aboutsummaryrefslogtreecommitdiff
path: root/contrib (follow)
AgeCommit message (Collapse)AuthorFilesLines
2010-11-14Remove hardcoded path to resolvconfJesse Young2-4/+6
Signed-off-by: Jesse Young <jesse.young@gmail.com> Acked-by: David Sommerseth <dazo@users.sourceforge.net> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2010-10-21OCSP_check.sh: new check logicDavid Sommerseth1-10/+32
contrib/OCSP_check/OCSP_check.sh: I discovered that, quite surprisingly, the exit status of "openssl ocsp" is 0 even if the certificate status is "revoked". This means that the logic of the script needs to be rewritten so that it parses the output returned by the query and explicitly looks for a "0x<serial number>: good" line, and exit if either the command has a non-zero exit status, or the above line is not found. Doing that portably without bashisms requires some juggling around, so perhaps the code is slightly less clean now, but it does have many comments. Signed-off-by: Davide Brini <dave_br@gmx.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
2010-10-21Fix certificate serial number exportDavide Brini1-0/+89
contrib/OCSP_check/OCSP_check.sh: New barebone script to demonstrate how to use $tls_serial_{n} to perform simple OCSP queries using OpenSSL command line "openssl ocsp". Minimal sanity checks to fail if user tries to use it without customizing. openvpn.8: Added some notes about $tls_serial_{n} format and usage to the existing description. ssl.c: correctly manage and export serial numbers of any size (as parsed by OpenSSL) into the environment. Set to empty string in case of errors, as 0 and negative numbers are all possible (although illegal) certificate serial numbers. Use an OpenSSL BIO object to do the job. Conforms to coding style guidelines. See the discussion at http://article.gmane.org/gmane.network.openvpn.devel/3588 for more details. Signed-off-by: Davide Brini <dave_br@gmx.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
2010-10-21Fix missing /bin/bash -> /bin/shDavide Brini1-1/+1
In commit a9c9a89e96dc1e4e843e05ecadc4349b81606b06 the client.{up,down} scripts where overhauled and bashism was removed. During that process, a #! change was missing. Signed-off-by: Davide Brini <dave_br@gmx.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
2010-10-21Enhance contrib/pull-resolv-conf/client.{up,down} scriptsDavide Brini2-69/+64
Patch arrived from Davide Brini: - No more bashisms (AFAICT). Should work with any POSIX-compatible shell (which means "almost all reasonably recent shells"), though I've only tested with bash and dash. - Unnecessary calls to external tools (sed) removed - Manages multiple DNS and DOMAIN options. Each DNS option becomes a "nameserver" line in the new resolv.conf (up to a maximum of 3). If there's a single DOMAIN option, it becomes a "domain" line in resolv.conf; otherwise, all the domains are listed in a "search" line in resolv.conf (eg "search foo.com example.net"). - Client.up renames the existing resolv.conf and creates a brand new one; client.down restores it from the saved copy when the VPN terminates (the usual rules about running as root apply). This is how Gentoo does that; the old scripts instead added/removed some lines at the beginning of the file, which looks a less clean approach to me. The rename approach also dramatically simplifies and shortens client.down, as you'll see. - Uses resolvconf if it's available (detected by the presence of /sbin/resolvconf) rather than writing to resolv.conf directly. Not sure whether this is a Linux-only thing or other systems use it though. Script has been smoke tested on Fedora 12 with OpenVPN 2.1.1 without the resolvconf package , and in addition Debian Lenny with OpenVPN 2.1_rc11 according to the patch. Signed-off-by: Davide Brini <dave_br@gmx.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
2010-04-28Updated copyright date to 2010.James Yonan2-2/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-30Update copyright to 2009.james2-2/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-06Copyright notice changed to reflect change in name ofjames2-2/+2
Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-14Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james2-2/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated copyright notice to 2008.james2-2/+2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-09-26This is the start of the BETA21 branch.james7-0/+347
It includes the --topology feature, and TAP-Win32 driver changes to allow non-admin access. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 09:53:55 +0000