The previous commit restructured the way how peer info was built and
accidentally move those into its own method without calling the method.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
The sys/socket.h header is not available on Windows. This issue was
introduced in commit 1b4f736bb9, so the same fencing used in
that commit was also added around the #include statement.
Signed-off-by: David Sommerseth <davids@openvpn.net>
In commit 1b4f736bb9, an additional parentheses was added to
the MacGatewayInfo constructor. This results in code which cannot be
compiled.
Signed-off-by: David Sommerseth <davids@openvpn.net>
A few minor changes:
- add ORGANIZATION meta option to ignore list
- remove excessive OVPN_ACCESS_SERVER_ prefix from NO_WEB meta option
- Increase status message length from 256 to 2048 to be able to show
the full list of unsupported options
Signed-off-by: Lev Stipakov <lev@openvpn.net>
ERR_INVALID_OPTION_DNS -- invalid value for some of DNS\Domain options
ERR_INVALID_OPTION_CRYPTO -- invalid value for some of SSL\Crypto option
ERR_INVALID_CONFIG -- missing option or not supported option
ERR_INVALID_OPTION_PUSHED -- pushed to server option error
ERR_INVALID_OPTION_VAL -- invalid value for some general option
Signed-off-by: Illia Polishchuk <illia.polishchuk@openvpn.com>
The OPENVPN_EXCEPTION_WITH_CODE(C, DEFAULT_CODE, ...)
macro creates enum C_code with __VA_ARGS__ codes
and constructor with the C_code as first argument which
adds label at the beginning of error message, other
constructors add DEFAULT_CODE label
Signed-off-by: Illia Polishchuk <illia.polishchuk@openvpn.com>
Until now sitnl was just default to metric 0 when installing routes,
while ignoring any value that may have been passed by the user.
Extend logic to properly accept a user value.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
When the user specifies no metric (i.e. value is -1), the TunBuilder
should pass the default value down the stack.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This also move the building IV_HWADDR peer info variable to the point
that the server address is actually available.
This also avoids failing to connect when push-peer-info is enabled and
there is no IPv4 default gateway. The new code will always pick the device
that holds the route to the current remote.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Config
client
pull
was not correctly handled like client + tls-client
since the code short-circuited if tls-client wasn't set
and so didn't touch pull option.
Github: #277
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
- Group GHA updates and set them to monthly schedule to
drastically reduce the numbers of PRs
- Notify about GoogleTest updates
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
It was noted that the SITNL unit test is always failing for no clear
reason.
It turned out that commit 22ba196429
("SITNL: revert change of sitnl_send return type, return int"),
that was supposed to be a simple revert of
ae663c573a ("Using new numeric
conversion tools") is actually converting two "return ret" into
return -1 and return -EINVAL accordingly.
This accidental change results in two functions always returning
an error despite terminating succesfully.
This behaviour was obviously fooling the unitest which failed in result.
Fix both functions by properly returning "ret" as it was originally.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Makes it easier to test with -Wconversion, e.g. in Jenkins.
For now disable -Wsign-conversion. That is the default in g++,
but not clang++. Once we have fixed all -Wsign-conversion
warnings, we can enable it for both.
For now disable -Wenum-enum-conversion. Only present in clang++.
Not clear whether cleaning those up will be worth the effort.
Disable -ferror-limit in clang++. This ensures that it always
displays all errors.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 6e7a98b5f4)
- Set CXX_STANDARD_REQUIRED ON so that we error out early
if CMake thinks that the compiler does not support the
used standard.
- Set CXX_EXTENSIONS OFF so that we get less compiler
specific behavior.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 9b8797fe5e)
Using the <max> argument to cmake_minimum_required will
set all policies up to <max> to NEW. We might need to
fix some issues arising from that, but this means that
modern CMake can already behave like it wants even with
leaving <min> so that we can support old distros (currently
Debian 10).
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 268bf42b9e)
On modern CMake this gets us swig dependency management,
which should reduce problems for incremental builds.
Also it is just cleaner.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 72275db1d5)
The earlier were deprecated since CMake 3.12.
Since CMake 3.27 this causes deprecation warnings.
Should be safe nowadays to require CMake 3.12.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit bb61350ae5)
This is very noisy with lots of false positives, especially
in newer version of GCC. So for now disable this.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit d7e8375fc5)
- Use CURRENT source and binary dir to make this work even
if used as a sub-directory in another project.
- Make USE_MDFILE_AS_MAINPAGE actually work. It is only
used when part of the INPUT and does not automatically
add it to INPUT.
- Make sure CMake uses the latest version of README.rst
by using configure_file instead of file(COPY).
- Improve EXCLUDE_PATTERNS.
- Add NUM_PROC_THREADS.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 474de6c93f)
By adding the asio includes first we have a better
chance to force using "our" asio. This can be important
since some parts of the code require a patched version.
The actual "core" parts of the code work fine with
upstream asio however, so I also do not want to
force the patched asio by requiring a special header
name or directory structure.
So this is a compromise solution which hopefully works
for most use-cases.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit bc7f4be01b)
We do not want to force a dependency on powershell.
Copying the right dlls is rather trivial.
Same change as commit commit e9e49239ce
for build-vcpkg script.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 1f5aa58223)
Helpfully the comment above the code actually provided
a solution...
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit db7ea3d96a)
Always use find_package for all libraries.
Add missing Find*.cmake modules.
Always define an IMPORTED library in Find*
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit d7b3419f8e)
Fixes problems when calling find_package on asio multiple
times.
Originally fixed by commit cba75f1aa08374733dcc79abebeca262ae94118a
in vcpkg#28299.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 71cf5f48fe)
We do not want to force a dependency on powershell.
Copying the right dlls is rather trivial.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit e9e49239ce)
This makes it easier to see what is going on when looking at
individual CMakeLists.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 4c81069564)
This is important since it allows us to avoid
the JsonCPP dependency on non-Win/non-Apple
systems.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit a9570cb780)
Make sure we find vcpkg and system packages on all
platforms.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit e720bf3aba)
Use add_library to define a target so that we do not
need to apply all the setting manually.
Use find_package_message() to avoid printing the
message more than once.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 2fb5d08ea0)
- Fix PATCHES to work on Linux
- While here, fix version number
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit fb9bee5ad6)
- Increase required version to 3.10. That is the version in
Ubuntu Bionic and currently the oldest one we still want
to support.
- Enable CTest for test target
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
(cherry picked from commit 50271ee02a)
With the change to OpenSSL 3 and introducing insecure as profile we
actually allowed MD5 again. Update the warning to reflect this.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
The purpose of this change is to allow headers that require the
logbase.hpp classes to compile in executables using logsimple.hpp.
By munging classes and macros into both headers, an avoidable conflict
of macro re-definition is created. This commit separates the classes
from the macros into new headers. Then propagates the mistake into the
current headers so none of the existing code is broken. ;-)
Signed-off-by: Mark Deric <jmark@openvpn.net>
Currently we error out on the first unsupported
option which belongs to the "fatal" category, such as
"removed deprecated option" or "Option allowed only to
be pushed by the server".
To improve user experice and allow application code
to display all problematic options and their categories,
collect options into a category->options map and then
serialize it into multiline string:
cat1: opt1,opt2
cat2: opt3
Introduce a new error code UNUSED_OPTIONS, which is
placed into ClientAPI::Status::status. The serialized
options map is placed into ClientAPI::Status::message.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
- Add notes regarding some unexpected behaviors in sslctx
- Add unit tests specifically for sslctx, including simple in-memory
handshaking with both success and failure examples.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>