| 1 | = Overview of changes = |
| 2 | |
| 3 | This release includes a large number of new features: |
| 4 | |
| 5 | * Complete IPv6 support, both transport and payload |
| 6 | * Optional PolarSSL support (build time configuration) |
| 7 | * Improved plug-in API (v3) which can more easily be expanded in the future: Includes support for direct access to X.509 certificate data in plug-ins |
| 8 | * New option --stale-routes-check: remove routes that haven't had activity recently |
| 9 | * New option --management-external-key: Load RSA keys via management interface |
| 10 | * New option --management-up-down: notify management interface on tunnel up/down events |
| 11 | * New option --client-nat: one-to-one NAT to avoid IP address conflicts between local and remote networks |
| 12 | * New option --extra-certs: certificates which completes the CA chain, without trusting these certificates |
| 13 | * New option --verify-hash: Fingerprint matching on level-1 certificates |
| 14 | * New option --crl-verify directory mode: files in this dir matching the serial numbers are treated as a revoked certificate |
| 15 | * New option --enable-lzo-stub build time option: Clients tell the server if they support LZO or not, and server can automatically disable LZO for that client. |
| 16 | * New option --memstats: Write live usage stats to memory mapped binary files |
| 17 | * New management command for servers: client-kill |
| 18 | * New management command for clients: auth-token (replacement to saving passwords in memory in clients) |
| 19 | * New management command for clients: remote (override config file --remote settings) |
| 20 | |
| 21 | Many enhancements are also included: |
| 22 | |
| 23 | * Management command for server, status, can report username for each connected user |
| 24 | * UTF-8 support for certificate fields |
| 25 | * Windows UTF-8 support: Filenames may now contain wide characters and environment variables handled as UCS-2 characters |
| 26 | * Fixed client issues with DHCP Router option extraction/deletion with layer 2 DHCP proxies. |
| 27 | * Added "on-link" routes on Linux. This solves --redirect-gateway issues where routes are set up with devices instead of IP addresses |
| 28 | * Several configuration options are now supported inside <connection> blocks |
| 29 | * Add extv3 X509 field support to --x509-username-field |
| 30 | * Several man page updates |
| 31 | |
| 32 | A few changes have been made which may affect existing installations: |
| 33 | |
| 34 | * 'echo' can no longer be pushed |
| 35 | * The certificate strings have changed syntax to the new standard provided newer OpenSSL APIs. Earlier the format was: /CN=Common Name/O=Organisation/L=Location. The new format will look like: CN=Common Name, O=Organisation, L=Location. This change impacts plug-ins, scripts and --tls-remote which parses these certificate strings. |
| 36 | |
| 37 | |
| 38 | = Full list of changes = |
| 39 | |
| 40 | {{{ |
| 41 | Adriaan de Jong (127): |
| 42 | Added Doxygen doxyfile |
| 43 | Changed configure to accept --with-ssl-type=openssl |
| 44 | Refactored to rand_bytes for OpenSSL-independency |
| 45 | Refactored OpenSSL-specific constants |
| 46 | Refactored maximum cipher and hmac length constants |
| 47 | Refactored show_available_* functions |
| 48 | Refactored SSL_clear_error() |
| 49 | Refactored crypto initialisation functions |
| 50 | Refactored DES key manipulation functions |
| 51 | Refactored NTLM DES key generation |
| 52 | Refactored message digest type functions |
| 53 | Refactored message digest functions |
| 54 | Refactored HMAC functions |
| 55 | Refactored cipher key types |
| 56 | Refactored cipher functions |
| 57 | Added PRNG doxygen |
| 58 | Refactored: Moved crypto.h inline functions to end of file |
| 59 | Removed stale OpenSSL defines from crypto.h |
| 60 | Added a check for Openssl or PolarSSL defines |
| 61 | Refactored: Added stubs for new files |
| 62 | Refactored SSL initialisation functions |
| 63 | Refactored TLS_PRF to new hmac and md primitives |
| 64 | Refactored tls_show_available_ciphers |
| 65 | Refactored get_highest_preference_tls_cipher |
| 66 | Refactored root SSL context initialisation |
| 67 | Refactored new external key code |
| 68 | Refactored DH paramater loading |
| 69 | Refactored root TLS option settings |
| 70 | Refactored PKCS#12 key loading |
| 71 | Refactored PKCS#11 loading |
| 72 | Refactored windows cert loading |
| 73 | Refactored load certificate functions |
| 74 | Refactored private key loading code |
| 75 | Refactored external key loading from management |
| 76 | Refactored CA and extra certs code |
| 77 | Refactored cipher restriction code |
| 78 | Refactored tls_options, key_state, and key_source data structures |
| 79 | Refactored initalisation of key_states |
| 80 | Refactored key_state free code |
| 81 | Refactored print_details |
| 82 | Refactored key_state read code (including bio_read()) |
| 83 | Refactored key_state write functions |
| 84 | Refactored: Moved BIO debug functions to OpenSSL backend |
| 85 | Refactored: removed ks and ks_lame macro for clarity |
| 86 | Refactored: moved write_empty_string function back |
| 87 | Refactored Doxygen for tls_multi functions |
| 88 | Migrated data structures needed by verification functions to ssl_common.h |
| 89 | Refactored client_config_dir_exclusive function |
| 90 | Refactored certificate hash lock checks |
| 91 | Refactored common name locking functions |
| 92 | Refactored username and password authentication code |
| 93 | Add some extra comments |
| 94 | Refactored: split verify_callback into two parts |
| 95 | Added function to extract and verify the subject from a certificate |
| 96 | Added function to verify and extract the username |
| 97 | Refactored: removed global x509_username_field |
| 98 | Refactored: separated environment setup during verification |
| 99 | Refactored: Netscape certificate type verification |
| 100 | Refactored key usage verification code |
| 101 | Refactored EKU verification |
| 102 | Refactored tls-remote checking |
| 103 | Refactored tls-verify-plugin code |
| 104 | Refactored tls-verify script code |
| 105 | Refactored CRL checks |
| 106 | Minor cleanup in verify_cert: |
| 107 | Refactored: Moved verify_cert to ssl_verify |
| 108 | Cleaned up ssl.h |
| 109 | Refactored: made M_SSL dependent on USE_OPENSSL |
| 110 | Refactored: renamed X509 functions from verify_* |
| 111 | Separated OpenSSL-specific parts of the PKCS#11 driver |
| 112 | Modified base64 code in preparation for PolarSSL merge |
| 113 | Final cleanup before PolarSSL addition: |
| 114 | Refactored X509 track feature to be contained within the openssl backend |
| 115 | Added PolarSSL support: |
| 116 | Fixed a missing include in ssl_backend.h |
| 117 | Fixed a bug in the hash generation in ssl_verify_openssl.c |
| 118 | Added SHA_DIGEST_SIZE definition |
| 119 | Changed PolarSSL crypto backend to support v0.99-pre5 |
| 120 | Updated ssl_polarssl.c to work with 0.99-pre5 |
| 121 | Fixed a compilation warning for size_t key sizes |
| 122 | Added a warning that the PolarSSL library does not support pkcs12 files. |
| 123 | Added warning that --capath is not available with PolarSSL |
| 124 | Disable CryptoAPI when not using OpenSSL, and document that fact. |
| 125 | Removed support for management external keys in PolarSSL |
| 126 | Removed stray X509_free from ssl.c |
| 127 | Refactored (and disabled for PolarSSL) support for writing external cert files in scripts |
| 128 | Added an extra define to allow building without PKCS#11 |
| 129 | Added SSL library to title string |
| 130 | Disabled X.509 track and username selection for PolarSSL |
| 131 | Hardening: periodically reset the PRNG's nonce value |
| 132 | Fixes for the plugin system: |
| 133 | Further improvements to plugin support: |
| 134 | Fixed an unintentional change in the options calculated key size. |
| 135 | Moved print messages back to generic crypto.c from cipher backends |
| 136 | Moved HMAC prints back to main crypto module |
| 137 | Added back checks for ks->authenticated in verify_user_pass |
| 138 | Moved gc_new and gc_free to begin end of function |
| 139 | Fixed a bug in the return value of ssl_verify when pre_verify failed |
| 140 | Unified verification function return values: |
| 141 | Removed a stray Fox-IT tag |
| 142 | Fixed a typo: print the subject instead of the serial for verification errors |
| 143 | Made SSL_CIPHER const in print_details, to fix warning |
| 144 | Moved to PolarSSL 1.0.0: |
| 145 | Added missing #ifdef to allow --disable-managent to work again |
| 146 | Fixed disabling crypto and SSL |
| 147 | Got rid of a few magic numbers in ntlm.c |
| 148 | Removed obsolete des_cblock and des_keyschedule |
| 149 | Further removal of des_old.h based calls |
| 150 | Fixed missing comma in plugin.h |
| 151 | Moved prng_uninit out of crypto_uninit_lib |
| 152 | Moved CryptoAPI header include to the ssl_openssl.c |
| 153 | Reordered functions to ensure warning-free Windows build |
| 154 | Added options to switch between OpenSSL and PolarSSL and PKCS11... |
| 155 | Moved from strsep to strtok, for Windows compatibility |
| 156 | Minor cleanup to enable warning-free Windows build: |
| 157 | Fixed a typo when initialising cryptoapi certs |
| 158 | Minor code cleanup: cleaned up error handling in verify_cert. |
| 159 | Moved out of memory prototype to error.h, as the definition is in error.c |
| 160 | Removed support for calling gc_malloc with a NULL gc_arena struct |
| 161 | |
| 162 | (The follwing patches from Adriaan was mistakenly merged with |
| 163 | the wrong commit author in the git tree) |
| 164 | Doxygen: Added data channel crypto docs |
| 165 | Added control channel crypto docs |
| 166 | Added compression docs |
| 167 | Added reliability layer documentation |
| 168 | Added memory management documentation |
| 169 | Added data channel fragmentation docs |
| 170 | Added main/control docs |
| 171 | Moved doxygen-specific files to a separate directory |
| 172 | |
| 173 | Byron Ellacott (1): |
| 174 | autoconf fixes for building on OSX |
| 175 | |
| 176 | David Sommerseth (50): |
| 177 | Provide 'dev_type' environment variable to plug-ins and script hooks |
| 178 | Define the new openvpn_plugin_{open,func}_v3() API |
| 179 | Implement the core v3 plug-in function calls. |
| 180 | Extend the v3 plug-in API to send over X509 certificates |
| 181 | Added a simple plug-in demonstrating the v3 plug-in API. |
| 182 | Separate the general plug-in version constant and v3 plug-in structs version |
| 183 | Use a version-less version identifier on the master branch |
| 184 | Fix the --client-cert-not-required feature |
| 185 | Change the default --tmp-dir path to a more suitable path |
| 186 | Improve the mysprintf() issue in openvpnserv.c |
| 187 | Add a simple comment regarding openvpn_snprintf() is duplicated |
| 188 | Merge branch 'feat_ipv6_transport' |
| 189 | Merge branch 'feat_ipv6_payload' |
| 190 | Merge branch 'svn-branch-2.1' into merge |
| 191 | Solved hidden merge conflicts between master and svn-branch-2.1 |
| 192 | Fix const declarations in plug-in v3 structs |
| 193 | Merge remote-tracking branch 'cron2/feat_ipv6_payload_2.3' |
| 194 | Don't define ENABLE_PUSH_PEER_INFO if SSL is not available |
| 195 | Fix compiling issues with pkcs11 when --disable-management is configured |
| 196 | Remove support for Linux 2.2 configuration fallback |
| 197 | Revert "Add new openssl.cnf to easy-rsa/Windows" |
| 198 | Merge remote branch SVN 2.1 into the git tree |
| 199 | Merge branch 'svn-merger' |
| 200 | Fix Microsoft Visual Studio incompatibility in plugin.c |
| 201 | Fixed compile issues on FreeBSD and Solaris |
| 202 | Fix PolarSSL and --pkcs12 option issues |
| 203 | Fix FreeBSD/OpenBSD/NetBSD compiler warnings in get_default_gateway() |
| 204 | Make '--win-sys env' default |
| 205 | Do some file/directory tests before really starting openvpn |
| 206 | Fix bug after removing Linux 2.2 support |
| 207 | Don't look for 'stdin' file when using --auth-user-pass |
| 208 | Fix compiling with --disable-crypto and/or --disable-ssl |
| 209 | Fix a couple of issues in openvpn_execve() |
| 210 | Move away from openvpn_basename() over to platform provided basename() |
| 211 | Enable access() when building in Visual Studio |
| 212 | New Windows build fixes |
| 213 | Fix compilation errors on Linux platforms without SO_MARK |
| 214 | autotools ./configure don't like compat.h |
| 215 | Fix pool logging when IPv6 is not enabled |
| 216 | Don't check for file presence on inline files |
| 217 | Add --route-pre-down/OPENVPN_PLUGIN_ROUTE_PREDOWN script/plug-in hook |
| 218 | Enhance the error handling in _openssl_get_subject() |
| 219 | Fix assert() situations where gc_malloc() is called without a gc_arena object |
| 220 | Fix compile issues when plug-ins are disabled. |
| 221 | Remove --show-gateway if debug info is not enabled (--disable-debug) |
| 222 | Fix compile issues with status.c |
| 223 | Connection entry {tun,link}_mtu_defined not set correctly |
| 224 | Makefile.am referenced a now non-existing config-win32.h |
| 225 | Makefile.am was missing ssl_common.h |
| 226 | Revamp check_file_access() checks in stdin scenarios |
| 227 | |
| 228 | Davide Guerri (1): |
| 229 | New feauture: Add --stale-routes-check |
| 230 | |
| 231 | Frank de Brabander (1): |
| 232 | Fixed wrong return type of cipher_kt_mode |
| 233 | |
| 234 | Frederic Crozat (1): |
| 235 | Add support to forward console query to systemd |
| 236 | |
| 237 | Gert Doering (45): |
| 238 | Add more detailed explanation regarding the function of "--rdns-internal" |
| 239 | Enable IPv6 Payload in OpenVPN p2mp tun server mode. 20100104-1 release. |
| 240 | remove NOTES file from commit - private scribbling |
| 241 | NetBSD fixes - on 4.0 and up, use multi-af mode. |
| 242 | new feature: "ifconfig-ipv6-push" (from ccd/ config) |
| 243 | add some TODOs to TODO.IPv6 |
| 244 | undo accidential duplication of existing "--iroute" line in the help text |
| 245 | basic documentation of IPv6 related options and their syntax |
| 246 | Enable IPv6 Payload in OpenVPN p2mp tun server mode. |
| 247 | remove NOTES file from commit - private scribbling |
| 248 | env_block(): if PATH is not set, add standard PATH setting to env |
| 249 | add IPv6 route add / route delete code for windows (using "netsh") |
| 250 | - Win32 IPv6 ifconfig support, using "netsh" calls |
| 251 | drop "book ipv6" from open_tun() and tuncfg() prototypes |
| 252 | document recent changes and open TODOs, adapt --version info, tag release |
| 253 | Win32: set next-hop for IPv6 routes according to TUN/TAP mode |
| 254 | when deleting a route on win32, also add gateway address |
| 255 | WIN32: if IPv6 requested in TUN mode, check if TUN/TAP driver < 9.7 |
| 256 | revert unconditionally-enabling of setenv_es() logging |
| 257 | implement IPv6 ifconfig + route setup/deletion on OpenBSD |
| 258 | full "VPN client connect" test framework for OpenVPN t_client.rc-sample |
| 259 | renamed t_client.sh to t_client.sh.in |
| 260 | 2.2-beta3 has a signed TAP driver with the IPv6 code - test for 9.8 |
| 261 | correct URL for "more information about IPv6 patch is *here*" |
| 262 | bugfix for linux/iproute2: IPv6 ifconfig code block was not called for "dev tun"+"topology subnet" |
| 263 | bump IPv6 version number (openvpn --version) to 20100922-1 |
| 264 | Implement "ipv6 ifconfig" for TAP interfaces on Solaris interfaces |
| 265 | rebased to 2.2RC2 (beta 2.2 branch) |
| 266 | Windows IPv6 cleanup - properly remove IPv6 routes and interface config |
| 267 | For all accesses to "struct route_list * rl", check first that rl is non-NULL |
| 268 | Replace 32-bit-based add_in6_addr() implementation by an 8-bit based one |
| 269 | Platform cleanup for NetBSD |
| 270 | Move block for "stale-routes-check" config inside #ifdef P2MP_SERVER block |
| 271 | add missing break between "case IPv4" and "case IPv6" |
| 272 | bump tap driver version from 9.8 to 9.9 |
| 273 | log error message and exit for "win32, tun mode, tap driver version 9.8" |
| 274 | work around inet_ntop/inet_pton problems for MSVC builds on WinXP |
| 275 | Fix build-up of duplicate IPv6 routes on reconnect. |
| 276 | Fix list-overrun checks in copy_route_[ipv6_]option_list() |
| 277 | add "print test titles" and "use sudo" functionality to t_client.rc |
| 278 | Platform cleanup for FreeBSD |
| 279 | Implement IPv6 interface config with non-/64 prefix lengths. |
| 280 | Fix RUN_SUDO functionality for t_client.sh |
| 281 | Document IPv6-related environment variables. |
| 282 | Platform cleanup for OpenBSD |
| 283 | |
| 284 | Gisle Vanem (1): |
| 285 | Avoid re-defining uint32_t when using mingw compiler |
| 286 | |
| 287 | Gustavo Zacarias (1): |
| 288 | Fix compile issues when using --enable-small and --disable-ssl/--disable-crypto |
| 289 | |
| 290 | Heiko Hund (16): |
| 291 | add .gitignore to official repository |
| 292 | remove function is_proto_tcp() |
| 293 | remove legacy code to query IE proxy information |
| 294 | lowercase include header name in syshead.h |
| 295 | define IN6_ARE_ADDR_EQUAL macro for WIN32 |
| 296 | add --mark option to set SO_MARK sockopt |
| 297 | Windows UTF-8 input/output |
| 298 | UTF-8 X.509 distinguished names |
| 299 | set Windows environment variables as UCS-2 |
| 300 | handle Windows unicode paths |
| 301 | replace check for TARGET_WIN32 with WIN32 |
| 302 | do not use mode_t on Windows |
| 303 | use the underscore version of stat on Windows |
| 304 | make MSVC link against shell32 as well |
| 305 | move variable declaration to top of function |
| 306 | define access mode flag X_OK as 0 on Windows |
| 307 | |
| 308 | Igor Novgorodov (1): |
| 309 | The code blocks enabled by ENABLE_CLIENT_CR depends on management |
| 310 | |
| 311 | James Yonan (57): |
| 312 | Added "management-external-key" option. |
| 313 | Minor addition of logging info before and after execution of Windows net commands. |
| 314 | Misc fixes to r6708. |
| 315 | Added --x509-track option. |
| 316 | * added --management-up-down option to allow management interface to be notified of tunnel up/down events. |
| 317 | Fixed minor compile issue triggered on builds where MANAGEMENT_DEF_AUTH is not enabled. |
| 318 | Implemented get_default_gateway_mac_addr for Mac OS X |
| 319 | Fixes to r6925. |
| 320 | Properly handle certificate serial numbers > 32 bits. |
| 321 | Added "client-nat" option for stateless, one-to-one NAT on the client side. |
| 322 | Renamed branch to reflect that it is no longer beta. |
| 323 | env_filter_match now includes the serial number of all certs |
| 324 | Fixed issue where a client might receive multiple push replies from a server |
| 325 | Fixed bug introduced in r7031 that might cause this error message: |
| 326 | Extended "client-kill" management interface command (server-side) |
| 327 | Client will now try to reconnect if no push reply received within handshake-window seconds. |
| 328 | Version 2.1.3n |
| 329 | Fixed compiling issues when using --disable-crypto |
| 330 | Added "management-external-key" option. |
| 331 | Misc fixes to r6708. |
| 332 | win/sign.py now accepts an optional tap-dir argument. |
| 333 | Added "auth-token" client directive |
| 334 | Added ./configure --enable-osxipconfig option for Mac OS X |
| 335 | Added more packet ID debug info at debug level 3 for debugging false positive packet replays. |
| 336 | Fixed bug that incorrectly placed stricter TCP packet replay rules on UDP sessions |
| 337 | Fixed bug in port-share that could cause port share process to crash |
| 338 | For Mac OSX, when DARWIN_USE_IPCONFIG is defined, retry ipconfig command on failure |
| 339 | Version 2.1.3t |
| 340 | Revert r7092 and r7151, i.e. remove --enable-osxipconfig configure option. |
| 341 | Added 'dir' flag to "crl-verify" (see man page for info). |
| 342 | Added new "extra-certs" and "verify-hash" options |
| 343 | Fixed compile issues on Windows. |
| 344 | Added --enable-lzo-stub configure option to build an OpenVPN client without LZO |
| 345 | Added optional journal directory argument to "port-share" directive |
| 346 | Reduce log verbosity at level 3, with a focus on removing excessive log verbosity generated by port-share activity. |
| 347 | env_filter_match now includes the serial number of all certs in chain |
| 348 | Added support for static challenge/response protocol. |
| 349 | r7316 fixes. |
| 350 | Added redirect-gateway block-local flag, with support for Linux, Mac OS X |
| 351 | Extended x509-track to allow SHA1 certificate hash to be extracted |
| 352 | Added "management-query-remote" directive (client) to allow the management interface to override the "remote" directive. |
| 353 | Version 2.1.5. |
| 354 | Fixed MSVC compile error related to r7408. |
| 355 | Redact "echo" directive strings from log, since these strings (going forward) could conceivably contain security-sensitive data. |
| 356 | Modified sanitize_control_message to remove redacted data from control string rather than blotting it out with "_" chars. |
| 357 | Changed CC_PRINT character class to allow UTF-8 chars. |
| 358 | Increased the --verb threshold for "PID_ERR replay" messages to 4 from 3. |
| 359 | Fixed issue where redirect-gateway block-local code was not correctly calculating... |
| 360 | CC_PRINT character class now allows any 8-bit character value >= 32. |
| 361 | "status" management interface command (version >= 2) will now include the username for each connected user. |
| 362 | Minor fix to CC_PRINT char class |
| 363 | Fixed management interface bug where >FATAL notifications were not being output properly |
| 364 | Raised D_PID_DEBUG_LOW from level 3 to 4 to reduce replay error verbosity at level 3. |
| 365 | Added "memstats" option to maintain real-time operating stats in a memory-mapped file. |
| 366 | Fixed client issues with DHCP Router option extraction/deletion when using layer 2 with DHCP proxy: |
| 367 | Allow "tap-win32 dynamic <offset>" to be used in topology subnet mode. |
| 368 | Added support for "on-link" routes on Linux client |
| 369 | |
| 370 | Jan Just Keijser (1): |
| 371 | Made some options connection-entry specific |
| 372 | |
| 373 | Joe Patterson (1): |
| 374 | common_name passing in auth_pam plugin |
| 375 | |
| 376 | JuanJo Ciarlante (40): |
| 377 | * rebased openvpn-2.1_rc1b.jjo.20061206.d.patch |
| 378 | * created getaddr6(), use it from resolve_remote() |
| 379 | * migrated all getaddrinfo() to getaddr6 |
| 380 | * socket.c: use USE_PF_INET6 in switch constructs to actually toss them out, |
| 381 | * support --disable-ipv6 build properly: |
| 382 | * important fix for tcp6 reconnection was incorrectly creating a PF_INET socket |
| 383 | * added README.ipv6.txt |
| 384 | * fixed win32 non-ipv6 build |
| 385 | * ipv6 on win32 "milestone": 1st snapshot that passes all unittests |
| 386 | * document ipv6 milestone status |
| 387 | * doc update w/unittests results |
| 388 | * make possible to x-compile openvpn/win32 in Linux |
| 389 | * correctly setup hints.ai_socktype for getaddrinfo(), althought sorta hacky, see TODO.ipv6. |
| 390 | * renamed README.ipv6{.txt,} |
| 391 | * updated {README,TODO}.ipv6 from feedback at openvpn-devel mlist |
| 392 | * init.c: document the ENABLE_MANAGEMENT place to work on |
| 393 | * init.c: small in-doc tweaks |
| 394 | * fix multi-tcp crash (corrected assertion) |
| 395 | * TODO.ipv6 update |
| 396 | * socket.c: better buf logic in print_sockaddr_ex |
| 397 | * fixed segfault for undef address family in print_sockaddr_ex (thanks Marcel!) |
| 398 | * doc updates |
| 399 | * openbsd: no IFF_MULTICAST, #ifdef around it |
| 400 | * no new funcionality, just small cleanups |
| 401 | * (prototype) fix for supporting "redirect-gateway" for tunneled ipv4 over ipv6 endpoints |
| 402 | * polished redirect-gateway (ipv4 on ipv6 endpoints) support |
| 403 | * updated doc |
| 404 | * fix --disable-ipv6 build |
| 405 | * doc updates |
| 406 | * rebased to v2.1.1 release |
| 407 | * undo mroute.c changes related to ipv6 payload |
| 408 | * fix --multihome for ipv4 |
| 409 | * fix --multihome for ipv6 |
| 410 | * ipv6-0.4.14: fix xinetd usage |
| 411 | * ipv6-0.4.15: add --multihome support to xBSD |
| 412 | * ipv6-0.4.15b: rebase over openvpn-testing-master |
| 413 | * ipv6-0.4.16: fix mingw32 build |
| 414 | * make ipv6_payload compile under windowze |
| 415 | USE_PF_INET6 by default for v2.3 |
| 416 | fix ipv6 compilation under macosx >= 1070 - v3 |
| 417 | |
| 418 | Markus Koetter (1): |
| 419 | Add extv3 X509 field support to --x509-username-field |
| 420 | |
| 421 | Matthew L. Creech (1): |
| 422 | Fix 2.2.0 build failure when management interface disabled |
| 423 | |
| 424 | Matthias Andree (1): |
| 425 | Skip rather than fail test in addressless FreeBSD jails. |
| 426 | |
| 427 | Robert Fischer (8): |
| 428 | Update man page with info about --capath |
| 429 | Update man page with info about --connect-timeout |
| 430 | Added info about --show-proxy-settings |
| 431 | Documented --x509-username-field option |
| 432 | Documented --errors-to-stderr option |
| 433 | Documented --push-peer-info option |
| 434 | Update man page with info about --remote-random-hostname |
| 435 | Added man page entry for --management-client |
| 436 | |
| 437 | Samuli Seppänen (19): |
| 438 | Add man page entry for --redirect-private |
| 439 | Change all CRLF linefeeds to LF linefeeds |
| 440 | Fix a bug in devcon source code handling |
| 441 | Removed Win2k from supported platforms list in INSTALL and win/openvpn.nsi |
| 442 | Fixed copying of tapinstall.exe to dist/bin when using prebuilt TAP-drivers |
| 443 | Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier |
| 444 | Fix a build-ca issue on Windows |
| 445 | Add new openssl.cnf to easy-rsa/Windows |
| 446 | Updated "easy-rsa" for OpenSSL 1.0.0 |
| 447 | Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf |
| 448 | Fixes to easy-rsa/2.0 |
| 449 | Merged TODO.IPv6 with TODO.ipv6 and README.IPv6 with README.ipv6 |
| 450 | Fixed a number of fatal build errors on Visual Studio 2008 |
| 451 | Fix a Visual Studio 2008 build issue in socket.c |
| 452 | Additional Visual Studio 2008 build fixes to tun.c |
| 453 | Fixed a typo in win32.h that prevented building with Visual Studio |
| 454 | Fixed a regression causing VS2008/Python build failure |
| 455 | Fix a Visual Studio 2008 build error in tun.c |
| 456 | Fix a Visual Studio 2008 build error in options.c |
| 457 | |
| 458 | Simon Matter (1): |
| 459 | Fix issues with some older GCC compilers |
| 460 | |
| 461 | Stefan Hellermann (2): |
| 462 | plugin.h: update prototype of plugin_call dummy in !ENABLE_PLUGIN case |
| 463 | Fixed typo in plugin.h |
| 464 | |
| 465 | chantra (1): |
| 466 | Clarify --tmp-dir option |
| 467 | |
| 468 | smos (1): |
| 469 | Change the netsh.exe command from "add" to "set". |
| 470 | }}} |