On Linux, daemon() is defined in unistd.h, not in
stdlib.h like in MacOS or FreeBSD.
Change-Id: I30f4ea502a36eca155cbc79b89c0d18ee3419877
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230922103900.37205-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27058.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
We do this via explicit PRs now, generated by renovate.
This allows much better control over what state of the
code gets built.
Change-Id: I8b00d7d79a26ad4aaae529cb496e125398169b50
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20230922103936.37230-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27060.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
"INFO_PRE,..." command length is limited to 256 bytes. If the server
implementation pushes command which is too long, warn the user and
don't send the truncated command to a management client.
Change-Id: If3c27a2a2ba24f2af0e3e3c95eea57ed420b2542
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230922105055.37969-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27062.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
These are based on review comments for the 2.6 backport.
But since they apply to the original master implementation
as well, I address them in this separate patch.
- Add documentation to contrib/cmake/*.py
- Fix grammar in README.cmake.md
- Update a TODO in CMakeLists.txt to better reflect
the status quo
- Fix indentation in unit_tests' Makefile.am
Change-Id: I4e16767ee221e1aefdd18d13b3411c27d8dd844a
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/342
Message-Id: <20230919155635.708557-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27043.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
While CMake is not the official way to build OpenVPN on Linux,
it still make sense to support it. Turns out that
HAVE_SETSID, HAVE_OPENLOG and HAVE_SYSLOG
were not set by CMake configure, and --daemon and syslog
functionality was broken.
While on it, fix compiler error on unused return value of chdir().
Change-Id: I171d55da2be868d961caa1d4491e6f1ed10ebe8a
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230920121519.177949-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27045.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Although it's a combination of options that is not really useful,
when specifying --multihome along with --proto tcp and DCO is enabled,
OpenVPN will crash while attempting to access c2.link_socket_actual
(NULL for the TCP case) in order to retrieve the local address (in
function dco_multi_get_localaddr())
Prevent crash by running this code only if proto is UDP.
The same check is already performed in socket.c/h for the non-DCO
case.
Github: fixesOpenVPN/openvpn#390
Change-Id: I61adc26ce2ff737e020c3d980902a46758cb23e5
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230815231555.6465-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26953.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Starting with LibreSSL 3.8.1 the engines have been removed which causes
the OpenVPN build to fail. This can be solved during configure by
checking if OPENSSL_NO_ENGINE is defined in opensslconf.h.
Signed-off-by: orbea <orbea@riseup.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230909134956.5902-1-orbea@riseup.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26994.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Currently, OCC exit messages are only logged at some high debug level
(and if OpenVPN compiled with DEBUG), while control-channel EEN messages
are logged on verb 1. Make this consistent, both in wording and in
log level.
Both messages are prefixed with the "channel" where the exit message
came in.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230814060409.50742-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26949.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This also shows the extra data from the OpenSSL error function that
can contain extra information. For example, the command
openvpn --providers vollbit
will print out (on macOS):
OpenSSL: error:12800067:DSO support routines::could not load the shared library:filename(/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib): dlopen(/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib, 0x0002): tried: '/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib' (no such file), '/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib' (no such file)
Patch v2: Format message more like current messages
Change-Id: Ic2ee89937dcd85721bcacd1b700a20c640364f80
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20230811121503.4159089-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26929.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The return value of add_bypass_routes overwrites
the return value of add_route3 instead of combining
them.
Coverity: CID 1539180 (#1 of 1): Unused value (UNUSED_VALUE)
Change-Id: I78f92f363fe203af5661c6958b2417ea30f7055c
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <60951251cdb2f39b20cfc86130c2dc0570ba0363-HTML@gerrit.openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26900.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The code was not very clear if we accept the base64 decode if the
NTLM challenge was truncated or not. Move the related code lines
closer to where buf is first used and comment that we are not concerned
about any truncation.
If the decoded result is truncated, the NTLM server side will reject
our new response to the challenge as it will be incorrect. The
buffer size is fixed and known to be in a cleared state before the
decode starts.
Resolves: TOB-OVPN-14
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230802113149.36497-1-dazo+openvpn@eurephia.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26919.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
- "if (sig == X) signal_reset(sig)" now becomes
"signal_reset(sig, X)" so that the check and assignment
can be done in one place where signals are masked.
This is required to avoid change of signal state between
check and reset operations.
- Avoid resetting the signal except when absolutely necessary
(resetting has the potential of losing signals)
- In 'pre_init_signal_catch()', when certain low priority signals
are set to SIG_IGN, clear any pending signals of the same
type. Also, reset signal at the end of the SIGUSR1 and
SIGHUP loops where their values are checked instead of later. This
avoids the need for 'signal_reset()' after SIGHUP or in 'init_instance()'
which could cause a signal like SIGTERM to be lost.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230128215901.2207208-2-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26088.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
msglevel hides the function parameter of the same name,
which could lead to confusion. Use a unique name.
Change-Id: I9f9d0f0d5ab03f8cdfd7ba7200f2d56613cc586d
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <d549c9b5e5d66624ef82f99206898ff8e43a5fb5-HTML@gerrit.openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26902.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
At the moments WINS servers are set either:
- via DHCP, which works only for tap-windows6 driver
- via netsh when running without interactice service
This means that in 2.6 default setup (interactive service and dco)
WINS is silently ignored.
Add WINS support for non-DHCP drivers (like dco) by passing
WINS settings to interactive service and set them there with
netsh call, similar approach as we use for setting DNS.
Fixes https://github.com/OpenVPN/openvpn/issues/373
Change-Id: I47c22dcb728011dcedaae47cd03a57219e9c7607
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230728131246.694-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26903.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Currently we use the old signal API which follows system-V or
BSD semantics depending on the platform and/or feature-set macros.
Further, signal has many weaknesses which makes proper masking
(deferring) of signals during update not possible.
Improve this:
- Use sigaction to properly mask signals when modifying.
Notes:
Updating signal_reset() is handled in a follow up patch
SIG_SOURCE_CONNECTION_FAILED is retained in a hackish way. This value
has the same meaning as SIG_SOURCE_SOFT everywhere except where the
signal is printed. Looks cosmetic --- could be eliminated?
In pre_init_signal_catch() we ignore some unix signals, but the same
signals from management are not ignored though both are treated as "HARD"
signals. For example, during auth-user-pass query, "kill -SIGUSR1 <pid>"
will be ignored, but "signal SIGUSR1" from management interface will
cause M_FATAL and exit. This is the current behaviour, but could be improved?
This patch was originally submitted as 5/5 of the signals series. Now this
is 1/2 of a new series with signal_reset changes moved to 2/2
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230128215901.2207208-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26087.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
I thought instead about moving this into a loop inside
powershell. But then error handling becomes annoying.
So let's GitHub handle it.
Change-Id: I9831f352c07b5c58a4e2d6a3dd5417842e0887d2
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20230718105233.620193-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26868.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This is implements --peer-fingerprint command to support OpenVPN
authentication without involving a PKI.
The current implementation in OpenVPN for peer fingerprint has been already
extensively rewritten from the original submission from Jason [1]. The
commit preserved the original author since it was based on Jason code/idea.
This commit is based on two previous commits that prepare the infrastructure
to use a simple to use --peer-fingerprint directive instead of using
a --tls-verify script like the v1 of the patch proposed. The two commits
preparing this are:
- Extend verify-hash to allow multiple hashes
- Implement peer-fingerprint to check fingerprint of peer certificate
These preceding patches make this actual patch quite short. There are some
lines in this patch that bear some similarity to the ones like
if (!preverify_ok && !session->opt->verify_hash_no_ca)
vs
if (!preverify_ok && !session->opt->ca_file_none)
But these similarities are one line fragments and dictated by the
surrounding style and program flow, so even a complete black box
implementation will likely end up with the same lines.
[1] https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16781.html
Change-Id: Ie74c3d606c5429455c293c367462244566a936e3
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230524132424.3098475-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26723.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This reverts commit 423ced962d, which
has Jason A. Donenfeld listed as author as the patch was based on his
initial submission.
We have not received permission to relicense the original patch.
Change-Id: I8142753928498169032450c56d0497a5042bdc9b
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230524132424.3098475-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26722.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This avoids build errors on macOS. Also the test_tls_crypt command works
just fine on FreeBSD with its linkers, so do not make that test Linux only.
Patch v2: allow running with old cmake version (cmake 3 on RHEL7 with EPEL
is only 3.17)
Patch v3: add OPTIONAL keyword to Incldue required by some cmake versions
Change-Id: Id26676bdc576c7d3d6726afa43fe6c7a397c579b
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230712095529.570306-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26850.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This function is needed to commpile on win32 as run_command.c defines it
on Unix Linux but on windows it is defined in win32.c which pulls in too
many other unresolvable symbols.
Patch v2: Also add mock_win32_execve.c to automake files
Change-Id: I8c8fe298eb30e211279f3fc010584b9d3bc14b4a
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230712095412.570106-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26849.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Android has no facility nor need one to delete routes as routes are
automatically cleaned up when the tun interface is closed. Also adjust
the IPv4 message to be only shown and verb 7 and rephrase the message.
Change-Id: If8f920d378c31e9ea773ce1f56f3df50f1ec36cd
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230712094620.569273-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26848.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Commit a261e173 ("Make sending plain text control message session
aware") added KID parameter to "client-pending-auth" management command,
but forgot to mention it in the output of management help.
Change-Id: I201bdaa5fe4020d15a9dd1674aba5e0c45170731
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20230714111802.1773-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26856.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
While it might be clear to people being (too?) well versed in
typical crypto applications that an authentication failure probably
mean wrong decryption key, this is not really obvious for the typical
user/server admin.
Change-Id: If0f0e7d53f915d39ab69aaaac43dc73bb9c26ae9
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230522091231.2837468-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26718.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
While here, adapt and update some of the Windows-build
references in the other README files.
Change-Id: Id067774bde7511a736e156fc599b07837242336c
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230707150523.385264-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/search?l=mid&q=20230707150523.385264-1-frank@lichtenheld.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
They are not used or mainained anymore. So just remove them.
Change-Id: I704f7c9a9fe9a2b988410c4586183302392e690d
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230707144628.378541-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26834.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
the management interface expects the management key id instead
of the openvpn key id. In the past they often were the same for low ids
which hid the bug quite well.
Also do not pick uninitialised keystates (management key_id is not valid
in these).
Patch v2: do not add logging
Change-Id: If9fa1165a0e886b570b3738546ed810a32367cbe
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Tested-By: Jemmy Wang
Github: fixesOpenVPN/openvpn#359
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20230522101138.2842378-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26719.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
When cross compiling for Windows with Ubuntu 23.04 mingw complains about
route.c:344:26: warning: ‘special.S_un.S_addr’ may be used uninitialized
which is wrong technically. However the workaround isn't really
intrusive and while there are other warnings caused by libtool, the
cmake mingw build completes with -Werror now.
Change-Id: I8a0f59707570722eab41af2db76980ced04e6d54
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20230706171922.752429-1-heiko@ist.eigentlich.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26831.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
On Windows we might need to call python because .py files are not
directly executable. This is true e.g. for GHA runners.
For now we assume that rst2html and rst2man can be handled in the same
way and do not test both of them.
Commit e8881ec6dd unconditionally
used $PYTHON, but that broke build on systems where the default
python can't be used and we need to respect the shebang.
Commit 5dbec1c019 unconditionally
did not use $PYTHON, but that broke build on the aformentioned
GHA runners.
This commit tries to establish a solution that works for both
systems.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20230704130902.105585-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26813.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
By default CMake links C runtime dynamically,
which doesn't work on Windows 7, for example.
This is not an issue with other openvpn binaries,
since we bundle C runtime, but it is not yet available
during installation.
Change-Id: Ib2b014f075908e7db0d9115abaa2240e47fd27b9
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230705122528.1625-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26821.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Changing the argument of check_malloc_return from const void* to void*
removes the warning from gcc 12.2.0:
In file included from ../../../openvpn-git/src/openvpn/crypto_openssl.c:40:
../../../openvpn-git/src/openvpn/buffer.h: In function ‘hmac_ctx_new’:
../../../openvpn-git/src/openvpn/buffer.h:1030:9: warning: ‘ctx’ may be
used uninitialized [-Wmaybe-uninitialized]
1030 | check_malloc_return((dptr) = (type *)
malloc(sizeof(type))); \
| ^~~~~~~~~~~~~~~~~~~
../../../openvpn-git/src/openvpn/buffer.h:1076:1: note: by argument 1 of
type ‘const void *’ to ‘check_malloc_return’ declared here
1076 | check_malloc_return(const void *p)
| ^~~~~~~~~~~~~~~~~~~
This more a quick fix/heads up for other people encountering the issue
on GCC 12.2.0 like on Ubuntu 22.10 until we figure out if this is a bug in
our code or a compiler bug.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Heiko Hund <heiko@ist.eigentlich.net>
Message-Id: <20221127085933.3487177-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25549.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This causes weird, difficult to debug compilation errors. Usually
caused by trying to run CMake against a source that had an
in-tree autoconfig build.
Note that you're able to do out-of-tree autoconfig builds and
they can obviously mix with out-of-tree cmake builds.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20230703153925.48990-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26809.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The -Wno-stringop-truncation flag is only supported by some GCC versions
and not by Clang (macOS, FreeBSD) at all.
Move the includes to the top the file to have them available when running
the check_c_compiler_flag.
Change-Id: I452bc4ee935d13f8e9095d0a31805a3bbaff0cec
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230629215611.3292788-3-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26791.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
On my system python3 is the macOS system python3 while rst2html has
#!/opt/homebrew/opt/python@3.9/bin/python3.9
as its first line. Running that with a different python results in missing
python modules. So directly execute the rst2html script instead.
Change-Id: I7e27ae031179c91cc1bca8122caf2453d6396ec0
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230629215611.3292788-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26790.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
the funktion is_on_link is not used on FreeBSD and triggers a
warning/error (-Werror) on FreeBSD.
Patch v2: use actual platforms instead an ifndef FreeBSD
Change-Id: I6757d6509ff3ff522d6de417372a21e73ccca3ba
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230701202453.3517822-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26804.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Use the casting variants of mock(). Using the mock_ptr_type
fixes an existing bug where test_tls_crypt.c couldn't
build in MinGW 32bit:
test_tls_crypt.c:127:27: error:
cast to pointer from integer of different size
[-Werror=int-to-pointer-cast]
127 | const char *pem_str = (const char *) mock();
Change-Id: I6c03313b8677fa07c07e718b1f85f7efd3c4dea8
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20230630123908.82588-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26796.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This improves binary cache handling.
Change-Id: I4183edacc0295e9671c586cfcd77cf687015a22c
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20230620135310.94455-6-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26755.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
So that we get reproducible builds.
Change-Id: Iffdd3ac5f266cc7d592ab678afc14c122acbb351
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20230620135310.94455-5-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26757.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Completely replaced by the CMake build system now.
v3:
- rebase on top of my dist fixes
Change-Id: I807cffa40f18faa1adec4e15e84c032877a2b92e
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20230620135310.94455-4-frank@lichtenheld.com>
URL: https://www.mail-archive.com/search?l=mid&q=20230620135310.94455-4-frank@lichtenheld.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This is based on the initial CMake patch by
Arne Schwabe, but extends that to provide
a complete replacement for existing MinGW
build (autotools based) and MSVC build
(openvpn.sln).
The following features are added while switching
these builds to CMake:
- vcpkg support for MinGW build, allowing for
trivial cross-compilation on Linux
- Add unittests to MSVC build
- Rework MSVC config header generation, removing
need for separate headers between autotools
and MSVC
The following advantages are reasons for switching
to CMake over the existing MSVC build:
- Easier to maintain CMake files without IDE
than the sln and vcxproj files
- Able to maintain MSVC and MinGW build side-by-side
The plan is to completely remove the existing MSVC
build system but leave the existing autotools builds
in place as-is, including MinGW support.
CMake is not the intended build system for Unix-like
platforms and there are no current plans to switch
to it.
v2:
- Reduce default warning level for MSVC to /W2. With
/W3 the build is just much too noisy, making it
difficult to spot new warnings.
- Change MSVC CMake presets to have hardcoded build
type. When using pkg_search_module MSVC Multi-Config
builds do not work correctly at all since PkgConfig
doesn't seem to be able to create multi-config
libraries like find_package does.
- Change minGW presets to be Multi-Config capable.
- Remove OPENVPN_VERSION_MAJOR, OPENVPN_VERSION_MINOR,
OPENVPN_VERSION_PATCH from config.h.cmake.in.
They are not required and cause macro redefinition
warnings in MSVC (with openvpn-plugin.h). gcc doesn't
warn about this because the definitions are identical
so no need to fix this in autoheader config.h.in.
v3:
- Apply fixes by Lev Stipakov to match MSVC compile
options better to previous build.
- Apply change by Lev Stipakov to enable generation
of PDB files.
- Move /Brepro to its own commit. This is a behavior
change that should be more visible.
- Rebase on top of my dist fixes.
Change-Id: I237f28eca618d4fc476225b887c0be26cca362b1
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20230620135310.94455-3-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26754.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This helps with IDE integration among other things.
This is a basic implementation for development purposes
that can't replace any of the existing release builds.
Change-Id: I666314a223d324ca72dbe7ba7d22f764996d3ca2
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20230620135310.94455-2-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26758.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Avoid compilation warnings on 32 bit platforms.
dco_linux.c: In function 'dco_update_peer_stat':
dco_linux.c:830:26: error: format '%lu' expects argument of type
'long unsigned int', but argument 4 has type 'counter_type'
{aka 'long long unsigned int'} [-Werror=format=]
830 | msg(D_DCO_DEBUG, "%s / dco_read_bytes: %lu", __func__,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
831 | c2->dco_read_bytes);
| ~~~~~~~~~~~~~~~~~~
| |
| counter_type {aka long long unsigned int}
Signed-off-by: Sergey Korolev <sergey.korolev@keenetic.com>
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <20230626130939.3267280-1-sergey.korolev@keenetic.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26767.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
No need to deprive tar ball users of this information.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230619132934.76085-5-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26749.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Document the dependency. Also fixes cert_data.h missing from
distribution.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230619132934.76085-4-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26750.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Remove the number prefixes we do not use anyway.
And then rename Allow-the-build-to-succeed-if-configured-with-disabl.patch
to make it short enough that it can fit in a tar archive
built with --old-archive. Otherwise make dist might not include it:
tar:
openvpn-2.7_git/contrib/vcpkg-ports/pkcs11-helper/Allow-the-build-to-succee
d-if-configured-with-disabl.patch:
file name is too long (max 99); not dumped
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230619132934.76085-3-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26747.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
So it is possible to build with MSVC from the release
tarballs.
Fixes#344.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230619132934.76085-2-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26748.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>