| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
TLS control channel (such as AUTH_FAILED) that occur during
or immediately after a TLS renegotiation might be dropped.
Version 2.1.1n
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6350 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
* Added env-filter MI command to perform filtering on env vars
passed through as a part of --management-client-auth
* man_write will now try to aggregate output into larger blocks
(up to 1024 bytes) for more efficient i/o
Version 2.1.1f
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5557 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
python msvc\config.py
nmake /f msvc\msvc.mak
Version 2.1.1e
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5516 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
file or pulled from a server) can now be configured via the new
"max-routes" directive.
Previously, the limit was set to 100 and fixed by a compile-time
constant. Now the limit is dynamic and can be modified by the
"max-routes" directive. If max-routes is not specified, the default
limit is 100.
Note that this change does not address the maximum size of the
pushed options string sent from server to client, which is still
controlled by the TLS_CHANNEL_BUF_SIZE compile-time constant.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4967 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Telethra to OpenVPN Technologies.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
arguments since all scripts were called by system().
The security hardening changes made to 2.1_rc9 no longer
use system(), but rather use the safer execve or CreateProcess
system calls. The security hardening also introduced a
backward incompatibility with 2.1_rc8 and earlier in that
script parameters were no longer shell-expanded, so
for example:
client-connect "docc CLIENT-CONNECT"
would fail to work because execve would try to execute
a script called "docc CLIENT-CONNECT" instead of "docc"
with "CLIENT-CONNECT" as the first argument.
This patch fixes the issue, bringing the script argument
semantics back to pre 2.1_rc9 behavior in order to preserve
backward compatibility while still using execve or CreateProcess
to execute the script/executable.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3128 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3125 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
* All external programs and scripts are now called by execve() on unix and
CreateProcess on Windows.
* The system() function is no longer used.
* Argument lists for external programs and scripts are now built by the new
argv_printf function which natively outputs to string arrays (i.e.
char *argv[] lists), never truncates its output, and eliminates the security
issues inherent in formatting and parsing command lines, and dealing with
argument quoting.
* The --script-security directive has been added to offer policy controls on
OpenVPN's execution of external programs and scripts.
Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
up argv strings for execve without the possibility of truncation
or misinterpretation of mid-argument spacing.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3107 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
due to overflow.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3085 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
before calling user-defined scripts, to preclude the chance of a leading
dash being interpreted as an option prefix.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
likely() and unlikely() macro additions to syshead.h) and r3061.
I would like to give more thought to the bigger issue of fortifying
buffer.[ch] through the use of additional defensive programming techniques.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3068 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
to syshead.h
Introduced BUF_MAX constant to limit struct buffer offset and length
values. BUF_MAX has been set to 2^20.
Use likely() and unlikely() macros in buffer.h code to allow the
compiler to generate more efficient code.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3058 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
http://svn.openvpn.net/projects/openvpn/test/conn
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Added client authentication and packet filtering capability
to management interface.
Extended packet filtering capability to work on both --dev tun
and --dev tap tunnels.
Updated valgrind-suppress file.
Made "Linux ip addr del failed" error nonfatal.
Amplified --client-cert-not-required warning.
Added #pragma pack to proto.h.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Support asynchronous authentication by plugins by allowing
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return
OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in
openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH.
Added a simple packet filter functionality that can be driven by
a plugin. See comments in openvpn-plugin.h for documentation.
Enabled by ENABLE_PF.
See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH
and ENABLE_PF.
"TLS Error: local/remote TLS keys are out of sync" is no longer a
fatal error for TCP-based sessions, since the error can arise
normally in the course of deferred authentication. In a related
change, allow packet-id sequence to begin at some number n > 0 for
TCP sessions, rather than strictly requiring sequence to begin
at 1.
Added a test to configure.ac for LoadLibrary function on Windows.
Modified "make dist" function to include all files from
install-win32 so that ./domake-win can be run from a
tarball-expanded directory.
setenv and setenv-safe directives may now omit a value argument
which defaults to "".
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
when ./configure --enable-strict is used.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1040 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
proxy settings (currently Windows only).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@850 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
Allow plugin and push directives to have multiple
parameters specified instead of only 1 quoted
parameter.
Allow plugin and push directives to have multi-line
parameter lists, such as:
<plugin>
my-plugin.so
parm1
parm2
</plugin>
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@785 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@784 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
It includes the --topology feature, and
TAP-Win32 driver changes to allow
non-admin access.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
|
