Tags: RazZziel/openvpn
Tags
OpenVPN 2.3.4
2014.04.30 -- Version 2.3.4
Arne Schwabe (1):
Fix man page and OSCP script: tls_serial_{n} is decimal
Dmitrij Tejblum (1):
Fix is_ipv6 in case of tap interface.
Gert Doering (7):
IPv6 address/route delete fix for Win8
Add SSL library version reporting.
Minor t_client.sh cleanups
Repair --multihome on FreeBSD for IPv4 sockets.
Rewrite manpage section about --multihome
More IPv6-related updates to the openvpn man page.
Conditionalize calls to print_default_gateway on !ENABLE_SMALL
James Yonan (2):
Use native strtoull() with MSVC 2013.
When tls-version-min is unspecified, revert to original versioning approach.
Steffan Karger (4):
Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.
Fix OCSP_check.sh to also use decimal for stdout verification.
Fix build system to accept non-system crypto library locations for plugins.
Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.
Yawning Angel (1):
Fix SOCKSv5 method selection
kangsterizer (1):
Fix typo in sample build script to use LDFLAGS
v2.3.3 OpenVPN v2.3.3
2014.04.08 -- Version 2.3.3
Alon Bar-Lev (1):
pkcs11: use generic evp key instead of rsa
Arne Schwabe (8):
Add support of utun devices under Mac OS X
Add support to ignore specific options.
Add a note what setenv opt does for OpenVPN < 2.3.3
Add reporting of UI version to basic push-peer-info set.
Fix compile error in ssl_openssl introduced by polar external-management patch
Fix assertion when SIGUSR1 is received while getaddrinfo is successful
Add warning for using connection block variables after connection blocks
Introduce safety check for http proxy options
David Sommerseth (5):
man page: Update man page about the tls_digest_{n} environment variable
Remove the --disable-eurephia configure option
plugin: Extend the plug-in v3 API to identify the SSL implementation used
autoconf: Fix typo
Fix file checks when --chroot is being used
Davide Brini (1):
Document authfile for socks server
Gert Doering (9):
Fix IPv6 examples in t_client.rc-sample
Fix slow memory drain on each client renegotiation.
t_client.sh: ignore fields from "ip -6 route show" output that distort results.
Make code and documentation for --remote-random-hostname consistent.
Reduce IV_OPENVPN_GUI_VERSION= to IV_GUI_VER=
Document issue with --chroot, /dev/urandom and PolarSSL.
Rename 'struct route' to 'struct route_ipv4'
Replace copied structure elements with including <net/route.h>
Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions
Heikki Hannikainen (1):
Always load intermediate certificates from a PKCS#12 file
Heiko Hund (2):
Support non-ASCII TAP adapter names on Windows
Support non-ASCII characters in Windows tmp path
James Yonan (3):
TLS version negotiation
Added "setenv opt" directive prefix.
Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Jens Wagner (1):
Fix spurious ignoring of pushed config options (trac#349).
Joachim Schipper (3):
Refactor tls_ctx_use_external_private_key()
--management-external-key for PolarSSL
external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids
Josh Cepek (2):
Correct error text when no Windows TAP device is present
Require a 1.2.x PolarSSL version
Klee Dienes (1):
tls_ctx_load_ca: Improve certificate error messages
Max Muster (1):
Remove duplicate cipher entries from TLS translation table.
Peter Sagerson (1):
Fix configure interaction with static OpenSSL libraries
Steffan Karger (7):
Do not pass struct tls_session* as void* in key_state_ssl_init().
Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key()
Also update TLSv1_method() calls in support code to SSLv23_method() calls.
Update TLSv1 error messages to SSLv23 to reflect changes from commit 4b67f98
If --tls-cipher is supplied, make --show-tls parse the list.
Add openssl-specific common cipher list names to ssl.c.
Tamas TEVESZ (1):
Add support for client-cert-not-required for PolarSSL.
Thomas Veerman (1):
Fix "." in description of utun.
OpenVPN v2.3.2
2013.05.31 -- Version 2.3.2
Arne Schwabe (3):
Only print script warnings when a script is used. Remove stray mention of script-security system.
Move settings of user script into set_user_script function
Move checking of script file access into set_user_script
Davide Brini (1):
Provide more accurate warning message
Gert Doering (2):
Fix NULL-pointer crash in route_list_add_vpn_gateway().
Fix problem with UDP tunneling due to mishandled pktinfo structures.
James Yonan (1):
Always push basic set of peer info values to server.
Jan Just Keijser (1):
make 'explicit-exit-notify' pullable again
Josh Cepek (2):
Fix proto tcp6 for server & non-P2MP modes
Fix Windows script execution when called from script hooks
Steffan Karger (2):
Fixed tls-cipher translation bug in openssl-build
Fixed usage of stale define USE_SSL to ENABLE_SSL
svimik (1):
Fix segfault when enabling pf plug-ins
2013.03.29 -- Version 2.3.1
Arne Schwabe (4):
Remove dead code path and putenv functionality
Remove unused function xor
Move static prototype definition from header into c file
Remove unused function no_tap_ifconfig
Christian Hesse (1):
fix build with automake 1.13(.1)
Christian Niessner (1):
Fix corner case in NTLM authentication (trac OpenVPN#172)
Gert Doering (5):
Update README.IPv6 to match what is in 2.3.0
Repair "tcp server queue overflow" brokenness, more <stdbool.h> fallout.
Permit pool size of /64.../112 for ifconfig-ipv6-pool
Add MIN() compatibility macro
Fix directly connected routes for "topology subnet" on Solaris.
Heiko Hund (5):
close more file descriptors on exec
Ignore UTF-8 byte order mark
reintroduce --no-name-remapping option
make --tls-remote compatible with pre 2.3 configs
add new option for X.509 name verification
Jan Just Keijser (1):
man page patch for missing options
Josh Cepek (2):
Fix parameter listing in non-debug builds at verb 4
(updated) [PATCH] Warn when using verb levels >=7 without debug
Matthias Andree (1):
Enable TCP_NODELAY configuration on FreeBSD.
Samuli Seppänen (4):
Removed ChangeLog.IPv6
Added cross-compilation information INSTALL-win32.txt
Updated README
Cleaned up and updated INSTALL
Steffan Karger (7):
PolarSSL-1.2 support
Improve PolarSSL key_state_read_{cipher, plain}text messages
Improve verify_callback messages
Config compatibility patch. Added translate_cipher_name.
Switch to IANA names for TLS ciphers.
Fixed autoconf script to properly detect missing pkcs11 with polarssl.
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
2012.12.17 -- Version 2.3_rc2
Adriaan de Jong (1):
Fix --show-pkcs11-ids (Bug OpenVPN#239)
Arne Schwabe (4):
Error message if max-routes used incorrectly
Properly require --key even if defined(MANAGMENT_EXTERNAL_KEY)
Remove dnsflags_to_socktype, it is not used anywhere
Fix the proto is used inconsistently warning
David Sommerseth (3):
Fix double-free issue in pf_destroy_context()
The get_default_gateway() function uses warn() instead of msg()
Avoid recursion in virtual_output_callback_func()
Gert Doering (2):
Implement --mssfix handling for IPv6 packets.
Fix option inconsistency warnings about "proto" and "tun-ipv6"
Joachim Schipper (2):
doc/management-notes.txt: fix typo
Fix typo in ./configure message
2012.10.31 -- Version 2.3_rc1
Adriaan de Jong (1):
Fixed a bug where PolarSSL gave an error when using an inline file tag.
Arne Schwabe (2):
Document man agent-external-key
Options parsing demands unnecessary configuration if PKCS11 is used
David Sommerseth (2):
Make git ignore some more files
Remove the support for using system() when executing external programs or scripts
Heiko Hund (2):
Fix display of plugin hook types
Support UTF-8 --client-config-dir
Kenneth Rose (1):
Fix v3 plugins to support returning values back to OpenVPN.
v2.3_beta1
Arne Schwabe (7):
Fixes error: --key fails with EXTERNAL_PRIVATE_KEY: No such file or directory if --management-external-key is used
Merge almost identical create_socket_tcp and create_socket_tcp6
Document the inlining of files in openvpn and document key-direction
Merge getaddr_multi and getaddr6 into one function
Document --management-client and --management-signal a bit better
Document that keep alive will double the second value in server mode and give a short explanation why the value is chosen.
Add checks for external-key-managements
David Sommerseth (1):
Fix reconnect issues when --push and UDP is used on the server
Gert Doering (4):
Reduce --version string detail about IPv6 to just "[IPv6]".
Put actual OpenVPN command line on top of corresponding log file.
Keep pre-existing tun/tap devices around on *BSD
make "ipv6 ifconfig" on linux compatible with busybox ifconfig
Heiko Hund (6):
fix regression with --http-proxy[-*] options
add x_msg_va() log function
add API for plug-ins to write to openvpn log
remove stale _openssl_get_subject() prototype
remove unused flag SSLF_NO_NAME_REMAPPING
Add --compat-names option
2012.07.20 -- Version 2.3_alpha3
Arne Schwabe (1):
Fix compiling with --disable-management
Gert Doering (1):
Repair "tap server" mode brokenness caused by <stdbool.h> fallout
Heiko Hund (4):
make non-blocking connect work on Windows
don't treat socket related errors special anymore
remove unused show_connection_list debug function
add option --management-query-proxy
2012.06.29 -- Version 2.3_alpha2
Adriaan de Jong (11):
Fixed off-by-one in serial length calculation
Migrated x509_get_subject to use of the garbage collector
Migrated x509_get_serial to use the garbage collector
Migrated x509_get_sha1_hash to use the garbage collector
Ensure sys/un.h autoconf detection includes sys/socket.h
Added support for new PolarSSL 1.1 RNG
Added a configuration option to enable prediction resistance in the PolarSSL random number generator.
Use POLARSSL_CFLAGS instead of POLARSSL_CRYPTO_CFLAGS in configure.ac
Removed support for PolarSSL < 1.1
Updated README.polarssl with build system changes.
Removed stray "Fox-IT hardening" string.
Alon Bar-Lev (94):
build: version should not contain '-'
package: rpm: strip should be handled by package management
cleanup: options.c: remove redundant include
cleanup: remove C++ warnings
cleanup: win32.c: wrong printf format
cleanup: remove redundant ';'
cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6
cleanup: tun.c: fix incorrect option in message (ip-win32)
cleanup: memcmp.c: remove unused source
fixup: init.c: add missing conditional for ENABLE_CLIENT_CR
build: correct place to alter WINVER is at build system
Update .gitignore
build: handle printf style format in mingw
build: rename plugin directory to plugins
build: plugins: properly use CC, CFLAGS and LDFLAGS
build: we need the sample.ovpn in future
Remove install-win32
Remove easy-rsa
Remove tap-win32
cleanup: rename tap-windows function from win32 to win
build: remove windows specific build system
build: split acinclude.m4 into m4/*
build: m4/ax_varargs.m4: cleanup
build: m4/ax_emptyarray.m4: cleanup
build: m4/ax_socklen_t.m4: cleanup
build: autotools: first pass of trivial autotools changes
build: autoconf: remove OPENVPN_ADD_LIBS useless macro
build: remove awk and non-standard autoconf output processing
build: standard directory layout
build: add libtool + windows resources for executables
build: autoconf: commands as environment
build: libdl usage
build: properly detect and use socket libs
build: autoconf: minor cleanups
build: proper selinux detection and usage
build: distribute pkg.m4
build: proper pkcs11-helper detection and usage
build: properly process lzo-stub
build: proper lzo detection and usage
build: proper crypto detection and usage
build: autoconf: update defaults for options
build: win-msvc: msbuild format
build: move out config.h include from syshead
build: split out compat
build: move gettimeofday() emulation to compat
build: move daemon() emulation into compat
build: move inet_ntop(), inet_pton() emulation into compat
cleanup: move console related function into its own module
build: move wrappers into platform module
build: windows: install version.sh to allow installer read version
build: distribute samples in windows
build: use tap-windows.h as external dependency
build: ax_varargs.m4: fixups
build: autoconf: misc sockets fixups
build: enable lzo by default
build: windows: set vendor to openvpn project + cleanups
build: assume dlfcn is available on all supported platforms
build: openbsd: detect netinet/ip.h correctly
build: tap: search for tap header
build: msvc: upgrade to Visual Studio 2010 + fixups
Enable pedantic in windows compilation
cleanup: flags should not be bool
cleanup: avoid using ~0 - generic
cleanup: avoid using ~0 - ipv6
cleanup: avoid using ~0 - netmask
cleanup: avoid using ~0 - windows
cleanup: gc usage
build: fix some statement left from conversion
build: properly detect netinet/ip.h structs
build: properly detect TUNSETPERSIST
cleanup: plugin: support C++ plugin
cleanup: remove C++ comments
cleanup: add .gitattributes to control eol style explicitly
crash: packet_id_debug_print: sl may be null
build: use stdbool.h if available
build: fix typo in --enable-save-password
build: windows: convert resources to UTF-8
build: check minimum polarssl version
cleanup: update .gitignore
cleanup: spec: make space/tab consistent
build: spec: we support openssl >= 0.9.7
build: insall README* document using build system
build: detect sys/wait.h required for *bsd
build: add git revision to --version output if build from git repository
build: cleanup: yet another forgotten brackets
build: update INSTALL to recent changes
build: support platforms that does not need explicit tun headers
build: do not support <polarssl-1.1.0
build: add --with-special-build to provide special build string
cleanup: pkcs11.c: resolve wanings
build: integrate plugins build into core build
build: plugins: set defaults based on platform
cleanup: windows: convert argv (UCS-2 to UTF-8) at earliest
build: msvc: chdir with change drive to script location
Arne Schwabe (7):
Add the query to the error message.
Explain that route-nopull also causes the client to ignore dhcp options.
Add the name of the context where option is not allowed to the error message.
Only use tmpdir if tmp_dir is really used.
Completely remove ancient IANA port warning.
Remove ENABLE_INLINE_FILES conditionals
Remove ENABLE_CONNECTIONS ifdefs
David Sommerseth (5):
Clean-up: Presume that Linux is always IPv6 capable at build time
Simplify check_cmd_access() function
Change version to indicate the master branch is not a version
Some filesystems don't like ':', which is a path 'make dist' would use
Remove two unused functions
Frank de Brabander (1):
Fix reported compile issues on OSX 10.6.8
Gert Doering (10):
repair t_client.sh test after build system revolution
t_client.sh iproute2 script fixes
t_client.sh - fix for iproute2, print summary line
Implement search for "first free" tun/tap device on Solaris
cleanup and redefine metric handling for IPv6 routes
remove "*option" element in "struct route_ipv6"
Remove warning about explicit support for IPv6 support not provided MacOS X
Add missing pieces to IPv6 route gateway handling.
Update TODO.IPv6 list
Remove #include "config.h" from ssl_polarssl.h
Heiko Hund (3):
remove wrapper code for Windows CryptoAPI function
fix warnings in event.c when building for win32-64
remove the --auto-proxy option from openvpn
Igor Novgorodov (1):
Remove calls to OpenSSL when building with --disable-ssl
Jonathan K. Bullard (2):
Fix file access checks on commands
Clarified the docs and help screen about what a 'cmd' is
Samuli Seppänen (1):
Added notes about upgrading from 2.3-alpha1 and earlier to INSTALL-win32.txt
PreviousNext