Tags: qicny/openvpn
Tags
OpenVPN 2.2.3
2014.11.30 -- Version 2.2.3
Christian Niessner (1):
Fix corner case in NTLM authentication (trac OpenVPN#172)
Gert Doering (1):
Fix client crash on double PUSH_REPLY.
Jens Wagner (1):
Fix spurious ignoring of pushed config options (trac#349).
Matthias Andree (1):
Enable TCP_NODELAY configuration on FreeBSD.
Steffan Karger (2):
Drop too-short control channel packets instead of asserting out.
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
OpenVPN v2.3.6 OpenVPN Change Log Copyright (C) 2002-2014 OpenVPN Technologies, Inc. <[email protected]> 2014.11.28 -- Version 2.3.6 David Sommerseth (1): systemd: Reworked the systemd unit file to handle server and client configs better Gert Doering (1): Add client-only support for peer-id. Samuli Seppänen (1): Fix to --shaper documentation on the man-page Steffan Karger (4): Fix assertion error when using --cipher none Add --tls-version-max Modernize sample keys and sample configs Drop too-short control channel packets instead of asserting out.
OpenVPN v2.3.5
2014.10.24 -- Version 2.3.5
Andris Kalnozols (2):
Fix some typos in the man page.
Do not upcase x509-username-field for mixed-case arguments.
Arne Schwabe (1):
Fix server routes not working in topology subnet with --server [v3]
David Sommerseth (4):
Improve error reporting on file access to --client-config-dir and --ccd-exclusive
Don't let openvpn_popen() keep zombies around
Add systemd unit file for OpenVPN
systemd: Use systemd functions to consider systemd availability
Gert Doering (3):
Drop incoming fe80:: packets silently now.
Fix t_lpback.sh platform-dependent failures
Call init script helpers with explicit path (./)
Heiko Hund (1):
refine assertion to allow other modes than CBC
Hubert Kario (2):
ocsp_check - signature verification and cert staus results are separate
ocsp_check - double check if ocsp didn't report any errors in execution
James Bekkema (1):
Fix socket-flag/TCP_NODELAY on Mac OS X
James Yonan (6):
Fixed several instances of declarations after statements.
In socket.c, fixed issue where uninitialized value (err) is being passed to to gai_strerror.
Explicitly cast the third parameter of setsockopt to const void * to avoid warning.
MSVC 2008 doesn't support dimensioning an array with a const var nor using %z as a printf format specifier.
Define PATH_SEPARATOR for MSVC builds.
Fixed some compile issues with show_library_versions()
Jann Horn (1):
Remove quadratic complexity from openvpn_base64_decode()
Mike Gilbert (1):
Add configure check for the path to systemd-ask-password
Philipp Hagemeister (2):
Add topology in sample server configuration file
Implement on-link route adding for iproute2
Samuel Thibault (1):
Ensure that client-connect files are always deleted
Steffan Karger (13):
Remove function without effect (cipher_ok() always returned true).
Remove unneeded wrapper functions in crypto_openssl.c
Fix bug that incorrectly refuses oid representation eku's in polar builds
Update README.polarssl
Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.
Add proper check for crypto modes (CBC or OFB/CFB)
Improve --show-ciphers to show if a cipher can be used in static key mode
Extend t_lpback tests to test all ciphers reported by --show-ciphers
Don't exit daemon if opening or parsing the CRL fails.
Fix typo in cipher_kt_mode_{cbc, ofb_cfb}() doxygen.
Fix regression with password protected private keys (polarssl)
ssl_polarssl.c: fix includes and make casts explicit
Remove unused variables from ssl_verify_openssl.c extract_x509_extension()
TDivine (1):
Fix "code=995" bug with windows NDIS6 tap driver.
OpenVPN 2.3.4
2014.04.30 -- Version 2.3.4
Arne Schwabe (1):
Fix man page and OSCP script: tls_serial_{n} is decimal
Dmitrij Tejblum (1):
Fix is_ipv6 in case of tap interface.
Gert Doering (7):
IPv6 address/route delete fix for Win8
Add SSL library version reporting.
Minor t_client.sh cleanups
Repair --multihome on FreeBSD for IPv4 sockets.
Rewrite manpage section about --multihome
More IPv6-related updates to the openvpn man page.
Conditionalize calls to print_default_gateway on !ENABLE_SMALL
James Yonan (2):
Use native strtoull() with MSVC 2013.
When tls-version-min is unspecified, revert to original versioning approach.
Steffan Karger (4):
Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.
Fix OCSP_check.sh to also use decimal for stdout verification.
Fix build system to accept non-system crypto library locations for plugins.
Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.
Yawning Angel (1):
Fix SOCKSv5 method selection
kangsterizer (1):
Fix typo in sample build script to use LDFLAGS
v2.3.3 OpenVPN v2.3.3
2014.04.08 -- Version 2.3.3
Alon Bar-Lev (1):
pkcs11: use generic evp key instead of rsa
Arne Schwabe (8):
Add support of utun devices under Mac OS X
Add support to ignore specific options.
Add a note what setenv opt does for OpenVPN < 2.3.3
Add reporting of UI version to basic push-peer-info set.
Fix compile error in ssl_openssl introduced by polar external-management patch
Fix assertion when SIGUSR1 is received while getaddrinfo is successful
Add warning for using connection block variables after connection blocks
Introduce safety check for http proxy options
David Sommerseth (5):
man page: Update man page about the tls_digest_{n} environment variable
Remove the --disable-eurephia configure option
plugin: Extend the plug-in v3 API to identify the SSL implementation used
autoconf: Fix typo
Fix file checks when --chroot is being used
Davide Brini (1):
Document authfile for socks server
Gert Doering (9):
Fix IPv6 examples in t_client.rc-sample
Fix slow memory drain on each client renegotiation.
t_client.sh: ignore fields from "ip -6 route show" output that distort results.
Make code and documentation for --remote-random-hostname consistent.
Reduce IV_OPENVPN_GUI_VERSION= to IV_GUI_VER=
Document issue with --chroot, /dev/urandom and PolarSSL.
Rename 'struct route' to 'struct route_ipv4'
Replace copied structure elements with including <net/route.h>
Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions
Heikki Hannikainen (1):
Always load intermediate certificates from a PKCS#12 file
Heiko Hund (2):
Support non-ASCII TAP adapter names on Windows
Support non-ASCII characters in Windows tmp path
James Yonan (3):
TLS version negotiation
Added "setenv opt" directive prefix.
Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Jens Wagner (1):
Fix spurious ignoring of pushed config options (trac#349).
Joachim Schipper (3):
Refactor tls_ctx_use_external_private_key()
--management-external-key for PolarSSL
external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids
Josh Cepek (2):
Correct error text when no Windows TAP device is present
Require a 1.2.x PolarSSL version
Klee Dienes (1):
tls_ctx_load_ca: Improve certificate error messages
Max Muster (1):
Remove duplicate cipher entries from TLS translation table.
Peter Sagerson (1):
Fix configure interaction with static OpenSSL libraries
Steffan Karger (7):
Do not pass struct tls_session* as void* in key_state_ssl_init().
Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key()
Also update TLSv1_method() calls in support code to SSLv23_method() calls.
Update TLSv1 error messages to SSLv23 to reflect changes from commit 4b67f98
If --tls-cipher is supplied, make --show-tls parse the list.
Add openssl-specific common cipher list names to ssl.c.
Tamas TEVESZ (1):
Add support for client-cert-not-required for PolarSSL.
Thomas Veerman (1):
Fix "." in description of utun.
OpenVPN v2.3.2
2013.05.31 -- Version 2.3.2
Arne Schwabe (3):
Only print script warnings when a script is used. Remove stray mention of script-security system.
Move settings of user script into set_user_script function
Move checking of script file access into set_user_script
Davide Brini (1):
Provide more accurate warning message
Gert Doering (2):
Fix NULL-pointer crash in route_list_add_vpn_gateway().
Fix problem with UDP tunneling due to mishandled pktinfo structures.
James Yonan (1):
Always push basic set of peer info values to server.
Jan Just Keijser (1):
make 'explicit-exit-notify' pullable again
Josh Cepek (2):
Fix proto tcp6 for server & non-P2MP modes
Fix Windows script execution when called from script hooks
Steffan Karger (2):
Fixed tls-cipher translation bug in openssl-build
Fixed usage of stale define USE_SSL to ENABLE_SSL
svimik (1):
Fix segfault when enabling pf plug-ins
2013.03.29 -- Version 2.3.1
Arne Schwabe (4):
Remove dead code path and putenv functionality
Remove unused function xor
Move static prototype definition from header into c file
Remove unused function no_tap_ifconfig
Christian Hesse (1):
fix build with automake 1.13(.1)
Christian Niessner (1):
Fix corner case in NTLM authentication (trac OpenVPN#172)
Gert Doering (5):
Update README.IPv6 to match what is in 2.3.0
Repair "tcp server queue overflow" brokenness, more <stdbool.h> fallout.
Permit pool size of /64.../112 for ifconfig-ipv6-pool
Add MIN() compatibility macro
Fix directly connected routes for "topology subnet" on Solaris.
Heiko Hund (5):
close more file descriptors on exec
Ignore UTF-8 byte order mark
reintroduce --no-name-remapping option
make --tls-remote compatible with pre 2.3 configs
add new option for X.509 name verification
Jan Just Keijser (1):
man page patch for missing options
Josh Cepek (2):
Fix parameter listing in non-debug builds at verb 4
(updated) [PATCH] Warn when using verb levels >=7 without debug
Matthias Andree (1):
Enable TCP_NODELAY configuration on FreeBSD.
Samuli Seppänen (4):
Removed ChangeLog.IPv6
Added cross-compilation information INSTALL-win32.txt
Updated README
Cleaned up and updated INSTALL
Steffan Karger (7):
PolarSSL-1.2 support
Improve PolarSSL key_state_read_{cipher, plain}text messages
Improve verify_callback messages
Config compatibility patch. Added translate_cipher_name.
Switch to IANA names for TLS ciphers.
Fixed autoconf script to properly detect missing pkcs11 with polarssl.
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
2012.12.17 -- Version 2.3_rc2
Adriaan de Jong (1):
Fix --show-pkcs11-ids (Bug OpenVPN#239)
Arne Schwabe (4):
Error message if max-routes used incorrectly
Properly require --key even if defined(MANAGMENT_EXTERNAL_KEY)
Remove dnsflags_to_socktype, it is not used anywhere
Fix the proto is used inconsistently warning
David Sommerseth (3):
Fix double-free issue in pf_destroy_context()
The get_default_gateway() function uses warn() instead of msg()
Avoid recursion in virtual_output_callback_func()
Gert Doering (2):
Implement --mssfix handling for IPv6 packets.
Fix option inconsistency warnings about "proto" and "tun-ipv6"
Joachim Schipper (2):
doc/management-notes.txt: fix typo
Fix typo in ./configure message
2012.10.31 -- Version 2.3_rc1
Adriaan de Jong (1):
Fixed a bug where PolarSSL gave an error when using an inline file tag.
Arne Schwabe (2):
Document man agent-external-key
Options parsing demands unnecessary configuration if PKCS11 is used
David Sommerseth (2):
Make git ignore some more files
Remove the support for using system() when executing external programs or scripts
Heiko Hund (2):
Fix display of plugin hook types
Support UTF-8 --client-config-dir
Kenneth Rose (1):
Fix v3 plugins to support returning values back to OpenVPN.
PreviousNext