Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
It will be completely re-written in future
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Introduce tap-windows.h which is modified tap-win32/common.h.
Except of function rename, it is the same without the tap_id.
This file should be provided as part of tap-win32 MSI.
For now we hold a copy.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
This to avoid conflit with plugin.c rules
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
autoconf rejecting this anyway:
----
AC_MSG_CHECKING([that OpenSSL Library is at least version 0.9.6])
<snip>
AC_MSG_ERROR([OpenSSL crypto Library is too old.])
----
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
When compiling for 64-bit Windows gcc warns about
"cast from pointer to integer of different size"
on two occasions in file event.c, due to invalid casting.
This patch removes the type casts and uses the correct
format specifier instead.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: James Yonan <james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/4979
Signed-off-by: David Sommerseth <davids@redhat.com>
The CryptoAPI function CryptAcquireCertificatePrivateKey() was previously
unsupported in MinGW. With recent w32api headers it's now defined, mostly.
Since the code used to load the CryptoAPI DLL is prone to a DLL hijacking
attack [1], it's now a good time to get rid of wrapper completely.
Just a few macros left that may still be undefined on some
systems using the original MinGW headers.
[1] http://isc.sans.edu/diary.html?storyid=9445
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: James Yonan <james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/4979
Signed-off-by: David Sommerseth <davids@redhat.com>
It was discovered that --management also can take stdin as argument
instead of a file. Enabled this by revamping the check_file_access()
flags by adding CHKACC_ACPTSTDIN. Setting this flag will then consider
filenames as 'stdin' as always present.
The other place where 'stdin' was accepted is also modified to use this
flag instead.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
The _access and _waccess functions in Windows don't know about
X_OK (1). If you pass an uneven mode flag the C runtime's default
invalid parameter handler ends execution of openvpn.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
In commit 9a160b796e ssl_common.h
was introduced, but never listed as a source file in Makefile.am
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
This file was moved to win/config.h.in and is the template used
by the Python build tools in win/. This happened in
commit 4b312378e9
For all other autotools based environments, ./configure will take
care of creating the proper config.h
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
MSVC chokes on this as it's not according to C89.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Windows API CommandLineToArgvW(), introduced in Windows unicode path
commit 71bbbd76c6, is defined therein.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
MSVC does not know wstat(). Instead _wstat() must be used here.
Unfortunately _wstat() takes a 'struct _stat'. A type 'stat_t' is
introduced to handle this situation in a portable way.
[v2: Use openvpn_stat_t instead of stat_t (David Sommerseth)]
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
The MSVC headers do not define mode_t. open() uses an int for
the permissions instead. Fixes building with the MSVC based
buildsystem.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Use of TARGET_WIN32 breaks MSVC builds as it is only defined
for mingw builds done with the autotools buildsystem.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
The cipher_kt_mode uses bool as return type, this should be int. On
some platforms like OS X, any returned value larger than one will
be converted to 1.
Signed-off-by: Frank de Brabander <brabander@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Commit 76809cae0e enabled setting MTU
variables inside <connection> blocks. But in that process, the
tun_mtu_defined and link_mtu_defined was not set as it should.
By moving this out of the options_postprocess_mutate_invariant()
function and into options_postprocess_mutate_ce(), these
{tun,link}_mtu_defined variables are set correctly in each
connection entry.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
The following options may now be used in a connection block:
fragment
mssfix
tun-mtu
tun-mtu-extra
link-mtu
mtu_discover_type
explicit-exit-notification
In order to support stuff like
<connection>
remote host
proto udp
fragment
explicit-exit-notification 3
</connection>
<connection>
remote host
proto tcp
</connection>
Signed-off-by: Jan Just Keijser <janjust@nikhef.nl>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Commit 71bbbd76c6 moved over from
calling open() directly to go via the openvpn_open(). It was not
detected that status.c had to include misc.h too.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Heiko Hund <heiko.hund@sophos.com>
The --show-gateway feature depends on functions only being enabled when
--disable-debug is _not_ used. As this I consider --show-gateway more
a handy function for debugging, removing this feature when --disable-debug
is used seems like the proper approach.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Commit 1876ccd012 modified
plugin_call() and introduced plugin_call_ssl(). But the similar
approach was missing for situations without plug-ins.
Solution: Rename plugin_call() in the #else !ENABLE_PLUGIN
section to plugin_call_ssl(). Then move the plugin_ssl() function
inside the #ifdef ENABLE_PLUGIN section outside the #ifdef, making
it available for builds with and without plug-ins enabled.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Openvpn for Windows is not compiled as a Unicode binary and thus cannot
handle paths which contain non-ASCII characters using the argv vector.
Characters that are not present in the system codepage are simply replaced
with a question mark, e.g. if started as 'openvpn --config домой.ovpn'
the file '?????.ovpn' is tried to be opened as configuration.
The same applies to paths in config files which need to be UTF-8
encoded if they contain non ASCII characters. The option line
'key лев.pem' will lead to openvpn trying to open 'лев.pem' on a
system with codepage 1252.
This patch makes openvpn read the command line in UCS-2 and convert
it to UTF-8 internally. Windows stores names in the filesystem in UCS-2.
When using a paths openvpn converts it from UTF-8 to UCS-2 and uses the
wide character Windows API function.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
If the management interface is not enabled, it makes no sense in
including the ENABLE_CLIENT_CR #ifdef blocks. This will also in
some configurations cause build issues if these blocks are enabled.
Signed-off-by: Igor Novgorodov <igor@novg.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
[DS: a few whitespace fixes was added as well during the merge]
Signed-off-by: Byron Ellacott <bje@apnic.net>
Acked-by: Gilles Espinasse <g.esp@free.fr>
Signed-off-by: David Sommerseth <davids@redhat.com>
In commit bee92b4794 the gc_malloc() was hardened
to always require a gc_arena object for garbage collection. Some places in the
code expected the old behaviour of a normal malloc() in these cases, that is a
memory allocation without garbage collection.
This old behaviour is partly restored by allowing string_alloc() to do a non-gc
based allocation if no gc_arena object is available. In addition some other
places string_alloc() will now be called with a gc_arena pointer where such an
object is available.
The alloc_buf() function has also been refactored to not use gc_malloc() at
all.
v2: - removes a memleak when --ifconfig-ipv6 is used several times
- makes string_alloc() behave properly if DMALLOC is enabled
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Turn around initialization order (IFCONFIG_AFTER_TUN_OPEN) to make it
"the same as all other platforms besides Windows" (tun.h).
Remove "ifconfig destroy / ifconfig create" from open_tun() and change
to generic "create tun device by opening /dev/tunN" approach, thus
cleaning up the IFCONFIG_BEFORE_TUN_OPEN bit.
Add "-link0" for ifconfig calls in tun mode, to make sure that even if
we happen to re-use a not-cleaned-up tun interface in tap mode, it will
then be setup correctly (-link0 -> tun, link0 -> tap).
Add correct ifconfig calls for "topology subnet".
On tunnel close, only call "ifconfig destroy" if it was a tap interface
(tun + link0), because those do not auto-disappear (OpenBSD bug?)
Get rid of READV/WRITEV #ifdef's - as per the man page, these calls have
been added to 4.2BSD, and there never was an OpenBSD version without.
Tested on OpenBSD 4.9 with tun+tap, ipv4+ipv6, topology net30+subnet
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Robert Fischer <ml-openvpn@trispace.org>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
