Ported iOS client and OpenVPN 3 core to ARM-64.
Now building a "fat binary" with Xcode 5.0.1 that
targets arm7, arm7s, and arm64.
Outstanding issues:
* IPv6 doesn't route through tunnel on iOS7
* Client doesn't install on iOS 5.1.1.
will build the app as if it was running on the simulator, i.e. with
null tun device, but will build for an actual iOS device.
OPENVPN_SSL_DEBUG defined in ovpncli.cpp is now a debug level and
can be set to an integer value (or 0 to disable).
where if more than one instance of an option exists, and
a single instance of the option is required, use the last
instance. Previously we would raise an exception in this case.
the cert chain from Keychain Identities.
Note that this solution is still not ideal because the iOS keychain
appears unable to import a PKCS#12 file as a bundle. It only
imports the leaf cert/key and ignores the rest.
So for this fix to be effective, each of the root and intermediate
certs in the PKCS#12 file must be manually extracted and separately
imported as .crt files.
MERGE from -r8632 https://svn.openvpn.net/projects/openvpn/cs/openvpn/ovpn3.ios101
* VoD profiles can be defined using the iPhone Configuration utility:
1. Connection Type should be set to Custom SSL
2. Identifier should be set to net.openvpn.OpenVPN-Connect.vpnplugin
3. Server can be set to a hostname, or "DEFAULT" to use the
hostname(s) from the OpenVPN configuration.
4. User Authentication should be set to Certificate, and the client
certificate+key should be attached as a PKCS#12 file.
5. VPN On Demand should be enabled and match entries should be
defined.
In addition, the OpenVPN client configuration file may be defined
via key/value pairs:
1. VoD requires an autologin profile.
2. Define each OpenVPN directive as a key, with arguments
specified as the value.
3. For Access server meta-directives such as
OVPN_ACCESS_SERVER_USERNAME, remove the "OVPN_ACCESS_SERVER_"
prefix, giving USERNAME as the directive.
4. If no arguments are present, use "NOARGS" as the value.
5. If multiple instances of the same directive are present,
number the directives in the order they should be processed by
appending .<n> to the directive, where n is an integer,
such as remote.1 or remote.2
6. For multi-line directives such as <ca> and <tls-auth>, you must
convert the multi-line argument to a single line by specifying
line breaks as \n -- also note that because of
this escaping model, you must use \\ to pass backslash itself.
* VoD profiles are recognized and listed by the app.
* The app can disconnect but not connect a VoD profile.
* Most app-level functionality such as logging and preferences
work correctly for VoD profiles.
Core changes:
* Added support for key-direction parameter in core.
Fixed some memory leaks revealed by Instruments.
* CCHmacInit must be paired with a CCHmacFinal, otherwise
will introduce a leak.
* Made VPNConfig ivar vpnRef into a property backed by an
id to properly retain VPNConfigurationRef objects in
objective-C ARC environment.
* Discovered a leak in VPNConfigurationCopyAll -- reported to Apple.
Redid logging to use files rather than plugin -> app events.
When app becomes the active view after the plugin has exited with
an error, show the error status.
* clear_auth() now clears username field.
* OpenSSL impl in core now logs TLS handshake details.
* Added build-openssl-small to build a trimmed-down version
of OpenSSL.
is either under openvpn/openssl (implementation) or
openvpn/gencrypto (generic crypto selector).
Reorganized applecrypto with evp files under crypto so
that we can eventually build out applecrypto as a full
crypto/ssl replacement for OpenSSL.