mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00
Code
870 Commits 13 Branches 119 Tags 33 MiB
dd5e1102c1
Commit Graph

870 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Adriaan de Jong
dd5e1102c1 Refactored key_state read code (including bio_read()) 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-21 10:53:32 +02:00
Adriaan de Jong
963ad54e53 Refactored print_details 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-21 10:53:32 +02:00
Adriaan de Jong
214fc873fe Refactored key_state free code 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-21 10:53:32 +02:00
Adriaan de Jong
d7efe64011 Refactored initalisation of key_states 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-21 10:53:31 +02:00
Adriaan de Jong
67d8a0d4e9 Refactored tls_options, key_state, and key_source data structures 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-21 10:53:31 +02:00
Adriaan de Jong
2e74a9d02d Refactored cipher restriction code 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-21 10:53:31 +02:00
Adriaan de Jong
244da317ee Refactored CA and extra certs code 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-21 10:53:31 +02:00
Adriaan de Jong
5f4eb537d7 Refactored external key loading from management 
Fixed a bug in external key loading, where if no certificate file was
specified, the program would still try to use an external private key.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:46:41 +02:00
Adriaan de Jong
d67c3147b0 Refactored private key loading code 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:45:01 +02:00
Adriaan de Jong
f4047d7420 Refactored load certificate functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:45:01 +02:00
Adriaan de Jong
d494c31501 Refactored windows cert loading 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:45:01 +02:00
Adriaan de Jong
d1013cfe95 Refactored PKCS#11 loading 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:45:01 +02:00
Adriaan de Jong
289a8bb806 Refactored PKCS#12 key loading 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
b5563f1154 Refactored root TLS option settings 
- Started merge of new feature (x509_altnames), will continue in a
future patch

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
ac3e8d62ba Refactored DH paramater loading 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
df904551cd Refactored new external key code 
- To make patch application easier in the future

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
6245178696 Refactored root SSL context initialisation 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
b64ffdcf09 Refactored get_highest_preference_tls_cipher 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
397c0a35c5 Refactored tls_show_available_ciphers 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
eab0cf2df1 Refactored TLS_PRF to new hmac and md primitives 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
95993a1df3 Refactored SSL initialisation functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:46 +02:00
Adriaan de Jong
9a160b796e Refactored: Added stubs for new files 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:31:45 +02:00
Adriaan de Jong
253329a858 Added a check for Openssl or PolarSSL defines 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:20:39 +02:00
Adriaan de Jong
1b1a98069b Removed stale OpenSSL defines from crypto.h 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:17:22 +02:00
Adriaan de Jong
76dafacecd Refactored: Moved crypto.h inline functions to end of file 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:17:22 +02:00
Adriaan de Jong
279a308eed Added PRNG doxygen 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:13:26 +02:00
Adriaan de Jong
485c5f76a1 Refactored cipher functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:13:25 +02:00
Adriaan de Jong
670f9dd91a Refactored cipher key types 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:13:25 +02:00
Adriaan de Jong
e8c950f12d Refactored HMAC functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:13:25 +02:00
Adriaan de Jong
d5f4461779 Refactored message digest functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:13:25 +02:00
Adriaan de Jong
902f674ef4 Refactored message digest type functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:09:54 +02:00
Adriaan de Jong
4a5a6033f9 Refactored NTLM DES key generation 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:09:54 +02:00
Adriaan de Jong
183c3d190b Refactored DES key manipulation functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:09:53 +02:00
Adriaan de Jong
b01cb9ef6b Refactored crypto initialisation functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:09:53 +02:00
Adriaan de Jong
330715f0ab Refactored SSL_clear_error() 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:09:53 +02:00
Adriaan de Jong
7151f3f78e Refactored show_available_* functions 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:05:45 +02:00
Adriaan de Jong
23ee3563de Refactored maximum cipher and hmac length constants 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:05:45 +02:00
Adriaan de Jong
b5738e5b85 Refactored OpenSSL-specific constants 
[David S: Fixed a few whitespace errors before merging]

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:05:45 +02:00
Adriaan de Jong
6825182b81 Refactored to rand_bytes for OpenSSL-independency 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:05:44 +02:00
Adriaan de Jong
0a18017472 Changed configure to accept --with-ssl-type=openssl 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-10-19 22:05:44 +02:00
Gert Doering
32ab329bc6 Move block for "stale-routes-check" config inside #ifdef P2MP_SERVER block 
options->stale_routes_ageing_time etc.  are not defined otherwise, and
compilation fails.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Davide Guerri <d.guerri@caspur.it>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
 2011-10-09 13:33:17 +02:00
Davide Guerri
3a957aaef3 New feauture: Add --stale-routes-check 
This patch adds a stale-routes-check option that takes 2 parameters: a ageing
time (in seconds) and a check interval (in seconds). The latter defaults to the
former if it's not present.  Internally, a new "check" is added in
multi_process_per_second_timers_dowork(). This check deletes stale routes and
it is inspired to the function multi_reap_range().

We're running a very large connectivity infrastructure based on openVPN (more
than 4000 different clients connected per day per server), so we can throughly
check this patch (or, of course, any variant of it).

Signed-off-by: Davide Guerri <d.guerri@caspur.it>
Reviewed-by: David Sommerseth <davids@redhat.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-09-30 09:48:42 +02:00
Gert Doering
8ca19c014c Platform cleanup for NetBSD 
make TAP devices work (need to go via multiplex device /dev/tap)
cleanup TUN devices at program end ("ifconfig tunX destroy")
correctly setup TUN devices for "topology subnet"
don't try to put TAP devices into TUNSIFHEAD mode (get rid of error message)

Tested on NetBSD 5.1_STABLE / Sparc64

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-09-21 15:21:25 +02:00
JuanJo Ciarlante
c02a840512 fix ipv6 compilation under macosx >= 1070 - v3 
- use __APPLE_USE_RFC_3542 for macosx build environment >= 1070
 - define SOL_IP from IPPROTO_IP if it's missing
   In Linux man 7 ip says:
   "Using SOL_IP socket options level isn't portable, BSD-based
   stacks use IPPROTO_IP level."

Signed-off-by: JuanJo Ciarlante <jjo+ml@google.com>
Tested-by: Eric F Crist <ecrist@secure-computing.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-09-21 15:19:41 +02:00
David Sommerseth
79a5aa44ca Fixed compile issues on FreeBSD and Solaris 
In commit 7fb0e07ec3 struct route changed and
this change was not fixed in all places in tun.c, which caused
a compilation error.  A few whitespace fixes is added as well.

OSX needs to be fixed as well, but this will be done in a separate patch.

Tested-by: Eric F Crist <ecrist@secure-computing.net> (FreeBSD)
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-09-21 15:04:50 +02:00
James Yonan
c21b73f251 Fixed management interface bug where >FATAL notifications were 
not being output properly because the management interface
socket was being closed before the >FATAL notification could
be transmitted.

Version 2.1.14

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7587 e7ae566f-a301-0410-adde-c780ea21d3b5
 2011-09-05 12:06:03 +02:00
James Yonan
8cfa4ebddc Minor fix to CC_PRINT char class -- treat DEL (ascii 127) 
as a control char.

Version 2.1.13.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7581 e7ae566f-a301-0410-adde-c780ea21d3b5
 2011-09-01 08:40:48 +02:00
Heiko Hund
d90428d141 add --mark option to set SO_MARK sockopt 
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-08-31 20:22:57 +02:00
Heiko Hund
82167eb2ec define IN6_ARE_ADDR_EQUAL macro for WIN32 
Windows headers do not define the IN6_ARE_ADDR_EQUAL macro. It needs
to be defined locally when building for WIN32.

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-08-31 19:45:28 +02:00
Heiko Hund
a18c2b025c lowercase include header name in syshead.h 
Cross compiling for Windows is broken since commit
739fa9881f added the mixed
case header name "NtDDNdis.h" to the file. While this header
exists in a MinGW build environment it's lowercase there.

Windows doesn't mind the case of a file name, but Linux does.
So, lowercasing the filename will make openvpn build in both
worlds.

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
 2011-08-31 19:32:00 +02:00