Travis-ci is used only for static analysis, therefore
when building the testing protocol we should avoid
non-deterministic behaviour which could lead to failures.
Tell the testing binary to work with lossless links.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
The md setup function has been substituted with a new one,
but the exception message was not updated.
Update it now to report the correct function name.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
the compiler is not smart enough to understand that under
the expected conditions http(s)_port will always be initialized.
Initialize variables upon declaration to avoid warning.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
By default tls-crypt is now enabled instead of tls-auth.
It can be easily changed by editing the define at the top
of test/ssl/proto.hpp
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Not really important, but worth fixing to avoid polluting
any memchecker output with unreleased (leaked) resources.
Release process resources before exiting the main function.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Add support for AES-256-CTR (used by tls-crypt) in the crypto
layer and make sure that each SSL library plugin is aware of it.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
In ProtoContext::KeyContext::raw_recv() when state == C_WAIT_RESET,
Antonio noticed that the send_reset() is likely superfluous.
proto.cpp test seems to confirm.
Comment it out for now.
Signed-off-by: James Yonan <james@openvpn.net>
In VPNServerNetblock::Netblock, break out IP::Range clients
and IP::Addr bcast into a separate derived class ClientNetblock,
which provides a more minimalisic Netblock for use cases that
don't need to manage client VPN IP address pools.
Signed-off-by: James Yonan <james@openvpn.net>
* renamed ManClientInstanceSend to ManClientInstance::Send
* renamed ManClientInstanceRecv to ManClientInstance::Recv
* renamed ManClientInstanceFactory to ManClientInstance::Factory
* renamed TransportClientInstanceSend to TransportClientInstance::Send
* renamed TransportClientInstanceRecv to TransportClientInstance::Recv
* renamed TransportClientInstanceFactory to TransportClientInstance::Factory
* renamed TunClientInstanceRecv to TunClientInstance::Recv
* renamed TunClientInstanceSend to TunClientInstance::Send
* renamed TunClientInstanceFactory to TunClientInstance::Factory
Other related refactorings/removals:
Changes to ManClientInstance::Send:
* Added pre_stop() method.
* Renamed set_acl_id() to set_acl_index().
Changes to ManClientInstance::Recv:
* In push_reply(), removed routes and initial_fwmark parameters.
* Removed set_fwmark() method.
* Added tun_native_handle() method to return the tun socket
file descriptor and peer_id of a client instance.
Changes to ServerProto:
* Added C++11 override attribute to overridden virtual methods
Signed-off-by: James Yonan <james@openvpn.net>
* Use C++11 range-based iterators.
* Use std::string rather than std::ostringstream
for string formatting.
* Added to_string() method.
* Added local_addr() method.
Signed-off-by: James Yonan <james@openvpn.net>
SSLConst::SERVER_TO_SERVER allows X509 certificates to be
used in a meshed toplology, where a server certificate can
be used for either the client or server side of an SSL
connection.
Currently only implemented for OpenSSL.
Signed-off-by: James Yonan <james@openvpn.net>
This isn't strictly necessary because OpenSSL uses a
hardcoded RNG, but is added for consistency with other
SSL libraries.
Signed-off-by: James Yonan <james@openvpn.net>