| | 1 | = Overview of changes = |
| | 2 | |
| | 3 | This release includes a large number of new features: |
| | 4 | |
| | 5 | * Complete IPv6 support, both transport and payload |
| | 6 | * Optional PolarSSL support (build time configuration) |
| | 7 | * Improved plug-in API (v3) which can more easily be expanded in the future: Includes support for direct access to X.509 certificate data in plug-ins |
| | 8 | * New option --stale-routes-check: remove routes that haven't had activity recently |
| | 9 | * New option --management-external-key: Load RSA keys via management interface |
| | 10 | * New option --management-up-down: notify management interface on tunnel up/down events |
| | 11 | * New option --client-nat: one-to-one NAT to avoid IP address conflicts between local and remote networks |
| | 12 | * New option --extra-certs: certificates which completes the CA chain, without trusting these certificates |
| | 13 | * New option --verify-hash: Fingerprint matching on level-1 certificates |
| | 14 | * New option --crl-verify directory mode: files in this dir matching the serial numbers are treated as a revoked certificate |
| | 15 | * New option --enable-lzo-stub build time option: Clients tell the server if they support LZO or not, and server can automatically disable LZO for that client. |
| | 16 | * New option --memstats: Write live usage stats to memory mapped binary files |
| | 17 | * New management command for servers: client-kill |
| | 18 | * New management command for clients: auth-token (replacement to saving passwords in memory in clients) |
| | 19 | * New management command for clients: remote (override config file --remote settings) |
| | 20 | |
| | 21 | Many enhancements are also included: |
| | 22 | |
| | 23 | * Management command for server, status, can report username for each connected user |
| | 24 | * UTF-8 support for certificate fields |
| | 25 | * Windows UTF-8 support: Filenames may now contain wide characters and environment variables handled as UCS-2 characters |
| | 26 | * Fixed client issues with DHCP Router option extraction/deletion with layer 2 DHCP proxies. |
| | 27 | * Added "on-link" routes on Linux. This solves --redirect-gateway issues where routes are set up with devices instead of IP addresses |
| | 28 | * Several configuration options are now supported inside <connection> blocks |
| | 29 | * Add extv3 X509 field support to --x509-username-field |
| | 30 | * Several man page updates |
| | 31 | |
| | 32 | A few changes have been made which may affect existing installations: |
| | 33 | |
| | 34 | * 'echo' can no longer be pushed |
| | 35 | * The certificate strings have changed syntax to the new standard provided newer OpenSSL APIs. Earlier the format was: /CN=Common Name/O=Organisation/L=Location. The new format will look like: CN=Common Name, O=Organisation, L=Location. This change impacts plug-ins, scripts and --tls-remote which parses these certificate strings. |
| | 36 | |
| | 37 | |
| | 38 | = Full list of changes = |
| | 39 | |
| | 40 | {{{ |
| | 41 | Adriaan de Jong (127): |
| | 42 | Added Doxygen doxyfile |
| | 43 | Changed configure to accept --with-ssl-type=openssl |
| | 44 | Refactored to rand_bytes for OpenSSL-independency |
| | 45 | Refactored OpenSSL-specific constants |
| | 46 | Refactored maximum cipher and hmac length constants |
| | 47 | Refactored show_available_* functions |
| | 48 | Refactored SSL_clear_error() |
| | 49 | Refactored crypto initialisation functions |
| | 50 | Refactored DES key manipulation functions |
| | 51 | Refactored NTLM DES key generation |
| | 52 | Refactored message digest type functions |
| | 53 | Refactored message digest functions |
| | 54 | Refactored HMAC functions |
| | 55 | Refactored cipher key types |
| | 56 | Refactored cipher functions |
| | 57 | Added PRNG doxygen |
| | 58 | Refactored: Moved crypto.h inline functions to end of file |
| | 59 | Removed stale OpenSSL defines from crypto.h |
| | 60 | Added a check for Openssl or PolarSSL defines |
| | 61 | Refactored: Added stubs for new files |
| | 62 | Refactored SSL initialisation functions |
| | 63 | Refactored TLS_PRF to new hmac and md primitives |
| | 64 | Refactored tls_show_available_ciphers |
| | 65 | Refactored get_highest_preference_tls_cipher |
| | 66 | Refactored root SSL context initialisation |
| | 67 | Refactored new external key code |
| | 68 | Refactored DH paramater loading |
| | 69 | Refactored root TLS option settings |
| | 70 | Refactored PKCS#12 key loading |
| | 71 | Refactored PKCS#11 loading |
| | 72 | Refactored windows cert loading |
| | 73 | Refactored load certificate functions |
| | 74 | Refactored private key loading code |
| | 75 | Refactored external key loading from management |
| | 76 | Refactored CA and extra certs code |
| | 77 | Refactored cipher restriction code |
| | 78 | Refactored tls_options, key_state, and key_source data structures |
| | 79 | Refactored initalisation of key_states |
| | 80 | Refactored key_state free code |
| | 81 | Refactored print_details |
| | 82 | Refactored key_state read code (including bio_read()) |
| | 83 | Refactored key_state write functions |
| | 84 | Refactored: Moved BIO debug functions to OpenSSL backend |
| | 85 | Refactored: removed ks and ks_lame macro for clarity |
| | 86 | Refactored: moved write_empty_string function back |
| | 87 | Refactored Doxygen for tls_multi functions |
| | 88 | Migrated data structures needed by verification functions to ssl_common.h |
| | 89 | Refactored client_config_dir_exclusive function |
| | 90 | Refactored certificate hash lock checks |
| | 91 | Refactored common name locking functions |
| | 92 | Refactored username and password authentication code |
| | 93 | Add some extra comments |
| | 94 | Refactored: split verify_callback into two parts |
| | 95 | Added function to extract and verify the subject from a certificate |
| | 96 | Added function to verify and extract the username |
| | 97 | Refactored: removed global x509_username_field |
| | 98 | Refactored: separated environment setup during verification |
| | 99 | Refactored: Netscape certificate type verification |
| | 100 | Refactored key usage verification code |
| | 101 | Refactored EKU verification |
| | 102 | Refactored tls-remote checking |
| | 103 | Refactored tls-verify-plugin code |
| | 104 | Refactored tls-verify script code |
| | 105 | Refactored CRL checks |
| | 106 | Minor cleanup in verify_cert: |
| | 107 | Refactored: Moved verify_cert to ssl_verify |
| | 108 | Cleaned up ssl.h |
| | 109 | Refactored: made M_SSL dependent on USE_OPENSSL |
| | 110 | Refactored: renamed X509 functions from verify_* |
| | 111 | Separated OpenSSL-specific parts of the PKCS#11 driver |
| | 112 | Modified base64 code in preparation for PolarSSL merge |
| | 113 | Final cleanup before PolarSSL addition: |
| | 114 | Refactored X509 track feature to be contained within the openssl backend |
| | 115 | Added PolarSSL support: |
| | 116 | Fixed a missing include in ssl_backend.h |
| | 117 | Fixed a bug in the hash generation in ssl_verify_openssl.c |
| | 118 | Added SHA_DIGEST_SIZE definition |
| | 119 | Changed PolarSSL crypto backend to support v0.99-pre5 |
| | 120 | Updated ssl_polarssl.c to work with 0.99-pre5 |
| | 121 | Fixed a compilation warning for size_t key sizes |
| | 122 | Added a warning that the PolarSSL library does not support pkcs12 files. |
| | 123 | Added warning that --capath is not available with PolarSSL |
| | 124 | Disable CryptoAPI when not using OpenSSL, and document that fact. |
| | 125 | Removed support for management external keys in PolarSSL |
| | 126 | Removed stray X509_free from ssl.c |
| | 127 | Refactored (and disabled for PolarSSL) support for writing external cert files in scripts |
| | 128 | Added an extra define to allow building without PKCS#11 |
| | 129 | Added SSL library to title string |
| | 130 | Disabled X.509 track and username selection for PolarSSL |
| | 131 | Hardening: periodically reset the PRNG's nonce value |
| | 132 | Fixes for the plugin system: |
| | 133 | Further improvements to plugin support: |
| | 134 | Fixed an unintentional change in the options calculated key size. |
| | 135 | Moved print messages back to generic crypto.c from cipher backends |
| | 136 | Moved HMAC prints back to main crypto module |
| | 137 | Added back checks for ks->authenticated in verify_user_pass |
| | 138 | Moved gc_new and gc_free to begin end of function |
| | 139 | Fixed a bug in the return value of ssl_verify when pre_verify failed |
| | 140 | Unified verification function return values: |
| | 141 | Removed a stray Fox-IT tag |
| | 142 | Fixed a typo: print the subject instead of the serial for verification errors |
| | 143 | Made SSL_CIPHER const in print_details, to fix warning |
| | 144 | Moved to PolarSSL 1.0.0: |
| | 145 | Added missing #ifdef to allow --disable-managent to work again |
| | 146 | Fixed disabling crypto and SSL |
| | 147 | Got rid of a few magic numbers in ntlm.c |
| | 148 | Removed obsolete des_cblock and des_keyschedule |
| | 149 | Further removal of des_old.h based calls |
| | 150 | Fixed missing comma in plugin.h |
| | 151 | Moved prng_uninit out of crypto_uninit_lib |
| | 152 | Moved CryptoAPI header include to the ssl_openssl.c |
| | 153 | Reordered functions to ensure warning-free Windows build |
| | 154 | Added options to switch between OpenSSL and PolarSSL and PKCS11... |
| | 155 | Moved from strsep to strtok, for Windows compatibility |
| | 156 | Minor cleanup to enable warning-free Windows build: |
| | 157 | Fixed a typo when initialising cryptoapi certs |
| | 158 | Minor code cleanup: cleaned up error handling in verify_cert. |
| | 159 | Moved out of memory prototype to error.h, as the definition is in error.c |
| | 160 | Removed support for calling gc_malloc with a NULL gc_arena struct |
| | 161 | |
| | 162 | (The follwing patches from Adriaan was mistakenly merged with |
| | 163 | the wrong commit author in the git tree) |
| | 164 | Doxygen: Added data channel crypto docs |
| | 165 | Added control channel crypto docs |
| | 166 | Added compression docs |
| | 167 | Added reliability layer documentation |
| | 168 | Added memory management documentation |
| | 169 | Added data channel fragmentation docs |
| | 170 | Added main/control docs |
| | 171 | Moved doxygen-specific files to a separate directory |
| | 172 | |
| | 173 | Byron Ellacott (1): |
| | 174 | autoconf fixes for building on OSX |
| | 175 | |
| | 176 | David Sommerseth (50): |
| | 177 | Provide 'dev_type' environment variable to plug-ins and script hooks |
| | 178 | Define the new openvpn_plugin_{open,func}_v3() API |
| | 179 | Implement the core v3 plug-in function calls. |
| | 180 | Extend the v3 plug-in API to send over X509 certificates |
| | 181 | Added a simple plug-in demonstrating the v3 plug-in API. |
| | 182 | Separate the general plug-in version constant and v3 plug-in structs version |
| | 183 | Use a version-less version identifier on the master branch |
| | 184 | Fix the --client-cert-not-required feature |
| | 185 | Change the default --tmp-dir path to a more suitable path |
| | 186 | Improve the mysprintf() issue in openvpnserv.c |
| | 187 | Add a simple comment regarding openvpn_snprintf() is duplicated |
| | 188 | Merge branch 'feat_ipv6_transport' |
| | 189 | Merge branch 'feat_ipv6_payload' |
| | 190 | Merge branch 'svn-branch-2.1' into merge |
| | 191 | Solved hidden merge conflicts between master and svn-branch-2.1 |
| | 192 | Fix const declarations in plug-in v3 structs |
| | 193 | Merge remote-tracking branch 'cron2/feat_ipv6_payload_2.3' |
| | 194 | Don't define ENABLE_PUSH_PEER_INFO if SSL is not available |
| | 195 | Fix compiling issues with pkcs11 when --disable-management is configured |
| | 196 | Remove support for Linux 2.2 configuration fallback |
| | 197 | Revert "Add new openssl.cnf to easy-rsa/Windows" |
| | 198 | Merge remote branch SVN 2.1 into the git tree |
| | 199 | Merge branch 'svn-merger' |
| | 200 | Fix Microsoft Visual Studio incompatibility in plugin.c |
| | 201 | Fixed compile issues on FreeBSD and Solaris |
| | 202 | Fix PolarSSL and --pkcs12 option issues |
| | 203 | Fix FreeBSD/OpenBSD/NetBSD compiler warnings in get_default_gateway() |
| | 204 | Make '--win-sys env' default |
| | 205 | Do some file/directory tests before really starting openvpn |
| | 206 | Fix bug after removing Linux 2.2 support |
| | 207 | Don't look for 'stdin' file when using --auth-user-pass |
| | 208 | Fix compiling with --disable-crypto and/or --disable-ssl |
| | 209 | Fix a couple of issues in openvpn_execve() |
| | 210 | Move away from openvpn_basename() over to platform provided basename() |
| | 211 | Enable access() when building in Visual Studio |
| | 212 | New Windows build fixes |
| | 213 | Fix compilation errors on Linux platforms without SO_MARK |
| | 214 | autotools ./configure don't like compat.h |
| | 215 | Fix pool logging when IPv6 is not enabled |
| | 216 | Don't check for file presence on inline files |
| | 217 | Add --route-pre-down/OPENVPN_PLUGIN_ROUTE_PREDOWN script/plug-in hook |
| | 218 | Enhance the error handling in _openssl_get_subject() |
| | 219 | Fix assert() situations where gc_malloc() is called without a gc_arena object |
| | 220 | Fix compile issues when plug-ins are disabled. |
| | 221 | Remove --show-gateway if debug info is not enabled (--disable-debug) |
| | 222 | Fix compile issues with status.c |
| | 223 | Connection entry {tun,link}_mtu_defined not set correctly |
| | 224 | Makefile.am referenced a now non-existing config-win32.h |
| | 225 | Makefile.am was missing ssl_common.h |
| | 226 | Revamp check_file_access() checks in stdin scenarios |
| | 227 | |
| | 228 | Davide Guerri (1): |
| | 229 | New feauture: Add --stale-routes-check |
| | 230 | |
| | 231 | Frank de Brabander (1): |
| | 232 | Fixed wrong return type of cipher_kt_mode |
| | 233 | |
| | 234 | Frederic Crozat (1): |
| | 235 | Add support to forward console query to systemd |
| | 236 | |
| | 237 | Gert Doering (45): |
| | 238 | Add more detailed explanation regarding the function of "--rdns-internal" |
| | 239 | Enable IPv6 Payload in OpenVPN p2mp tun server mode. 20100104-1 release. |
| | 240 | remove NOTES file from commit - private scribbling |
| | 241 | NetBSD fixes - on 4.0 and up, use multi-af mode. |
| | 242 | new feature: "ifconfig-ipv6-push" (from ccd/ config) |
| | 243 | add some TODOs to TODO.IPv6 |
| | 244 | undo accidential duplication of existing "--iroute" line in the help text |
| | 245 | basic documentation of IPv6 related options and their syntax |
| | 246 | Enable IPv6 Payload in OpenVPN p2mp tun server mode. |
| | 247 | remove NOTES file from commit - private scribbling |
| | 248 | env_block(): if PATH is not set, add standard PATH setting to env |
| | 249 | add IPv6 route add / route delete code for windows (using "netsh") |
| | 250 | - Win32 IPv6 ifconfig support, using "netsh" calls |
| | 251 | drop "book ipv6" from open_tun() and tuncfg() prototypes |
| | 252 | document recent changes and open TODOs, adapt --version info, tag release |
| | 253 | Win32: set next-hop for IPv6 routes according to TUN/TAP mode |
| | 254 | when deleting a route on win32, also add gateway address |
| | 255 | WIN32: if IPv6 requested in TUN mode, check if TUN/TAP driver < 9.7 |
| | 256 | revert unconditionally-enabling of setenv_es() logging |
| | 257 | implement IPv6 ifconfig + route setup/deletion on OpenBSD |
| | 258 | full "VPN client connect" test framework for OpenVPN t_client.rc-sample |
| | 259 | renamed t_client.sh to t_client.sh.in |
| | 260 | 2.2-beta3 has a signed TAP driver with the IPv6 code - test for 9.8 |
| | 261 | correct URL for "more information about IPv6 patch is *here*" |
| | 262 | bugfix for linux/iproute2: IPv6 ifconfig code block was not called for "dev tun"+"topology subnet" |
| | 263 | bump IPv6 version number (openvpn --version) to 20100922-1 |
| | 264 | Implement "ipv6 ifconfig" for TAP interfaces on Solaris interfaces |
| | 265 | rebased to 2.2RC2 (beta 2.2 branch) |
| | 266 | Windows IPv6 cleanup - properly remove IPv6 routes and interface config |
| | 267 | For all accesses to "struct route_list * rl", check first that rl is non-NULL |
| | 268 | Replace 32-bit-based add_in6_addr() implementation by an 8-bit based one |
| | 269 | Platform cleanup for NetBSD |
| | 270 | Move block for "stale-routes-check" config inside #ifdef P2MP_SERVER block |
| | 271 | add missing break between "case IPv4" and "case IPv6" |
| | 272 | bump tap driver version from 9.8 to 9.9 |
| | 273 | log error message and exit for "win32, tun mode, tap driver version 9.8" |
| | 274 | work around inet_ntop/inet_pton problems for MSVC builds on WinXP |
| | 275 | Fix build-up of duplicate IPv6 routes on reconnect. |
| | 276 | Fix list-overrun checks in copy_route_[ipv6_]option_list() |
| | 277 | add "print test titles" and "use sudo" functionality to t_client.rc |
| | 278 | Platform cleanup for FreeBSD |
| | 279 | Implement IPv6 interface config with non-/64 prefix lengths. |
| | 280 | Fix RUN_SUDO functionality for t_client.sh |
| | 281 | Document IPv6-related environment variables. |
| | 282 | Platform cleanup for OpenBSD |
| | 283 | |
| | 284 | Gisle Vanem (1): |
| | 285 | Avoid re-defining uint32_t when using mingw compiler |
| | 286 | |
| | 287 | Gustavo Zacarias (1): |
| | 288 | Fix compile issues when using --enable-small and --disable-ssl/--disable-crypto |
| | 289 | |
| | 290 | Heiko Hund (16): |
| | 291 | add .gitignore to official repository |
| | 292 | remove function is_proto_tcp() |
| | 293 | remove legacy code to query IE proxy information |
| | 294 | lowercase include header name in syshead.h |
| | 295 | define IN6_ARE_ADDR_EQUAL macro for WIN32 |
| | 296 | add --mark option to set SO_MARK sockopt |
| | 297 | Windows UTF-8 input/output |
| | 298 | UTF-8 X.509 distinguished names |
| | 299 | set Windows environment variables as UCS-2 |
| | 300 | handle Windows unicode paths |
| | 301 | replace check for TARGET_WIN32 with WIN32 |
| | 302 | do not use mode_t on Windows |
| | 303 | use the underscore version of stat on Windows |
| | 304 | make MSVC link against shell32 as well |
| | 305 | move variable declaration to top of function |
| | 306 | define access mode flag X_OK as 0 on Windows |
| | 307 | |
| | 308 | Igor Novgorodov (1): |
| | 309 | The code blocks enabled by ENABLE_CLIENT_CR depends on management |
| | 310 | |
| | 311 | James Yonan (57): |
| | 312 | Added "management-external-key" option. |
| | 313 | Minor addition of logging info before and after execution of Windows net commands. |
| | 314 | Misc fixes to r6708. |
| | 315 | Added --x509-track option. |
| | 316 | * added --management-up-down option to allow management interface to be notified of tunnel up/down events. |
| | 317 | Fixed minor compile issue triggered on builds where MANAGEMENT_DEF_AUTH is not enabled. |
| | 318 | Implemented get_default_gateway_mac_addr for Mac OS X |
| | 319 | Fixes to r6925. |
| | 320 | Properly handle certificate serial numbers > 32 bits. |
| | 321 | Added "client-nat" option for stateless, one-to-one NAT on the client side. |
| | 322 | Renamed branch to reflect that it is no longer beta. |
| | 323 | env_filter_match now includes the serial number of all certs |
| | 324 | Fixed issue where a client might receive multiple push replies from a server |
| | 325 | Fixed bug introduced in r7031 that might cause this error message: |
| | 326 | Extended "client-kill" management interface command (server-side) |
| | 327 | Client will now try to reconnect if no push reply received within handshake-window seconds. |
| | 328 | Version 2.1.3n |
| | 329 | Fixed compiling issues when using --disable-crypto |
| | 330 | Added "management-external-key" option. |
| | 331 | Misc fixes to r6708. |
| | 332 | win/sign.py now accepts an optional tap-dir argument. |
| | 333 | Added "auth-token" client directive |
| | 334 | Added ./configure --enable-osxipconfig option for Mac OS X |
| | 335 | Added more packet ID debug info at debug level 3 for debugging false positive packet replays. |
| | 336 | Fixed bug that incorrectly placed stricter TCP packet replay rules on UDP sessions |
| | 337 | Fixed bug in port-share that could cause port share process to crash |
| | 338 | For Mac OSX, when DARWIN_USE_IPCONFIG is defined, retry ipconfig command on failure |
| | 339 | Version 2.1.3t |
| | 340 | Revert r7092 and r7151, i.e. remove --enable-osxipconfig configure option. |
| | 341 | Added 'dir' flag to "crl-verify" (see man page for info). |
| | 342 | Added new "extra-certs" and "verify-hash" options |
| | 343 | Fixed compile issues on Windows. |
| | 344 | Added --enable-lzo-stub configure option to build an OpenVPN client without LZO |
| | 345 | Added optional journal directory argument to "port-share" directive |
| | 346 | Reduce log verbosity at level 3, with a focus on removing excessive log verbosity generated by port-share activity. |
| | 347 | env_filter_match now includes the serial number of all certs in chain |
| | 348 | Added support for static challenge/response protocol. |
| | 349 | r7316 fixes. |
| | 350 | Added redirect-gateway block-local flag, with support for Linux, Mac OS X |
| | 351 | Extended x509-track to allow SHA1 certificate hash to be extracted |
| | 352 | Added "management-query-remote" directive (client) to allow the management interface to override the "remote" directive. |
| | 353 | Version 2.1.5. |
| | 354 | Fixed MSVC compile error related to r7408. |
| | 355 | Redact "echo" directive strings from log, since these strings (going forward) could conceivably contain security-sensitive data. |
| | 356 | Modified sanitize_control_message to remove redacted data from control string rather than blotting it out with "_" chars. |
| | 357 | Changed CC_PRINT character class to allow UTF-8 chars. |
| | 358 | Increased the --verb threshold for "PID_ERR replay" messages to 4 from 3. |
| | 359 | Fixed issue where redirect-gateway block-local code was not correctly calculating... |
| | 360 | CC_PRINT character class now allows any 8-bit character value >= 32. |
| | 361 | "status" management interface command (version >= 2) will now include the username for each connected user. |
| | 362 | Minor fix to CC_PRINT char class |
| | 363 | Fixed management interface bug where >FATAL notifications were not being output properly |
| | 364 | Raised D_PID_DEBUG_LOW from level 3 to 4 to reduce replay error verbosity at level 3. |
| | 365 | Added "memstats" option to maintain real-time operating stats in a memory-mapped file. |
| | 366 | Fixed client issues with DHCP Router option extraction/deletion when using layer 2 with DHCP proxy: |
| | 367 | Allow "tap-win32 dynamic <offset>" to be used in topology subnet mode. |
| | 368 | Added support for "on-link" routes on Linux client |
| | 369 | |
| | 370 | Jan Just Keijser (1): |
| | 371 | Made some options connection-entry specific |
| | 372 | |
| | 373 | Joe Patterson (1): |
| | 374 | common_name passing in auth_pam plugin |
| | 375 | |
| | 376 | JuanJo Ciarlante (40): |
| | 377 | * rebased openvpn-2.1_rc1b.jjo.20061206.d.patch |
| | 378 | * created getaddr6(), use it from resolve_remote() |
| | 379 | * migrated all getaddrinfo() to getaddr6 |
| | 380 | * socket.c: use USE_PF_INET6 in switch constructs to actually toss them out, |
| | 381 | * support --disable-ipv6 build properly: |
| | 382 | * important fix for tcp6 reconnection was incorrectly creating a PF_INET socket |
| | 383 | * added README.ipv6.txt |
| | 384 | * fixed win32 non-ipv6 build |
| | 385 | * ipv6 on win32 "milestone": 1st snapshot that passes all unittests |
| | 386 | * document ipv6 milestone status |
| | 387 | * doc update w/unittests results |
| | 388 | * make possible to x-compile openvpn/win32 in Linux |
| | 389 | * correctly setup hints.ai_socktype for getaddrinfo(), althought sorta hacky, see TODO.ipv6. |
| | 390 | * renamed README.ipv6{.txt,} |
| | 391 | * updated {README,TODO}.ipv6 from feedback at openvpn-devel mlist |
| | 392 | * init.c: document the ENABLE_MANAGEMENT place to work on |
| | 393 | * init.c: small in-doc tweaks |
| | 394 | * fix multi-tcp crash (corrected assertion) |
| | 395 | * TODO.ipv6 update |
| | 396 | * socket.c: better buf logic in print_sockaddr_ex |
| | 397 | * fixed segfault for undef address family in print_sockaddr_ex (thanks Marcel!) |
| | 398 | * doc updates |
| | 399 | * openbsd: no IFF_MULTICAST, #ifdef around it |
| | 400 | * no new funcionality, just small cleanups |
| | 401 | * (prototype) fix for supporting "redirect-gateway" for tunneled ipv4 over ipv6 endpoints |
| | 402 | * polished redirect-gateway (ipv4 on ipv6 endpoints) support |
| | 403 | * updated doc |
| | 404 | * fix --disable-ipv6 build |
| | 405 | * doc updates |
| | 406 | * rebased to v2.1.1 release |
| | 407 | * undo mroute.c changes related to ipv6 payload |
| | 408 | * fix --multihome for ipv4 |
| | 409 | * fix --multihome for ipv6 |
| | 410 | * ipv6-0.4.14: fix xinetd usage |
| | 411 | * ipv6-0.4.15: add --multihome support to xBSD |
| | 412 | * ipv6-0.4.15b: rebase over openvpn-testing-master |
| | 413 | * ipv6-0.4.16: fix mingw32 build |
| | 414 | * make ipv6_payload compile under windowze |
| | 415 | USE_PF_INET6 by default for v2.3 |
| | 416 | fix ipv6 compilation under macosx >= 1070 - v3 |
| | 417 | |
| | 418 | Markus Koetter (1): |
| | 419 | Add extv3 X509 field support to --x509-username-field |
| | 420 | |
| | 421 | Matthew L. Creech (1): |
| | 422 | Fix 2.2.0 build failure when management interface disabled |
| | 423 | |
| | 424 | Matthias Andree (1): |
| | 425 | Skip rather than fail test in addressless FreeBSD jails. |
| | 426 | |
| | 427 | Robert Fischer (8): |
| | 428 | Update man page with info about --capath |
| | 429 | Update man page with info about --connect-timeout |
| | 430 | Added info about --show-proxy-settings |
| | 431 | Documented --x509-username-field option |
| | 432 | Documented --errors-to-stderr option |
| | 433 | Documented --push-peer-info option |
| | 434 | Update man page with info about --remote-random-hostname |
| | 435 | Added man page entry for --management-client |
| | 436 | |
| | 437 | Samuli Seppänen (19): |
| | 438 | Add man page entry for --redirect-private |
| | 439 | Change all CRLF linefeeds to LF linefeeds |
| | 440 | Fix a bug in devcon source code handling |
| | 441 | Removed Win2k from supported platforms list in INSTALL and win/openvpn.nsi |
| | 442 | Fixed copying of tapinstall.exe to dist/bin when using prebuilt TAP-drivers |
| | 443 | Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier |
| | 444 | Fix a build-ca issue on Windows |
| | 445 | Add new openssl.cnf to easy-rsa/Windows |
| | 446 | Updated "easy-rsa" for OpenSSL 1.0.0 |
| | 447 | Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf |
| | 448 | Fixes to easy-rsa/2.0 |
| | 449 | Merged TODO.IPv6 with TODO.ipv6 and README.IPv6 with README.ipv6 |
| | 450 | Fixed a number of fatal build errors on Visual Studio 2008 |
| | 451 | Fix a Visual Studio 2008 build issue in socket.c |
| | 452 | Additional Visual Studio 2008 build fixes to tun.c |
| | 453 | Fixed a typo in win32.h that prevented building with Visual Studio |
| | 454 | Fixed a regression causing VS2008/Python build failure |
| | 455 | Fix a Visual Studio 2008 build error in tun.c |
| | 456 | Fix a Visual Studio 2008 build error in options.c |
| | 457 | |
| | 458 | Simon Matter (1): |
| | 459 | Fix issues with some older GCC compilers |
| | 460 | |
| | 461 | Stefan Hellermann (2): |
| | 462 | plugin.h: update prototype of plugin_call dummy in !ENABLE_PLUGIN case |
| | 463 | Fixed typo in plugin.h |
| | 464 | |
| | 465 | chantra (1): |
| | 466 | Clarify --tmp-dir option |
| | 467 | |
| | 468 | smos (1): |
| | 469 | Change the netsh.exe command from "add" to "set". |
| | 470 | }}} |
