2010.08.10 -- Version 2.2-beta1
* When aborting in a non-graceful way, try to execute do_close_tun in
init.c prior to daemon exit to ensure that the tun/tap interface is
closed and any added routes are deleted.
* Fixed an issue where AUTH_FAILED was not being properly delivered
to the client when a bad password is given for mid-session reauth,
causing the connection to fail without an error indication.
* Don't advance to the next connection profile on AUTH_FAILED errors.
* Fixed an issue in the Management Interface that could cause
a process hang with 100% CPU utilization in --management-client
mode if the management interface client disconnected at the
point where credentials are queried.
* Fixed an issue where if reneg-sec was set to 0 on the client,
so that the server-side value would take precedence,
the auth_deferred_expire_window function would incorrectly
return a window period of 0 seconds. In this case, the
correct window period should be the handshake window
period.
* Modified ">PASSWORD:Verification Failed" management interface
notification to include a client reason string:
>PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']
* Enable exponential backoff in reliability layer
retransmits.
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
socket is created rather than waiting until after connect/listen.
* Management interface performance optimizations:
1. Added env-filter MI command to perform filtering on env vars
passed through as a part of --management-client-auth
2. man_write will now try to aggregate output into larger blocks
(up to 1024 bytes) for more efficient i/o
* Fixed minor issue in Windows TAP driver DEBUG builds
where non-null-terminated unicode strings were being
printed incorrectly.
* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
was not being compiled in.
* Proxy improvements:
Improved the ability of http-auth "auto" flag to dynamically detect
the auth method required by the proxy.
Added http-auth "auto-nct" flag to reject weak proxy auth methods.
Added HTTP proxy digest authentication method.
Removed extraneous openvpn_sleep calls from proxy.c.
* Implemented http-proxy-override and http-proxy-fallback directives to make it
easier for OpenVPN client UIs to start a pre-existing client config file with
proxy options, or to adaptively fall back to a proxy connection if a direct
connection fails.
* Implemented a key/value auth channel from client to server.
* Fixed issue where bad creds provided by the management interface
for HTTP Proxy Basic Authentication would go into an infinite
retry-fail loop instead of requerying the management interface for
new creds.
* Added support for MSVC debugging of openvpn.exe in settings.in:
# Build debugging version of openvpn.exe
!define PRODUCT_OPENVPN_DEBUG
* Implemented multi-address DNS expansion on the network field of route
commands.
When only a single IP address is desired from a multi-address DNS
expansion, use the first address rather than a random selection.
* Added --register-dns option for Windows.
Fixed some issues on Windows with --log, subprocess creation
for command execution, and stdout/stderr redirection.
* Fixed an issue where application payload transmissions on the
TLS control channel (such as AUTH_FAILED) that occur during
or immediately after a TLS renegotiation might be dropped.
* Added warning about tls-remote option in man page.
* Community patches (from openvpn-testing.git tree)
Alberto Gonzalez Iniesta (1):
Debian patch: Fix spelling in log message
Dan Nelson (1):
bash->bourne script cleanup
Daniel Johnson (1):
auth-pam plugin update: Support DOMAIN+USERNAME in config
David Sommerseth (22):
Reworked the eurephia patch for inclusion to the openvpn-testing tree
Added mapping files from SVN commit ID to more descriptive commit IDs.
verb 5 logging wrongly reports received bytes
On TARGET_LINUX define _GNU_SOURCE if not defined
Fix autotools cross-compiling support
Add comile time information/settings from ./configure to --version
Make use of counter_type instead of int when counting bytes and network packets
Updated the man page to reflect the behavioural change of create_temp_file()
Removed no longer needed delete_file() call
Fixed potential NULL pointer issue
Fix dependency checking for configure.h (v2)
Make use of automake CLEANFILES variable instead of clean-local rule
Don't add compile time information if --enable-small is used
Harden create_temp_filename() (version 2)
Renamed all calls to create_temp_filename()
Updated the man page to reflect the behavioural change of create_temp_file()
Removed no longer needed delete_file() call
Avoid repetition of "this config may cache passwords in memory" (v2)
Revamped the script-security warning logging (version 2)
Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch)
Solved hidden merge conflict between changes in feat_misc and bugfix2.1
Fix multiple configured scripts conflicts issue (version 2)
Davide Brini (6):
OCSP_check.sh: new check logic
The man page does not mention that the default value of "mssfix" is 1450.
Enhance contrib/pull-resolv-conf/client.{up,down} scripts
Fix missing /bin/bash -> /bin/sh
Fix certificate serial number export
Exclude ping and control packets from activity
Emilien Mantel (2):
Choose a different field in X509 to be username
Fixed static defined length check to use sizeof()
Enrico Scholz (1):
Allow 'lport 0' setup for random port binding
Fabian Knittel (1):
ssl.c: fix use of openvpn_run_script()'s return value
Gert Doering (3):
remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfig
Implement IPv6 in TUN mode for Windows TAP driver.
fix date format mistake in PRODUCT_TAP_RELDATE (Peter Stuge)
Jan Brinkmann (1):
The man page needs dash escaping in UTF-8 environments
Karl O. Pinc (2):
Change verify-cn so cn is no longer hardcoded in openvpn's config file
Several updates to openvpn.8 (man page updates)
Mathieu GIANNECCHINI (1):
enhance tls-verify possibility
Wil Cooley (1):
pkitool lacks expected option "--help"
chantra (2):
Handle non standard subnets in PF grammar
Fix errors in openvpn-plugin.h documentation