. This
patch detects this condition and bails out with an error message.
This also fixes a typo in one of the error messages.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20181219202611.2144-4-simon@rozman.si>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18038.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
If --persist-key was used, we would always try to pre-load the 'global'
tls-auth/crypt file. That would result in using the wrong key (leading
to a failed connection) or en error is there was to 'global' key:
Sat Jan 19 11:09:01 2019 Cannot pre-load tls-auth keyfile ((null))
Sat Jan 19 11:09:01 2019 Exiting due to fatal error
Fix that by loading loading the key from the current connection entry.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20190119103400.12887-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18123.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
OpenSSL's version of crypto_pem_encode() uses PEM_write_bio()
function to write PEM-encoded data to BIO object. That method doesn't
add NUL termanator, unlike its mbedTLS counterpart
mbedtls_pem_write_buffer().
The code which uses PEM data treats it as a string, so missing NUL
terminator makes sanitizer to compain.
Fix by adding a NUL terminator.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1548164463-13366-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18141.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This allows the Windows GUI to use these options on the command
line without triggering user authorization errors.
Useful for
(i) ignoring certain pushed options such as "route-method" which
could otherwise bypass the interactive service
(ii) enforcing a safer script-security setting from the GUI
See also:
https://github.com/OpenVPN/openvpn-gui/issues/235#issuecomment-456142928
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1548172232-11268-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18154.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
When writing data to buffer we incorrectly specify source length
- sizeof for pointer returns 8, but actual buffer length is 1.
Fix by replacing empty global string to local string literal and
specifying the correct length.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1548164060-13144-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18140.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This makes DLL exported function names consistent between 32 and 64-bit
builds.
Signed-off-by: Simon Rozman <simon@rozman.si>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190101233547.10100-1-simon@rozman.si>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18077.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Making DriverCertification public (containing only upper-case letters)
allows the property set by FindSystemInfo custom action to be passed
from InstallUISequence sequence to InstallExecuteSequence. This
eliminates the need to execute FindSystemInfo in both sequences.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20181219202611.2144-1-simon@rozman.si>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18037.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
