Menu
▾
▴
[Openvpn-commits] SF.net Git: OpenVPN with experimental and new features - which requires a lot of testing branch, beta2.2, created. 0bb41e58782ae9834a61491c5964bc9816b76bc8
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenVPN with experimental and new features - which requires a lot of testing".
The branch, beta2.2 has been created
at 0bb41e58782ae9834a61491c5964bc9816b76bc8 (commit)
- Log -----------------------------------------------------------------
commit 0bb41e58782ae9834a61491c5964bc9816b76bc8
Author: David Sommerseth <da...@us...>
Date: Sat Aug 21 23:46:30 2010 +0200
Preparing for v2.2-beta3
Signed-off-by: David Sommerseth <da...@us...>
commit 4bf989571a74f90bb5d783072919862d2b64034e
Author: David Sommerseth <da...@us...>
Date: Mon Aug 16 20:23:49 2010 +0200
Fixed compiler warning in ssl.c
James Yonan noticed a couple of compiler warnings when compiling with
--enable-strict configured. This patch was sent directly to him
for review and got accepted.
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: James Yonan <ja...@op...>
commit 6cc43bf573700b2391ae462651190a3b209da2c8
Author: David Sommerseth <da...@us...>
Date: Thu Apr 22 23:29:34 2010 +0200
Solved hidden merge conflict between feat_misc and bugfix2.1
The OCSP patch (commit a3982181e284f8c5c8f, feat_misc) introduced
a new function which was calling create_temp_filename(). When merging
in bugfix2.1 into allmerged, create_temp_filename() got renamed to
create_temp_file() in commit 5d30273a8741d2c141.
This patch only changes create_temp_filename() to create_temp_file()
in the new function introduced by commit a3982181e284f8c5c8f.
Signed-off-by: David Sommerseth <da...@us...>
(cherry picked from commit 926d1662e4d9e14b50eddec993b2f4e0209c0646)
commit 238f81b9097c6ec70be3080b23cce46ad635e54c
Author: Emilien Mantel <emi...@bu...>
Date: Sat Jun 26 13:56:48 2010 +0200
Fixed static defined length check to use sizeof()
This comes in addition to commit 935c62be9c0c8a256112d after some
additional review comments.
Signed-off-by: Emilien Mantel <emi...@bu...>
Acked-by: Peter Stuge <pe...@st...>
Signed-off-by: David Sommerseth <da...@us...>
commit 2e8337de248ef0b5b48cbb2964da0d5c3f28b15b
Author: Emilien Mantel <emi...@bu...>
Date: Thu Jun 17 21:38:59 2010 +0200
Choose a different field in X509 to be username
For my company, we use a PKI (linked to a LDAP) with OpenVPN. We can't use "CN" to be
username (few people can have the same "CN"). In our case, we only use the UID.
With my patch, you can choose another field to be username with a new option called
--x509-username-field, the default value is "CN".
Signed-off-by: Emilien Mantel <emi...@bu...>
Acked-by: David Sommerseth <da...@us...>
Signed-off-by: David Sommerseth <da...@us...>
commit 8bebb729a53ae423d0867648f0c12868a96cafde
Author: Fabian Knittel <fab...@av...>
Date: Tue May 4 16:21:47 2010 +0200
ssl.c: fix use of openvpn_run_script()'s return value
This patch fixes two bugs introduced in
commit 339f2a4d4b487afa53fa99d72c35b16f31e417d3
Author: David Sommerseth <da...@us...>
Date: Thu Apr 29 23:35:45 2010 +0200
David's patch replaced openvpn_execve() with openvpn_run_script() in two places,
but didn't adjust the return value handling. openvpn_run_script() returns true
or false, while openvpn_execve() returns the program's exit code.
Without the fix, the --tls-verify script and the --auth-user-pass-verify
script fail to run. (I noticed the latter, but haven't actually tested the
former.)
The return value handling is fine for the other places where
openvpn_run_script() is used, because those places previously used
openvpn_execve_check() (notice the "_check" suffix).
Signed-off-by: Fabian Knittel <fab...@av...>
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: David Sommerseth <da...@us...>
commit c2533d18ce6da1bd43502f9f2923541c578864e9
Author: David Sommerseth <da...@us...>
Date: Thu Apr 29 23:35:45 2010 +0200
Revamped the script-security warning logging (version 2)
The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING
over and over again, in addition to not show this warning when it should not
be a problem. This general warning should now only appear once, and only when
--script-security is not set, 0 or 1. In all other cases this warning should
not appear.
In addition, this warning will come close to the script-hook which most probably
will fail. It will also give a little bit more concrete hint on which script-hook
which failed. If --script-security is 2 or 3, only the execve failure itself will
be shown. This message will on the other hand be shown repeatedly.
This is a new rewritten version which simplifies the implementaion of the new
openvpn_run_script() function. It was considered to remove it completely, but
due to code clearity and easy of use it was decided to make this function a static
inline function instead. Anyhow, this function will enforce openvpn_execve_check()
to be called with the S_SCRIPT flag.
Patch ACKed on the developers meeting 2009-04-29.
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: James Yonan <ja...@op...>
commit aa6e58ae0e110eb92775aa1982f5f363057bcd43
Author: David Sommerseth <da...@us...>
Date: Thu Apr 22 23:05:00 2010 +0200
Don't add compile time information if --enable-small is used
This is to satisfy those wanting to build openvpn for embedded devices
where every bytes matters.
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: Gert Doering <ge...@gr...>
commit 3ee62caf112c1e8c9a79079b0cb0648446915caa
Author: David Sommerseth <da...@us...>
Date: Tue Apr 13 15:12:27 2010 +0200
Make use of automake CLEANFILES variable instead of clean-local rule
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: Gert Doering <ge...@gr...>
commit 043b61b2a5a30d5d45b15e9f8de7b72052225727
Author: David Sommerseth <da...@us...>
Date: Thu Apr 22 23:01:31 2010 +0200
Fix dependency checking for configure.h (v2)
Alon Bar-Lev indicated commit f27bf509315a48b0070294c3993a718df0c2626c
was missing proper dependency checking. This patch corrects this and
fixes an issue when creating configure.h via make distcheck.
This is an enhanced version of the one sent to the openvpn-devel mailing
list April 13, 2010 [1], after having received some feedback from Gert
Doering, cleaning up configure_log.awk further.
[1] <http://thread.gmane.org/gmane.network.openvpn.devel/3410/focus=3491>
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: Gert Doering <ge...@gr...>
commit d94049b8284cdddd90fc17cc171fbf20fcc12780
Author: David Sommerseth <da...@us...>
Date: Thu Apr 8 20:31:01 2010 +0200
Add comile time information/settings from ./configure to --version
This patch will create ./configure.h which will contain two new #define
strings. CONFIGURE_DEFINES will contain all USE, ENABLED, DISABLED and
DEPRECATED defines from ./config.h. CONFIGURE_CALL will contain the
complete ./configure line which was used when configuring the package
for building.
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: James Yonan <ja...@op...>
commit 6dc60191ddf8673db7d156e6b90fb794e4fa350a
Author: Wil Cooley <wc...@us...>
Date: Tue Mar 2 21:54:15 2010 +0100
pkitool lacks expected option "--help"
The pkitool script lacks the "--help" parameter to actually display the
usage statement; most people are conditioned to try that before running the
command without options. This patch adds that and "--version" to display
just the program name and version.
sf.net tracker:
<https://sourceforge.net/tracker/?func=detail&atid=454721&aid=1705407&group_id=48978>
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: Jan Just Keijser <ja...@ni...>
commit d04b8582a8d9cda4e886019c81f24712663e97b4
Author: Karl O. Pinc <ko...@mo...>
Date: Tue Mar 2 21:41:06 2010 +0100
Several updates to openvpn.8 (man page updates)
This is a collection of 4 patches sent to the -devel mailing list:
* [PATCH] Frob the openvpn(8) man page tls-verify section to clarify
* [PATCH] More improvments to openvpn(8) --tls-verify
* [PATCH] Yet another tweak of openvpn(8) --tls-verify
* [PATCH] Final frobbing of openvpn(8) --tls-verify
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: David Sommerseth <da...@us...>
commit 39238d1b173d8b7f08e061dd51e30605ce722e92
Author: Mathieu GIANNECCHINI <mat...@fr...>
Date: Tue Mar 2 00:26:57 2010 +0100
enhance tls-verify possibility
It should be nice to enhance tls-verify check possibilities against peer
cert during a pending TLS connection like :
- OCSP verification
- check any X509 extensions of the peer certificate
- delta CRL verification
- ...
This patch add a new "tls-export-cert" option which allow to get peer
certificate in PEM format and to store it in an openvpn temporary file.
Peer certificate is stored before tls-script execution and deleted after.
The name of the related temporary file is available under tls-verify
script by an environment variable "peer_cert".
The patch was made from OpenVPN svn Beta21 branches.
Here is a very simple exemple of Tls-verify script which provide OCSP
support to OpenVPN (with tls-export-cert option) without any OpenVPN
"core" modification :
X509=$2
openssl ocsp \
-issuer /etc/openvpn/ssl.crt/RootCA.pem \
-CAfile /etc/openvpn/ssl.capath/OpenVPNServeur-cafile.pem \
-cert $peer_cert \
-url http://your-ocsp-url
if [ $? -ne 0 ]
then
echo "error : OCSP check failed for ${X509}" | logger -t
"tls-verify"
exit 1
fi
This has been discussed here:
<http://thread.gmane.org/gmane.network.openvpn.devel/2492>
<http://thread.gmane.org/gmane.network.openvpn.devel/3150>
<http://thread.gmane.org/gmane.network.openvpn.devel/3217>
This patch has been modified by David Sommerseth, by fixing a few issues
which came up to during the code review process. The man page has been
updated and tmp_file in ssl.c is checked for not being NULL before calling
delete_file().
Signed-off-by: David Sommerseth <da...@us...>
Acked-by: Gert Doering <ge...@gr...>
commit 0c1f7ad5e84e7a79bd3f982cba5dad3cc12dbebb
Author: David Sommerseth <da...@us...>
Date: Mon Feb 15 23:15:44 2010 +0100
Reworked the eurephia patch for inclusion to the openvpn-testing tree
Addedd configure option (--disable-eurephia) to disable the code which the
eurephia plug-in depends on.
It was chosen to use --disable-eurephia, as this patch is not much intrusive. It
just enables a SHA1 fingerprint environment variable for each certificate being
used for the connection.
Signed-off-by: David Sommerseth <da...@us...>
commit 59afc4a5f72e22b850cfa2845385172623a38e77
Author: Gert Doering <ge...@gr...>
Date: Thu Oct 21 10:35:29 2010 +0200
Fix problem with special case route targets ('remote_host')
The init_route() function will leave &netlist untouched for
get_special_addr() routes ("remote_host" being one of them).
netlist is on stack, contains random garbage, and netlist.len
will not be 0 - thus, random stack data is copied from
netlist.data[] until the route_list is full.
This issue has been reported several places lately:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600166
http://thread.gmane.org/gmane.network.openvpn.devel/4083
https://forums.openvpn.net/viewtopic.php?f=1&t=7201&p=8168
Signed-off-by: Gert Doering <ge...@gr...>
Acked-by: David Sommerseth <da...@us...>
Acked-by: James Yonan <ja...@op...>
Signed-off-by: David Sommerseth <da...@us...>
-----------------------------------------------------------------------
hooks/post-receive
--
OpenVPN with experimental and new features - which requires a lot of testing
|
