This looked like...
--server-poll-timeout n
--connect-timeout n when connecting to [...]
... and this patch changes this to...
--server-poll-timeout n, --connect-timeout n
When connecting to [...]
... preserving correct highlighting.
Signed-off-by: Christian Hesse <mail@eworm.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161228075420.348-1-list@eworm.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13747.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Also make sure --dhcp-pre-release results in not just dhcp_release()
in open_tun() but a subsequent dhcp_renew() as well. Else dhcp transaction
gets aborted as this call to release() happens after the adapter status
is changed to connected.
Fixes Trac #807 (but can't say the same for Trac #665 without knowing
how to reproduce it)
v2: Mark --dhcp-release as obsolete in manpage and option parser, and
remove the unused dhcp_release variable.
Enforce dhcp-renew with dhcp-pre-release while parsing the option
instead of in open_tun().
Trac: #807
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1483475883-17450-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13814.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The --no-iv option was deprecated in OpenVPN 2.4 (commit 4969f0d6),
and promised to be remove in 2.5. This patch fulfills that promise.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1483362584-28452-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13798.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
When compiling with --disable-crypto, openvpn would crash on --help as
commit 5d429efd97 introduce and extra %d into the "usage_message" string
but forgot to add it to the #ifndef ENABLE_CRYPTO fprintf() call.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <9d41f9dd-a587-5c1e-2e0d-ebb6c921f4ae@yahoo.no>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13808.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
We will likely refer many people to the Changes.rst file once we've
released 2.4. This commits tries to polish the language a bit, and
adds two real changes:
- Remove duplicate mention of the changes --tls-cipher defaults
- Move the 'redirect-gateway' behavioural change from 'features' to
'behavioural changes'.
v2 - On the fly commit changes, based on comments from Selva Nair.
DS also added a few minor corrections on top of that.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1482779743-9548-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13732.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
This is no longer needed, as anything 2.4 or later is known to have
this functionality, and IV_VER can be used to detect this on the server.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161225105919.25792-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13706.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
As suggested by krzee in trac #790, refer to the --tls-crypt option
form the --tls-auth section of the man page, to encourage users to
check out the --tls-crypt feature.
Trac: #790
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1482703334-18949-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13713.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Ever since we support TLS 1.2 (OpenVPN 2.3.3+), the RSA_SIGN might not
only request MD5-SHA1 'TLS signatures', but also other variants.
Document this by updating the implementation hints, and explicitly
stating that we expect a PKCS#1 1.5 signature.
Trac: #764
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1482705505-20302-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13714.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
The git master/2.4 code lacked some useful information about
the changes to --reneg-bytes, SWEET32 and weak ciphers (less
than 128-bits cipher blocks)
v2 - Fixed a couple of grammar/typo issues
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <1482509264-24550-1-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13682.html
Now that we have the release/2.4 branch, the master branch version should
be bumped to 2.5.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1482079095-14880-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13619.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Very simple tool which modifies the Copyright lines in all git checked-in
files with an updated year. Lines only listing a single year (2016) will
be modified to list a range instead.
Only the Copyright lines owners of specific owners will be modified. The
script will need to be slightly updated to cover more owners. See the
UPDATE_COPYRIGHT_LINES line in the script for the currently set owners.
v2 - On-the-fly-commit-update: use vendor/ instead of cmocka and
add @sophos.com to the list of copyright holders to update
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <1482173532-25132-1-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13645.html
Further improve the memory management when a clients --auth-token
fails the server side token authentication enabled via --auth-gen-token.
v2 - Add ASSERT() if base64 encoding of token fails
v3 - Use proper boolean logic in ASSERT()
v4 - Rebase against The Great Reformatting
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1481883907-26413-1-git-send-email-davids@openvpn.net>
URL: http://www.mail-archive.com/search?l=mid&q=1481883907-26413-1-git-send-email-davids@openvpn.net
When the pulled options change, OpenVPN will attempt to reopen the tun
device. That might fail if the process has already dropper privileges,
and is not needed unless the tun MTU is changed. This patch therefore
ignores the cipher value for the digest if a fixed tun-mtu is used.
Additionally, this patch changes the md_ctx_update() call to include the
trailing zero byte of each option, to make sure that parsing "foo,bar"
results in a different hash than "foobar". (Sorry for not catching that
during the review...)
The unit tests are a bit lame, but it secretly serves as a way to lower
the bar for adding more buffer.c unit tests.
Trac: #761
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1481838366-32335-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13579.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
This concludes the first phase of The Great Reformatting project.
Reviewed-by: Selva Nair <selva.nair@gmail.com>
Acked-By: Steffan Karger <steffan@karger.me>
Message-Id: <3a78050c-8c18-d54e-fc37-330272de6d44@sf.lists.topphemmelig.net>
URL: http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13556.html
Signed-of-by: David Sommerseth <davids@openvpn.net>
This is the first commit of the big reformatting task. This
is performed by running the ./dev-tools/reformat-all.sh script.
This is based upon the v3 reformat-all.sh/uncrustify.conf version
which is now applied to git master.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This script will run all files related to the currently checked out
git branch through uncrustify using a standardized style configuration.
Due to a bug in uncrustify 0.64, it is needed to add a special treatment
to one of the files at the moment. So this both pre- and post-patched
before/after uncrustify is run. This is to simply to assure that all
file processing will happen consistently each time.
Also added doc/doxygen/doc_key_generation.h to an ignore list, as
it carries some specific Doxygen formatting we should be careful with.
This file is anyhow not so critical and can be managed manually.
The src/compat/compat-lz4.[ch] files are also not touched, as they
are based on upstream formatting. This makes it easier to update
to a newer LZ4 version later on and even see what the differences
are.
v2 - Include updated config from CodeStyle wiki page
Remove line lenght restriction for The Great Reformatting
Update the script with improvements by krzee
v3 - Update with a fixed config from the CodeStyle wiki page
Corrected a typo in the commit message (0.63->0.64)
Minor changes to the reformat script (no pushd/popd,
some new lines moved around, bash->sh)
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <1481749500-8795-1-git-send-email-davids@openvpn.net>
URL: http://www.mail-archive.com/search?l=mid&q=1481749500-8795-1-git-send-email-davids@openvpn.net
Mention for maintainers that we've moved to build with -std=c99 by
default. Also document that 32-bit RHEL5 builds will need -std=gnu99
to be buildable.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1481631416-15377-1-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13518.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Not needed either, because mbed TLS automatically selects the curve based
on the certificate.
Trac: #789
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1481658672-5110-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13523.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Commit c5931897ae introduced support for talking directly
to the systemd service manager about the situation for the OpenVPN
tunnel. This approach makes a lot of sense and is mostly the proper
way to do it. But it was discovered that it breaks OpenVPN
configurations using --chroot.
The reason sd_notify() calls fails when using chroot() is that
sd_notify() expects to have access to a file as declared in the
$NOTIFY_SOCKET environment variable. It is the main systemd
instance which is responsible to provide both the environment variable
as well as the socket file sd_nodify() should use. When --chroot
comes into play, the $NOTIFY_SOCKET file will not be available
for OpenVPN any more.
As things are getting close to the 2.4_rc2 release we will not dare
to bring a too invasive fix. As well we need some time to discuss
an approrpriate solution. So this intermediate fix will only
provide a "successful start" message to the systemd service manager
right before chroot() happens. This will at least resolve the issue
in a safe and non-intrusive way.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Christian Hesse <mail@eworm.de>
Message-Id: <1481079112-22990-1-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13416.html
There were some reports that the directories mentioned should
have trailing /, to make it clearer they are directories and not
files. Also rephrased that sentence slightly to be even clearer
in this aspect.
Signed-off-by: David Sommerseth <davids@openvpn.net>
<mbedtls/net.h> is deprecated as of mbedTLS 2.4.0, it is renamed
<mbedtls/net_sockets.h>. OpenVPN will fail to build with
mbedTLS 2.4.0 with MBEDTLS_DEPRECATED_REMOVED defined.
Check MBEDTLS_VERSION_NUMBER, and include net.h for < 2.4.0 and
net_sockets.h for >= 2.4.0.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1481274455-657-1-git-send-email-mkroken@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13451.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This fixes the bug of supporting --no-iv (since we're only accepting
bugfixes in the current release phase ;) ).
The --no-iv function decreases security if used (CBC *requires*
unpredictable IVs, other modes don't allow --no-iv at all), and even
marginally decreases other user's security by adding unwanted
complexity to our code.
Let's get rid of this.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1481138447-6292-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13430.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
tls_session_update_crypto_params() did not properly set crypto_flags_or,
but instead set crypto_flags_and twice if a OFB/CFB mode was selected.
Also, the crypto flags in ks->crypto_options.flags were set before
tls_session_update_crypto_params() was called, causing those to not be
adjusted. To fix this, set the crypto flags in
tls_session_generate_data_channel_keys() instead of key_state_init().
While touching that code, remove the to _or and _and variables, which are
not needed at all.
Finally, refuse to accept --no-iv if NCP is enabled (we might otherwise
negotiate invalid combinations and ASSERT out later, and using --no-iv is
a bad idea anyway).
Trac: #784
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1481133684-5325-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13428.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The existing code can leak socket FDs to the "--up" script, which is
not desired. Brought up by Alberto Gonzalez Iniesta, based on debian
bug 367716.
Since different sockets get create at different times, just moving the
set_cloexec() to link_socket_init_phase1() is not good enough - so move
the call into create_socket_<family>(), so we will catch ALL socket
creations, no matter when or under which conditions they will be
created (SOCKS proxy socket, listening socket, ...).
--inetd gets an extra fd_cloexec() call, as socket FD is inherited.
URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=367716
v2: remove set_cloexec() calls from manage.c
v3: add set_cloexec() calls to accept()ed TCP/unix child sockets
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1481027162-12165-1-git-send-email-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13405.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
[DS: slightly enhanced the --enable-async-push remark to make it
even more clear it is a build time configuration]
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1481104617-3675-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13420.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Async-push is a server side feature and inotify_fd is
initialized in server mode.
Trac: #786
Signed-off-by: Lev Stipakov <lstipakov@gmail.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1481067951-28917-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13415.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
AC_ARG_ENABLE() was used wrong, which led enable_async_push to
always be set, regardless if --enable-async-push or --disable-async-push
was used.
Also spotted the exact same patch when writing this commit message as
GitHub PR#70.
Trac: #786
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <1481062251-18349-1-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13411.html
Also correct the default ifconfig-pool end in docs and comments
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480707729-19578-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13387.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
We start with systemd Type=notify, so refuse to daemonize. This does not
affect starting openvpn from script or command line.
v2: Update commit message about script and command line.
Signed-off-by: Christian Hesse <mail@eworm.de>
Tested-By: Richard Bonhomme <fragmentux@gmail.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161201213104.5667-2-list@eworm.de>
URL: http://www.mail-archive.com/search?l=mid&q=20161201213104.5667-2-list@eworm.de
Signed-off-by: David Sommerseth <davids@openvpn.net>
Notify systemd service manager when our initialization sequence
completed. This helps ordering services as dependencies can rely on vpn
being available.
v2: Add curly brackets (and indention) to block the else-part, msg()
call was non-conditional before.
v3: Move systemd header include from init.h to init.c.
Signed-off-by: Christian Hesse <mail@eworm.de>
Tested-By: Richard Bonhomme <fragmentux@gmail.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20161201213104.5667-1-list@eworm.de>
URL: http://www.mail-archive.com/search?l=mid&q=20161201213104.5667-1-list@eworm.de
Signed-off-by: David Sommerseth <davids@openvpn.net>
In order to prevent annoying delays upon client connection,
reload the CRL file only if it was modified since the last
reload operation.
If not, keep on using the already stored CRL.
This change will boost client connection time in instances
where the CRL file is quite large (dropping from several
seconds to few milliseconds).
Cc: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20161201104145.23821-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13345.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
As reported and discussed on Trac #775, restarting dns service has
unwanted side effects when there are dependent services. And it
appears unnecessary to restart this service to get DNS registered
on Windows.
Resolve by removing two actions from --register-dns:
'net stop dnscache' and 'net start dnscache' run through the service
or directly.
Trac: #775
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480542696-7123-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13331.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The service deletes all added routes when the client process (openvpn)
exits, causing the re-instated default route to disappear.
Fix by rewriting "--redirect-gateway" to "--redirect-gateway def1" when
routes are set using interactive service.
Only the behaviour on Windows with intereactive service is affected.
Trac: #778
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480466372-2396-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13307.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
When no parameters are present, set it to "setenv opt" to trigger a
descriptive error message. And, thus get rid of the pesky NULL pointer
dereferencing.
Trac: #779
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480470794-6349-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13311.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
As described in trac #751, and shortly after reported by Zhaomo Yang, of
the University of California, San Diego, we use memset() (often through
the CLEAR() macro) to erase secrets after use. In some cases however, the
compiler might optimize these calls away.
This patch replaces these memset() calls on secrets by calls to a new
secure_memzero() function, that will not be optimized away.
Since we use CLEAR() a LOT of times, I'm not changing that to use
secure_memzero() to prevent performance impact. I did annotate the macro
to point people at secure_memzero().
This patch also replaces some CLEAR() or memset() calls with a zero-
initialization using "= { 0 }" if that has the same effect, because that
better captures the intend of that code.
Trac: #751
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480371252-3880-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13278.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Commit 63b3e000c9.. fixed SIGTERM getting lost during exit notification
by ignoring any restart signals triggered during this interval. However,
as reported in Trac 777, this could result in repeated triggering of
restart signals when the event loop cannot continue without restart due
to IO errors or timeout.
Avoid by converting soft SIGUSR1 and SIGHUP signals received during
exit-notify wait period to SIGTERM.
Trac #777
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480386424-30876-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13284.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This line has not been touched in a long time... Let's update the
copyright message with recent year.
Signed-off-by: Christian Hesse <mail@eworm.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20161128170820.20371-1-list@eworm.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13270.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Fix a potential null-pointer dereference, and make the code a bit more
readable while doing so.
The NULL dereference could not be triggered, because the current code
never called format_hex_ex() with maxouput == 0 and separator == NULL.
But it's nicer to not depend on that.
Our use of int vs size_t for lengths needs some attention too, but I'm
not pulling that into this patch. Instead I decided to just make the
(previously existing) assumption that INT_MAX <= SIZE_MAX explicit by
adding a static_assert().
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480343200-25908-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13259.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This define has been enabled by default since 2005, and was not
configurable through ./configure (but just by changing ssl.h). Let's
get rid of it.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480344801-27855-2-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13261.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Found by the clang static analyzer: the state_change variable is set,
but never read afterwards. This code has been like this since 2005,
makes sense without setting state_change to true, and has worked fine
for the past 11 years.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480344801-27855-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13260.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
