mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 12:12:15 +02:00
Code
993 Commits 3 Branches 40 Tags 12 MiB
256c07ff28
Commit Graph

993 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
James Yonan
bb642c6cd5 Minor additions to class LogPeriod. 2015-01-26 20:39:24 -07:00
James Yonan
e4b8aa6b80 Added class DevURand, conforming to RandomAPI base, 
that grabs entropy directly from /dev/urandom.
 2015-01-24 20:09:17 -07:00
James Yonan
169612f842 Add virtual void post_close() method to ScopedFD so derived 
classes can do post-close actions.
 2015-01-24 20:07:36 -07:00
James Yonan
65b24f39e9 Server: null-terminate transmitted control channel messages. 2015-01-22 17:55:57 -07:00
James Yonan
226785cbe2 Increased initial allocation of server-side AUTH_FAILED 
buffer to 128 bytes.
 2015-01-22 17:54:12 -07:00
James Yonan
433f4e362d Minicrypto build fixes: 
* Disable minicrypto for now in both Android and Apple builds.

* In deps/polarssl/build-polarssl, don't apply the minicrypto
  patch unless "$USE_MINICRYPTO" = "1".
 2015-01-19 17:48:10 -07:00
James Yonan
d4af03c205 Extended follow_references parameter of ProfileMerge class to allow 
for full reference following (e.g. cert ssl/serv.crt) as is helpful
in server-side environments.
 2015-01-19 14:30:37 -07:00
James Yonan
3350db2c41 For Listen::List parser, allow number of threads parameter 
to be multiplied by the number of processor cores on the machine
using this syntax:

  listen 0.0.0.0 1194 udp 4*N

The 4*N syntax indicates that OpenVPN should spawn 4 * N threads
to listen on 0.0.0.0:1194 where N is the number of processor
cores on the machine.
 2015-01-19 14:26:41 -07:00
James Yonan
18c31bca14 Updated PolarSSL to 1.3.9a for CVE-2015-1182. 2015-01-19 14:25:42 -07:00
James Yonan
84fb5c7731 Added NULL=1 option to test/ovpncli/go to build a tunnull binary. 2015-01-17 04:41:46 -07:00
James Yonan
b53d8d5648 Added tunnull build option: 
TUN_NULL_EXIT -- exit immediately on connection
 2015-01-17 03:41:42 -07:00
James Yonan
1f08f57154 Make the stats store volatile to improve the accuracy of 
lockless multi-threaded access.
 2015-01-16 18:47:39 -07:00
James Yonan
79b9deb2bc Added SIGUSR1/SIGUSR2 to class ASIOSignals. 
Also added register_signals_all() method.
 2015-01-16 01:52:59 -07:00
James Yonan
6f3aed5f90 Minor debug output change. 2015-01-16 00:22:14 -07:00
James Yonan
7daa811458 For consistency, ServerProto::Session should refer to base 
class methods using a "Base::" prefix.
 2015-01-15 17:06:12 -07:00
James Yonan
e2c90bf030 ServerProto::Session::stop() should reset the DC (data channel) factory. 2015-01-15 17:05:50 -07:00
James Yonan
69d0a9cefb Added SetUserGroup class for downgrading UID/GID. 2015-01-14 23:50:40 -07:00
James Yonan
fbfc84f460 Refactored PThreadCond and added PThreadBarrier for cases 
where all threads need to reach a known point before
executing some action.
 2015-01-14 23:17:20 -07:00
James Yonan
8d61382731 Core version number updated to 3.0.3. 2015-01-14 12:12:34 -07:00
James Yonan
915d0220a4 Added methods for daemonization and redirecting stdout/stderr 
to a log file.
 2015-01-13 23:18:57 -07:00
James Yonan
d2bd31a80b Added some missing #includes. 2015-01-13 17:02:47 -07:00
James Yonan
9af3a3d60d In OpenSSL read_cleartext_ready(), be sure to allow 
SSL_pending(ssl) to influence returned result.
 2015-01-13 00:06:21 -07:00
James Yonan
762f84a7db Added AuthCert::defined() method. 2015-01-12 23:23:41 -07:00
James Yonan
e0910bf6c4 Added PolarSSL AuthCert support (server-side only). 2015-01-12 23:20:23 -07:00
James Yonan
e817a9dc0b Added dump_hex methods. 2015-01-12 23:16:51 -07:00
James Yonan
bb42a3b4f1 Minor fix to OpenSSL verify_callback_server method. 2015-01-12 23:14:29 -07:00
James Yonan
9004e8cbea Added PThreadCond, a wrapper for pthread conditions. 2015-01-12 18:39:32 -07:00
James Yonan
58de6a371d Added class OptionList convenience method get_num() 
with range checking.
 2015-01-12 18:35:53 -07:00
James Yonan
9965704558 Added write_string() method to write a std::string to a file. 2015-01-12 18:34:10 -07:00
James Yonan
b2190bbb7b Added server-side APIs for peer address, client float, 
and bandwidth stats notifications.
 2015-01-12 10:58:20 -07:00
James Yonan
52858e8891 Added class LogPeriod, a class intended to help with server-side 
logging by forming log filenames with a timestamp and facilitating
log rollover.
 2015-01-12 10:54:40 -07:00
James Yonan
3816443db5 Added total_threads() method to struct Listen::List. 2015-01-12 10:53:28 -07:00
James Yonan
7f040d6482 Minor reordering of struct AuthCert data members. 2015-01-12 10:52:35 -07:00
James Yonan
64992a043b Make date_time() method thread-safe, and allow 
arbitrary time_t time value to be passed.
 2015-01-12 10:49:49 -07:00
James Yonan
8cbac717b3 Added IPv4/v6 methods for converting to/from byte strings. 2015-01-12 10:48:38 -07:00
James Yonan
ec0e7d5549 On server side, collect client cert info in the 
new AuthCert object, and pass it through to
management decision object along with other creds
to consider for authentication.

In OpenSSL driver, split the verify_callback
function into client/server versions.

Modified InitProcess to do a special one-time call of
SSL_get_ex_new_index in OpenSSL library, so that we
can store a private object pointer in an OpenSSL
SSL struct.

TODO: Add AuthCert functionality to PolarSSL driver.
 2015-01-08 15:33:48 -07:00
James Yonan
90e53b3e9d Moved load_duration_parm and set_duration_parm out of proto.hpp 
and into a new file openvpn/time/durhelper.hpp.

Added skew_duration() to durhelper.hpp to randomly skew
duration values.

Added Duration::operator+(const int delta) method to
allow modification of raw duration value by an int.
 2015-01-08 15:30:58 -07:00
James Yonan
8b8ff4afd9 In OpenSSL driver, modify x509_get_field to check 
for embedded nulls in return strings.
 2015-01-08 15:27:36 -07:00
James Yonan
a6fc108384 Modified auth fail APIs (both initial and mid-session) to 
include a flag (bool tell_client) indicating whether or not
the reason string should be transmitted to the client.
 2015-01-08 15:25:23 -07:00
James Yonan
2f65d5b550 Added enum_dir() function to return filenames in a directory 
as a vector of strings.
 2015-01-08 15:18:55 -07:00
James Yonan
730f3d8718 In class RandomIntBase in boostrand.hpp, added rand() 
method that simply returns raw random value.
 2015-01-08 15:18:16 -07:00
James Yonan
93ced6f8d9 Added string::root() function to return the 
non-extension part of the filename.
 2015-01-08 15:16:51 -07:00
James Yonan
d51c6c6dc4 Added render_hex_number() function to hexstr.hpp. 2015-01-08 15:16:11 -07:00
James Yonan
dbd5995d7a OpenVPN Protocol extensions update. 
1. Added specific details on DATA_V2/peer-id/float support.

2. For AEAD mode, emphasized that the leading 8 bytes (4 bytes for
   DATA_V2/peer-id and 4 for packet ID) is all included in the AD.

3. Added specific details on protocol negotiation where the client
   indicates protocol extension availability with IV_x parameters
   in the peer info string, and the server responds by pushing
   directives to the client to enable the feature.

4. Added "TCP nonlinear mode" section, a new protocol extension
   that is needed by multithreaded TCP servers.
 2015-01-06 17:16:06 -07:00
James Yonan
a80508ab21 Added initial OpenVPN Protocol extensions doc. 2015-01-06 17:14:31 -07:00
James Yonan
c2c7292a70 Updated copyright to 2015. 2015-01-06 12:56:21 -07:00
James Yonan
47236d5ab5 Updated OPENVPN_VERSION to "3.0.2". 2015-01-05 19:25:18 -07:00
James Yonan
cb7b87eaf9 Allow push of duration parameters (reneg-sec, tran-window, hand-window). 2015-01-05 12:43:29 -07:00
James Yonan
a8b951e1c6 Added debug logging to proto.hpp for 
PROMOTE_SECONDARY_TO_PRIMARY event.
 2015-01-05 12:42:27 -07:00
James Yonan
cc3a966ff5 TransportClientInstanceRecv::transport_recv now returns 
true if incoming packet was successfully validated.
 2015-01-04 20:35:53 -07:00