Commit 19eab1fe authored by Alberto Gonzalez Iniesta's avatar Alberto Gonzalez Iniesta

Merge tag 'upstream/2.3.10'

Upstream version 2.3.10
parents 35807e56 9653b1bf
OpenVPN Change Log
Copyright (C) 2002-2015 OpenVPN Technologies, Inc. <sales@openvpn.net>
2016.01.04 -- Version 2.3.10
Gert Doering (1):
Prepare for v2.3.10 release, list PolarSSL 1.2 to 1.3 upgrade
Jan Just Keijser (1):
Make certificate expiry warning patch (091edd8e299686) work on OpenSSL 1.0.1 and earlier.
Lev Stipakov (1):
Repair IPv6 netsh calls if Win XP is detected
Phillip Smith (1):
Use bob.example.com and alice.example.com to improve clarity of documentation
Steffan Karger (6):
Remove unused variables from ssl_verify_polarssl.c's x509_get_serial()
Upgrade OpenVPN 2.3 to PolarSSL 1.3
Warn user if their certificate has expired
Make assert_failed() print the failed condition
cleanup: get rid of httpdigest.c type warnings
Fix regression in setups without a client certificate
Yegor Yefremov (1):
polarssl: fix unreachable code
2015.12.15 -- Version 2.3.9
Arne Schwabe (7):
Show extra-certs in current parameters.
Fix commit a3160fc1bd7368395745b9cee6e40fb819f5564c
Do not set the buffer size by default but rely on the operation system default.
Remove --enable-password-save option
Reflect enable-password-save change in documentation
Also remove second instance of enable-password-save in the man page
Detect config lines that are too long and give a warning/error
Boris Lytochkin (1):
Log serial number of revoked certificate
Christos Trochalakis (1):
Adjust server-ipv6 documentation
David Sommerseth (1):
Avoid partial authentication state when using --disabled in CCD configs
Fish (1):
Make "block-outside-dns" option platform agnostic
Gert Doering (7):
Un-break --auth-user-pass on windows
Replace unaligned 16bit access to TCP MSS value with bytewise access
Repair test_local_addr() on WIN32
Fix possible heap overflow on read accessing getaddrinfo() result.
Fix FreeBSD-specific mishandling of gc arena pointer in create_arbitrary_remote()
remove unused gc_arena in FreeBSD close_tun()
Fix isatty() check for good.
Heiko Hund (1):
put virtual IPv6 addresses into env
Lev Stipakov (5):
Use adapter index instead of name for windows IPv6 interface config
Client-side part for server restart notification
Use adapter index for add/delete_route_ipv6
Pass adapter index to up/down scripts
Fix VS2013 compilation
Lukasz Kutyla (1):
Fix privilege drop if first connection attempt fails
Michal Ludvig (1):
Support for username-only auth file.
Samuli Seppänen (2):
Add CONTRIBUTING.rst
Updates to Changes.rst
Selva Nair (4):
Fix termination when windows suspends/sleeps
Do not hard-code windows systemroot in env_block
Handle ctrl-C and ctrl-break events on Windows
Unbreak read username password from management
Steffan Karger (11):
Replace strdup() calls for string_alloc() calls
Check return value of ms_error_text()
Increase control channel packet size for faster handshakes
hardening: add insurance to exit on a failed ASSERT()
Fix memory leak in auth-pam plugin
Fix (potential) memory leak in init_route_list()
Fix unintialized variable in plugin_vlog()
Add macro to ensure we exit on fatal errors
Fix memory leak in add_option() by simplifying get_ipv6_addr
openssl: properly check return value of RAND_bytes()
Fix rand_bytes return value checking
ValdikSS (1):
Add Windows DNS Leak fix using WFP ('block-outside-dns')
janjust (1):
Fix "White space before end tags can break the config parser"
2015.08.03 -- Version 2.3.8
Arne Schwabe (2):
Report missing endtags of inline files as warnings
......
......@@ -7,7 +7,7 @@ To Build and Install,
make
make install
This version depends on PolarSSL 1.2 (and requires at least 1.2.10).
This version depends on PolarSSL 1.3 (and requires at least 1.3.8).
*************************************************************************
......
......@@ -45,6 +45,7 @@
#define HAVE_SYS_STAT_H 1
#define HAVE_LZO_LZO1X_H 1
#define HAVE_LZO_LZOUTIL_H 1
#define HAVE_VERSIONHELPERS_H 1
#define HAVE_ACCESS 1
#define HAVE_CHDIR 1
......
......@@ -66,9 +66,6 @@
/* Enable OFB and CFB cipher modes */
#undef ENABLE_OFB_CFB_MODE
/* Allow --askpass and --auth-user-pass passwords to be read from a file */
#undef ENABLE_PASSWORD_SAVE
/* Enable internal packet filter */
#undef ENABLE_PF
......@@ -538,6 +535,9 @@
/* Define to 1 if you have the `unlink' function. */
#undef HAVE_UNLINK
/* Define to 1 if you have the <versionhelpers.h> header file. */
#undef HAVE_VERSIONHELPERS_H
/* Define to 1 if you have the `vfork' function. */
#undef HAVE_VFORK
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for OpenVPN 2.3.8.
# Generated by GNU Autoconf 2.69 for OpenVPN 2.3.10.
#
# Report bugs to <openvpn-users@lists.sourceforge.net>.
#
......@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='OpenVPN'
PACKAGE_TARNAME='openvpn'
PACKAGE_VERSION='2.3.8'
PACKAGE_STRING='OpenVPN 2.3.8'
PACKAGE_VERSION='2.3.10'
PACKAGE_STRING='OpenVPN 2.3.10'
PACKAGE_BUGREPORT='openvpn-users@lists.sourceforge.net'
PACKAGE_URL=''
......@@ -827,7 +827,6 @@ enable_multihome
enable_port_share
enable_debug
enable_small
enable_password_save
enable_iproute2
enable_def_auth
enable_pf
......@@ -1427,7 +1426,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures OpenVPN 2.3.8 to adapt to many kinds of systems.
\`configure' configures OpenVPN 2.3.10 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1497,7 +1496,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of OpenVPN 2.3.8:";;
short | recursive ) echo "Configuration of OpenVPN 2.3.10:";;
esac
cat <<\_ACEOF
......@@ -1542,8 +1541,6 @@ Optional Features:
7+ messages) [default=yes]
--enable-small enable smaller executable size (disable OCC, usage
message, and verb 4 parm list) [default=no]
--enable-password-save allow --askpass and --auth-user-pass passwords to be
read from a file [default=no]
--enable-iproute2 enable support for iproute2 [default=no]
--disable-def-auth disable deferred authentication [default=yes]
--disable-pf disable internal packet filter [default=yes]
......@@ -1701,7 +1698,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
OpenVPN configure 2.3.8
OpenVPN configure 2.3.10
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
......@@ -2483,7 +2480,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenVPN $as_me 2.3.8, which was
It was created by OpenVPN $as_me 2.3.10, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
......@@ -2847,7 +2844,7 @@ if test -z "${htmldir}"; then
fi
$as_echo "#define OPENVPN_VERSION_RESOURCE 2,3,8,0" >>confdefs.h
$as_echo "#define OPENVPN_VERSION_RESOURCE 2,3,10,0" >>confdefs.h
ac_aux_dir=
......@@ -3371,7 +3368,7 @@ fi
# Define the identity of the package.
PACKAGE='openvpn'
VERSION='2.3.8'
VERSION='2.3.10'
cat >>confdefs.h <<_ACEOF
......@@ -5194,15 +5191,6 @@ else
fi
# Check whether --enable-password-save was given.
if test "${enable_password_save+set}" = set; then :
enableval=$enable_password_save;
else
enable_password_save="no"
fi
# Check whether --enable-iproute2 was given.
if test "${enable_iproute2+set}" = set; then :
enableval=$enable_iproute2;
......@@ -14399,6 +14387,7 @@ for ac_header in \
netinet/in.h netinet/in_systm.h \
netinet/tcp.h arpa/inet.h netdb.h \
windows.h winsock2.h ws2tcpip.h \
versionhelpers.h \
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
......@@ -16185,7 +16174,7 @@ int
main ()
{
#if POLARSSL_VERSION_NUMBER < 0x01020A00 || POLARSSL_VERSION_NUMBER >= 0x01030000
#if POLARSSL_VERSION_NUMBER < 0x01030800 || POLARSSL_VERSION_NUMBER >= 0x01040000
#error invalid version
#endif
......@@ -16198,7 +16187,7 @@ if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
$as_echo "ok" >&6; }
else
as_fn_error $? "PolarSSL 1.2.x required and must be 1.2.10 or later" "$LINENO" 5
as_fn_error $? "PolarSSL 1.3.x required and must be 1.3.8 or later" "$LINENO" 5
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
......@@ -16786,9 +16775,6 @@ $as_echo "#define ENABLE_PF 1" >>confdefs.h
test "${enable_strict_options}" = "yes" &&
$as_echo "#define ENABLE_STRICT_OPTIONS_CHECK 1" >>confdefs.h
test "${enable_password_save}" = "yes" &&
$as_echo "#define ENABLE_PASSWORD_SAVE 1" >>confdefs.h
case "${with_crypto_library}" in
openssl)
......@@ -17630,7 +17616,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by OpenVPN $as_me 2.3.8, which was
This file was extended by OpenVPN $as_me 2.3.10, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -17696,7 +17682,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
OpenVPN config.status 2.3.8
OpenVPN config.status 2.3.10
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
......
......@@ -179,13 +179,6 @@ AC_ARG_ENABLE(
[enable_small="no"]
)
AC_ARG_ENABLE(
[password-save],
[AS_HELP_STRING([--enable-password-save], [allow --askpass and --auth-user-pass passwords to be read from a file @<:@default=no@:>@])],
,
[enable_password_save="no"]
)
AC_ARG_ENABLE(
[iproute2],
[AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
......@@ -430,6 +423,7 @@ AC_CHECK_HEADERS([ \
netinet/in.h netinet/in_systm.h \
netinet/tcp.h arpa/inet.h netdb.h \
windows.h winsock2.h ws2tcpip.h \
versionhelpers.h \
])
AC_CHECK_HEADERS([ \
sys/time.h sys/ioctl.h sys/stat.h \
......@@ -832,13 +826,13 @@ if test "${with_crypto_library}" = "polarssl" ; then
#include <polarssl/version.h>
]],
[[
#if POLARSSL_VERSION_NUMBER < 0x01020A00 || POLARSSL_VERSION_NUMBER >= 0x01030000
#if POLARSSL_VERSION_NUMBER < 0x01030800 || POLARSSL_VERSION_NUMBER >= 0x01040000
#error invalid version
#endif
]]
)],
[AC_MSG_RESULT([ok])],
[AC_MSG_ERROR([PolarSSL 1.2.x required and must be 1.2.10 or later])]
[AC_MSG_ERROR([PolarSSL 1.3.x required and must be 1.3.8 or later])]
)
polarssl_with_pkcs11="no"
......@@ -977,7 +971,6 @@ test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enab
test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable deferred authentication])
test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file])
case "${with_crypto_library}" in
openssl)
......
......@@ -13,7 +13,7 @@
Summary: OpenVPN is a robust and highly flexible VPN daemon by James Yonan.
Name: openvpn
Version: 2.3.8
Version: 2.3.10
Release: 1
URL: http://openvpn.net/
Source0: http://prdownloads.sourceforge.net/openvpn/%{name}-%{version}.tar.gz
......
......@@ -1119,8 +1119,8 @@ When used with
.B \-\-client
or
.B \-\-pull,
accept options pushed by server EXCEPT for routes and dhcp options
like DNS servers.
accept options pushed by server EXCEPT for routes, block-outside-dns and dhcp
options like DNS servers.
When used on the client, this option effectively bars the
server from adding routes to the client's routing table,
......@@ -1412,12 +1412,12 @@ connection problems) with the following options:
.TP
.B \-\-sndbuf size
Set the TCP/UDP socket send buffer size.
Currently defaults to 65536 bytes.
Defaults to operation system default.
.\"*********************************************************
.TP
.B \-\-rcvbuf size
Set the TCP/UDP socket receive buffer size.
Currently defaults to 65536 bytes.
Defaults to operation system default.
.\"*********************************************************
.TP
.B \-\-mark value
......@@ -3683,10 +3683,8 @@ over the client's routing table.
.B \-\-auth\-user\-pass [up]
Authenticate with server using username/password.
.B up
is a file containing username/password on 2 lines (Note: OpenVPN
will only read passwords from a file if it has been built
with the \-\-enable\-password\-save configure option, or on Windows
by defining ENABLE_PASSWORD_SAVE in win/settings.in).
is a file containing username/password on 2 lines. If the
password line is missing, OpenVPN will prompt for one.
If
.B up
......@@ -4775,10 +4773,7 @@ is specified, read the password from the first line of
.B file.
Keep in mind that storing your password in a file
to a certain extent invalidates the extra security provided by
using an encrypted key (Note: OpenVPN
will only read passwords from a file if it has been built
with the \-\-enable\-password\-save configure option, or on Windows
by defining ENABLE_PASSWORD_SAVE in win/settings.in).
using an encrypted key.
.\"*********************************************************
.TP
.B \-\-auth\-nocache
......@@ -5453,6 +5448,14 @@ adapter list to the syslog or log file after the TUN/TAP adapter
has been brought up and any routes have been added.
.\"*********************************************************
.TP
.B \-\-block\-outside\-dns
Block DNS servers on other network adapters to prevent
DNS leaks. This option prevents any application from accessing
TCP or UDP port 53 except one inside the tunnel. It uses
Windows Filtering Platform (WFP) and works on Windows Vista or
later.
.\"*********************************************************
.TP
.B \-\-dhcp\-renew
Ask Windows to renew the TAP adapter lease on startup.
This option is normally unnecessary, as Windows automatically
......@@ -5818,6 +5821,17 @@ or
script execution.
.\"*********************************************************
.TP
.B dev_idx
On Windows, the device index of the TUN/TAP adapter (to
be used in netsh.exe calls which sometimes just do not work
right with interface names).
Set prior to
.B \-\-up
or
.B \-\-down
script execution.
.\"*********************************************************
.TP
.B foreign_option_{n}
An option pushed via
.B \-\-push
......@@ -6454,13 +6468,13 @@ for use with OpenVPN.
.SS VPN Address Setup:
For purposes
of our example, our two machines will be called
.B may.kg
.B bob.example.com
and
.B june.kg.
.B alice.example.com.
If you are constructing a VPN over the internet, then replace
.B may.kg
.B bob.example.com
and
.B june.kg
.B alice.example.com
with the internet hostname or IP address that each machine will use
to contact the other over the internet.
......@@ -6468,8 +6482,8 @@ Now we will choose the tunnel endpoints. Tunnel endpoints are
private IP addresses that only have meaning in the context of
the VPN. Each machine will use the tunnel endpoint of the other
machine to access it over the VPN. In our example,
the tunnel endpoint for may.kg
will be 10.4.0.1 and for june.kg, 10.4.0.2.
the tunnel endpoint for bob.example.com
will be 10.4.0.1 and for alice.example.com, 10.4.0.2.
Once the VPN is established, you have essentially
created a secure alternate path between the two hosts
......@@ -6478,16 +6492,16 @@ control which network
traffic passes between the hosts
(a) over the VPN or (b) independently of the VPN, by choosing whether to use
(a) the VPN endpoint address or (b) the public internet address,
to access the remote host. For example if you are on may.kg and you wish to connect to june.kg
to access the remote host. For example if you are on bob.example.com and you wish to connect to alice.example.com
via
.B ssh
without using the VPN (since
.B ssh
has its own built-in security) you would use the command
.B ssh june.kg.
.B ssh alice.example.com.
However in the same scenario, you could also use the command
.B telnet 10.4.0.2
to create a telnet session with june.kg over the VPN, that would
to create a telnet session with alice.example.com over the VPN, that would
use the VPN to secure the session rather than
.B ssh.
......@@ -6502,21 +6516,21 @@ you will get a weird feedback loop.
.\"*********************************************************
.SS Example 1: A simple tunnel without security
.LP
On may:
On bob:
.IP
.B openvpn \-\-remote june.kg \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-verb 9
.B openvpn \-\-remote alice.example.com \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-verb 9
.LP
On june:
On alice:
.IP
.B openvpn \-\-remote may.kg \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-verb 9
.B openvpn \-\-remote bob.example.com \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-verb 9
.LP
Now verify the tunnel is working by pinging across the tunnel.
.LP
On may:
On bob:
.IP
.B ping 10.4.0.2
.LP
On june:
On alice:
.IP
.B ping 10.4.0.1
.LP
......@@ -6529,7 +6543,7 @@ program. Omit the
option to have OpenVPN run quietly.
.\"*********************************************************
.SS Example 2: A tunnel with static-key security (i.e. using a pre-shared secret)
First build a static key on may.
First build a static key on bob.
.IP
.B openvpn \-\-genkey \-\-secret key
.LP
......@@ -6538,39 +6552,39 @@ This command will build a random key file called
(in ascii format).
Now copy
.B key
to june over a secure medium such as by
to alice over a secure medium such as by
using the
.BR scp (1)
program.
.LP
On may:
On bob:
.IP
.B openvpn \-\-remote june.kg \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-verb 5 \-\-secret key
.B openvpn \-\-remote alice.example.com \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-verb 5 \-\-secret key
.LP
On june:
On alice:
.IP
.B openvpn \-\-remote may.kg \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-verb 5 \-\-secret key
.B openvpn \-\-remote bob.example.com \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-verb 5 \-\-secret key
.LP
Now verify the tunnel is working by pinging across the tunnel.
.LP
On may:
On bob:
.IP
.B ping 10.4.0.2
.LP
On june:
On alice:
.IP
.B ping 10.4.0.1
.\"*********************************************************
.SS Example 3: A tunnel with full TLS-based security
For this test, we will designate
.B may
.B bob
as the TLS client and
.B june
.B alice
as the TLS server.
.I Note that client or server designation only has meaning for the TLS subsystem. It has no bearing on OpenVPN's peer-to-peer, UDP-based communication model.
First, build a separate certificate/key pair
for both may and june (see above where
for both bob and alice (see above where
.B \-\-cert
is discussed for more info). Then construct
Diffie Hellman parameters (see above where
......@@ -6585,21 +6599,21 @@ client.crt and server.crt. For Diffie Hellman
parameters you can use the included file dh1024.pem.
.I Note that all client, server, and certificate authority certificates and keys included in the OpenVPN distribution are totally insecure and should be used for testing only.
.LP
On may:
On bob:
.IP
.B openvpn \-\-remote june.kg \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-tls\-client \-\-ca ca.crt \-\-cert client.crt \-\-key client.key \-\-reneg\-sec 60 \-\-verb 5
.B openvpn \-\-remote alice.example.com \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-tls\-client \-\-ca ca.crt \-\-cert client.crt \-\-key client.key \-\-reneg\-sec 60 \-\-verb 5
.LP
On june:
On alice:
.IP
.B openvpn \-\-remote may.kg \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-tls\-server \-\-dh dh1024.pem \-\-ca ca.crt \-\-cert server.crt \-\-key server.key \-\-reneg\-sec 60 \-\-verb 5
.B openvpn \-\-remote bob.example.com \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-tls\-server \-\-dh dh1024.pem \-\-ca ca.crt \-\-cert server.crt \-\-key server.key \-\-reneg\-sec 60 \-\-verb 5
.LP
Now verify the tunnel is working by pinging across the tunnel.
.LP
On may:
On bob:
.IP
.B ping 10.4.0.2
.LP
On june:
On alice:
.IP
.B ping 10.4.0.1
.LP
......@@ -6619,12 +6633,12 @@ option to use OpenVPN's default key renegotiation interval of one hour.
.SS Routing:
Assuming you can ping across the tunnel,
the next step is to route a real subnet over
the secure tunnel. Suppose that may and june have two network
the secure tunnel. Suppose that bob and alice have two network
interfaces each, one connected
to the internet, and the other to a private
network. Our goal is to securely connect
both private networks. We will assume that may's private subnet
is 10.0.0.0/24 and june's is 10.0.1.0/24.
both private networks. We will assume that bob's private subnet
is 10.0.0.0/24 and alice's is 10.0.1.0/24.
.LP
First, ensure that IP forwarding is enabled on both peers.
On Linux, enable routing:
......@@ -6635,11 +6649,11 @@ and enable TUN packet forwarding through the firewall:
.IP
.B iptables \-A FORWARD \-i tun+ \-j ACCEPT
.LP
On may:
On bob:
.IP
.B route add \-net 10.0.1.0 netmask 255.255.255.0 gw 10.4.0.2
.LP
On june:
On alice:
.IP
.B route add \-net 10.0.0.0 netmask 255.255.255.0 gw 10.4.0.1
.LP
......
......@@ -29,10 +29,10 @@
#ifdef ENABLE_SSL
#ifdef ENABLE_CRYPTO_POLARSSL
#include <polarssl/x509.h>
#include <polarssl/x509_crt.h>
#ifndef __OPENVPN_X509_CERT_T_DECLARED
#define __OPENVPN_X509_CERT_T_DECLARED
typedef x509_cert openvpn_x509_cert_t;
typedef x509_crt openvpn_x509_cert_t;
#endif
#else
#include <openssl/x509.h>
......
......@@ -26,4 +26,5 @@ libcompat_la_SOURCES = \
compat-gettimeofday.c \
compat-daemon.c \
compat-inet_ntop.c \
compat-inet_pton.c
compat-inet_pton.c \
compat-versionhelpers.h
......@@ -355,7 +355,8 @@ libcompat_la_SOURCES = \
compat-gettimeofday.c \
compat-daemon.c \
compat-inet_ntop.c \
compat-inet_pton.c
compat-inet_pton.c \
compat-versionhelpers.h
all: all-am
......
/**
* This file is part of the mingw-w64 runtime package.
* No warranty is given; refer to the file DISCLAIMER within this package.
*/
#ifndef _INC_VERSIONHELPERS
#define _INC_VERSIONHELPERS
#include <winapifamily.h>
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) && !defined(__WIDL__)
#ifdef __cplusplus
#define VERSIONHELPERAPI inline bool
#else
#define VERSIONHELPERAPI FORCEINLINE BOOL
#endif
#define _WIN32_WINNT_WINBLUE 0x0603
VERSIONHELPERAPI IsWindowsVersionOrGreater(WORD major, WORD minor, WORD servpack)
{
OSVERSIONINFOEXW vi = {sizeof(vi),major,minor,0,0,{0},servpack};
return VerifyVersionInfoW(&vi, VER_MAJORVERSION|VER_MINORVERSION|VER_SERVICEPACKMAJOR,
VerSetConditionMask(VerSetConditionMask(VerSetConditionMask(0,
VER_MAJORVERSION,VER_GREATER_EQUAL),
VER_MINORVERSION,VER_GREATER_EQUAL),
VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL));
}
VERSIONHELPERAPI IsWindowsXPOrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 0);
}
VERSIONHELPERAPI IsWindowsXPSP1OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 1);
}
VERSIONHELPERAPI IsWindowsXPSP2OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 2);
}
VERSIONHELPERAPI IsWindowsXPSP3OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINXP), LOBYTE(_WIN32_WINNT_WINXP), 3);
}
VERSIONHELPERAPI IsWindowsVistaOrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 0);
}
VERSIONHELPERAPI IsWindowsVistaSP1OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 1);
}
VERSIONHELPERAPI IsWindowsVistaSP2OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA), 2);
}
VERSIONHELPERAPI IsWindows7OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 0);
}
VERSIONHELPERAPI IsWindows7SP1OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 1);
}
VERSIONHELPERAPI IsWindows8OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN8), LOBYTE(_WIN32_WINNT_WIN8), 0);
}
VERSIONHELPERAPI IsWindows8Point1OrGreater(void) {
return IsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WINBLUE), LOBYTE(_WIN32_WINNT_WINBLUE), 0);
}
VERSIONHELPERAPI IsWindowsServer(void) {
OSVERSIONINFOEXW vi = {sizeof(vi),0,0,0,0,{0},0,0,0,VER_NT_WORKSTATION};
return !VerifyVersionInfoW(&vi, VER_PRODUCT_TYPE, VerSetConditionMask(0, VER_PRODUCT_TYPE, VER_EQUAL));
}
#endif
#endif
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
......@@ -20,10 +20,12 @@
<ConfigurationType>StaticLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
<PlatformToolset>v120</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">