will build the app as if it was running on the simulator, i.e. with
null tun device, but will build for an actual iOS device.
OPENVPN_SSL_DEBUG defined in ovpncli.cpp is now a debug level and
can be set to an integer value (or 0 to disable).
tls-version-min <version> ['or-highest'] -- sets the minimum
TLS version we will accept from the peer. Examples for version
include "1.0", "1.1", or "1.2". If 'or-highest' is specified
and version is not recognized, we will only accept the highest TLS
version supported by the local SSL implementation.
Examples:
tls-version-min 1.1 -- fail the connection unless peer can
connect at TLS 1.1 or higher.
tls-version-min 1.3 or-highest -- require that the peer
connect at TLS 1.3 or higher, however if the local SSL
implementation doesn't support TLS 1.3 (as it wouldn't in 2013
since TLS 1.3 doesn't exist yet), reduce the minimum required
version to the highest version supported by the local SSL
implementation (such as TLS 1.2). This is intended to allow
client configurations to target higher TLS versions that are
supported on the server, even if some older clients don't
support these versions yet.
where if more than one instance of an option exists, and
a single instance of the option is required, use the last
instance. Previously we would raise an exception in this case.
key, if the server allows it. To enable, add the following to
the profile:
setenv CLIENT_CERT 0
This is necessary to resolve an ambiguity when the profile
contains no client certificate or key, because otherwise
the client app can't know whether an external certificate/key
pair should be obtained from the Keychain, or whether the
server actually doesn't require a client certificate/key.
If the above directive is set to 1 or absent, the app will
assume that an external certificate/key pair should be obtained
from the Keychain
The option is given as a "setenv" to avoid breaking other
OpenVPN clients that might not recognize it.
----
Also, made subtle change to autologin determination, so that
community external PKI profiles will work properly with
autologin or userlogin based on the presence or absence of
auth-user-pass.
array instead of concatenated string, and to resolve issue on OS X
where signals were being ignored after system() was called.
C++ iterators incremented in a for statement should usually use
a preincrement syntax.
* Allow protocol to be specified by "proto" directive instead
of requiring it to be present in "remote" directive.
* Throw error if tls-remote is specified in client config file.
Updated Android client.txt notes.
* clear_auth() now clears username field.
* OpenSSL impl in core now logs TLS handshake details.
* Added build-openssl-small to build a trimmed-down version
of OpenSSL.
signature exists within data range being signed.
In ProtoStack, add raw_write method sending raw packets
that will NOT be encrypted via SSL, but will still be
encapsulated and tracked via reliability layer.
Other misc changes.
