always use our built-in replacement functions now, even if building
on Win7 (which has inet_ntop/inet_pton in the system libraries) because
the resulting binary will then fail on WinXP.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
OpenVPN can handle over 30 different files and directories, and it is easy
to misconfigure some of them. In many situations OpenVPN will even start
running, even with a wrong file path or without the proper permissions, and
then it will complain much later on. In some cases the error being seen at
this late point might even be difficult to relate to a configuration option.
This patch tries to catch as many of these files as soon as possible, kind of
to "smoke-test" the files and directories to avoid the most likely errors.
Trac-ticket: 73
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
(driver is known-buggy for small IPv4 packets in tun mode)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
(bugfixed tapdrvr.c regarding small IPv4 packets)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Without this patch, the default path used by OpenVPN is hard coded
to C:\WINDOWS. As users might install Windows in a different directory,
this approach will cause OpenVPN to malfunction in some configurations.
OpenVPN have supported using the system path, by adding --win-sys env.
This patch removes the hard coded approach and uses the --win-sys env
approach by default instead.
Trac-ticket: 66
URL: http://thread.gmane.org/gmane.network.openvpn.user/32508
Signed-off-by: David Sommerseth <davids@redhat.com>
Tested-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
On these platforms (including DragonFly), get_default_gateway() would in some
cases return false. As get_default_gateway() is defined as a void function, and
none of the callers expect a return value -> just return without any value.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Patch "Added options to switch between OpenSSL and PolarSSL and PKCS11" caused a
regression when building OpenVPN with Visual Studio 2008/Python build system.
The underlying cause was a wrong path to lzo2.lib.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Changed int32_t to size_t
- Removed some unused variables
- Added missing include files
- changed ordering to ensure variable declarations are before asserts
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Tested-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
at compile time. Also included the option to enable/disable PKCS11.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Since prng_uninit is SSL-library agnostic, but crypto_uninit_lib isn't,
the function was moved up a level.
Also removed one unused variable (j) in tls1_P_hash().
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
minimum-size for IPv6 being applied to IPv4 packets, subsequently
leading to drop of small-sized IPv4 packets.
Bug found & fixed by Christian Niessner.
Signed-off-by: Christian Niessner <bug-report@secadm.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
PolarSSL does not support PKCS#12 certificate/key bundles, but had a
typo where #ifdef USE_POLARSSL was used, and it should have been #ifndef
instead.
Also added a few extra exclusions of PKCS#12 messages where appropriate,
to avoid confusing users.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Fixed a bug where the wrong value was being passed to plugin_call_ssl, due to a missing comma.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Replaced des_set_key_unchecked and des_ecb_encrypt functions in cipher_des_encrypt_ecb
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
This is to allow building on NetBSD which does not install <des_old.h> anymore
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Reversed des_key_check_weak output check, as the library changed this
- Changed POLARSSL_MODE_CFB to POLARSSL_MODE_CFB128
- Changed the bio write function to accept const input
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Now return either SUCCESS or FAILURE.
- SUCCESS is defined as 0.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
As a safety measure against future modifications
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
It is now in bits again.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Renamed struct entries to explicitly show them as disabled
- Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or ssl_verify_polarssl.h is included
- If neither of those files is included, disable ssl support for a plugin including openvpn-plugin.h
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins
- Fixed example plugin code to include USE_SSL when needed
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>