aboutsummaryrefslogtreecommitdiff
path: root/buffer.c (follow)
AgeCommit message (Collapse)AuthorFilesLines
2010-12-09Added "management-external-key" option. This option can be usedJames Yonan1-1/+1
instead of "key" in client mode, and allows the client to run without the need to load the actual private key. When the SSL protocol needs to perform an RSA sign operation, the data to be signed will be sent to the management interface via a notification as follows: >RSA_SIGN:[BASE64_DATA] The management interface client should then sign BASE64_DATA using the private key and return the signature as follows: rsa-sig [BASE64_SIG_LINE] . . . END This capability is intended to allow the use of arbitrary cryptographic service providers with OpenVPN via the management interface. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6708 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-07-27Fixed an issue where application payload transmissions on theJames Yonan1-8/+26
TLS control channel (such as AUTH_FAILED) that occur during or immediately after a TLS renegotiation might be dropped. Version 2.1.1n git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6350 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-04-28Updated copyright date to 2010.James Yonan1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-04-16Management interface performance optimizations:James Yonan1-1/+40
* Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth * man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o Version 2.1.1f git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5557 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-31Updated MSVC build scripts to Visual Studio 2008:James Yonan1-1/+1
python msvc\config.py nmake /f msvc\msvc.mak Version 2.1.1e git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5516 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-09-17The maximum number of "route" directives (specified in the configjames1-3/+3
file or pulled from a server) can now be configured via the new "max-routes" directive. Previously, the limit was set to 100 and fixed by a compile-time constant. Now the limit is dynamic and can be modified by the "max-routes" directive. If max-routes is not specified, the default limit is 100. Note that this change does not address the maximum size of the pushed options string sent from server to client, which is still controlled by the TLS_CHANNEL_BUF_SIZE compile-time constant. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4967 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-30Update copyright to 2009.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-06Copyright notice changed to reflect change in name ofjames1-1/+1
Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-062.1_rc8 and earlier did implicit shell expansion on scriptjames1-252/+0
arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-27Added additional defensive programming to buffer.[ch] functions.james1-0/+8
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3128 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Fixed compiler warnings in Windows build (MinGW).james1-2/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3125 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Completely revamped the system for calling external programs and scripts:james1-52/+80
* All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-23Added argv_x functions to buffer.[ch] to be used to safely buildjames1-0/+224
up argv strings for execve without the possibility of truncation or misinterpretation of mid-argument spacing. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3107 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-19buf_printf will now return false on errors, such as truncationjames1-2/+7
due to overflow. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3085 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-19Replace leading dash ('-') characters in an X509 name with underbars ('_')james1-0/+14
before calling user-defined scripts, to preclude the chance of a leading dash being interpreted as an option prefix. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-18Reverted some recent buffer.[ch] changes, including r3058 (except forjames1-1/+0
likely() and unlikely() macro additions to syshead.h) and r3061. I would like to give more thought to the bigger issue of fortifying buffer.[ch] through the use of additional defensive programming techniques. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-17Check for multiplication overflow on ALLOC_ARRAY* functions.james1-0/+10
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3068 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-16Added likely() and unlikely() branch prediction hint macrosjames1-0/+1
to syshead.h Introduced BUF_MAX constant to limit struct buffer offset and length values. BUF_MAX has been set to 2^20. Use likely() and unlikely() macros in buffer.h code to allow the compiler to generate more efficient code. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3058 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-14Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated copyright notice to 2008.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Merged connection profiles fromjames1-0/+20
http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated version to 2.1_rc7e.james1-0/+127
Added client authentication and packet filtering capability to management interface. Extended packet filtering capability to work on both --dev tun and --dev tap tunnels. Updated valgrind-suppress file. Made "Linux ip addr del failed" error nonfatal. Amplified --client-cert-not-required warning. Added #pragma pack to proto.h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-04Incremented version to 2.1_rc7d.james1-1/+10
Support asynchronous authentication by plugins by allowing OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH. Added a simple packet filter functionality that can be driven by a plugin. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_PF. See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH and ENABLE_PF. "TLS Error: local/remote TLS keys are out of sync" is no longer a fatal error for TCP-based sessions, since the error can arise normally in the course of deferred authentication. In a related change, allow packet-id sequence to begin at some number n > 0 for TCP sessions, rather than strictly requiring sequence to begin at 1. Added a test to configure.ac for LoadLibrary function on Windows. Modified "make dist" function to include all files from install-win32 so that ./domake-win can be run from a tarball-expanded directory. setenv and setenv-safe directives may now omit a value argument which defaults to "". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-12Moved branch into official BETA21 position.james1-6/+0
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-06-24Eliminated gcc 3.3.3 warnings on NetBSDjames1-1/+1
when ./configure --enable-strict is used. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1040 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-12-12Added --auto-proxy directive to auto-detect HTTP or SOCKSjames1-0/+12
proxy settings (currently Windows only). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@850 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-09Removed annoying 'i' variable from add_option.james1-0/+49
Allow plugin and push directives to have multiple parameters specified instead of only 1 quoted parameter. Allow plugin and push directives to have multi-line parameter lists, such as: <plugin> my-plugin.so parm1 parm2 </plugin> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@785 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-08Added ENABLE_INLINE_FILES feature.james1-0/+14
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@784 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-09-26This is the start of the BETA21 branch.james1-0/+743
It includes the --topology feature, and TAP-Win32 driver changes to allow non-admin access. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5