a304654bc6 asio version 1.16.0 released
91f57a966d Revision history.
88e8c0aade Regenerate documentation.
a7f2a0d6c3 Fix cross referencing for InnerExecutor template parameters.
b30941136b Documentation for default completion tokens.
d2e92ec40f Don't specify default token on some async_write overloads.
42174675fb Start handler work again in case of restarting accept operation.
0033bc8d98 Specify default baud rate when opening serial port on Windows.
08f9a631af Fix constant used to initialise the serial port RTS control flag on Windows.
109df16082 Use feature-test macro for detecting return type deduction.
317895870d Minor documentation fixes.
df63c9585e More typenames required in ssl::stream.
8087252a0c Add noexcept qualifier to socket move constructors.
dd2243322b Require that Endpoint default constructor and move operations never throw.
35d12b3bfc Require that Protocol copy and move operations never throw.
70b0c5f3e4 Add noexcept qualifier to protocol accessors.
b317c8be09 Add typename to ssl::stream's initiation objects' executor_type typedefs.
0930d76385 Ensure the executor type is propagated to newly accepted sockets.
ddfa5f9d70 Add default completion tokens.
ca229e264a Use async_initiate in Windows-specific I/O objects.
5b126e3845 Add executor_type/get_executor to all initiation objects.
f681562d2d Add rebind_executor to all I/O object types.
68d15f184c Use completion_token_for concept to constrain token parameters.
26207403cf Add concepts to support async_initiate.
98186da7bc Use automatically deduced return types for all async operations.
d830b433a8 Add automatic return type deduction to async_initiate.
62aea6b207 asio version 1.14.1 released
0a52abce85 Regenerate documentation.
855e80ac6a Revision history.
b07229ca0a Require C++17 or later for coroutines TS support with clang.
8861491975 Ensure BOOST_VERSION tests are conditional.
772f53a8d8 Added wolfSSL Compatability for Asio
2ec993db21 Move shutdown() implementation to winrt_ssocket_service to avoid name hiding.
d21da17f15 Minor fix in documentation for is_dynamic_buffer
ebb5d76a24 Preliminary Haiku support
a4a7335250 Serial port get_option() should be const.
6cec63e8a6 Fix warnings about incompatible pointer cast when obtaining CancelIoEx entry point.
734e339d3f Fix is_*_buffer_sequence detection for user-defined sequence types.
d2804e5121 Set defaults when opening a serial port on Windows.
6b53692806 Fix doxygen generation in tutorial.
ebefe37003 Annotate case fall-through in connect() implementation.
e03aca35f1 Eliminate a redundant move construction when completed handlers are dispatched.
git-subtree-dir: Sources/ASIO
git-subtree-split: a304654bc68a15df0bca038114a4ace020a39aed
861fe85afb Finalizing OpenVPN 3 Core library release v3.6.1
038c91e372 win: fix non-working DNS resolution after connect
c0bf8188f2 win/tunutil.hpp: fix NULL pointer dereference
ac8083edd9 Update OpenSSL to 1.1.1j
3905ec3592 Update OpenSSL to 1.1.1i
1e6208e102 Release of OpenVPN 3 Core Library 3.6
a8e269e713 Preparing OpenVPN 3 Core library release v3.6
99f5285bcc kovpn: move away kovpn code
587b686159 ovpn-dco: proper support for cipher and auth 'none'
cd68ae2740 ovpn-dco: support cipher 'none' and auth 'none'
faf9bd46c8 windows agent: install bypass route if host hasn't changed
bce9b7eb0c Allow AUTH_PENDING message to overwrite user specfied timeout
f964fb07b1 Allow auth pending methods be specified via commandline
01dbc10def Add missing override annotations in cliproto.hpp
b67702e19f Also log the signature algorithm when printing the verified certificates
949386f5fe Change continuation_test1 to always only use 100 iteration
749b3c9beb OptionList: fix RHEL7 warning about uninitialized variable
38ac500cf3 LogSetup: inherit from thread-safe RC
5b15dbe940 Merge changes from Core library v3.5
e241c1b7a4 docs: Improve rendering of README
1fe87f0842 Allow management layer to override keepalive parameters
3cfac11aa5 IP::Addr: added to_ipv4_zero() and to_ipv6_zero() methods
ac79700fb2 Factored out timespec code from epoch.hpp into a new namespace TimeSpec
2952f5611a Update OpenSSL to 1.1.1h
b9e5936615 win/client/tunsetup.hpp: fix redirect-gw case for local remote
081b17fcbd test_sitnl.cpp: add missing "override" specifier
163c6399f8 tun/win/tunutil.hpp: fix mingw-discovered errors
fa2919b27c README.rst: add instructions about ovpn-dco usage
ae0d84be60 README.rst: Update Linux build steps
6b3a5ba0ce win/client/tunsetup.hpp: fix redirect-gw case for local remote
d8e99cf5c1 win: improve "add bypass route" logic
7910b5dd7e win: improve "add bypass route" logic
709bd10c24 Add warnings for 64bit block cipher and for SHA1 signed certificates
be600ff911 Merge Windows IP Helper API support
7eaa2893d4 Remove unused patch to fix compilation on Android
1c751cc55b Remove patch/code to allow unsupported name constraints in mbed TLS
242cdad9c9 win: add ipv4 routes via IP Helper API
4e837fe6ae win/tunsetup.hpp: preparation for adding ipv4 routes via IP helper API
9c6d5f5ef9 win/call.hpp: fix include and linkage error
d0e2e036eb win: add ipv4 routes via IP Helper API
863fb68c3a win/tunsetup.hpp: preparation for adding ipv4 routes via IP helper API
9c6f67d271 win/call.hpp: fix include and linkage error
d79536240e unittests/CMakeLists.txt: fix tests execution
777ff5556f HTTP::HeaderList: minor performance fix
5460d176c6 Added is_directory() method
a2bbb1d65c kovpn.hpp: add dependent includes before #include <kovpn/kovpn.h>
fc58a8b587 Configure_RPS_XPS, ProcFS: changes for Linux 5.4
ea9be93c7b string: added repeat() method and redefined spaces() method to use it
d9a9ad35d7 string::trim_crlf: templatize to allow use with std::string or Buffer
9f8559f97b read_binary_unix_fast: loop to fill buffer
75519e9e62 write_binary_unix: added more descriptive error messages
e27aa7e206 core.hpp: need to include <thread> for std::thread::hardware_concurrency()
308b604c0a Buffer: front() and back() members should be labeled as const
012e7e8226 Refactor InitProcess to use refcounting
ca61dd97db Merge support for --redirect-gateway local from released
595798a099 Move OpenSSL specific tlsver.hpp code to OpenSSL specific tlsverp.hpp
a61bc006d3 Use correct API for setting minimum TLS version on OpenSSL 1.1+
285474a6dc Implement TLS Keying Material Export data key derivation
6bae57ab4f Document the protocol used in OpenVPN for Web based authentication
4fcb3624f7 ovpn-dco: linux client support
f24f1fd089 ovpn-dco: handle keepalive
60e43763a4 ovpn-dco: init data channel keys
9a15079d25 kocrypto.hpp: factor out kovpn-specific code
275e422501 ovpn-dco: configure network properties
8593c41540 ovpn-dco: basic communication with kernel module
67988b8883 linux/client/tunsetup.hpp: initial ovpn-dco support
3761f2ff89 ovpn-dco: initial support
e419e07c7f dcocli.cpp: add missing socket_protect call
5bc16a71ef dcocli.hpp: refactor dco transport client
123865356d rename ENABLE_DCO to ENABLE_KOVPN
0ba5e06882 cli.cpp: use SITNL on Linux by default
648234cc68 sitnl: implement net_iface_new and net_iface_del
bca2a06c29 mingw: use asio 1.16
2ce3635b9c mingw: fix lz4 build
1324bad624 build script: allow main .cpp file to be missing when EXTRA_CPP is defined
c6441ee9f3 unittests: added test_all to .gitignore
a18600423d vars: added vars-linux-libcpp-dbg for clang debug mode
96848c1e54 SessionIDType::find_weak: fixed a possible segfault if map.bucket_count() is zero (bug)
b06e30a3a5 PeerAddr: make copyable by inheriting from RCCopyable<thread_unsafe_refcount>
dfa0971c0d jsonhelper: added get_string_ptr() method that returns a std::string*
6682695f1d IP::Route: added to_string_optional_prefix_len() method
3555b12a16 push-continuation: added new server-side fragmentor
647300a3bd string: templatize several methods so they can be used on Buffer as well
ef45045230 Buffer: make sure to abort rather than throw an exception when OPENVPN_BUFFER_ABORT is defined
465012ec2b LogSetup: make virtual void reopen() non-const and add MultiLogSetup class
d0298f5520 unittests: test_common.h should include <openvpn/io/io.hpp> rather than <asio.hpp> directly
fd11e37ca8 Asio patches: in basic_resolver_results, added data() and cdata() members for access to underlying storage vector
159a64e338 unittests: work around some limitations in googletest
31ec17645a RCPtr, RCWeakPtr: added move_strong() methods
2ba720fdfb ManClientInstance::Send: added doma_acl() method
fc0e12fdf7 Unit tests: added new "fake-secure" random source that's guaranteed to be deterministic
97a4b8f9f2 HaltRestart: added to_string() method
9978ea2e65 PeerStats: use C++11 member initializers
7928d556f4 randapi: use #pragma once
1c8a5a283f kodev: don't compile for UNIT_TEST
5ea57ee043 OptionList: make varargs constructor explicit
1692e1cd43 fileunix, stat, json: allow file read methods to obtain nanosecond-scale mod time
4bde2bd78a AuthCreds: added new constructor for unit test
f1c6f26681 AuthCert: allow unit tests to access private members
1287b6f85e SSL/TLS: explicitly set certificate serial number (SN) type to std::int64_t sn (previously was long)
f6ab0178a5 test: Fix OPENVPN_USE_SITNL redefine warning in ovpncli
590e2fd0da Fix tls-profile not working with OpenSSL
b08a6c37b3 win/tunsetup.hpp: do not add bypass route for redirect-gw local
462db997fb Include --cipher in IV_PROTO to make OpenVPN3 compatible with OpenVPN 2.5
6b6398b344 Indicate that we want a push reply in IV_PROTO
7193de12ab Support for redirect-gw local
7a58432b70 cmake: add missing libraries to Windows build
294915c224 win/tunutil.hpp: support adapters with "root" prefix
bf9f309f6f awsca.hpp: use proper CA path
c39bd17b90 aws: use external certificates for pkcs7 signature validation
c88d68a478 Merge OpenVPN Core 3.5.6 release into master
680fdc1d6e Time: added a useful comment for delta_str() method
f1a32af29c OptionList: added get_num() method with no default, min, or max parameters
0f2ef39c25 Refactored RPS/XPS configuration into its own class Configure_RPS_XPS
ab5cf6b308 dcocli: set new kovpn cpu_affinity var to OVPN_CPU_AFFINITY_UNDEF
6473aeebe6 ringbuffer.hpp: fix SEH exception in destructor under debugger
557ff6249b omi: support for dynamic challenge
2141e23ecd Implement tls-groups option to specify eliptic curves/groups
3b3ee130b9 cli: allow --peer-info option to accept a JSON file as input
6c9f89b092 Removed OPENVPN_LEGACY_TITLE_ABSTRACTION
d7f4c1611d Modify asio patch to avoid warning about non virtual destructor
531c29f177 Update ASIO to 1.16.1
35d01b8a71 Fix indentation and unused variables related warnings from Clang 10
f8fe13e07c Add missing overrides
8bac99143a Use C++11 syntax instead GNUism to initialise array
e6d544b8a5 Add support building deps with clang/libc++
492661fd02 Merging release/3.5.5 into master
bf69c9f046 unittests/test_comp.cpp: added missing '/' in filename lookup
ad9feaffeb IP address/route classes: cleanup title usage with template approach
1e2ca13908 unit tests: convert IPv6 addresses to lower-case when running under test framework
cea7c77271 Added class IndexedTitle for referring to array indices when generating errors
e2a9630718 unit tests: added a .gitignore for executables
79b0fb05c2 StringTempl: StringTempl::empty() should just call the object's underlying empty() method
a5119c3a1a Revamp OpenSSL tls cipher log message
edc62cd3b4 PeerStats: added to_string() method
81e9714326 BufferType: added constructor accepting a void *
afc40b78d3 Add asio patch that adds kovpn route_id support
6688f2d372 scripts/build: added PCRE=1 to build with PCRE (Perl-compatible regular expressions) library
811dac2e3a xmlhelper.hpp: support for various tinyxml2 versions
3fbe0a2701 Update copyrights
941104cf49 Implement supporting IANA cipher names in tls-cipher and unit tests
6e463ca1f4 Implement tls-cipher and tls-ciphersuite
fa5f0f0b02 Ensure that InitProcess is always called before starting unit test
9c547ba3ff Remove force_aes_cbc_ciphersuites option
aaafb33d30 omi\openvpn.cpp: cancel wait on exit event
516b32c2b8 findcoredeps.cmake: fix incorrect pkg_check_modules() behavior for mingw
7f4cd36f2e travis: add mingw builds
5bb7beb379 wstring.hpp: workaround for mingw's codecvt_utf8 bug
532ebf1798 cli agent: disable agent path check for test client
7cf2e210d1 mingw: fix various warnings
9f430b46ba cli: added --write-url option to write URLs received via INFO/OPEN_URL notifications to a file
f669831556 Base64: fixed issue where decode() method would ignore bad chars rather than throwing base64_decode_error()
995b6bf467 Added Time::from_seconds_since_epoch() method
9ee92254a3 Time: added OPENVPN_TIME_NO_BASE preprocessor flag to optimize out the base variable for 64-bit platforms
ac25908d25 [JSON] Implement get_int64_optional and get_integer_optional
c7972b0532 WS::Client: reworked SIMULATE_HTTPCLI_FAILURES to more closely hew to asio error throw points
93f6ed83c5 system_cmd_async: added optional sigset_t* parameter to configure signals in child
f004e09ae1 json: fixed get_string_ref() to properly return a string reference
84ef4533c6 WS::Client: implemented simulated network fault injection
05b51a9ec0 KoTun::API: added set_simulate_mesh_keepalive_failures() method
021e10b5b1 openssl/compat.hpp: added missing #include
f014afdf5c Fix potential double free reported by Coverity
4330c67a46 OpenSSL: Use ctx != nullptr to infer if initialised
bade36f2ad Add missing openssl/dh.h include in dh.hpp
6969264a94 Merge changes applied to coming Core release
2fbea7bebe mingw/build: add build options
73c9a592ae Pin googletest version due to google/googletest#2711
a2e2bf626e Increase frame size in proto test to 378
a1250b9bed Announce Chacha20-poly1305 in IV_CIPHER if supported
80399075d4 Implement CHACHA20-Poly1305 support for data channel
424d9b34af Rename GCM classes and files to AEAD
a5853870a8 fix clang warnings: remove unused variables
4a7294bd31 mingw: add .gitignore
31fe32c925 mingw: add build script
81e1353ea9 mingw: add build dependencies to cmake
46673d2c9a mingw: add WFP-specific guids
1fabe7e674 mingw: fix ndisguid include
1a3b5235cc mingw: use generic way to install gtest
b17889fcd6 mingw: add missing include
0a2663cc2b scoped_handle.hpp: remove SEH code
a0af80be25 file.hpp: use best available ifstream constuctor
e844bd466b mingw: change arguments order in lambda
9393206d74 mingw: add bswap64 implementation for mingw
e07a2c4e62 mingw: use lowercase in includes
743a525f16 Fix netlink add_bypass_route not working with IPv6
7dabcb3cee omiclient: support for wintun driver
0dbbbd3020 support for --windows-driver option
67fb123b88 ovpnagent: start openvpn process
e5f7fd55d8 cmake: disable agent path check for omiclient
5f092b80c1 Import AWS support code from internal Common library
b2e8cb42f0 Add GPL headers
f3c5a7a77e json: added write_fast() method
d9681076c1 json: read_fast(): added optional flag
ce7dc7cad4 json::write_atomic: support mtime_ns parameter (nanoseconds-since-epoch)
558cd3770a json::write_atomic(): fixed bug where method was not writing actual JSON content
45298001a0 json::read_fast: make optional flag implicit
f5dcb29b83 jsonfile.hpp: for read_fast() and read_binary_unix(), rename "must_exist" boolean to "optional" with reversal of value interpretation.
4110d23d25 Added json::read_fast() and json::write_atomic()
b8ff04be75 aws: support for temporary credentials
fae6a3d62f AWS::REST: support S3 request signing
c21de25c1f copyright: updated to 2017
702b3a81b7 AWS: created mini-SDK for VPC routing API.
1a4bff66af aws: support for temporary credentials
b84345dfa6 AWS C++: AWS::Creds: added defined() and to_string() methods
1324be80f6 copyright: updated to 2017
86480f71f5 AWS: created mini-SDK for VPC routing API.
d534049f5e aws: support for temporary credentials
1af01f3e20 Minor SNI-related changes to code that depends on the SSL layer
d186d8b66e WS::ClientSet: misc changes
e895716717 Added i/o abstraction layer.
3d3e3ec767 copyright: updated to 2017
8a08aba016 random : RandomAPI::assert_crypto() should now be called before any RNG is used for crypto purposes.
671c0beb99 AWS : minor changes to AWS::PCQuery:
1fab99f436 AWS : created AWS namespace for AWS API stuff. Created test/aws for AWS tests, and moved previous awspc test into it.
e46a3cb53f copyright : updated to 2016
ee981f0bd3 AWS : added class AwsPCQuery and tests for fetching AWS instance data such as:
9667cbe3dd AWS C++: don't hardcode CA in api_ca(), instead return /etc/ssl/certs/ca-certificates.crt
203b833b92 copyright: updated to 2017
4eb87ef38e AWS: created mini-SDK for VPC routing API.
b87d69ec32 WS::ClientSet: HTTP persistence refactor
8dd3c8fa9c AWS: increase max_retries to 10 (from 5) and decrease retry delay to 1 sec (from 5)
2a3be2fc87 AWS::HTTPContext: don't enable SSLConst::LOG_VERIFY_STATUS unless debug_level >= 2
8d621c18e9 AWS::HTTPContext: increase frame size to 2048 (from 1024)
5ca8077934 copyright: updated to 2017
030b65a0cd AWS: created mini-SDK for VPC routing API.
5491b30657 xmlhelper.hpp: support for new tinyxml2 API
4253b28896 xmlhelper: misc changes
71c55b6e48 copyright: updated to 2017
624f9d1467 license : this branch (common) is proprietary, so remove all GPL headers.
92b9b51b30 library : added TinyXML2 dependency
99d4fd2b85 aws: support for temporary credentials
de91d4ad73 awsroute.hpp: refactor route management API
bc0c55af81 awsroute.hpp: use refactored TransactionSet API
c60f27cc3b copyright: updated to 2017
32875ee9b2 AWS: created mini-SDK for VPC routing API.
5f688d0972 Import Windows ovpnagent from internal Common library
b6fcca84c1 omiclient: remove msvc project files
7c08341284 appveyor: add agent build
1976c639c1 cmake: add Windows agent build
10127e2bdd Add GPL headers
5ce471e651 copyright: updated to 2017
5ec273f76c license : this branch (common) is proprietary, so remove all GPL headers.
972d10204d copyright : updated to 2016
6b6c0f2038 Refactored openvpn/win/logfile.hpp, moving core methods create_file() and log() into a new file logutil.hpp for use by OMI logger.
7be71b2064 Added Windows utility classes and methods:
72d80fc960 agent win: add missing quoting for service path
4346762a0d Log lines from C++ exceptions should contain the text "exception"
5734e99bdb copyright: updated to 2017
06cbc850dc license : this branch (common) is proprietary, so remove all GPL headers.
3ff97e4031 copyright : updated to 2016
549634e6c5 Moved pack_string_vector() from winsvc.hpp to core, where it's now called wstring::pack_string_vector().
7d1eb28016 ovpnagent -- enable service autostart and also added automatic restart-on-fail.
2efdf8a745 Change to calls of Windows API methods:
c0ecc864cd Added Windows utility classes and methods:
c2a87bbc83 listener: create generic ProxyListener abstract class
9524b1496b WS::Server, Acceptor::TCP: added bind/close logging when OPENVPN_DEBUG_ACCEPT is defined
78cd98a1c8 WS::Server: log accepts when OPENVPN_DEBUG_ACCEPT is defined
8bffbe6acf Implement TCP shutdown at the HTTP layer
b91d7e39ba Acceptor::TCP: don't set reuseport flag by default on listener socket
94581ff22e Replace AsioTimer with AsioTimerSafe in cases where handler doesn't clearly check for late cancellation
be171b5367 WS::Server::Listener: added walk() method
1aedadbc6d httpserv::client: add and invoke tcp_intercept() before consuming buffer
6a48b166b2 Make lambda functions mutable that benefit from using std::move() on closure vars
297a12226c listener: create generic ProxyListener abstract class
b6ececadf3 ws/httpserv: LinkCommon is now in charge of calling tcp_* handlers
ee5fe53607 HTTP server: implement throttling
4f91530f2f HTTP: added Alt Routing support to HTTP client/server
daa98d1e45 WS::Server changes:
fc19e73bcd WS::Server: use C++11 member initializers
fddf4c534b HTTP layer: added Websocket support
179d00e15b Added i/o abstraction layer.
979c831466 Moved asio files from openvpn/common to openvpn/asio
50fba999f6 Moved openvpn::to_string() to separate source file.
1bea8dace5 copyright: updated to 2017
7dedd61bfa license : this branch (common) is proprietary, so remove all GPL headers.
2ac9e18a34 copyright : updated to 2016
f09a0c4402 HTTP server : struct Factory now inherits from OPENVPN_HTTP_SERV_RC instead of being hardcoded to RC<thread_unsafe_refcount>.
9649eb83f2 In HTTP client and server, enable TCP_NODELAY on socket.
cbc9a2ec6a In WS::Server::Config, remove the constructor and use C++11 member initializers.
d03dd13f1e In WS::Server::Listener::Client, added new virtual method http_pipeline_peek() to allow HTTP servers to observe and possibly modify/delete incoming out-of-context raw socket data before the data is written to the out-of-context pipeline (where it would be later processed by SSL and/or HTTP layers).
323db959d9 Added unix_fd() method to WS::Server::Listener::Client to allow derived classes to obtain the raw unix domain socket.
7185e45ff0 Minor change to httpserv.hpp -- Bracket unix domain socket code with #ifdef ASIO_HAS_LOCAL_SOCKETS instead of #if !defined(OPENVPN_PLATFORM_WIN)
0b2865cac4 In httpserv.hpp, added WS::Server::Listener::Client::get_parent() method.
ab6c29cfbc Factored out HTTP Server acceptor classes into openvpn/acceptor.
a6ddc344fa In HTTP server (httpserv.hpp), allow users to specify the Windows SDDL string used to set the permissions on created named pipes.
257ba661a0 For Windows named pipe implementation in httpserv.hpp, removed PIPE_WAIT flag from CreateNamedPipeA call, as it seems incompatible with FILE_FLAG_OVERLAPPED.
7f10bd7fae Added Windows named pipe support to HTTP client/server library.
7723bcba40 Ported httpserv.hpp to Windows, mostly by removing Unix-only constructs for the Windows build such as unix domain socket support.
5815a9a483 Minor change to httpserv.hpp -- include openvpn/common/core.hpp instead of openvpn/linux/core.hpp for portability between Linux and Mac OS X.
288bdf879f Fixed preprocessor issue with httpserv.hpp:
96910692d6 Asio async_wait lambdas should always check error status.
a108ba302b WS::Server::Listener can now handle Listen::List lists that have mixed SSL/non-SSL items.
e9f5907138 Added WS::Server::Listener::Client::is_local() method to test if socket is a unix domain socket.
fb2a6e3d93 In HTTP client/server, added msg_overhead_bytes member to Config class to allow for accounting of message overhead.
cc83e8c352 Added ContentInfo::content_encoding on the server side (httpserv.hpp).
241623621b Added AGPL license header to HTTP, Java, and common code.
8830d26123 HTTP changes.
f085fa9352 HTTP client/server -- now that socket is a smart pointer, make sure to check it is defined before calling close() method.
dfba2a6f28 In HTTP client/server stop() methods, do socket->close() instead of socket.reset(), as the latter may free the underlying socket while asio still holds dangling pointers to it.
e7222bc361 HTTP client/server changes:
b357c56ee3 Don't use deprecated asio features.
941274e31a Obsoleted asiodispatch in favor of C++11 lambdas.
b3071d8e56 HTTP server can now listen on unix domain sockets (in addition to TCP sockets). Server can also listen on multiple sockets concurrently.
a56bf236bd Boost dependency elimination -- final removal of Boost dependency. Asio is now included as a standalone, header-only dependency.
944b4d5d22 pgproxy changes:
0cd244a53b Make remote_endpoint_str() method const in httpserv.hpp.
4c21518c84 HTTP server:
15fd7a0965 OPENVPN_HTTP_SERV_RC may be defined to override WS::Server::Listener::Client RC root class.
3c46024674 Refactored methods for parsing/validating hosts/ports into openvpn/common/hostport.hpp
870ac130f3 Renamed boost::intrusive_ptr<T> usage to RCPtr<T>.
db9a8d557a Moved array_size() function to its own header file.
72b5cae69a Refactored ScopedPtr usage to std::unique_ptr. Removed ScopedPtr (moved to test/unused).
ea6592f94c Extended WS::Client to allow the use of any OpenVPN client transport driver for the HTTP/S transport layer. This enables use of HTTP CONNECT and OBFS proxy drivers. To enable, set the WS::Client::Config::transcli member to any TransportClientFactory instance.
9eaa36d031 HTTP/S server changes:
2bb6e33b8a Added pgproxy, an HTTP proxy supporting both CONNECT and OBFS.
32440efd6a Refactored web services classes (openvpn/ws) to support HTTP/S servers.
993d0c4a4d Initial commit of test HTTP server.
21aa8b7c99 ovpnagent.cpp: move to another directory
757334d82e agent win: implement add_bypass_route
a245195d11 Implement TCP shutdown at the HTTP layer
e15aeb3fec ovpnagent/win: support for Wintun ring buffers registration
bce9081cf6 agent: Wintun support for agent
d08dffb313 win/ovpnagent.hpp: customize agent display name
c94c3f7e34 ovpnagent: Enable pipe name build-time customization
2d12f4bbb5 UCONNECT-1151 Refactored usage of OPENVPN_STRINGIZE
4580a94aae UCONNECT-1151 Add OVPNAGENT_NAME define condition
6ffabe4036 ovpnagent.cpp: Adapt to recent core changes
472fdb5536 SSL_LIB_NAME is now defined by sslchoose.hpp
45eda8ed80 Added i/o abstraction layer.
95d1db297f copyright: updated to 2017
a8c25b9541 mbedTLS: Port from polarssl-1.3 to mbedtls-2.3
fb68be7d59 copyright : updated to 2016
8d71f284ec In ovpnagent (Windows), remove any stale NRPT rules on startup.
aef4056706 In Windows cmdagent/ovpnagent, make the client exe path available to establish_tun() method.
415c2ae0b7 ovpnagent -- enable service autostart and also added automatic restart-on-fail.
239288e1f1 In Windows ovpnagent, when building the DACL for the IPC named pipe, add guest account read/write access.
e8283842ec Additional robustness fixes for Windows agent/service:
9cbdd80706 Windows agent/service changes for better robustness:
f65c3ba59d Implemented Stop support for Windows cmdagent.hpp (via TunWin::SetupBase interface).
369fe3c2bc In Windows ovpnagent.cpp, use json::parse instead of Json::Reader directly.
c2f62c630b In Windows ovpnagent.cpp, fixed issue where logging emitted to std::ostringstream just prior to throwing an exception was not being delivered to client.
d6d7a593e8 Minor comment change in Windows ovpnagent.cpp that was left over from derived source.
c3b2e00968 Windows OpenVPN agent : refactored internal named-pipe API (between non-privileged client and privileged service) to be based on TunBuilderCapture instead of ActionList:
c57c4d8a14 In Windows ovpnagent.cpp, handle remote execution of TunWin::ActionWFP objects for packet filter management.
3621d72f41 In Windows ovpnagent.cpp, use TunWin::Util::cmd_sanitizer() to validate commands before executing them.
379d8a5edb Windows client: added privilege separation layer, including:
8476145317 win: replace msvc project files with cmake
8f4da2ec62 Move CMAKE module path to root directory
1a7cb2b694 cmake: Don't use "Wno-unused-private-field" for msvc
0c16068dc7 appveyor: update Windows build
8ab6a7d954 README: update Windows build instructions
1c9834c50d win: replace msvc project files with cmake
c53c42dc9c Simplify HMAC initialised logic to check just ctx != nullptr
fd6e76ea28 Avoid maybe unintialized warning in IP::Addr
4c089df991 Add cmake build file for proto
86008fd2ee Remove dependency on std::regex from getSortedString
6035e3afed Replace std::regex with non regex for HTTP redact
f250c4c921 WS::ClientSet: silently ignore when Asio is missing the results.randomize() method
53d22aca99 Remove unneed windows/console.hpp include
9c50badeb4 Fix integer comparison problems introduced by the merge of released
629ee45260 win: make OpenSSL configuration default
3a5cf08289 win: support for arm64 and openssl 1.1.1
60fa4bf29e Merge changes applied to coming Core release
70923f41df Silence used return value warning of BIO_flush
c8fb3f112d use std::enable_if with sizeof(T) instead if(sizeof(T))
984c601090 Fix multiple instances of comparison of signed with unsigned
9566cab3ec Fix compilation without ASIO when using OpenSSL
cb229c7bba Add -Wall option by default to openvpn compile
6dc5d5ddf0 Fix various warnings reported by -Wall/clang
394b5b2258 omi: add password protection
0668d9132b omi: support for exit event
ffc000a38b omi: add vs project files
a4d9989d81 Update license on files moved from common
50196ed5fa JsonClient/AppServer: full HTTP compression support
7297015895 websocket: make Sender::frame() const
6055aaf34c HTTP layer: added Websocket support
14379360c1 WS::Creds::load_from_header(): use the simpler string::split() rather than Split::by_char()
c8b4fe322e WS::Creds: use atomic_thread_fence(std::memory_order_acq_rel) instead of OPENVPN_COMPILER_FENCE
95f1654921 WS::Creds: use crypto::str_neq() when comparing credentials against expected values
0ac1999cd0 copyright: updated to 2017
d3751a65c2 license : this branch (common) is proprietary, so remove all GPL headers.
4dc149ffd9 copyright : updated to 2016
4ebd66bfbb httpcreds : redefined WS::Creds::load_from_options() to pass through the UserPass flags value.
c86fd2a5de Added write_private() methods from core (no Windows implementation yet).
3b20b9bf6a Fix to httpcreds.hpp for Windows: #ifdef out umask functionality.
94419fd21c Update httpcreds.hpp with SplitLines change where S_OK was renamed to S_OKAY due to Windows symbol conflict.
8ca935bcd4 In httpcreds.hpp, added WS::Creds::load_from_options() method.
5965e046ed Added AGPL license header to HTTP, Java, and common code.
75acd76f40 HTTP client/server changes:
99dbc6848b Fix adding int to a string
f1546d6b8b WS::HTTPBase: added more detail to http_content_out_finish() exception on unexpected state
7b6d4cf6cb AppServer, WS::HTTPBase: added support for ssl_did_full_handshake() method added to SSL layer
73f8525f9e Implemented TLS session ticket support in the HTTP layers.
9e7470c37d AppServer, WS::HTTPBase: change update_max_content_bytes() to reduce_max_content_bytes()
77f7e06786 Change to commit "httpcommon: fixed race that can occur on high-speed persistent connections"
8e6e8e759d httpcommon: fixed race that can occur on high-speed persistent connections
fa37101597 httpcommon: minor comment addition
111cabd518 AppServer: minor debug logging change of E_GENERAL_TIMEOUT
f7e8719852 websocket: don't debit websocket stream traffic to max content size limit
b8886e0482 httpcommon: make is_deferred() public
4e8dffd02b HTTP layer: added Websocket support
2136c62a35 copyright: updated to 2017
0d62ae1fb0 license : this branch (common) is proprietary, so remove all GPL headers.
d48c197d01 HTTP library : extended debug flag OPENVPN_DEBUG_HTTP to log incoming as well as outgoing network data.
54b91242d3 copyright : updated to 2016
8c341d7d11 Fixed a bug in update_max_content_bytes() in the HTTP common code, where the code was modifying max_content_bytes in the global configuration instead of the specific HTTP instance.
017571afad In httpcommon.hpp, added a static_assert() to ensure that CONTENT_LENGTH_TYPE type is signed.
a095cd1237 Fixed a minor issue in httpcommon.hpp -- SSL read was not respecting reserved tailroom.
36a2a401e7 Added new HTTP common method update_max_content_bytes() to allow the configuration limit max_content_bytes to be modified mid-session. This can be useful to dial-down the limit on unauthenticated sessions.
f0aea806e3 In HTTP client/server, added msg_overhead_bytes member to Config class to allow for accounting of message overhead.
1eb31f13e6 In httpcommon.hpp, added HTTPBase::http_config() method.
0e31ffa928 Added AGPL license header to HTTP, Java, and common code.
d9173907e2 HTTP changes.
18c3789943 HTTP server:
7925880b7f OPENVPN_HTTP_SERV_RC may be defined to override WS::Server::Listener::Client RC root class.
24070412f3 Renamed types.hpp to size.hpp since it now only defines size_t and ssize_t.
51603baee6 Refactored ScopedPtr usage to std::unique_ptr. Removed ScopedPtr (moved to test/unused).
2343e0aff0 Added pgproxy, an HTTP proxy supporting both CONNECT and OBFS.
2af25cca08 Minor readability/comments update to httpcommon.hpp.
8f535eb76e Refactored web services classes (openvpn/ws) to support HTTP/S servers.
a22d7c3d7d In HTTPCore (httpcli.hpp), factor out code into httpcommon.hpp that is common to both HTTP clients and servers, so upcoming HTTP server implementation can leverage on the same code currently used by the client.
c61a41f509 Factored out web services get_content_length() method into openvpn/ws/httpcommon.hpp which is intended for code that is common between HTTP clients and servers.
98e5e0a6a3 HTTP: before logging, pass HTTP headers through HTTP::headers_redact()
1443d9c000 Implement TCP shutdown at the HTTP layer
a52b22afe9 Replace AsioTimer with AsioTimerSafe in cases where handler doesn't clearly check for late cancellation
a43a95a527 win agent: properly handle timeout
8bfc822183 WS::ClientSet: HTTP persistence refactor
72e5cb6b52 WS::ClientSet: added commented-out debug logging in keepalive_close()
dfed44d539 WS::ClientSet: retry on 5xx HTTP status codes
dd00ef3be3 WS::ClientSet::TransactionSet: added reset_host() method
9cf0003de4 WS::ClientSet::Transaction: added new methods is_redirect() and get_redirect_location()
cc2638a21d WS::ClientSet: special case on retry -- no delay after TCP EOF on first retry
99494dedf6 WS::ClientSet::TransactionSet: added stop() method
767f717023 WS::ClientSet: added reset_callbacks() methods to break refcount cycles in callback closures
7183c6b1da WS::ClientSet::Transaction: refactored format_status()
bb67edbe31 WS::ClientSet::Transaction:: added content_in_buffer() method
f54992798f WS::ClientSet: pass refcounted pointers by value
bd59f8937b JsonClient/AppServer: full HTTP compression support
9b12054680 WS::ClientSet: misc changes
7a0df7104f AsioTimer: use expires_after() method when possible.
f97c0812d3 httpcliset.hpp: use Function instead of std::function.
dcaf7e5358 Added i/o abstraction layer.
2805a7819d Moved asio files from openvpn/common to openvpn/asio
f524e75c34 copyright: updated to 2017
c8accf5923 license : this branch (common) is proprietary, so remove all GPL headers.
10526fa7d8 httpcliset : minor refactor of new_request_synchronous() which removes SyncPersistState as a parameter (replacing with sps boolean) and moves it to private area of TransactionSet.
11821b44b4 httpcliset : prevent done() method from being called reentrantly if it throws an exception.
01199c3728 copyright : updated to 2016
ee68d87a87 httpcliset : Added user-defined error recovery method, and HostRetry as an error recovery implementation that allows cycling through a list of hostnames on failover. Also refactored reconnect_schedule() so that reconnect_callback() can be eliminated.
f838a91421 httpcliset : Added WS::ClientSet::run_synchronous() method.
8913eefca0 httpcliset : in new_request_synchronous(), added optional RandomAPI parameter.
d36a9145fe httpcliset : Added WS::ClientSet::get_random() method.
585990d801 httpcliset : when preserve_http_state is false, close out the HTTPStateContainer before calling completion callback, so as to improve reentrancy-safety if completion callback tries to queue a new request.
7cc0104d8c random : consolidate random functionality in RandomAPI.
2cffff05d4 Fixed a recent regression in WS::ClientSet::new_request_synchronous() that was introduced with the new SyncPersistState parameter.
c77bd04c8b In WS::ClientSet::new_request_synchronous(), only use io_context->run_one() when SyncPersistState obj is provided. Otherwise, use io_context->run().
cb37d11424 In HTTP client set, allow successive calls of new_request_synchronous() to operate off of the same persisted HTTP session.
fb7d46e008 In httpcliset.hpp, replace class HSCCleanup with the general-purpose Cleanup template.
d6de23f761 Apparently Android NDK doesn't support std::to_string (WTF?), so work around it.
861aec6da5 In httpcliset.hpp, fixed recent regression where new_request_synchronous() was not ensuring that ts->hsc.reset() is called before method exit. Not doing so can cause later destruction of the HTTPDelegate in HTTPStateContainer to reference an out-of-scope io_context.
e2e0701842 In httpcliset.hpp, changes to WS::ClientSet::new_request_synchronous():
9de22d87d8 In HTTPStateContainer::stop() (httpcliset.hpp), make sure to check that http is non-null before calling http->stop().
47d3195685 In WS::ClientSet, call completion method before ts->hsc.stop() to allow completion method to use socket before it is closed.
008ad4a7a4 In HTTP client:
24418ad8fe In HTTP client, added abort() method to both WS::Client and WS::ClientSet.
24552a1514 In httpcliset.hpp, break up http_status_success() into:
484481bacf In WS::ClientSet, use BufferList::put_consume() to store incoming content. This approach is more efficient when incoming content is composed of many small messages.
ece0aa681e The WS::ClientSet::new_request_synchronous() method doesn't really need to fork off a thread to do its work. This change uses a local asio::io_context within the caller's own thread.
16a967db39 In httpcliset.hpp, be consistent about member vars coming first in Transaction and TransactionSet, before member functions.
8ca342cbdd In WS::ClientSet::new_request_synchronous(), ensure that socket is fully destroyed before exiting thread, as we don't want any asio-level destructors to be called from the parent thread.
bb107abf39 WS::ClientSet bugfix : a segfault can occur when general_timeout is set to 0 because HTTPStateContainer::reset() can potentially be called under tcp_read_handler() at the http_done/next_request boundary when no timeout exists to keep a stable reference on the HTTPDelegate instance.
e6816832f1 Added WS::ClientSet::Transaction::http_status_success() method to complement the same method in WS::ClientSet::TransactionSet.
65c2aee203 httpcliset changes:
76fe2a9061 In HTTP client, added http_post_connect() virtual callback method to allow user to verify server socket immediately after connect. This is useful when the server is local via a unix domain socket or windows named pipe.
0a697e21d7 In httpcliset.hpp, use URL::Parse for building and rendering URLs.
5f4e0396b9 In test/httpcli/httpcli.cpp and httpcliset.hpp, support building without zlib.
6c0e9b26e3 In httpcliset.hpp, added new method WS::ClientSet::TransactionSet::http_status_success() that returns true if and only if all HTTP transactions succeeded AND each HTTP status code was in the successful range of 2xx.
74b6ee5c1b In httpcliset.hpp, minor changes to dump() formatting:
1661ddfcc7 In httpcliset.hpp, fixed issue where setting accept_gzip_in flag wasn't sending "Accept-Encoding: gzip" header.
c1a0a5972f In httpcliset.hpp, programmatically turn on/off ZLib compress/decompress debug logging based on our own debug level.
95f1afef37 Added WS::ClientSet::Transaction::format_status() method.
7994bb9d7d In httpcliset.hpp, make dump() methods const.
6b9e2c4537 Added WS::ClientSet, a higher-level client session manager abstraction on top of WS::Client with features such as:
a6cd836dde WS::Client: don't use AsyncResolvableTCP unless USE_ASYNC_RESOLVE is defined
9244137de0 Implement TCP shutdown at the HTTP layer
f5ac6450da Replace AsioTimer with AsioTimerSafe in cases where handler doesn't clearly check for late cancellation
a76cc3f1a5 httpcli: avoid E_KEEPALIVE_TIMEOUT race with start_request by checking ready
734032f04a WS::Client::Host: added key parameter for client-side TLS session caching
aee28239ab Implemented TLS session ticket support in the HTTP layers.
7f9e493ef3 transport: remove unused ip_hole_punch() API
3b9af47f32 httpcli.hpp: use new AsyncResolvable class for async DNS resolution
cdf149a015 WS::ClientSet: HTTP persistence refactor
83b02d87df httpcli.hpp : fix PG build
caaf1529b9 JsonClient: fixed a bug in handling exceptions thrown by done()
fe4f62d925 httpcli: log pre-connect address info if debug_level >= 2
80f7206327 HTTP: added Alt Routing support to HTTP client/server
8fd5e6b7da httpcli: support Alt-Routing
94f471d7f8 httpcli: Initialize content_out_hold to true initially and then reset to false later on in the session.
01ef08b0e2 httpcli: added cancel_general_timeout.
4aa8f0b54a httpcli: added new methods:
19939c1927 HTTP layer: added Websocket support
5de6fb14fb httpcli: support bind to local address.
e0734f990c AsioTimer: use expires_after() method when possible.
64022e8247 httpcli.hpp: when calling async_connect(), pass the results set using std::move().
25608597fc Added i/o abstraction layer.
569b3d3afd Moved asio files from openvpn/common to openvpn/asio
4460abd830 Moved openvpn::to_string() to separate source file.
388be07fdb copyright: updated to 2017
8484f906cb license : this branch (common) is proprietary, so remove all GPL headers.
71e825761c mbedTLS: Port from polarssl-1.3 to mbedtls-2.3
f0eb518b77 relay : added relay functionality and tests.
12866f4d0a HTTP client : status argument to WS::Client::Status::error_str() should be an int because -1 is one of the possible values.
3b8a5595fb copyright : updated to 2016
7059606bae keepalive : added HTTPCore::is_keepalive_enabled() stub method to comply with TransportClientParent requirements.
2f56fb9fbd httpcli.hpp : added Request::creds_defined() method.
d4cf3b75d7 First working OMI wrapper for OpenVPN 3 client. Tested with OpenVPN Connect on Mac.
fee78ccfe4 In HTTP client and server, enable TCP_NODELAY on socket.
438ad6f4db In WS::Client::Status::error_str(), handle cases where status == -1. Also, show the numerical status value for unknown errors.
3df9f988e3 Apparently Android NDK doesn't support std::to_string (WTF?), so work around it.
21ad74202e In httpcli.hpp, need to rename E_ABORT to E_ABORTED to avoid a Windows symbol conflict.
a29b91760d In HTTP client:
3637c2976e In httpcli.hpp, use C++11 member initialization in class ContentInfo.
eb6971b972 In HTTP client, added abort() method to both WS::Client and WS::ClientSet.
d3b5f1b186 Change to calls of Windows API methods:
3175805174 In WS::Client::Config, use C++11 member initializers.
fa513773c0 In HTTP client, added http_post_connect() virtual callback method to allow user to verify server socket immediately after connect. This is useful when the server is local via a unix domain socket or windows named pipe.
56736bb90d Minor simplification in HTTP client Windows-specific code for opening a named pipe. Use Win::LastError instead of asio::error_code...
fab921f714 Added Windows named pipe support to HTTP client/server library.
f811dfd42c In HTTP client (httpcli.hpp):
dd5b4980ff Asio async_wait lambdas should always check error status.
6b599f158c In HTTP client/server, added msg_overhead_bytes member to Config class to allow for accounting of message overhead.
e49d4adae3 Added AGPL license header to HTTP, Java, and common code.
5087ea6a36 HTTP changes.
30c4c2f37f HTTP client/server -- now that socket is a smart pointer, make sure to check it is defined before calling close() method.
bbf84f1db1 In HTTP client/server stop() methods, do socket->close() instead of socket.reset(), as the latter may free the underlying socket while asio still holds dangling pointers to it.
10a0bfb6a7 Minor changes to httpcli.hpp:
135e2436bf HTTP client/server changes:
acfb70ab8a Don't use deprecated asio features.
c0dcbae82f Obsoleted asiodispatch in favor of C++11 lambdas.
ab72082bd4 Made protocol type a template parameter to TCPTransport::Link, so we can work with protocols other than TCP such as unix domain sockets.
12e4cfb4a4 Method signature changes for DCO (Data Channel Offload).
038b02fb2a Boost dependency elimination -- final removal of Boost dependency. Asio is now included as a standalone, header-only dependency.
3ab7739fed HTTP server:
8cabba1665 OPENVPN_HTTP_SERV_RC may be defined to override WS::Server::Listener::Client RC root class.
e608ee6db4 Renamed boost::intrusive_ptr<T> usage to RCPtr<T>.
686968992d Moved array_size() function to its own header file.
47ffbe7401 C++11 : rename NULL to nullptr
8dbf685a25 Extended WS::Client to allow the use of any OpenVPN client transport driver for the HTTP/S transport layer. This enables use of HTTP CONNECT and OBFS proxy drivers. To enable, set the WS::Client::Config::transcli member to any TransportClientFactory instance.
c5d3fdad87 Added pgproxy, an HTTP proxy supporting both CONNECT and OBFS.
84b234b68b Refactored web services classes (openvpn/ws) to support HTTP/S servers.
16a69d0325 In HTTPCore (httpcli.hpp), factor out code into httpcommon.hpp that is common to both HTTP clients and servers, so upcoming HTTP server implementation can leverage on the same code currently used by the client.
80c63cd93e Refactored WS::Client status codes from WS::Client::E_x to WS::Client::Status::E_x.
1aebd88dc7 Factored out web services get_content_length() method into openvpn/ws/httpcommon.hpp which is intended for code that is common between HTTP clients and servers.
45b5d3bf69 Refactored WS::HTTPCore::ChunkedHelper into its own source file in preparation for HTTP server implementation.
937082b80d Added minimal Content-Encoding support to HTTP client.
5d2a05cf8e In HTTP client, added the ability to separately specify:
3175a9c9dd Extended WS::Client:
93f10d74e2 Updated web services client classes to use SSLConfigAPI, and to support PolarSSL or OpenSSL.
51fbf93a93 Updated copyright to 2015.
9b0dbba02c Remove AGPL licensing for openvpn/ws, as these sources will be left proprietary for now.
82012b7e66 Added some comments (overview) to openvpn/ws/httpcli.hpp.
9df14bb61f Added web services client.
075143f23f copyright: updated to 2017
5ab2e44e25 license : this branch (common) is proprietary, so remove all GPL headers.
0c46a7a7ec copyright : updated to 2016
f6f40e24cd Added AGPL license header to HTTP, Java, and common code.
1c8052be45 Renamed types.hpp to size.hpp since it now only defines size_t and ssize_t.
7194db16c2 In HTTPCore (httpcli.hpp), factor out code into httpcommon.hpp that is common to both HTTP clients and servers, so upcoming HTTP server implementation can leverage on the same code currently used by the client.
06fa9d2f21 Refactored WS::HTTPCore::ChunkedHelper into its own source file in preparation for HTTP server implementation.
efe7f6d620 copyright: updated to 2017
bfadf92762 license : this branch (common) is proprietary, so remove all GPL headers.
fd949d96a3 copyright : updated to 2016
706574a59f Change to calls of Windows API methods:
edcc119b85 In HTTP server (httpserv.hpp), allow users to specify the Windows SDDL string used to set the permissions on created named pipes.
5bb9515515 copyright: updated to 2017
0d4b64139c license : this branch (common) is proprietary, so remove all GPL headers.
61c99b5f6d copyright : updated to 2016
25085c9073 Windows: refactored NamedPipePeerInfoClient/Server to use a common base class that includes most of the implementation.
397d44fccc Windows: In NamedPipePeerInfo::get_process() and allow_client_query(), allow/request SYNCHRONIZE access so that we can wait for process termination by waiting on the process HANDLE.
7bba5cec30 Added openvpn/win/handlecomm.hpp, containing classes for communicating Windows HANDLEs across process boundaries.
b8f3d013aa In Windows npinfo.hpp, added:
c1a793b27f Change to calls of Windows API methods:
22061c8135 In HTTP server (httpserv.hpp), allow users to specify the Windows SDDL string used to set the permissions on created named pipes.
c81b4ac4ff copyright: updated to 2017
a518f007c2 license : this branch (common) is proprietary, so remove all GPL headers.
ad1bf8ee8d copyright : updated to 2016
70866a59dd Refactored openvpn/win/logfile.hpp, moving core methods create_file() and log() into a new file logutil.hpp for use by OMI logger.
2a21d63486 copyright: updated to 2017
4793912e3f license : this branch (common) is proprietary, so remove all GPL headers.
bc9b4390c3 copyright : updated to 2016
2e8946b093 Added openvpn/win/handlecomm.hpp, containing classes for communicating Windows HANDLEs across process boundaries.
ca03dff5f1 Replace AsioTimer with AsioTimerSafe in cases where handler doesn't clearly check for late cancellation
1b2ce81a0d omi/openvpn.cpp: don't catch SIGQUIT
0525116981 Add Remote endpoint information to protect_socket call
d1cc12f410 OMICore: support asynchronous command response
68dafdeee6 Incorrect values of UV_* variables
68d766d95c SSL_LIB_NAME is now defined by sslchoose.hpp
eb3a997c31 AsioTimer: use expires_after() method when possible.
d395ebc9d9 Added i/o abstraction layer.
068e575ee4 Moved asio files from openvpn/common to openvpn/asio
6603bae84b Moved openvpn::to_string() to separate source file.
6cd1e38b57 copyright: updated to 2017
3b1ec62325 mbedTLS: Port from polarssl-1.3 to mbedtls-2.3
e26759a4cf OMI : try to fix issue where autologin profiles that fail auth cause looping reconnect behavior in tray client.
aa8bc50ac5 Updated OMI to support server-side usage.
13d4bfe470 Windows OMI client : wipe stale NRPT rules on startup.
e3f8d6c3cb OMI : in openvpn.cpp, define OMI_VERSION = "1.0.0". OMI_VERSION is passed to OpenVPN server as GUI Version.
bd5d378584 OMI : updated openvpn.cpp to use new ClientAPI::Event::fatal boolean.
5ee545d405 OMI : If --management-query-passwords is not set, treat AUTH_FAILED, DYNAMIC_CHALLENGE, and PROXY_NEED_CREDS events as fatal errors.
5bd17caef0 OMI : fixed bug where reconnect_timer handler was failing to check error parameter.
bdcee725f4 Ported OpenVPN 3 OMI to Windows
17e92b7d3d First working OMI wrapper for OpenVPN 3 client. Tested with OpenVPN Connect on Mac.
f1db4274b5 Initial OMI (OpenVPN Management Interface) commit, still unfinished.
0c5c0cbe57 Acceptor::TCP: don't set reuseport flag by default on listener socket
80e754d00a Replace AsioTimer with AsioTimerSafe in cases where handler doesn't clearly check for late cancellation
ac158fd0bf OMICore: support asynchronous command response
fd1ed92b68 Make lambda functions mutable that benefit from using std::move() on closure vars
35c0480180 AsioTimer: use expires_after() method when possible.
d3da69e35c Added i/o abstraction layer.
cff607cae1 copyright: updated to 2017
658efb6232 license : this branch (common) is proprietary, so remove all GPL headers.
c747b20e2b asio: deal with symbol renaming in latest github master
c0d93bbd5f copyright : updated to 2016
4a45609b29 Updated OMI to support server-side usage.
061daa8e3c OMI : Windows seems to lose >FATAL: notifications that are transmitted immediately before OMI socket close. Work around the issue by adding a 250ms delay between the last write to the socket and the close.
26e99b1a37 Ported OpenVPN 3 OMI to Windows
d0c63d3150 First working OMI wrapper for OpenVPN 3 client. Tested with OpenVPN Connect on Mac.
e8a21acb25 Initial OMI (OpenVPN Management Interface) commit, still unfinished.
1d090e7e88 Use openvpn::strerror_str() instead of std::strerror().
0368d32cb6 copyright: updated to 2017
6e51d02eff license : this branch (common) is proprietary, so remove all GPL headers.
e6f67cedc7 copyright : updated to 2016
7dc71fa837 Added write_private() methods from core (no Windows implementation yet).
0057bb7ec4 jsonhelper: allow NAME or TITLE parameters to be an array index
02b531e619 jsonhelper: extend polymorphism to allow string or numerical indices
f02ea1f762 library: added BijectiveSetMapping and enhanced StringTempl::to_string()
730a57c39e jsonhelper: allow NAME or TITLE parameters to be an array index
ec7d4746b3 Update jsonhelper to current JSONcpp library
e79add27a8 jsonhelper: C++ standard appears to indicate no need to do explicit std::move on return value
b0669ab4e3 jsonhelper: added dict_result() method
6e242ee555 jsonhelper: added error() method
0c61d0dfa8 jsonhelper: minor fix: typo in exception string
201e0e68a2 jsonhelper: added cast() method
9f3afbae91 Json: support parsing from ConstBuffer
e13f1f3859 JSON: added #ifdef OPENVPN_JSON_INTERNAL around code requiring internal JSON lib
d30c6f4e8f jsonhelper: added get_string_ref() method
121d647fe2 jsonhelper: added get_bool_tristate() method
df1695dc74 jsonhelper: get_bool_optional: removed string interpretation
580bbb9bf0 jsonhelper: allow NAME or TITLE parameters to be an array index
819cc56962 jsonhelper: minor changes
550d308480 jsonhelper: extend polymorphism to allow string or numerical indices
672e07f210 jsonhelper: trivial indentation change
372eb97457 jsonhelper: Use new JSON library implementation.
04c3aa9b0a jsonhelper: added format() method outputting to Buffer.
407b83e529 jsonhelper: added get_array() method without title argument.
a01d34deaa jsonhelper: exists() method should return false if argument is not a JSON object.
3d0d9de34e jsonhelper.hpp misc changes
cb6914e6a4 copyright: updated to 2017
b8f64a02b7 license : this branch (common) is proprietary, so remove all GPL headers.
6e33ef89c0 jsonhelper: major refactor
bfb9833354 jsonhelper : added default_value parameter to get_bool_optional()
6e5b04fd01 jsonhelper : added parse_from_buffer()
760ae4a5f1 jsonhelper : added json::format_compact() methods for formatting JSON into a compact representation without extraneous whitespace.
ff804f93f0 copyright : updated to 2016
b850f4875c jsonhelper : added json::get_string_optional() method.
8831925837 jsonhelper : added json::exists() method.
90ece7de04 jsonhelper : for consistency, swap the order of title and default_value in to_uint_optional().
3154ec0f92 jsonhelper : in get_bool_optional(), convert string "true" (case insensitive) to boolean true.
5c25bb7089 jsonhelper.hpp : added new methods parse_from_file(), cast_dict(), and get_array().
76b5f880b5 jsonhelper : added get_bool_optional().
042c0194ac For jsoncpp usage, rename deprecated misspelled method name:
ba18268dfc In class json (jsonhelper.hpp):
1e7e8210ab Added new file openvpn/common/jsonhelper.hpp with convenience methods for dealing with Json::Value objects.
e86b3bef38 endian64.hpp: Add MSVS version of int64 byte swap
b9b4bb8c55 Endian: use more portable method to determine machine byte order
c8a2405722 Add Clang specific swap 64 bit builtin macro
02d95918e4 Endian: added missing inline
db7c5613f3 HTTP layer: added Websocket support
341d983734 JsonClient/AppServer: full HTTP compression support
48444e5513 agent win: implement add_bypass_route
215c6a0976 win/agent: change event.hpp include path
2d5f056b65 openvpn/win/event.hpp: move to openvpn3 repo
bce60fe08b ovpnagent/win: support for Wintun ring buffers registration
15a4499a9d agent: Wintun support for agent
74a51815b0 win agent: properly handle timeout
ba99bd928c cmdagent.hpp: Add missing io_context
2d78ccb803 Added i/o abstraction layer.
8604a87e43 copyright: updated to 2017
068cf36233 license : this branch (common) is proprietary, so remove all GPL headers.
cdf5d6c0b4 copyright : updated to 2016
d8610e5e8f windows cmdagent : updated with new layer 2 virtual methods (none of the methods are current implemented).
78557c54f3 In Windows cmdagent/ovpnagent, make the client exe path available to establish_tun() method.
ebc1292da8 Additional robustness fixes for Windows agent/service:
c3e8b60b89 Windows agent/service changes for better robustness:
c731d2395d For jsoncpp usage, rename deprecated misspelled method name:
447868cf44 Implemented Stop support for Windows cmdagent.hpp (via TunWin::SetupBase interface).
920ca44c29 In Windows cmdagent.hpp, when parsing returned TAP handle, catch the error case where service is 64 bits and client is 32 bits.
7943a1007b Windows OpenVPN agent : refactored internal named-pipe API (between non-privileged client and privileged service) to be based on TunBuilderCapture instead of ActionList:
7f7873d81d Windows client: added privilege separation layer, including:
de5662221c ovpnagent/win: add Visual Studio project files
586e8cc8a8 ovpnagent: Enable pipe name build-time customization
a2962be74e copyright: updated to 2017
1d974645b4 license : this branch (common) is proprietary, so remove all GPL headers.
3fd389586b copyright : updated to 2016
08f8563be5 Windows client: added privilege separation layer, including:
ced729b67f Make lambda functions mutable that benefit from using std::move() on closure vars
be378a8579 Added i/o abstraction layer.
a33bfb08ff copyright: updated to 2017
b15978552c license : this branch (common) is proprietary, so remove all GPL headers.
4d4af4255e copyright : updated to 2016
0b386531ba Factored out HTTP Server acceptor classes into openvpn/acceptor.
267dcad489 WS::Server, Acceptor::TCP: added bind/close logging when OPENVPN_DEBUG_ACCEPT is defined
0e03f4b21b Acceptor::TCP: don't set reuseport flag by default on listener socket
146b143ba1 Make lambda functions mutable that benefit from using std::move() on closure vars
ff207adf05 Added i/o abstraction layer.
f89b6984c1 copyright: updated to 2017
160c4f667a license : this branch (common) is proprietary, so remove all GPL headers.
20a160b723 copyright : updated to 2016
a23ebb0654 Factored out HTTP Server acceptor classes into openvpn/acceptor.
bde3a3ec01 Added i/o abstraction layer.
05f6f01772 copyright: updated to 2017
e316c8d82d license : this branch (common) is proprietary, so remove all GPL headers.
aed8b6c194 copyright : updated to 2016
e8aeff0607 Fixed issue in openvpn/acceptor/namedpipe.hpp when building on pre-Vista Windows: the PIPE_REJECT_REMOTE_CLIENTS flag to CreateNamedPipeA isn't recognized by pre-Vista Windows, so #ifdef out on those platforms.
780fc414c8 Minor fix to namedpipe.hpp: added missing include.
2b0ff516a2 Factored out HTTP Server acceptor classes into openvpn/acceptor.
713d1c9ffc HTTP: added Alt Routing support to HTTP client/server
fd5eb53e18 Added i/o abstraction layer.
f914b19b5a Moved asio files from openvpn/common to openvpn/asio
6a005cd487 copyright: updated to 2017
ac4550b413 license : this branch (common) is proprietary, so remove all GPL headers.
4983ec3e03 copyright : updated to 2016
6e3857adc5 ListenerBase : now inherits from preprocessor var OPENVPN_ACCEPTOR_LISTENER_BASE_RC (which may be virtual) and which defaults to non-virtual RC<thread_unsafe_refcount>
3f8b88e40a Factored out HTTP Server acceptor classes into openvpn/acceptor.
23c14a3e32 AddrPort, PeerAddr: added to_json() methods
6a5430e763 ServerPushList: added JSON parse() method
a9f2055d07 string: added starts_with_delim() function
8ea9b68138 Fix free in RSA external PKI, remove unused return value of EC do_sign
0e13f83152 findcoredeps.cmake: add missing libs to ovpncli
d0ab53a5d5 Merge changes applied to coming Core release
d97d4882d9 net30 topology (win): fix incorrect remote calculation
050f994347 Buffer: added some useful debugging info to buffer_full exception
4c361ec4c3 Expand Unittest documentation
99adaa0e88 Rename openvpnerrstr.c to openvpnerrstr.h
a8e2e15ac0 Fix cityhash build on aarch64
b62654274f ovpn3-core.vcxproj: add ARM64 architecture
d446559992 appveyor: use vcpkg for building deps
4d138252df unittests: added missing #include <mutex>
a0d05ee96c unittests: updated googletest lib dir in build script
1ecb82ee2f kovpn: support disabling compression framing
15e5547849 [OVPN3-492] Add support for external EC certificates/keys
d159dc7c1c Move RSA external key implementation to its own file
22d0f2bf28 dcocli: Do not use KoTun with ENABLE_PG and USE_TUN_BUILDER
d1fd4ef1f1 Minor code style clean up
e7799e32ee Fix missing parameter introduce by add_bypass_routes commit
3817b8072e Refactor selecting tun methods into a common header file
8c9092b56a Rename add_exclude_route to add_route_tunbuilder
6228165f37 Implement configuring DCO dev via tun builder
1e2d7b1c81 Implement opening /dev/net/ovpn via tun builder interface
913adc6807 Move KoTun::DevConf into its own header file
1668f1cd9b cliopthelper: Extend support for encrypted EC private keys
acec6e80ee mac: add bypass route from socket_protect call
a9659a7d1f tun mac: implement add_bypass_route() method
044c058045 xcode: update project file
11d705d2c7 wintun: fix ring buffer registration
93c111242c Removed unused directories
1719681472 Added HTTP::headers_redact() for redacting basic auth creds from Authorization header
fd82cec419 logsimple.hpp: OPENVPN_LOG_STRING, OPENVPN_LOG_NTNL: flush output stream
a8275e13f4 Add ovpnclinull and ovpnclidco variants to cmake build script
02e524dcef Merge branch 'released' into master
81d6e5c3c1 Update version to indicate development base version
7bd55e0a7b mbedtls: Add support for --verify-x509-name
ae6bf893bb mbedtls: Add unit tests for x509_get_subject() and x509_get_common_name()
fc060bd317 mbedtls: Move x509_get_subject() and x509_get_common_name() to an independent file
7900c71f5c mbedtls: Add missing include file in x509cert.hpp
61ba6e9c41 openssl: Add unit tests for OpenSSLPKI::x509_get_*() functions
5f881fe7bf openssl: Move generic X.509 cert extraction code to a separate file
5839869202 openssl: Add --verify-x509-name support
71a14a3553 verify-x509-name: Implement base class for processing this option
1d751ffb7d Linux/TunMethods: Avoid adding IPv6 routes without an IPv6 config
6ae997472c Add macOS implementation in cpu time helper and adjust unit test
12309c31b6 Document unit tests
f6aada9577 Tempfile.hpp is unix only, add error when including it on win32
204d7e4a20 Replace OPENVPN_INSECURE_RANDOM with FakeRandom class
54fbe7604c Fix file modifcation time retrieval stat.hpp on macOS
da41ea24d8 Require internal json for sslctx json functions
e790c45eda Add helper functions for temporary file and joining test outputs
717109f1f4 Build cityhash on OS X and Windows to run pg related unit test
16342679fe Add helper function to get the content of a expected output file
9baaa88f08 set PLAT macro as OPENVPN_PLAT so other cmake files can also use it
f5f9b4d57c Add missing override keywords in openssl/sslctx.hpp
7324ca879e Add OPENVPN_LOG implementation that can collect logs in a variable
38a5f2d413 Increase default C++ level on macOS to C++ 14
48d4fdeb4b README.rst: update Windows build instruction
8e20b4c134 vcxproj: remove O3 env var
b04c9a311d win: remove python build scripts
5e2bef23e3 cmake: update findcoredeps to work with vcpkg
317f41931f vcpkg: add port overlays
38b733dafd vcxproj: support for vcpkg
git-subtree-dir: Sources/OpenVPN3
git-subtree-split: 0f797d848e96f2b7acb984490b5bb81f82dc1657
d8180f8d84 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
db649896e6 Merge pull request #2895 from gilles-peskine-arm/drbg-set_entropy_len-2.7
373a7097eb Merge pull request #673 from gilles-peskine-arm/ctr_drbg-aes_fail-2.7
b2be1fca2c Catch AES failure in mbedtls_ctr_drbg_random
df1b3e54c7 Merge pull request #2937 from gilles-peskine-arm/memory_buffer_alloc-fatal-pass-2.7
02fbc08d2e Enable more test cases without MBEDTLS_MEMORY_DEBUG
786f068ec0 More accurate test case description
04d45c98e8 Clarify that the "FATAL" message is expected
c5a016dde1 Merge remote-tracking branch 'restricted/pr/666' into mbedtls-2.7-restricted
e70059df85 Merge remote-tracking branch 'restricted/pr/668' into mbedtls-2.7-restricted
10fcdd25d4 Merge pull request #664 from ARMmbed/dev/yanesca/iotcrypt-958-ecdsa-side-channel-fix-2.7
07597365cd Zeroize local AES variables before exiting the function
dfa4d71873 Add ChangeLog entry
b4edac5616 mpi_lt_mpi_ct: fix condition handling
f4482aaccc mpi_lt_mpi_ct: Add further tests
a776aea91a mpi_lt_mpi_ct: Fix test numbering
1b86eeb06b mpi_lt_mpi_ct perform tests for both limb size
5823961558 ct_lt_mpi_uint: cast the return value explicitely
6adff06e50 mbedtls_mpi_lt_mpi_ct: add tests for 32 bit limbs
cff9e6e03d mbedtls_mpi_lt_mpi_ct: simplify condition
8ec2a953af Rename variable for better readability
a2b9a96fb8 mbedtls_mpi_lt_mpi_ct: Improve documentation
51ed14e20f Make mbedtls_mpi_lt_mpi_ct more portable
9741fa6e2b Bignum: Document assumptions about the sign field
9332ecefc8 Add more tests for mbedtls_mpi_lt_mpi_ct
aaa3f22b76 mpi_lt_mpi_ct test: hardcode base 16
3173a53fe9 Document ct_lt_mpi_uint
782cbe592d mpi_lt_mpi_ct: make use of unsigned consistent
db9f449409 ct_lt_mpi_uint: make use of biL
c3b376e2f2 Change mbedtls_mpi_cmp_mpi_ct to check less than
8461c0e2a8 mbedtls_mpi_cmp_mpi_ct: remove multiplications
8de2d45cd7 Remove excess vertical space
c587a32a9c Remove declaration after statement
5f3019b298 Fix side channel vulnerability in ECDSA
883801d3ec Add tests to constant time mpi comparison
e0187b95f0 Add new, constant time mpi comparison
4c575c0270 Note that mbedtls_ctr_drbg_seed() must not be called twice
eab4d701ca Fix CTR_DRBG benchmark
5cf41f80a4 Add ChangeLog entry
82debf8332 ECDSA: Fix side channel vulnerability
093aa517c4 Changelog entry for xxx_drbg_set_entropy_len before xxx_drbg_seed
b729e1b9ba CTR_DRBG: support set_entropy_len() before seed()
845ac103a9 CTR_DRBG: Don't use functions before they're defined
9c742249cf HMAC_DRBG: support set_entropy_len() before seed()
c87a54683b Merge pull request #2900 from gilles-peskine-arm/asan-test-fail-2.7
cc656ac96b Merge pull request #2872 from gilles-peskine-arm/test_malloc_0_null-2.7
5ee14d70d2 'make test' must fail if Asan fails
4c2697f43f Asan make builds: avoid sanitizer recovery
260921d3f2 Use UBsan in addition to Asan with 'make test'
c20a4053c3 Unify ASan options in make builds
395d8c1222 Merge remote-tracking branch 'origin/pr/2878' into mbedtls-2.7
55e120b9b2 mbedtls_hmac_drbg_set_entropy_len() only matters when reseeding
dff3682477 mbedtls_ctr_drbg_set_entropy_len() only matters when reseeding
2abefefec2 mbedtls_ctr_drbg_seed: correct maximum for len
406d25878c Add a note about CTR_DRBG security strength to config.h
f0b3dcb14b CTR_DRBG: more consistent formatting and wording
b9cfe58180 DRBG documentation: Relate f_entropy arguments to the entropy module
97edf5e1e2 Add ChangeLog entry for the DRBG documentation improvements
5cc748e58f Merge remote-tracking branch 'origin/pr/2866' into mbedtls-2.7
d89173066c HMAC_DRBG documentation improvements
2fc6cf5da7 Merge remote-tracking branch 'origin/pr/2704' into mbedtls-2.7
eb99c1028f CTR_DRBG: explain the security strength and the entropy input length
25e1945321 CTR_DRBG documentation improvements
0ab4092e2d Reduce stack usage of test_suite_pkcs1_v15
dd4277f70d Reduce stack usage of test_suite_pkcs1_v21
b3d3973264 Reduce stack usage of test_suite_rsa
6827d1c588 Reduce stack usage of test_suite_pk
0981a5d7ab Add a test component with malloc(0) returning NULL
ea5d3571b0 Add a calloc self-test
d28b9b3c5d Merge remote-tracking branch 'origin/pr/2828' into mbedtls-2.7
9b1c248209 Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh
7eb7f8db8b Remove unnecessary memory buffer alloc unsets
6addfdd190 Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test
9a461a1cd7 all.sh: restructure memory allocator tests
7aad93c9da Add missing dependency in memory buffer alloc set in all.sh
19aa89ad47 Don't set MBEDTLS_MEMORY_DEBUG through `scripts/config.pl full`
8561115cb8 Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C
167ae43852 Add all.sh run with full config and ASan enabled
f5baaaaf89 Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
e1c62e6641 Update documentation of exceptions for `config.pl full`
c7f97f1c8d Adapt all.sh to removal of buffer allocator from full config
26c333ac01 Disable memory buffer allocator in full config
76ef31116b Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h
9bf1509ef3 Adapt auth_crypt_tv usage to 2.7
dd91b24764 Add missing dependencies in test_suite_cipher.gcm
d62577fa74 Adapt ChangeLog
311276c871 Add NIST AES GCM test vectors to single-step cipher API test suite
git-subtree-dir: Sources/mbedTLS
git-subtree-split: f8199650a9d49b3982a7b7f3d448899b67b09571
