Revisions of openvpn
autobuild
accepted
request 34608
from
Marius Tomaschewski (mtomaschewski)
(revision 9)
checked in (request 34608)
Marius Tomaschewski (mtomaschewski)
committed
(revision 8)
- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:
* Fixed a couple issues in sample plugins auth-pam.c and
down-root.c.
(1) Fail gracefully rather than segfault if calloc returns NULL.
(2) The openvpn_plugin_abort_v1 function can potentially be
called with handle == NULL. Add code to detect this case,
and if so, avoid dereferencing pointers derived from handle
(Thanks to David Sommerseth for finding this bug).
* Documented "multihome" option in the man page.
* Added a hard failure when peer provides a certificate chain
with depth > 16. Previously, a warning was issued.
* Added additional session renegotiation hardening. OpenVPN has
always required that mid-session renegotiations build up a new
SSL/TLS session from scratch. While the client certificate
common name is already locked against changes in mid-session
TLS renegotiations, we now extend this locking to the
auth-user-pass username as well as all certificate content in
the full client certificate chain.
- Improved openvpn init script adding messages giving a hint about
pid write failure and to look into the log messages (bnc#559041).
- Added -fno-strict-aliasing to compile flags in the spec file.
Marius Tomaschewski (mtomaschewski)
committed
(revision 5)
- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and
option handling provided by the from server (bnc#552440).
For complete list of changes, see ChangeLog file, here just
the IMO most important:
* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using
the redirect-gateway option by itself, without any extra
parameters, would cause the option to be ignored.
* Optimized PUSH_REQUEST handshake sequence to shave several
seconds off of a typical client connection initiation.
* The maximum number of "route" directives (specified in the
config file or pulled from a server) can now be configured
via the new "max-routes" directive.
* Eliminated the limitation on the number of options that can
be pushed to clients, including routes. Previously, all
pushed options needed to fit within a 1024 byte options
string.
* Added --server-poll-timeout option : when polling possible
remote servers to connect to in a round-robin fashion,
spend no more than n seconds waiting for a response before
trying the next server.
* Added the ability for the server to provide a custom reason
string when an AUTH_FAILED message is returned to the client.
This string can be set by the server-side managment interface
and read by the client-side management interface.
* client-kill management interface command, when issued on server,
will now send a RESTART message to client. This feature is
intended to make UDP clients respond the same as TCP clients
in the case where the server issues a RESTART message in order
to force the client to reconnect and pull a new options/route
list.
Marius Tomaschewski (mtomaschewski)
committed
(revision 4)
- FIXME: Updated to openvpn 2.1 [2.1_rc20]
Marius Tomaschewski (mtomaschewski)
committed
(revision 2)
- Added network-remotefs to init script dependencies (bnc#522279).
Marius Tomaschewski (mtomaschewski)
committed
(revision 1)
osc copypac from project:network package:openvpn revision:1
Displaying revisions 201 - 209 of 209
