Version in base suite: 2.6.3-1+deb12u4 Base version: openvpn_2.6.3-1+deb12u4 Target version: openvpn_2.6.14-0+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openvpn/openvpn_2.6.3-1+deb12u4.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openvpn/openvpn_2.6.14-0+deb12u1.dsc /srv/release.debian.org/tmp/LRXnmKaPis/openvpn-2.6.14/sample/sample-keys/client.p12 |binary openvpn-2.6.14/.gitignore | 16 openvpn-2.6.14/CMakeLists.txt | 739 + openvpn-2.6.14/CMakePresets.json | 228 openvpn-2.6.14/CONTRIBUTING.rst | 42 openvpn-2.6.14/COPYING | 44 openvpn-2.6.14/ChangeLog | 357 openvpn-2.6.14/Changes.rst | 596 + openvpn-2.6.14/Makefile.am | 21 openvpn-2.6.14/Makefile.in | 90 openvpn-2.6.14/PORTS | 2 openvpn-2.6.14/README | 6 openvpn-2.6.14/README.cmake.md | 142 openvpn-2.6.14/README.dco.md | 134 openvpn-2.6.14/README.ec | 36 openvpn-2.6.14/README.mbedtls | 32 openvpn-2.6.14/README.wolfssl | 30 openvpn-2.6.14/aclocal.m4 | 417 openvpn-2.6.14/build/Makefile.am | 2 openvpn-2.6.14/build/Makefile.in | 267 openvpn-2.6.14/build/msvc/Makefile.am | 15 openvpn-2.6.14/build/msvc/Makefile.in | 710 - openvpn-2.6.14/build/msvc/msvc-generate/Makefile.am | 18 openvpn-2.6.14/build/msvc/msvc-generate/Makefile.in | 539 - openvpn-2.6.14/build/msvc/msvc-generate/Makefile.mak | 67 openvpn-2.6.14/build/msvc/msvc-generate/msvc-generate.js | 118 openvpn-2.6.14/build/msvc/msvc-generate/msvc-generate.vcxproj | 158 openvpn-2.6.14/config-msvc-version.h.in | 14 openvpn-2.6.14/config-msvc.h | 93 openvpn-2.6.14/config.guess | 16 openvpn-2.6.14/config.h.cmake.in | 473 openvpn-2.6.14/config.h.in | 170 openvpn-2.6.14/config.sub | 20 openvpn-2.6.14/configure | 4761 ++++++---- openvpn-2.6.14/configure.ac | 104 openvpn-2.6.14/contrib/OCSP_check/OCSP_check.sh | 2 openvpn-2.6.14/contrib/cmake/git-version.py | 83 openvpn-2.6.14/contrib/cmake/parse-version.m4.py | 64 openvpn-2.6.14/contrib/vcpkg-manifests/mingw/vcpkg.json | 13 openvpn-2.6.14/contrib/vcpkg-manifests/windows/vcpkg.json | 20 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-compatibility-with-vcpkg-nmake.patch | 38 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/0002-config-w32-vc.h.in-indicate-OpenSSL.patch | 33 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/CONTROL | 4 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/config-w32-vc.h.in-indicate-OpenSSL.patch | 33 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/nmake-compatibility-with-vcpkg-nmake.patch | 38 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch | 2 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch | 102 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake | 57 openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json | 7 openvpn-2.6.14/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake | 8 openvpn-2.6.14/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake | 8 openvpn-2.6.14/debian/changelog | 20 openvpn-2.6.14/debian/copyright | 5 openvpn-2.6.14/debian/openvpn@.service | 2 openvpn-2.6.14/debian/patches/CVE-2023-46849.patch | 113 openvpn-2.6.14/debian/patches/CVE-2023-46850.patch | 53 openvpn-2.6.14/debian/patches/CVE-2024-28882.patch | 131 openvpn-2.6.14/debian/patches/CVE-2024-5594-regression-fix.patch | 203 openvpn-2.6.14/debian/patches/CVE-2024-5594.patch | 355 openvpn-2.6.14/debian/patches/CVE-2025-2704.patch | 282 openvpn-2.6.14/debian/patches/CVE-2026-35058.patch | 91 openvpn-2.6.14/debian/patches/CVE-2026-40215.patch | 54 openvpn-2.6.14/debian/patches/fix-dangling-pointer-in-pkcs11.patch | 37 openvpn-2.6.14/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch | 33 openvpn-2.6.14/debian/patches/sample-keys-renew-10-years.patch | 1618 --- openvpn-2.6.14/debian/patches/series | 12 openvpn-2.6.14/debian/patches/systemd.patch | 29 openvpn-2.6.14/debian/po/ro.po | 49 openvpn-2.6.14/distro/Makefile.am | 2 openvpn-2.6.14/distro/Makefile.in | 24 openvpn-2.6.14/distro/systemd/Makefile.am | 7 openvpn-2.6.14/distro/systemd/Makefile.in | 38 openvpn-2.6.14/distro/systemd/openvpn-client@.service.in | 4 openvpn-2.6.14/distro/systemd/openvpn-server@.service.in | 4 openvpn-2.6.14/doc/CMakeLists.txt | 113 openvpn-2.6.14/doc/Makefile.am | 14 openvpn-2.6.14/doc/Makefile.in | 51 openvpn-2.6.14/doc/README.man | 22 openvpn-2.6.14/doc/android.txt | 101 openvpn-2.6.14/doc/doxygen/Makefile.am | 21 openvpn-2.6.14/doc/doxygen/Makefile.in | 44 openvpn-2.6.14/doc/doxygen/doc_compression.h | 91 openvpn-2.6.14/doc/doxygen/doc_control_processor.h | 184 openvpn-2.6.14/doc/doxygen/doc_control_tls.h | 104 openvpn-2.6.14/doc/doxygen/doc_data_control.h | 102 openvpn-2.6.14/doc/doxygen/doc_data_crypto.h | 70 openvpn-2.6.14/doc/doxygen/doc_eventloop.h | 66 openvpn-2.6.14/doc/doxygen/doc_external_multiplexer.h | 45 openvpn-2.6.14/doc/doxygen/doc_fragmentation.h | 95 openvpn-2.6.14/doc/doxygen/doc_internal_multiplexer.h | 43 openvpn-2.6.14/doc/doxygen/doc_key_generation.h | 158 openvpn-2.6.14/doc/doxygen/doc_mainpage.h | 161 openvpn-2.6.14/doc/doxygen/doc_memory_management.h | 98 openvpn-2.6.14/doc/doxygen/doc_protocol_overview.h | 197 openvpn-2.6.14/doc/doxygen/doc_reliable.h | 48 openvpn-2.6.14/doc/doxygen/doc_tunnel_state.h | 154 openvpn-2.6.14/doc/keying-material-exporter.txt | 137 openvpn-2.6.14/doc/man-sections/cipher-negotiation.rst | 18 openvpn-2.6.14/doc/man-sections/client-options.rst | 83 openvpn-2.6.14/doc/man-sections/connection-profiles.rst | 2 openvpn-2.6.14/doc/man-sections/encryption-options.rst | 6 openvpn-2.6.14/doc/man-sections/example-fingerprint.rst | 14 openvpn-2.6.14/doc/man-sections/generic-options.rst | 9 openvpn-2.6.14/doc/man-sections/inline-files.rst | 2 openvpn-2.6.14/doc/man-sections/pkcs11-options.rst | 2 openvpn-2.6.14/doc/man-sections/protocol-options.rst | 8 openvpn-2.6.14/doc/man-sections/proxy-options.rst | 39 openvpn-2.6.14/doc/man-sections/renegotiation.rst | 2 openvpn-2.6.14/doc/man-sections/script-options.rst | 60 openvpn-2.6.14/doc/man-sections/server-options.rst | 4 openvpn-2.6.14/doc/man-sections/tls-options.rst | 40 openvpn-2.6.14/doc/man-sections/vpn-network-options.rst | 21 openvpn-2.6.14/doc/man-sections/windows-options.rst | 7 openvpn-2.6.14/doc/openvpn-examples.5 | 10 openvpn-2.6.14/doc/openvpn-examples.5.html | 8 openvpn-2.6.14/doc/openvpn.8 | 652 - openvpn-2.6.14/doc/openvpn.8.html | 230 openvpn-2.6.14/doc/tests/authentication-plugins.md | 151 openvpn-2.6.14/doc/tls-crypt-v2.txt | 233 openvpn-2.6.14/include/Makefile.am | 2 openvpn-2.6.14/include/Makefile.in | 35 openvpn-2.6.14/include/openvpn-msg.h | 13 openvpn-2.6.14/include/openvpn-plugin.h | 4 openvpn-2.6.14/include/openvpn-plugin.h.in | 2 openvpn-2.6.14/ltmain.sh | 1553 +-- openvpn-2.6.14/m4/libtool.m4 | 662 - openvpn-2.6.14/m4/ltoptions.m4 | 108 openvpn-2.6.14/m4/ltsugar.m4 | 2 openvpn-2.6.14/m4/ltversion.m4 | 13 openvpn-2.6.14/m4/lt~obsolete.m4 | 4 openvpn-2.6.14/openvpn.sln | 107 openvpn-2.6.14/sample/Makefile.am | 2 openvpn-2.6.14/sample/Makefile.in | 33 openvpn-2.6.14/sample/sample-config-files/README | 2 openvpn-2.6.14/sample/sample-config-files/client.conf | 23 openvpn-2.6.14/sample/sample-config-files/home.up | 2 openvpn-2.6.14/sample/sample-config-files/loopback-client | 313 openvpn-2.6.14/sample/sample-config-files/office.up | 2 openvpn-2.6.14/sample/sample-config-files/server.conf | 55 openvpn-2.6.14/sample/sample-config-files/tls-home.conf | 83 openvpn-2.6.14/sample/sample-config-files/tls-office.conf | 86 openvpn-2.6.14/sample/sample-keys/ca.crt | 67 openvpn-2.6.14/sample/sample-keys/ca.key | 100 openvpn-2.6.14/sample/sample-keys/client-ec.crt | 129 openvpn-2.6.14/sample/sample-keys/client-ec.key | 6 openvpn-2.6.14/sample/sample-keys/client-pass.key | 60 openvpn-2.6.14/sample/sample-keys/client.crt | 162 openvpn-2.6.14/sample/sample-keys/client.key | 52 openvpn-2.6.14/sample/sample-keys/dh2048.pem | 12 openvpn-2.6.14/sample/sample-keys/gen-sample-keys.sh | 5 openvpn-2.6.14/sample/sample-keys/server-ec.crt | 132 openvpn-2.6.14/sample/sample-keys/server-ec.key | 6 openvpn-2.6.14/sample/sample-keys/server.crt | 166 openvpn-2.6.14/sample/sample-keys/server.key | 52 openvpn-2.6.14/sample/sample-keys/ta.key | 32 openvpn-2.6.14/sample/sample-plugins/Makefile | 158 openvpn-2.6.14/sample/sample-plugins/Makefile.am | 2 openvpn-2.6.14/sample/sample-plugins/Makefile.in | 26 openvpn-2.6.14/sample/sample-plugins/Makefile.plugins | 2 openvpn-2.6.14/sample/sample-plugins/client-connect/sample-client-connect.c | 8 openvpn-2.6.14/sample/sample-plugins/defer/multi-auth.c | 2 openvpn-2.6.14/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c | 6 openvpn-2.6.14/sample/sample-plugins/log/log.c | 2 openvpn-2.6.14/sample/sample-plugins/log/log_v3.c | 4 openvpn-2.6.14/sample/sample-plugins/simple/base64.c | 2 openvpn-2.6.14/sample/sample-plugins/simple/simple.c | 2 openvpn-2.6.14/src/Makefile.am | 2 openvpn-2.6.14/src/Makefile.in | 24 openvpn-2.6.14/src/compat/Debug.props | 21 openvpn-2.6.14/src/compat/Makefile.am | 11 openvpn-2.6.14/src/compat/Makefile.in | 47 openvpn-2.6.14/src/compat/PropertySheet.props | 29 openvpn-2.6.14/src/compat/Release.props | 26 openvpn-2.6.14/src/compat/compat-basename.c | 2 openvpn-2.6.14/src/compat/compat-daemon.c | 7 openvpn-2.6.14/src/compat/compat-dirname.c | 2 openvpn-2.6.14/src/compat/compat-gettimeofday.c | 4 openvpn-2.6.14/src/compat/compat-strsep.c | 4 openvpn-2.6.14/src/compat/compat-versionhelpers.h | 116 openvpn-2.6.14/src/compat/compat.vcxproj | 179 openvpn-2.6.14/src/openvpn/Makefile.am | 4 openvpn-2.6.14/src/openvpn/Makefile.in | 133 openvpn-2.6.14/src/openvpn/argv.c | 4 openvpn-2.6.14/src/openvpn/argv.h | 2 openvpn-2.6.14/src/openvpn/auth_token.c | 4 openvpn-2.6.14/src/openvpn/auth_token.h | 2 openvpn-2.6.14/src/openvpn/base64.c | 2 openvpn-2.6.14/src/openvpn/basic.h | 2 openvpn-2.6.14/src/openvpn/block_dns.c | 4 openvpn-2.6.14/src/openvpn/block_dns.h | 2 openvpn-2.6.14/src/openvpn/buffer.c | 27 openvpn-2.6.14/src/openvpn/buffer.h | 15 openvpn-2.6.14/src/openvpn/circ_list.h | 2 openvpn-2.6.14/src/openvpn/clinat.c | 4 openvpn-2.6.14/src/openvpn/clinat.h | 2 openvpn-2.6.14/src/openvpn/common.h | 2 openvpn-2.6.14/src/openvpn/comp-lz4.c | 6 openvpn-2.6.14/src/openvpn/comp-lz4.h | 4 openvpn-2.6.14/src/openvpn/comp.c | 6 openvpn-2.6.14/src/openvpn/comp.h | 2 openvpn-2.6.14/src/openvpn/compstub.c | 4 openvpn-2.6.14/src/openvpn/console.c | 6 openvpn-2.6.14/src/openvpn/console.h | 4 openvpn-2.6.14/src/openvpn/console_builtin.c | 6 openvpn-2.6.14/src/openvpn/console_systemd.c | 1 openvpn-2.6.14/src/openvpn/crypto.c | 24 openvpn-2.6.14/src/openvpn/crypto.h | 16 openvpn-2.6.14/src/openvpn/crypto_backend.h | 6 openvpn-2.6.14/src/openvpn/crypto_mbedtls.c | 82 openvpn-2.6.14/src/openvpn/crypto_mbedtls.h | 4 openvpn-2.6.14/src/openvpn/crypto_openssl.c | 115 openvpn-2.6.14/src/openvpn/crypto_openssl.h | 16 openvpn-2.6.14/src/openvpn/cryptoapi.c | 105 openvpn-2.6.14/src/openvpn/dco.c | 22 openvpn-2.6.14/src/openvpn/dco.h | 6 openvpn-2.6.14/src/openvpn/dco_freebsd.c | 85 openvpn-2.6.14/src/openvpn/dco_freebsd.h | 1 openvpn-2.6.14/src/openvpn/dco_internal.h | 4 openvpn-2.6.14/src/openvpn/dco_linux.c | 29 openvpn-2.6.14/src/openvpn/dco_linux.h | 6 openvpn-2.6.14/src/openvpn/dco_win.c | 40 openvpn-2.6.14/src/openvpn/dco_win.h | 4 openvpn-2.6.14/src/openvpn/dhcp.c | 4 openvpn-2.6.14/src/openvpn/dhcp.h | 2 openvpn-2.6.14/src/openvpn/dns.c | 17 openvpn-2.6.14/src/openvpn/dns.h | 9 openvpn-2.6.14/src/openvpn/env_set.c | 6 openvpn-2.6.14/src/openvpn/env_set.h | 2 openvpn-2.6.14/src/openvpn/errlevel.h | 2 openvpn-2.6.14/src/openvpn/error.c | 19 openvpn-2.6.14/src/openvpn/error.h | 10 openvpn-2.6.14/src/openvpn/event.c | 4 openvpn-2.6.14/src/openvpn/event.h | 2 openvpn-2.6.14/src/openvpn/fdmisc.c | 4 openvpn-2.6.14/src/openvpn/fdmisc.h | 2 openvpn-2.6.14/src/openvpn/forward.c | 188 openvpn-2.6.14/src/openvpn/forward.h | 4 openvpn-2.6.14/src/openvpn/fragment.c | 4 openvpn-2.6.14/src/openvpn/fragment.h | 4 openvpn-2.6.14/src/openvpn/gremlin.c | 4 openvpn-2.6.14/src/openvpn/gremlin.h | 2 openvpn-2.6.14/src/openvpn/helper.c | 4 openvpn-2.6.14/src/openvpn/helper.h | 2 openvpn-2.6.14/src/openvpn/httpdigest.c | 4 openvpn-2.6.14/src/openvpn/httpdigest.h | 2 openvpn-2.6.14/src/openvpn/init.c | 47 openvpn-2.6.14/src/openvpn/init.h | 2 openvpn-2.6.14/src/openvpn/integer.h | 2 openvpn-2.6.14/src/openvpn/interval.c | 4 openvpn-2.6.14/src/openvpn/interval.h | 2 openvpn-2.6.14/src/openvpn/list.c | 4 openvpn-2.6.14/src/openvpn/list.h | 2 openvpn-2.6.14/src/openvpn/lladdr.c | 2 openvpn-2.6.14/src/openvpn/lzo.c | 8 openvpn-2.6.14/src/openvpn/lzo.h | 14 openvpn-2.6.14/src/openvpn/manage.c | 6 openvpn-2.6.14/src/openvpn/manage.h | 2 openvpn-2.6.14/src/openvpn/mbedtls_compat.h | 189 openvpn-2.6.14/src/openvpn/mbuf.c | 4 openvpn-2.6.14/src/openvpn/mbuf.h | 2 openvpn-2.6.14/src/openvpn/memdbg.h | 2 openvpn-2.6.14/src/openvpn/misc.c | 77 openvpn-2.6.14/src/openvpn/misc.h | 28 openvpn-2.6.14/src/openvpn/mroute.c | 4 openvpn-2.6.14/src/openvpn/mroute.h | 2 openvpn-2.6.14/src/openvpn/mss.c | 4 openvpn-2.6.14/src/openvpn/mss.h | 2 openvpn-2.6.14/src/openvpn/mstats.c | 4 openvpn-2.6.14/src/openvpn/mstats.h | 2 openvpn-2.6.14/src/openvpn/mtcp.c | 4 openvpn-2.6.14/src/openvpn/mtcp.h | 2 openvpn-2.6.14/src/openvpn/mtu.c | 4 openvpn-2.6.14/src/openvpn/mtu.h | 2 openvpn-2.6.14/src/openvpn/mudp.c | 4 openvpn-2.6.14/src/openvpn/mudp.h | 2 openvpn-2.6.14/src/openvpn/multi.c | 37 openvpn-2.6.14/src/openvpn/multi.h | 2 openvpn-2.6.14/src/openvpn/networking.h | 2 openvpn-2.6.14/src/openvpn/networking_freebsd.c | 2 openvpn-2.6.14/src/openvpn/networking_iproute2.c | 4 openvpn-2.6.14/src/openvpn/networking_iproute2.h | 2 openvpn-2.6.14/src/openvpn/networking_sitnl.c | 4 openvpn-2.6.14/src/openvpn/networking_sitnl.h | 2 openvpn-2.6.14/src/openvpn/ntlm.c | 40 openvpn-2.6.14/src/openvpn/occ.c | 6 openvpn-2.6.14/src/openvpn/occ.h | 2 openvpn-2.6.14/src/openvpn/openssl_compat.h | 20 openvpn-2.6.14/src/openvpn/openvpn.c | 4 openvpn-2.6.14/src/openvpn/openvpn.h | 8 openvpn-2.6.14/src/openvpn/openvpn.vcxproj | 470 openvpn-2.6.14/src/openvpn/openvpn_win32_resources.rc | 2 openvpn-2.6.14/src/openvpn/options.c | 136 openvpn-2.6.14/src/openvpn/options.h | 6 openvpn-2.6.14/src/openvpn/options_util.c | 4 openvpn-2.6.14/src/openvpn/options_util.h | 2 openvpn-2.6.14/src/openvpn/otime.c | 4 openvpn-2.6.14/src/openvpn/otime.h | 2 openvpn-2.6.14/src/openvpn/ovpn_dco_freebsd.h | 1 openvpn-2.6.14/src/openvpn/ovpn_dco_win.h | 7 openvpn-2.6.14/src/openvpn/packet_id.c | 4 openvpn-2.6.14/src/openvpn/packet_id.h | 2 openvpn-2.6.14/src/openvpn/perf.c | 4 openvpn-2.6.14/src/openvpn/perf.h | 2 openvpn-2.6.14/src/openvpn/ping.c | 4 openvpn-2.6.14/src/openvpn/ping.h | 2 openvpn-2.6.14/src/openvpn/pkcs11.c | 5 openvpn-2.6.14/src/openvpn/pkcs11.h | 2 openvpn-2.6.14/src/openvpn/pkcs11_backend.h | 2 openvpn-2.6.14/src/openvpn/pkcs11_mbedtls.c | 4 openvpn-2.6.14/src/openvpn/pkcs11_openssl.c | 16 openvpn-2.6.14/src/openvpn/platform.c | 8 openvpn-2.6.14/src/openvpn/platform.h | 2 openvpn-2.6.14/src/openvpn/plugin.c | 22 openvpn-2.6.14/src/openvpn/plugin.h | 2 openvpn-2.6.14/src/openvpn/pool.c | 6 openvpn-2.6.14/src/openvpn/pool.h | 2 openvpn-2.6.14/src/openvpn/proto.c | 4 openvpn-2.6.14/src/openvpn/proto.h | 8 openvpn-2.6.14/src/openvpn/proxy.c | 56 openvpn-2.6.14/src/openvpn/proxy.h | 7 openvpn-2.6.14/src/openvpn/ps.c | 8 openvpn-2.6.14/src/openvpn/ps.h | 2 openvpn-2.6.14/src/openvpn/push.c | 33 openvpn-2.6.14/src/openvpn/push.h | 2 openvpn-2.6.14/src/openvpn/pushlist.h | 2 openvpn-2.6.14/src/openvpn/reflect_filter.c | 4 openvpn-2.6.14/src/openvpn/reflect_filter.h | 2 openvpn-2.6.14/src/openvpn/reliable.c | 4 openvpn-2.6.14/src/openvpn/reliable.h | 2 openvpn-2.6.14/src/openvpn/ring_buffer.h | 2 openvpn-2.6.14/src/openvpn/route.c | 115 openvpn-2.6.14/src/openvpn/route.h | 2 openvpn-2.6.14/src/openvpn/run_command.c | 4 openvpn-2.6.14/src/openvpn/run_command.h | 2 openvpn-2.6.14/src/openvpn/schedule.c | 4 openvpn-2.6.14/src/openvpn/schedule.h | 2 openvpn-2.6.14/src/openvpn/session_id.c | 4 openvpn-2.6.14/src/openvpn/session_id.h | 2 openvpn-2.6.14/src/openvpn/shaper.c | 4 openvpn-2.6.14/src/openvpn/shaper.h | 2 openvpn-2.6.14/src/openvpn/sig.c | 4 openvpn-2.6.14/src/openvpn/sig.h | 2 openvpn-2.6.14/src/openvpn/socket.c | 13 openvpn-2.6.14/src/openvpn/socket.h | 2 openvpn-2.6.14/src/openvpn/socks.c | 31 openvpn-2.6.14/src/openvpn/socks.h | 4 openvpn-2.6.14/src/openvpn/ssl.c | 211 openvpn-2.6.14/src/openvpn/ssl.h | 11 openvpn-2.6.14/src/openvpn/ssl_backend.h | 2 openvpn-2.6.14/src/openvpn/ssl_common.h | 19 openvpn-2.6.14/src/openvpn/ssl_mbedtls.c | 195 openvpn-2.6.14/src/openvpn/ssl_mbedtls.h | 2 openvpn-2.6.14/src/openvpn/ssl_ncp.c | 12 openvpn-2.6.14/src/openvpn/ssl_ncp.h | 4 openvpn-2.6.14/src/openvpn/ssl_openssl.c | 76 openvpn-2.6.14/src/openvpn/ssl_openssl.h | 2 openvpn-2.6.14/src/openvpn/ssl_pkt.c | 51 openvpn-2.6.14/src/openvpn/ssl_pkt.h | 28 openvpn-2.6.14/src/openvpn/ssl_util.c | 4 openvpn-2.6.14/src/openvpn/ssl_util.h | 2 openvpn-2.6.14/src/openvpn/ssl_verify.c | 122 openvpn-2.6.14/src/openvpn/ssl_verify.h | 2 openvpn-2.6.14/src/openvpn/ssl_verify_backend.h | 24 openvpn-2.6.14/src/openvpn/ssl_verify_mbedtls.c | 69 openvpn-2.6.14/src/openvpn/ssl_verify_mbedtls.h | 2 openvpn-2.6.14/src/openvpn/ssl_verify_openssl.c | 38 openvpn-2.6.14/src/openvpn/ssl_verify_openssl.h | 2 openvpn-2.6.14/src/openvpn/status.c | 4 openvpn-2.6.14/src/openvpn/status.h | 2 openvpn-2.6.14/src/openvpn/syshead.h | 6 openvpn-2.6.14/src/openvpn/tls_crypt.c | 28 openvpn-2.6.14/src/openvpn/tls_crypt.h | 7 openvpn-2.6.14/src/openvpn/tun.c | 112 openvpn-2.6.14/src/openvpn/tun.h | 2 openvpn-2.6.14/src/openvpn/vlan.c | 4 openvpn-2.6.14/src/openvpn/vlan.h | 2 openvpn-2.6.14/src/openvpn/win32-util.c | 4 openvpn-2.6.14/src/openvpn/win32-util.h | 2 openvpn-2.6.14/src/openvpn/win32.c | 132 openvpn-2.6.14/src/openvpn/win32.h | 51 openvpn-2.6.14/src/openvpn/xkey_common.h | 2 openvpn-2.6.14/src/openvpn/xkey_helper.c | 4 openvpn-2.6.14/src/openvpn/xkey_provider.c | 4 openvpn-2.6.14/src/openvpnmsica/CMakeLists.txt | 44 openvpn-2.6.14/src/openvpnmsica/Makefile.am | 13 openvpn-2.6.14/src/openvpnmsica/Makefile.in | 64 openvpn-2.6.14/src/openvpnmsica/dllmain.c | 4 openvpn-2.6.14/src/openvpnmsica/msica_arg.c | 4 openvpn-2.6.14/src/openvpnmsica/msica_arg.h | 2 openvpn-2.6.14/src/openvpnmsica/msiex.c | 4 openvpn-2.6.14/src/openvpnmsica/msiex.h | 2 openvpn-2.6.14/src/openvpnmsica/openvpnmsica-Debug.props | 14 openvpn-2.6.14/src/openvpnmsica/openvpnmsica-Release.props | 15 openvpn-2.6.14/src/openvpnmsica/openvpnmsica.c | 4 openvpn-2.6.14/src/openvpnmsica/openvpnmsica.h | 2 openvpn-2.6.14/src/openvpnmsica/openvpnmsica.props | 17 openvpn-2.6.14/src/openvpnmsica/openvpnmsica.vcxproj | 208 openvpn-2.6.14/src/openvpnmsica/openvpnmsica_resources.rc | 4 openvpn-2.6.14/src/openvpnserv/CMakeLists.txt | 34 openvpn-2.6.14/src/openvpnserv/Makefile.am | 8 openvpn-2.6.14/src/openvpnserv/Makefile.in | 55 openvpn-2.6.14/src/openvpnserv/common.c | 2 openvpn-2.6.14/src/openvpnserv/interactive.c | 271 openvpn-2.6.14/src/openvpnserv/openvpnserv.vcxproj | 229 openvpn-2.6.14/src/openvpnserv/openvpnserv_resources.rc | 2 openvpn-2.6.14/src/openvpnserv/service.h | 4 openvpn-2.6.14/src/openvpnserv/validate.c | 2 openvpn-2.6.14/src/openvpnserv/validate.h | 2 openvpn-2.6.14/src/plugins/Makefile.am | 2 openvpn-2.6.14/src/plugins/Makefile.in | 24 openvpn-2.6.14/src/plugins/auth-pam/Makefile.in | 43 openvpn-2.6.14/src/plugins/auth-pam/auth-pam.c | 4 openvpn-2.6.14/src/plugins/auth-pam/utils.c | 2 openvpn-2.6.14/src/plugins/auth-pam/utils.h | 2 openvpn-2.6.14/src/plugins/down-root/Makefile.in | 43 openvpn-2.6.14/src/plugins/down-root/down-root.c | 2 openvpn-2.6.14/src/tapctl/CMakeLists.txt | 31 openvpn-2.6.14/src/tapctl/Makefile.am | 13 openvpn-2.6.14/src/tapctl/Makefile.in | 52 openvpn-2.6.14/src/tapctl/basic.h | 4 openvpn-2.6.14/src/tapctl/error.c | 4 openvpn-2.6.14/src/tapctl/error.h | 4 openvpn-2.6.14/src/tapctl/main.c | 138 openvpn-2.6.14/src/tapctl/tap.c | 4 openvpn-2.6.14/src/tapctl/tap.h | 2 openvpn-2.6.14/src/tapctl/tapctl.props | 18 openvpn-2.6.14/src/tapctl/tapctl.vcxproj | 205 openvpn-2.6.14/src/tapctl/tapctl_resources.rc | 4 openvpn-2.6.14/tests/Makefile.am | 20 openvpn-2.6.14/tests/Makefile.in | 367 openvpn-2.6.14/tests/ntlm_support.c | 52 openvpn-2.6.14/tests/t_client.rc-sample | 32 openvpn-2.6.14/tests/t_client.sh | 463 openvpn-2.6.14/tests/t_client.sh.in | 14 openvpn-2.6.14/tests/unit_tests/Makefile.am | 3 openvpn-2.6.14/tests/unit_tests/Makefile.in | 26 openvpn-2.6.14/tests/unit_tests/engine-key/Makefile.am | 31 openvpn-2.6.14/tests/unit_tests/engine-key/Makefile.in | 824 - openvpn-2.6.14/tests/unit_tests/engine-key/check_engine_keys.sh | 36 openvpn-2.6.14/tests/unit_tests/engine-key/libtestengine.c | 116 openvpn-2.6.14/tests/unit_tests/engine-key/openssl.cnf.in | 12 openvpn-2.6.14/tests/unit_tests/example_test/Makefile.in | 35 openvpn-2.6.14/tests/unit_tests/openvpn/Makefile.am | 4 openvpn-2.6.14/tests/unit_tests/openvpn/Makefile.in | 98 openvpn-2.6.14/tests/unit_tests/openvpn/cert_data.h | 166 openvpn-2.6.14/tests/unit_tests/openvpn/mock_msg.c | 16 openvpn-2.6.14/tests/unit_tests/openvpn/mock_win32_execve.c | 37 openvpn-2.6.14/tests/unit_tests/openvpn/test_auth_token.c | 4 openvpn-2.6.14/tests/unit_tests/openvpn/test_buffer.c | 111 openvpn-2.6.14/tests/unit_tests/openvpn/test_crypto.c | 3 openvpn-2.6.14/tests/unit_tests/openvpn/test_cryptoapi.c | 39 openvpn-2.6.14/tests/unit_tests/openvpn/test_misc.c | 4 openvpn-2.6.14/tests/unit_tests/openvpn/test_ncp.c | 4 openvpn-2.6.14/tests/unit_tests/openvpn/test_packet_id.c | 4 openvpn-2.6.14/tests/unit_tests/openvpn/test_pkt.c | 46 openvpn-2.6.14/tests/unit_tests/openvpn/test_provider.c | 4 openvpn-2.6.14/tests/unit_tests/openvpn/test_tls_crypt.c | 10 openvpn-2.6.14/tests/unit_tests/plugins/Makefile.in | 20 openvpn-2.6.14/tests/unit_tests/plugins/auth-pam/Makefile.in | 43 openvpn-2.6.14/version.m4 | 4 460 files changed, 16549 insertions(+), 14344 deletions(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpfkpjo5dx/openvpn_2.6.3-1+deb12u4.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpfkpjo5dx/openvpn_2.6.14-0+deb12u1.dsc: no acceptable signature found diff -Nru openvpn-2.6.3/.gitignore openvpn-2.6.14/.gitignore --- openvpn-2.6.3/.gitignore 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/.gitignore 2025-04-02 06:53:10.000000000 +0000 @@ -10,13 +10,8 @@ *.idb *.suo *.ncb -*.vcproj.* -*.vcxproj.user -*.sln.cache *.log -Release -Debug -Win32-Output +out .vs .deps .libs @@ -44,12 +39,8 @@ m4/ltsugar.m4 m4/ltversion.m4 m4/lt~obsolete.m4 -vcpkg_installed version.sh -msvc-env-local.bat -config-msvc-local.h -config-msvc-version.h doc/openvpn-examples.5 doc/openvpn-examples.5.html doc/openvpn.8 @@ -61,17 +52,12 @@ sample/sample-keys/sample-ca/ vendor/cmocka_build vendor/dist -build/msvc/msvc-generate/version.m4 tests/t_client.sh tests/t_client-*-20??????-??????/ t_client.rc t_client_ips.rc tests/unit_tests/**/*_testdriver -tests/unit_tests/engine-key/client.key -tests/unit_tests/engine-key/log.txt -tests/unit_tests/engine-key/openssl.cnf -tests/unit_tests/engine-key/passwd src/openvpn/openvpn include/openvpn-plugin.h diff -Nru openvpn-2.6.3/CMakeLists.txt openvpn-2.6.14/CMakeLists.txt --- openvpn-2.6.3/CMakeLists.txt 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/CMakeLists.txt 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,739 @@ +cmake_minimum_required(VERSION 3.12) +set(CMAKE_CONFIGURATION_TYPES "Release;Debug;ASAN") +project(openvpn) + +# This CMake file implements building OpenVPN with CMAKE +# +# Note that this is *NOT* the official way to build openvpn on anything +# other than Windows/mingw despite working on other platforms too. You will need +# to add -DUNSUPPORTED_BUILDS=true to build on non Windows platforms. +# +# This cmake also makes a few assertions like lzo, lz4 being used +# and OpenSSL having version 1.1.1+ and generally does not offer the same +# configurability like autoconf + +find_package(PkgConfig REQUIRED) +include(CheckSymbolExists) +include(CheckIncludeFiles) +include(CheckCCompilerFlag) +include(CheckLinkerFlag OPTIONAL) +include(CheckTypeSize) +include(CheckStructHasMember) +include(CTest) + +option(UNSUPPORTED_BUILDS "Allow unsupported builds" OFF) + +if (NOT WIN32 AND NOT ${UNSUPPORTED_BUILDS}) + message(FATAL_ERROR "Note: on Unix platform the official and supported build method is using autoconfig. CMake based build should be only used for Windows and internal testing/development.") +endif() + +if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/config.h") + message(FATAL_ERROR "The top level source directory has a config.h file. Note that you can't mix in-tree autoconfig builds with out-of-tree cmake builds.") +endif () + +option(MBED "BUILD with mbed" OFF) +option(WOLFSSL "BUILD with wolfSSL" OFF) +option(ENABLE_LZ4 "BUILD with lz4" ON) +option(ENABLE_LZO "BUILD with lzo" ON) +option(ENABLE_PKCS11 "BUILD with pkcs11-helper" ON) +option(USE_WERROR "Treat compiler warnings as errors (-Werror)" ON) + +set(PLUGIN_DIR /usr/local/lib/openvpn/plugins CACHE FILEPATH "Location of the plugin directory") + +# AddressSanitize - use CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan to build with ASAN +set(CMAKE_C_FLAGS_ASAN + "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + CACHE STRING "Flags used by the C compiler during AddressSanitizer builds." + FORCE) +set(CMAKE_CXX_FLAGS_ASAN + "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + CACHE STRING "Flags used by the C++ compiler during AddressSanitizer builds." + FORCE) + +if (MSVC) + add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS) + if (USE_WERROR) + add_compile_options(/WX) + endif () + add_compile_options( + /MP + /W2 + /sdl + /Qspectre + /guard:cf + /FC + /ZH:SHA_256 + "$<$:/GL>" + "$<$:/Oi>" + "$<$:/Gy>" + "$<$:/Zi>" + ) + add_link_options( + /Brepro + "$<$:/LTCG:incremental>" + "$<$:/DEBUG:FULL>" + "$<$:/OPT:REF>" + "$<$:/OPT:ICF>" + ) + if (${CMAKE_GENERATOR_PLATFORM} STREQUAL "x64" OR ${CMAKE_GENERATOR_PLATFORM} STREQUAL "x86") + add_link_options("$<$:/CETCOMPAT>") + endif() +else () + set(CMAKE_C_FLAGS_RELEASE "-O2") + set(CMAKE_CXX_FLAGS_RELEASE "-O2") + set(CMAKE_C_FLAGS_DEBUG "-g -O1") + set(CMAKE_CXX_FLAGS_DEBUG "-g -O1") + add_compile_options(-Wall -Wuninitialized) + check_c_compiler_flag(-Wno-stringop-truncation NoStringOpTruncation) + + if (${NoStringOpTruncation}) + add_compile_options(-Wno-stringop-truncation) + endif() + # We are not ready for this + #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare) + if (USE_WERROR) + add_compile_options(-Werror) + endif () +endif () + +find_program(PYTHON NAMES python3 python) +execute_process( + COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/contrib/cmake/parse-version.m4.py ${CMAKE_CURRENT_SOURCE_DIR}/version.m4 + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + ) +include(${CMAKE_CURRENT_BINARY_DIR}/version.cmake) + +set(OPENVPN_VERSION_MAJOR ${PRODUCT_VERSION_MAJOR}) +set(OPENVPN_VERSION_MINOR ${PRODUCT_VERSION_MINOR}) +set(OPENVPN_VERSION_PATCH ${PRODUCT_VERSION_PATCH}) +set(OPENVPN_VERSION_RESOURCE ${PRODUCT_VERSION_RESOURCE}) + +set(CMAKE_C_STANDARD 99) + +# Set the various defines for config.h.cmake.in +if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") + set(TARGET_LINUX YES) + set(ENABLE_ASYNC_PUSH YES) + set(ENABLE_LINUXDCO YES) + set(ENABLE_SITNL YES) + set(HAVE_DECL_SO_MARK YES) + set(ENABLE_FEATURE_TUN_PERSIST 1) + set(HAVE_LINUX_TYPES_H 1) + set(ENABLE_DCO YES) + set(HAVE_CMSGHDR YES) +elseif (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD") + set(TARGET_FREEBSD YES) + set(ENABLE_DCO YES) + link_libraries(-lnv) +elseif (WIN32) + set(ENABLE_DCO YES) +elseif (APPLE) + set(TARGET_DARWIN YES) + set(HAVE_NET_IF_UTUN_H YES) +endif () + +if (UNIX) + set(PATH_SEPARATOR /) + set(ENABLE_PORT_SHARE YES) + set(HAVE_SA_FAMILY_T YES) +elseif (WIN32) + set(PATH_SEPARATOR \\\\) + set(TARGET_WIN32 YES) +endif () + +check_symbol_exists(chroot unistd.h HAVE_CHROOT) +check_symbol_exists(chdir unistd.h HAVE_CHDIR) +check_symbol_exists(dup unistd.h HAVE_DUP) +check_symbol_exists(dup2 unistd.h HAVE_DUP2) +check_symbol_exists(fork unistd.h HAVE_FORK) +check_symbol_exists(execve unistd.h HAVE_EXECVE) +check_symbol_exists(ftruncate unistd.h HAVE_FTRUNCATE) +check_symbol_exists(nice unistd.h HAVE_NICE) +check_symbol_exists(setgid unistd.h HAVE_SETGID) +check_symbol_exists(setuid unistd.h HAVE_SETUID) +check_symbol_exists(setsid unistd.h HAVE_SETSID) +check_symbol_exists(getpeereid unistd.h HAVE_GETPEEREID) + +check_symbol_exists(epoll_create sys/epoll.h HAVE_EPOLL_CREATE) + +check_symbol_exists(gettimeofday sys/time.h HAVE_GETTIMEOFDAY) +check_symbol_exists(basename libgen.h HAVE_BASENAME) +check_symbol_exists(chsize io.h HAVE_CHSIZE) +check_symbol_exists(daemon "unistd.h;stdlib.h" HAVE_DAEMON) +check_symbol_exists(dirname libgen.h HAVE_DIRNAME) +check_symbol_exists(getrlimit sys/resource.h HAVE_GETRLIMIT) +check_symbol_exists(mlockall sys/mman.h HAVE_MLOCKALL) + +check_symbol_exists(sendmsg sys/socket.h HAVE_SENDMSG) +check_symbol_exists(recvmsg sys/socket.h HAVE_RECVMSG) +check_symbol_exists(cmsghdr sys/socket.h HAVE_CMSGHDR) +check_symbol_exists(openlog syslog.h HAVE_OPENLOG) +check_symbol_exists(syslog syslog.h HAVE_SYSLOG) +check_symbol_exists(getgrnam grp.h HAVE_GETGRNAM) +check_symbol_exists(getpwnam pwd.h HAVE_GETPWNAM) +check_symbol_exists(getsockname sys/socket.h HAVE_GETSOCKNAME) + +# Some OS (e.g. FreeBSD) need some basic headers to allow +# including network headers +set(NETEXTRA sys/types.h) +check_include_files("${NETEXTRA};netinet/in.h" HAVE_NETINET_IN_H) + +if (HAVE_NETINET_IN_H) + list(APPEND NETEXTRA netinet/in.h) +endif () + +check_include_files("${NETEXTRA};netinet/in6.h" HAVE_NETINET_IN_H) +check_include_files(linux/if_tun.h HAVE_LINUX_IF_TUN_H) +check_include_files(linux/sockios.h HAVE_LINUX_SOCKIOS_H) +check_include_files(dlfcn.h HAVE_DLFCN_H) +check_include_files(fcntl.h HAVE_FCNTL_H) +check_include_files(dmalloc.h HAVE_DMALLOC_H) +check_include_files(err.h HAVE_ERR_H) +check_include_files(sys/epoll.h HAVE_SYS_EPOLL_H) +check_include_files(poll.h HAVE_POLL_H) +check_include_files(sys/socket.h HAVE_SYS_SOCKET_H) +check_include_files(sys/time.h HAVE_SYS_TIME_H) +check_include_files(netdb.h HAVE_NETDB_H) +check_include_files(unistd.h HAVE_UNISTD_H) +check_include_files(sys/un.h HAVE_SYS_UN_H) +check_include_files(libgen.h HAVE_LIBGEN_H) +check_include_files(net/if.h HAVE_NET_IF_H) +check_include_files("${NETEXTRA};netinet/ip.h" HAVE_NETINET_IP_H) +check_include_files(arpa/inet.h HAVE_ARPA_INET_H) +check_include_files(net/if_utun.h HAVE_NET_UTUN_H) +check_include_files(sys/ioctl.h HAVE_SYS_IOCTL_H) +check_include_files(sys/inotify.h HAVE_SYS_INOTIFY_H) +check_include_files("${NETEXTRA};sys/uio.h" HAVE_SYS_UIO_H) +check_include_files(syslog.h HAVE_SYSLOG_H) +check_include_files(sys/wait.h HAVE_SYS_WAIT_H) +check_include_files(grp.h HAVE_GRP_H) +check_include_files(pwd.h HAVE_PWD_H) +check_include_files(sys/mman.h HAVE_SYS_MMAN_H) + + +check_include_files("${NETEXTRA};resolv.h" HAVE_RESOLV_H) +check_include_files("${NETEXTRA};net/if_tun.h" HAVE_NET_IF_TUN_H) + +set(CMAKE_EXTRA_INCLUDE_FILES netinet/ip.h) +check_type_size("struct in_pktinfo" IN_PKTINFO) +check_struct_has_member("struct in_pktinfo" ipi_spec_dst netinet/ip.h HAVE_IPI_SPEC_DST) +check_type_size("struct msghdr" MSGHDR) +set(CMAKE_EXTRA_INCLUDE_FILES) + +find_program(IFCONFIG_PATH ifconfig) +find_program(IPROUTE_PATH ip) +find_program(ROUTE_PATH route) + +if (${ENABLE_LZ4}) + pkg_search_module(liblz4 liblz4 REQUIRED IMPORTED_TARGET) +endif () + +if (${ENABLE_LZO}) + pkg_search_module(lzo2 lzo2 REQUIRED IMPORTED_TARGET) +endif () + +if (${ENABLE_PKCS11}) + pkg_search_module(pkcs11-helper libpkcs11-helper-1 REQUIRED IMPORTED_TARGET) +endif () + +function(add_library_deps target) + if (${MBED}) + target_link_libraries(${target} -lmbedtls -lmbedx509 -lmbedcrypto) + elseif (${WOLFSSL}) + pkg_search_module(wolfssl wolfssl REQUIRED) + target_link_libraries(${target} PUBLIC ${wolfssl_LINK_LIBRARIES}) + target_include_directories(${target} PRIVATE ${wolfssl_INCLUDE_DIRS}/wolfssl) + else () + set(ENABLE_X509ALTUSERNAME YES) + + find_package(OpenSSL REQUIRED) + target_link_libraries(${target} PUBLIC OpenSSL::SSL OpenSSL::Crypto) + if (WIN32) + target_link_libraries(${target} PUBLIC + ws2_32.lib crypt32.lib fwpuclnt.lib iphlpapi.lib + wininet.lib setupapi.lib rpcrt4.lib wtsapi32.lib ncrypt.lib bcrypt.lib) + endif () + + endif () + + # optional dependencies + target_link_libraries(${target} PUBLIC + $ + $ + $ + ) + + if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") + pkg_search_module(libcapng REQUIRED libcap-ng IMPORTED_TARGET) + pkg_search_module(libnl REQUIRED libnl-genl-3.0 IMPORTED_TARGET) + + target_link_libraries(${target} PUBLIC PkgConfig::libcapng PkgConfig::libnl) + endif () + +endfunction() + +if (${MBED}) + set(ENABLE_CRYPTO_MBEDTLS YES) +elseif (${WOLFSSL}) + set(ENABLE_CRYPTO_OPENSSL YES) + set(ENABLE_CRYPTO_WOLFSSL YES) + set(ENABLE_X509ALTUSERNAME YES) +else () + set(ENABLE_CRYPTO_OPENSSL YES) + set(ENABLE_X509ALTUSERNAME YES) +endif () + +include_directories(${CMAKE_CURRENT_SOURCE_DIR} src/compat include) + +add_custom_command( + OUTPUT always_rebuild config-version.h + COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/contrib/cmake/git-version.py + ) +set(HAVE_CONFIG_VERSION_H YES) + +configure_file(config.h.cmake.in config.h) +configure_file(include/openvpn-plugin.h.in openvpn-plugin.h) +# TODO we should remove the need for this, and always include config.h +add_definitions(-DHAVE_CONFIG_H) + +include_directories(${CMAKE_CURRENT_BINARY_DIR}) + +add_subdirectory(doc) +add_subdirectory(src/openvpnmsica) +add_subdirectory(src/openvpnserv) +add_subdirectory(src/tapctl) + +set(SOURCE_FILES + ${CMAKE_CURRENT_BINARY_DIR}/config.h + ${CMAKE_CURRENT_BINARY_DIR}/config-version.h + ${CMAKE_CURRENT_BINARY_DIR}/openvpn-plugin.h + + src/compat/compat-basename.c + src/compat/compat-daemon.c + src/compat/compat-dirname.c + src/compat/compat-gettimeofday.c + src/compat/compat-strsep.c + src/openvpn/argv.c + src/openvpn/argv.h + src/openvpn/base64.c + src/openvpn/base64.h + src/openvpn/basic.h + src/openvpn/block_dns.h + src/openvpn/block_dns.c + src/openvpn/buffer.c + src/openvpn/buffer.h + src/openvpn/circ_list.h + src/openvpn/clinat.c + src/openvpn/clinat.h + src/openvpn/common.h + src/openvpn/comp-lz4.c + src/openvpn/comp-lz4.h + src/openvpn/comp.c + src/openvpn/comp.h + src/openvpn/compstub.c + src/openvpn/console.c + src/openvpn/console_builtin.c + src/openvpn/console.h + src/openvpn/crypto.c + src/openvpn/crypto.h + src/openvpn/crypto_backend.h + src/openvpn/crypto_openssl.c + src/openvpn/crypto_openssl.h + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_mbedtls.h + src/openvpn/cryptoapi.c + src/openvpn/cryptoapi.h + src/openvpn/dco.c + src/openvpn/dco.h + src/openvpn/dco_win.c + src/openvpn/dco_win.h + src/openvpn/dco_linux.c + src/openvpn/dco_linux.h + src/openvpn/dco_freebsd.c + src/openvpn/dco_freebsd.h + src/openvpn/dhcp.c + src/openvpn/dhcp.h + src/openvpn/dns.c + src/openvpn/dns.h + src/openvpn/errlevel.h + src/openvpn/env_set.c + src/openvpn/env_set.h + src/openvpn/error.c + src/openvpn/error.h + src/openvpn/event.c + src/openvpn/event.h + src/openvpn/fdmisc.c + src/openvpn/fdmisc.h + src/openvpn/forward.c + src/openvpn/forward.h + src/openvpn/fragment.c + src/openvpn/fragment.h + src/openvpn/gremlin.c + src/openvpn/gremlin.h + src/openvpn/helper.c + src/openvpn/helper.h + src/openvpn/httpdigest.c + src/openvpn/httpdigest.h + src/openvpn/init.c + src/openvpn/init.h + src/openvpn/integer.h + src/openvpn/interval.c + src/openvpn/interval.h + src/openvpn/list.c + src/openvpn/list.h + src/openvpn/lladdr.c + src/openvpn/lladdr.h + src/openvpn/lzo.c + src/openvpn/lzo.h + src/openvpn/manage.c + src/openvpn/manage.h + src/openvpn/mbuf.c + src/openvpn/mbuf.h + src/openvpn/memdbg.h + src/openvpn/misc.c + src/openvpn/misc.h + src/openvpn/mroute.c + src/openvpn/mroute.h + src/openvpn/mss.c + src/openvpn/mss.h + src/openvpn/mstats.c + src/openvpn/mstats.h + src/openvpn/mtcp.c + src/openvpn/mtcp.h + src/openvpn/mtu.c + src/openvpn/mtu.h + src/openvpn/mudp.c + src/openvpn/mudp.h + src/openvpn/multi.c + src/openvpn/multi.h + src/openvpn/ntlm.c + src/openvpn/ntlm.h + src/openvpn/occ.c + src/openvpn/occ.h + src/openvpn/openvpn.c + src/openvpn/openvpn.h + src/openvpn/openvpn_win32_resources.rc + src/openvpn/options.c + src/openvpn/options.h + src/openvpn/options_util.c + src/openvpn/options_util.h + src/openvpn/otime.c + src/openvpn/otime.h + src/openvpn/ovpn_dco_win.h + src/openvpn/packet_id.c + src/openvpn/packet_id.h + src/openvpn/perf.c + src/openvpn/perf.h + src/openvpn/ping.c + src/openvpn/ping.h + src/openvpn/pkcs11.c + src/openvpn/pkcs11.h + src/openvpn/pkcs11_backend.h + src/openvpn/pkcs11_openssl.c + src/openvpn/pkcs11_mbedtls.c + src/openvpn/platform.c + src/openvpn/platform.h + src/openvpn/plugin.c + src/openvpn/plugin.h + src/openvpn/pool.c + src/openvpn/pool.h + src/openvpn/proto.c + src/openvpn/proto.h + src/openvpn/proxy.c + src/openvpn/proxy.h + src/openvpn/ps.c + src/openvpn/ps.h + src/openvpn/push.c + src/openvpn/push.h + src/openvpn/pushlist.h + src/openvpn/reflect_filter.c + src/openvpn/reflect_filter.h + src/openvpn/reliable.c + src/openvpn/reliable.h + src/openvpn/route.c + src/openvpn/route.h + src/openvpn/run_command.c + src/openvpn/run_command.h + src/openvpn/schedule.c + src/openvpn/schedule.h + src/openvpn/session_id.c + src/openvpn/session_id.h + src/openvpn/shaper.c + src/openvpn/shaper.h + src/openvpn/sig.c + src/openvpn/sig.h + src/openvpn/socket.c + src/openvpn/socket.h + src/openvpn/socks.c + src/openvpn/socks.h + src/openvpn/ssl.c + src/openvpn/ssl.h + src/openvpn/ssl_backend.h + src/openvpn/ssl_common.h + src/openvpn/ssl_openssl.c + src/openvpn/ssl_openssl.h + src/openvpn/ssl_mbedtls.c + src/openvpn/ssl_mbedtls.h + src/openvpn/ssl_verify.c + src/openvpn/ssl_verify.h + src/openvpn/ssl_verify_backend.h + src/openvpn/ssl_verify_openssl.c + src/openvpn/ssl_verify_openssl.h + src/openvpn/ssl_verify_mbedtls.c + src/openvpn/ssl_verify_mbedtls.h + src/openvpn/status.c + src/openvpn/status.h + src/openvpn/syshead.h + src/openvpn/tls_crypt.c + src/openvpn/tun.c + src/openvpn/tun.h + src/openvpn/networking_sitnl.c + src/openvpn/networking_freebsd.c + src/openvpn/auth_token.c + src/openvpn/auth_token.h + src/openvpn/ssl_ncp.c + src/openvpn/ssl_ncp.h + src/openvpn/ssl_pkt.c + src/openvpn/ssl_pkt.h + src/openvpn/ssl_util.c + src/openvpn/ssl_util.h + src/openvpn/vlan.c + src/openvpn/vlan.h + src/openvpn/win32.c + src/openvpn/win32-util.c + src/openvpn/win32.h + src/openvpn/win32-util.h + src/openvpn/xkey_helper.c + src/openvpn/xkey_provider.c + ) + +add_executable(openvpn ${SOURCE_FILES}) + +add_library_deps(openvpn) + +if (MINGW) + target_compile_options(openvpn PRIVATE + -DWIN32_LEAN_AND_MEAN + -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA + ) + target_compile_options(openvpn PRIVATE -municode -UUNICODE) + target_link_options(openvpn PRIVATE -municode) +endif() + +if (MSVC) + # we have our own manifest + target_link_options(openvpn PRIVATE /MANIFEST:NO) +endif() + +if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") + target_link_libraries(openvpn PUBLIC -ldl) +endif () + +if (NOT WIN32) + target_compile_options(openvpn PRIVATE -DPLUGIN_LIBDIR=\"${PLUGIN_DIR}\") + + find_library(resolv resolv) + # some platform like BSDs already include resolver functionality in the libc and not have an extra resolv library + if (${resolv} OR APPLE) + target_link_libraries(openvpn PUBLIC -lresolv) + endif () +endif () + + +if (BUILD_TESTING) + find_package(cmocka CONFIG) + if (TARGET cmocka::cmocka) + set(CMOCKA_LIBRARIES cmocka::cmocka) + else () + pkg_search_module(cmocka cmocka REQUIRED IMPORTED_TARGET) + set(CMOCKA_LIBRARIES PkgConfig::cmocka) + endif () + + set(unit_tests + "test_auth_token" + "test_buffer" + "test_crypto" + "test_misc" + "test_ncp" + "test_packet_id" + "test_pkt" + "test_provider" + ) + + if (WIN32) + list(APPEND unit_tests + "test_cryptoapi" + ) + endif () + + # MSVC and Apple's LLVM ld do not support --wrap + # This test requires cmake >= 3.18, so check if check_linker_flag is + # available + if (COMMAND check_linker_flag) + check_linker_flag(C -Wl,--wrap=parse_line LD_SUPPORTS_WRAP) + endif() + + if (${LD_SUPPORTS_WRAP}) + list(APPEND unit_tests + "test_argv" + "test_tls_crypt" + ) + endif () + + # These tests work on only on Linux since they depend on special Linux features + if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") + list(APPEND unit_tests + "test_networking" + ) + endif () + + foreach (test_name ${unit_tests}) + # test_networking needs special environment + if (NOT ${test_name} STREQUAL "test_networking") + add_test(${test_name} ${test_name}) + endif () + add_executable(${test_name} + tests/unit_tests/openvpn/${test_name}.c + tests/unit_tests/openvpn/mock_msg.c + tests/unit_tests/openvpn/mock_msg.h + src/openvpn/platform.c + src/openvpn/win32-util.c + src/compat/compat-gettimeofday.c + ) + + add_library_deps(${test_name}) + target_link_libraries(${test_name} PUBLIC ${CMOCKA_LIBRARIES}) + + target_include_directories(${test_name} PRIVATE src/openvpn) + + if (NOT ${test_name} STREQUAL "test_buffer") + target_sources(${test_name} PRIVATE + src/openvpn/buffer.c + ) + endif () + + endforeach() + + target_sources(test_auth_token PRIVATE + src/openvpn/base64.c + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_openssl.c + src/openvpn/crypto.c + src/openvpn/otime.c + src/openvpn/packet_id.c + ) + + target_sources(test_buffer PRIVATE + tests/unit_tests/openvpn/mock_get_random.c + ) + + target_sources(test_crypto PRIVATE + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_openssl.c + src/openvpn/crypto.c + src/openvpn/otime.c + src/openvpn/packet_id.c + src/openvpn/mtu.c + src/openvpn/mss.c + ) + + target_sources(test_misc PRIVATE + tests/unit_tests/openvpn/mock_get_random.c + src/openvpn/options_util.c + src/openvpn/ssl_util.c + ) + + target_sources(test_ncp PRIVATE + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_openssl.c + src/openvpn/crypto.c + src/openvpn/otime.c + src/openvpn/packet_id.c + src/openvpn/ssl_util.c + src/compat/compat-strsep.c + ) + + target_sources(test_packet_id PRIVATE + tests/unit_tests/openvpn/mock_get_random.c + src/openvpn/otime.c + src/openvpn/packet_id.c + src/openvpn/reliable.c + src/openvpn/session_id.c + ) + + target_sources(test_pkt PRIVATE + tests/unit_tests/openvpn/mock_win32_execve.c + src/openvpn/argv.c + src/openvpn/base64.c + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_openssl.c + src/openvpn/crypto.c + src/openvpn/env_set.c + src/openvpn/otime.c + src/openvpn/packet_id.c + src/openvpn/reliable.c + src/openvpn/run_command.c + src/openvpn/session_id.c + src/openvpn/ssl_pkt.c + src/openvpn/tls_crypt.c + ) + + target_sources(test_provider PRIVATE + tests/unit_tests/openvpn/mock_get_random.c + src/openvpn/xkey_provider.c + src/openvpn/xkey_helper.c + src/openvpn/base64.c + ) + + if (TARGET test_argv) + target_link_options(test_argv PRIVATE -Wl,--wrap=parse_line) + target_sources(test_argv PRIVATE + tests/unit_tests/openvpn/mock_get_random.c + src/openvpn/argv.c + ) + endif () + + if (TARGET test_cryptoapi) + target_sources(test_cryptoapi PRIVATE + tests/unit_tests/openvpn/mock_get_random.c + tests/unit_tests/openvpn/cert_data.h + src/openvpn/xkey_provider.c + src/openvpn/xkey_helper.c + src/openvpn/base64.c + ) + endif () + + if (TARGET test_networking) + target_link_options(test_networking PRIVATE -Wl,--wrap=parse_line) + target_compile_options(test_networking PRIVATE -UNDEBUG) + target_sources(test_networking PRIVATE + src/openvpn/networking_sitnl.c + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_openssl.c + src/openvpn/crypto.c + src/openvpn/otime.c + src/openvpn/packet_id.c + ) + endif () + + if (TARGET test_tls_crypt) + target_link_options(test_tls_crypt PRIVATE -Wl,--wrap=parse_line) + target_link_options(test_tls_crypt PRIVATE + -Wl,--wrap=buffer_read_from_file + -Wl,--wrap=buffer_write_file + -Wl,--wrap=rand_bytes) + target_sources(test_tls_crypt PRIVATE + tests/unit_tests/openvpn/mock_win32_execve.c + src/openvpn/argv.c + src/openvpn/base64.c + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_openssl.c + src/openvpn/crypto.c + src/openvpn/env_set.c + src/openvpn/otime.c + src/openvpn/packet_id.c + src/openvpn/run_command.c + ) + endif () + +endif (BUILD_TESTING) diff -Nru openvpn-2.6.3/CMakePresets.json openvpn-2.6.14/CMakePresets.json --- openvpn-2.6.3/CMakePresets.json 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/CMakePresets.json 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,228 @@ +{ + "version": 3, + "configurePresets": [ + { + "name": "base", + "hidden": true, + "cacheVariables": { + "CMAKE_TOOLCHAIN_FILE": { + "value": "$env{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake", + "type": "FILEPATH" + }, + "VCPKG_OVERLAY_TRIPLETS": { + "value": "${sourceDir}/contrib/vcpkg-triplets", + "type": "FILEPATH" + }, + "VCPKG_OVERLAY_PORTS": { + "value": "${sourceDir}/contrib/vcpkg-ports", + "type": "FILEPATH" + } + } + }, + { + "name": "base-windows", + "hidden": true, + "binaryDir": "${sourceDir}/out/build/${presetName}", + "generator": "Visual Studio 17 2022", + "cacheVariables": { + "VCPKG_MANIFEST_DIR": "${sourceDir}/contrib/vcpkg-manifests/windows", + "VCPKG_HOST_TRIPLET": "x64-windows" + }, + "vendor": { "microsoft.com/VisualStudioSettings/CMake/1.0": { "hostOS": [ "Windows" ] } } + }, + { + "name": "base-mingw", + "hidden": true, + "generator": "Ninja Multi-Config", + "cacheVariables": { + "CMAKE_SYSTEM_NAME": { + "value": "Windows", + "type": "STRING" + }, + "VCPKG_MANIFEST_DIR": "${sourceDir}/contrib/vcpkg-manifests/mingw" + } + }, + { + "name": "x64", + "hidden": true, + "architecture": { + "value": "x64", + "strategy": "set" + }, + "cacheVariables": { + "VCPKG_TARGET_TRIPLET": "x64-windows-ovpn" + } + }, + { + "name": "x64-mingw", + "hidden": true, + "binaryDir": "out/build/mingw/x64", + "cacheVariables": { + "CMAKE_C_COMPILER": { + "value": "x86_64-w64-mingw32-gcc", + "type": "STRING" + }, + "CMAKE_CXX_COMPILER": { + "value": "x86_64-w64-mingw32-g++", + "type": "STRING" + }, + "VCPKG_TARGET_TRIPLET": "x64-mingw-ovpn" + } + }, + { + "name": "arm64", + "hidden": true, + "architecture": { + "value": "arm64", + "strategy": "set" + }, + "cacheVariables": { + "VCPKG_TARGET_TRIPLET": "arm64-windows-ovpn" + } + }, + { + "name": "x86", + "hidden": true, + "architecture": { + "value": "Win32", + "strategy": "set" + }, + "cacheVariables": { + "VCPKG_TARGET_TRIPLET": "x86-windows-ovpn" + } + }, + { + "name": "i686-mingw", + "hidden": true, + "binaryDir": "out/build/mingw/x86", + "cacheVariables": { + "CMAKE_C_COMPILER": { + "value": "i686-w64-mingw32-gcc", + "type": "STRING" + }, + "CMAKE_CXX_COMPILER": { + "value": "i686-w64-mingw32-g++", + "type": "STRING" + }, + "VCPKG_TARGET_TRIPLET": "x86-mingw-ovpn" + } + }, + { + "name": "debug", + "hidden": true, + "cacheVariables": { + "CMAKE_BUILD_TYPE": "Debug" + } + }, + { + "name": "release", + "hidden": true, + "cacheVariables": { + "CMAKE_BUILD_TYPE": "Release" + } + }, + { + "name": "mingw-x64", + "inherits": [ "base", "base-mingw", "x64-mingw" ] + }, + { + "name": "mingw-x86", + "inherits": [ "base", "base-mingw", "i686-mingw" ] + }, + { + "name": "win-amd64-release", + "inherits": [ "base", "base-windows", "x64", "release" ] + }, + { + "name": "win-arm64-release", + "inherits": [ "base", "base-windows", "arm64", "release" ] + }, + { + "name": "win-x86-release", + "inherits": [ "base", "base-windows", "x86", "release" ] + }, + { + "name": "win-amd64-debug", + "inherits": [ "base", "base-windows", "x64", "debug" ] + }, + { + "name": "win-arm64-debug", + "inherits": [ "base", "base-windows", "arm64", "debug" ] + }, + { + "name": "win-x86-debug", + "inherits": [ "base", "base-windows", "x86", "debug" ] + }, + { + "name": "unix-native", + "generator": "Ninja Multi-Config", + "binaryDir": "out/build/unix" + } + ], + "buildPresets": [ + { + "name": "mingw-x64", + "configurePreset": "mingw-x64" + }, + { + "name": "mingw-x86", + "configurePreset": "mingw-x86" + }, + { + "name": "win-amd64-release", + "configurePreset": "win-amd64-release", + "configuration": "Release" + }, + { + "name": "win-arm64-release", + "configurePreset": "win-arm64-release", + "configuration": "Release" + }, + { + "name": "win-x86-release", + "configurePreset": "win-x86-release", + "configuration": "Release" + }, + { + "name": "win-amd64-debug", + "configurePreset": "win-amd64-debug", + "configuration": "Debug" + }, + { + "name": "win-arm64-debug", + "configurePreset": "win-arm64-debug", + "configuration": "Debug" + }, + { + "name": "win-x86-debug", + "configurePreset": "win-x86-debug", + "configuration": "Debug" + }, + { + "name": "unix-native", + "configurePreset": "unix-native" + } + ], + "testPresets": [ + { + "name": "win-amd64-release", + "configurePreset": "win-amd64-release" + }, + { + "name": "win-x86-release", + "configurePreset": "win-x86-release" + }, + { + "name": "win-amd64-debug", + "configurePreset": "win-amd64-debug" + }, + { + "name": "win-x86-debug", + "configurePreset": "win-x86-debug" + }, + { + "name": "unix-native", + "configurePreset": "unix-native" + } + ] +} diff -Nru openvpn-2.6.3/CONTRIBUTING.rst openvpn-2.6.14/CONTRIBUTING.rst --- openvpn-2.6.3/CONTRIBUTING.rst 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/CONTRIBUTING.rst 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,42 @@ +CONTRIBUTING TO THE OPENVPN PROJECT +=================================== + +Patches should be written against the Git "master" branch. Some patches may get +backported to a release branch. + +The preferred procedure to send patches to the "openvpn-devel" mailing list: + +- https://lists.sourceforge.net/lists/listinfo/openvpn-devel + +While we do not merge GitHub pull requests as-is, we do allow their use for code +review purposes. After the patch has been ACKed (reviewed and accepted), it must +be sent to the mailing list. This last step does not necessarily need to be done +by the patch author, although that is definitely recommended. + +When sending patches to "openvpn-devel" the subject line should be prefixed with +[PATCH]. To avoid merging issues the patches should be generated with +git-format-patch or sent using git-send-email. Try to split large patches into +small, atomic pieces to make reviews easier. + +Please make sure that the source code formatting follows the guidelines at +https://community.openvpn.net/openvpn/wiki/CodeStyle. Automated checking can be +done with uncrustify (http://uncrustify.sourceforge.net/) and the configuration +file which can be found in the git repository at dev-tools/uncrustify.conf. +There is also a git pre-commit hook script, which runs uncrustify automatically +each time you commit and lets you format your code conveniently, if needed. +To install the hook simply run: dev-tools/git-pre-commit-uncrustify.sh install + +If you want quick feedback on a patch before sending it to openvpn-devel mailing +list, you can visit the #openvpn-devel channel on irc.libera.chat. Note that +you need to be logged in to Libera to join the channel: + +- https://libera.chat/guides/registration + +More detailed contribution instructions are available here: + +- https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation + +Note that the process for contributing to other OpenVPN projects such as +openvpn-build, openvpn-gui, tap-windows6 and easy-rsa may differ from what was +described above. Please refer to the contribution instructions of each +respective project. diff -Nru openvpn-2.6.3/COPYING openvpn-2.6.14/COPYING --- openvpn-2.6.3/COPYING 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/COPYING 2025-04-02 06:53:10.000000000 +0000 @@ -1,6 +1,6 @@ OpenVPN (TM) -- An Open Source VPN daemon -Copyright (C) 2002-2023 OpenVPN Inc +Copyright (C) 2002-2024 OpenVPN Inc This distribution contains multiple components, some of which fall under different licenses. By using OpenVPN @@ -31,6 +31,48 @@ file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. +Apache2 linking exception: +--------------------------- + In addition, as a special exception, OpenVPN Inc and the + contributors give permission to link the code of this program to + libraries (the "Libraries") licensed under the Apache License + version 2.0 (this work and any linked library the "Combined Work") + and copy and distribute the Combined Work without an obligation to + license the Libraries under the GNU General Public License v2 + (GPL-2.0) as required by Section 2 of the GPL-2.0, and without an + obligation to refrain from imposing any additional restrictions in + the Apache License version 2 that are not in the GPL-2.0, as + required by Section 6 of the GPL-2.0. You must comply with the + GPL-2.0 in all other respects for the Combined Work, including + the obligation to provide source code. If you modify this file, you + may extend this exception to your version of the file, but you are + not obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + +For better understanding, in plain non-legalese English this basically says: + + * The intention for this license exception is to allow OpenVPN to be + linked against APL-2 licensed libraries, even where the GPL-2.0 and + APL-2 licenses conflict from a legal perspective. + + * OpenVPN itself will stay GPL-2.0 and the code belonging to the + OpenVPN project must comply to the GPL-2.0 license. This is NOT + dual-licensing of the OpenVPN code base. + + * This license exception DOES NOT require NOR expect a license change + of the APL-2 based library. This exception allows using the APL-2 + library as-is. However, when distributing a compiled OpenVPN binary + linking against APL-2 libraries ("Combined Work"), the REQUIREMENT is + that the APL-2 library MUST also be available on similar terms as in + GPL-2.0, like providing the source code of the library upon request, + except in the two specific ways mentioned. + + * If the APL-2 based library forbids such linking and distribution, + this license exception DOES NOT overrule the restriction of the APL-2 + based library. If the APL-2 library cannot satisfy the requirements + in this license exception, you CANNOT distribute an OpenVPN binary + linked with this library. + LZO license: ------------ diff -Nru openvpn-2.6.3/ChangeLog openvpn-2.6.14/ChangeLog --- openvpn-2.6.3/ChangeLog 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/ChangeLog 2025-04-02 06:53:10.000000000 +0000 @@ -1,5 +1,360 @@ OpenVPN ChangeLog -Copyright (C) 2002-2023 OpenVPN Inc +Copyright (C) 2002-2025 OpenVPN Inc + +2025.04.02 -- Version 2.6.14 + +Arne Schwabe (1): + Allow tls-crypt-v2 to be setup only on initial packet of a session + +Frank Lichtenheld (3): + GHA: Drop Ubuntu 20.04 and other maintenance (2.6) + crypto_backend: fix type of enc parameter + Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+ + +Qingfang Deng (1): + dco: fix source IP selection when multihome + + +2025.01.15 -- Version 2.6.13 + +Arne Schwabe (2): + Refuse clients if username or password is longer than USER_PASS_LEN + Improve peer fingerprint documentation + +Ben Boeckel (1): + console_systemd: remove the timeout when using 'systemd-ask-password' + +Frank Lichtenheld (5): + Fix missing spaces in various messages + GHA: Update macOS runners + GHA: Simplify macOS builds + Various typo fixes + forward: Fix potential unaligned access in drop_if_recursive_routing + +Gert Doering (2): + send uname() release as IV_PLAT_VER= on non-windows versions + preparing release 2.6.13 + +Gianmarco De Gregori (1): + Route: remove incorrect routes on exit + +Lev Stipakov (1): + Use a more robust way to get dco-win version + +Ralf Lici (1): + Fix check_addr_clash argument order + +Rémi Farault (1): + Add calls to nvlist_destroy to avoid leaks + +Selva Nair (3): + proxy.c: Clear sensitive data after use + Protect cached username, password and token on client + Fix more of uninitialized struct user_pass local vars + +corubba (2): + Fix IPv6 in port-share journal + Fix port-share journal doc + + +2024.07.17 -- Version 2.6.12 + +Arne Schwabe (1): + Allow trailing \r and \n in control channel message + +Frank Lichtenheld (1): + configure: Try to detect LZO with pkg-config + +Gianmarco De Gregori (1): + Http-proxy: fix bug preventing proxy credentials caching + + +2024.06.20 -- Version 2.6.11 + +5andr0 (1): + Implement server_poll_timeout for socks + +Arne Schwabe (6): + Use snprintf instead of sprintf for get_ssl_library_version + Add bracket in fingerprint message and do not warn about missing verification + Replace macos11 with macos14 in github runners + Only run coverity scan in OpenVPN/OpenVPN repository + Workaround issue in LibreSSL crashing when enumerating digests/ciphers + Properly handle null bytes and invalid characters in control messages + +Franco Fichtner (1): + Allow to set ifmode for existing DCO interfaces in FreeBSD + +Frank Lichtenheld (6): + samples: Update sample configurations + documentation: make section levels consistent + phase2_tcp_server: fix Coverity issue 'Dereference after null check' + script-options.rst: Update ifconfig_* variables + LZO: do not use lzoutils.h macros + Remove "experimental" denotation for --fast-io + +Heiko Wundram (1): + Implement Windows CA template match for Crypto-API selector + +Lev Stipakov (2): + misc.c: remove unused code + interactive.c: Improve access control for gui<->service pipe + +Reynir Björnsson (1): + Only schedule_exit() once + + +2024.03.20 -- Version 2.6.10 + +Christoph Schug (1): + Update documentation references in systemd unit files + +Frank Lichtenheld (6): + Fix typo --data-cipher-fallback + samples: Remove tls-*.conf + check_compression_settings_valid: Do not test for LZ4 in LZO check + t_client.sh: Allow to skip tests + Update Copyright statements to 2024 + GHA: general update March 2024 + +Lev Stipakov (4): + win32: Enforce loading of plugins from a trusted directory + interactive.c: disable remote access to the service pipe + interactive.c: Fix potential stack overflow issue + Disable DCO if proxy is set via management + +Martin Rys (1): + openvpn-[client|server].service: Remove syslog.target + +Max Fillinger (1): + Remove license warning from README.mbedtls + +Selva Nair (1): + Document that auth-user-pass may be inlined + +wellweek (1): + remove repetitive words in documentation and comments + + +2024.02.11 -- Version 2.6.9 + +Arne Schwabe (15): + Remove unused function prototype crypto_adjust_frame_parameters + Log SSL alerts more prominently + Document tls-exit option mainly as test option + Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway + Fix check_session_buf_not_used using wrong index + Add missing check for nl_socket_alloc failure + Add check for nice in cmake config + Remove compat versionhelpers.h and remove cmake/configure check for it + Extend the error message when TLS 1.0 PRF fails + Fix unaligned access in macOS, FreeBSD, Solaris hwaddr + Check PRF availability on initialisation and add --force-tls-key-material-export + Make it more explicit and visible when pkg-config is not found + Clarify that the tls-crypt-v2-verify has a very limited env set + Implement the --tls-export-cert feature + Remove conditional text for Apache2 linking exception + +David Sommerseth (2): + Remove --tls-export-cert + Remove superfluous x509_write_pem() + +Frank Lichtenheld (14): + sample-keys: renew for the next 10 years + GHA: clean up libressl builds with newer libressl + configure.ac: Remove unused AC_TYPE_SIGNAL macro + documentation: remove reference to removed option --show-proxy-settings + unit_tests: remove includes for mock_msg.h + documentation: improve documentation of --x509-track + NTLM: add length check to add_security_buffer + NTLM: increase size of phase 2 response we can handle + proxy-options.rst: Add proper documentation for --http-proxy-user-pass + buf_string_match_head_str: Fix Coverity issue 'Unsigned compared against 0' + --http-proxy-user-pass: allow to specify in either order with --http-proxy + README.cmake.md: Document minimum required CMake version for --preset + documentation: Update and fix documentation for --push-peer-info + documentation: Fixes for previous fixes to --push-peer-info + +Gert Doering (4): + OpenBSD: repair --show-gateway + get_default_gateway() HWADDR overhaul + fix uncrustify complaints about previous patch + preparing release 2.6.9 + +Kristof Provost (1): + dco-freebsd: dynamically re-allocate buffer if it's too small + +Lev Stipakov (1): + tun.c: don't attempt to delete DNS and WINS servers if they're not set + +Marc Becker (1): + vcpkg-ports/pkcs11-helper: bump to version 1.30 + +Max Fillinger (4): + Add support for mbedtls 3.X.Y + Update README.mbedtls + Disable TLS 1.3 support with mbed TLS + Enable key export with mbed TLS 3.x.y + +Reynir Bjoernsson (1): + protocol_dump: tls-crypt support + +Steffan Karger (1): + Fix IPv6 route add/delete message log level + +yatta (1): + fix(ssl): init peer_id when init tls_multi + + +2023.11.17 -- Version 2.6.8 + +Aquila Macedo (1): + doc: Correct typos in multiple documentation files + +Arne Schwabe (1): + Do not check key_state buffers that are in S_UNDEF state + +Frank Lichtenheld (1): + platform.c: Do not depend Windows build on HAVE_CHDIR + +Lev Stipakov (3): + config.h: fix incorrect defines for _wopen() + Make --dns options apply for tap-windows6 driver + Warn if pushed options require DHCP + + +2023.11.08 -- Version 2.6.7 + +Antonio Quartulli (1): + dco: fix crash when --multihome is used with --proto tcp + +Arne Schwabe (8): + Mock openvpn_exece on win32 also for test_tls_crypt + Add warning for the --show-groups command that some groups are missing + Print peer temporary key details + Add warning if a p2p NCP client connects to a p2mp server + Remove openssl engine method for loading the key + Remove saving initial frame code + Double check that we do not use a freed buffer when freeing a session + Fix using to_link buffer after freed + +Frank Lichtenheld (7): + GHA: do not trigger builds in openvpn-build anymore + GHA: new workflow to submit scan to Coverity Scan service + buffer: use memcpy in buf_catrunc + vcpkg-ports/pkcs11-helper: Backport MinGW series from master to release/2.6 + CMake: backport CMake buildsystem from master to release/2.6 + Remove all traces of the previous MSVC build system + doc: fix argument name in --route-delay documentation + +Heiko Hund (1): + dns option: remove support for exclude-domains + +Lev Stipakov (3): + Warn user if INFO control command is too long + dco-win: get driver version + dco: warn if DATA_V1 packets are sent to userspace + +Selva Nair (2): + Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant + Log OpenSSL errors on failure to set certificate + +orbea (1): + configure: disable engines if OPENSSL_NO_ENGINE is defined + + +2023.08.14 -- Version 2.6.6 + +Antonio Quartulli (1): + configure.ac: fix typ0 in LIBCAPNG_CFALGS + +Arne Schwabe (8): + Avoid unused function warning/error on FreeBSD (and potientially others) + fix warning with gcc 12.2.0 (compiler bug?) + Fix CR_RESPONSE mangaement message using wrong key_id + Print a more user-friendly error when tls-crypt-v2 client auth fails + Ignore Ipv6 route delete request on Android and set ipv4 verbosity to 7 + Revert commit 423ced962d + Implement using --peer-fingerprint without CA certificates + show extra info for OpenSSL errors + +David Sommerseth (1): + ntlm: Clarify details on NTLM phase 3 decoding + +Frank Lichtenheld (8): + dist: add more missing files only used in the MSVC build + dist: Include all documentation in distribution + unit_tests: Add missing cert_data.h to source list for unit tests + test_tls_crypt: Improve mock() usage to be more portable + Remove old Travis CI related files + options: Do not hide variables from parent scope + pkcs11_openssl: Disable unused code + route: Fix overriding return value of add_route3 + +George Pchelkin (1): + fix typo: dhcp-options to dhcp-option in vpn-network-options.rst + +Gert Doering (1): + Make received OCC exit messages more visible in log. + +Heiko Hund (1): + work around false positive warning with mingw 12 + +Lev Stipakov (3): + tun.c: enclose DNS domain in single quotes in WMIC call + manage.c: document missing KID parameter + Set WINS servers via interactice service + +Sergey Korolev (1): + dco-linux: fix counter print format + + +2023.06.13 -- Version 2.6.5 + +Arne Schwabe (1): + Fix use-after-free with EVP_CIPHER_free + +Frank Lichtenheld (6): + dco_linux: properly close dco version file + DCO: fix memory leak in dco_get_peer_stats_multi for Linux + Fix two unused assignments + sample-plugins: Fix memleak in client-connect example plugin + options: remove --key-method from usage message + msvc-generate: include version.m4.in in tarball + +Ilya Shipitsin (1): + src/openvpn/dco_freebsd.c: handle malloc failure + +Lev Stipakov (2): + dco-win: support for --dev-node + tapctl: generate driver-specific adapter names + +Selva Nair (2): + Correctly handle Unicode names for exit event + Interactive service: do not force a target desktop for openvpn.exe + + +2023.05.11 -- Version 2.6.4 + +Arne Schwabe (3): + Remove unused variable line + Add Apache2 linking with for new commits + Fix compile error on TARGET_ANDROID + +Frank Lichtenheld (2): + man page: Remove cruft from --topology documentation + tests: do not include t_client.sh in dist + +Kristof Provost (1): + DCO: support key rotation notifications + +Michael Nix (1): + fix typo in help text: --ignore-unknown-option + +Selva Nair (2): + Format Windows error message in Unicode + Bugfix: dangling pointer passed to pkcs11-helper + 2023.04.13 -- Version 2.6.3 diff -Nru openvpn-2.6.3/Changes.rst openvpn-2.6.14/Changes.rst --- openvpn-2.6.3/Changes.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/Changes.rst 2025-04-02 06:53:10.000000000 +0000 @@ -1,3 +1,593 @@ +Overview of changes in 2.6.14 +============================= +Security fixes +-------------- +- CVE-2025-2704 fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 + + Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using + --tls-crypt-v2 can be made to abort with an ASSERT() message by + sending a particular combination of authenticated and malformed packets. + + To trigger the bug, a valid tls-crypt-v2 client key is needed, or + network observation of a handshake with a valid tls-crypt-v2 client key + + No crypto integrity is violated, no data is leaked, and no remote + code execution is possible. + + This bug does not affect OpenVPN clients. + + (Bug found by internal QA at OpenVPN Inc) + + +Code maintenance +---------------- +- fix compatibility with mbedTLS 2.28.10+ and 3.6.3+: security "hardening" + on the mbedTLS side (adding verification of the server certificate + *hostname* inside mbedTLS) broke OpenVPN, as OpenVPN does not use + hostname-based verification. Disable mbedTLS "feature". + +- fix compilation warnings for mbedTLS builds related to "enc" + enum/integer mismatch. + +- Github Action builds: drop Ubuntu 20.04 builds, upgrade various packages + +Bug fixes +--------- +- Linux DCO: repair source IP selection for --multihome (Qingfang Deng) + +Overview of changes in 2.6.13 +============================= +New features +------------ +- on non-windows clients (MacOS, Linux, Unix) send "release" string from + uname() call as IV_PLAT_VER= to server - while highly OS specific this + is still helpful to keep track of OS versions used on the client side + (GH #637) + +- Windows: protect cached username, password and token in client memory + (using the CryptProtectMemory() windows API + +- Windows: use new API to get dco-win driver version from driver + (newly introduced non-exclusive control device) (GH: ovpn-dco-win #76) + +- Linux: pass --timeout=0 argument to systemd-ask-password, to avoid + default timeout of 90 seconds ("console prompting also has no timeout") + (GH #649) + + +Bug fixes +--------- +- fix potentially unaligned access in drop_if_recursive_routing on + Linux (ASAN) + +- correct documentation for port-share journal + +- fix logging of IPv6 addresses in port-share journal + +- fix various typos in messages, documentation, comments and examples + (GH #442, GH #644) + +- FreeBSD DCO: fix memory leaks in nvlist handling (GH #636) + +- route handling: correctly handle case of "route installation fails" + in the face of an already-existing route - previously, OpenVPN would + remove the "other" route on exit, incorrectly changing system state. + +- fix generation of warning messages for overlapping --local/--remote + and --ifconfig addresses + +- purge proxy authentication credentials from memory after use + (if --auth-nocache is in use) + +- fix missing space in various (long and wrapped) msg() calls + + +Code maintenance +---------------- +- improve documentation/examples for feature + +- simplify Github Action macOS build setup + +- update Github Action macOS runners (remove macOS 12, add macOS 15) + +- fix a number of uninitialized "struct user_pass" local variables + (no impact beyond "compiler warning", but future-proofing the code) + + +Security fixes +-------------- +- improve server-side handling of clients sending usernames or passwords + longer than USER_PASS_LEN - this would not result in a crash, buffer + overflow or other security issues, but the server would then misparse + incoming IV_* variables and produce misleading error messages. + + +Overview of changes in 2.6.12 +============================= +Bug fixes +--------- +- the fix for CVE-2024-5594 (refuse control channel messages with + nonprintable characters) was too strict, breaking user configurations + with AUTH_FAIL messages having trailing CR/NL characters. This often + happens if the AUTH_FAIL reason is set by a script. Strip those before + testing the command buffer (Github: #568). Also, add unit test. + +- Http-proxy: fix bug preventing proxy credentials caching (Trac: #1187) + +Code maintenance +---------------- +- try to detect LZO installation with pkg-config (= on many systems + manually setting LZO_CFLAGS/LZO_LIBS should no longer be necessary) + +Overview of changes in 2.6.11 +============================= +Security fixes +-------------- +- CVE-2024-4877: Windows: harden interactive service pipe. + Security scope: a malicious process with "some" elevated privileges + (SeImpersonatePrivilege) could open the pipe a second time, tricking + openvn GUI into providing user credentials (tokens), getting full + access to the account openvpn-gui.exe runs as. + (Zeze with TeamT5) + +- CVE-2024-5594: control channel: refuse control channel messages with + nonprintable characters in them. Security scope: a malicious openvpn + peer can send garbage to openvpn log, or cause high CPU load. + (Reynir Björnsson) + +- CVE-2024-28882: only call schedule_exit() once (on a given peer). + Security scope: an authenticated client can make the server "keep the + session" even when the server has been told to disconnect this client + (Reynir Björnsson) + +New features +------------ +- Windows Crypto-API: Implement Windows CA template match for searching + certificates in windows crypto store. + +- support pre-created DCO interface on FreeBSD (OpenVPN would fail to + set ifmode p2p/subnet otherwise) + +Bugfixes +-------- +- fix connect timeout when using SOCKS proxies (trac #328, github #267) + +- work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers + (LibreSSL bug, already fixed upstream, but not backported to OpenBSD 7.5, + see also https://github.com/libressl/openbsd/issues/150) + +- Add bracket in fingerprint message and do not warn about missing + verification (github #516) + +Documentation +------------- +- remove "experimental" denotation for --fast-io + +- correctly document ifconfig_* variables passed to scripts (script-options.rst) + +- documentation: make section levels consistent + +- samples: Update sample configurations + remove compression & old cipher settings, add more informative comments + +Code maintenance +---------------- +- remove usage of header & macro, discouraged by upstream + +- only run coverity scans in OpenVPN/OpenVPN repository (= do not spam + owners of cloned repos with "cannot run this" messages) + +- replace macOS 11 github runners with macOS 14 + +- remove some unused code in misc.c (leftover from commit 3a4fb1) + +- phase2_tcp_server: fix Coverity issue 'Dereference after null check' + - the code itself was correct, just doing needless checks + +- Use snprintf instead of sprintf for get_ssl_library_version + - the code itself was correct, but macOS clang dislikes sprintf() + + +Overview of changes in 2.6.10 +============================= +Security fixes +-------------- +- CVE-2024-27459: Windows: fix a possible stack overflow in the + interactive service component which might lead to a local privilege + escalation. + Reported-by: Vladimir Tokarev + +- CVE-2024-24974: Windows: disallow access to the interactive service + pipe from remote computers. + Reported-by: Vladimir Tokarev + +- CVE-2024-27903: Windows: disallow loading of plugins from untrusted + installation paths, which could be used to attack openvpn.exe via + a malicious plugin. Plugins can now only be loaded from the OpenVPN + install directory, the Windows system directory, and possibly from + a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir. + Reported-by: Vladimir Tokarev + +Bug fixes +--------- +- Windows: if the win-dco driver is used (default) and the GUI requests + use of a proxy server, the connection would fail. Disable DCO in + this case. (Github: #522) + +- Compression: minor bugfix in checking option consistency vs. compiled-in + algorithm support + +- systemd unit files: remove obsolete syslog.target + +User visible changes +-------------------- +- Update copyright notices to 2024 + +New features +------------ +- t_client.sh can now run pre-tests and skip a test block if needed + (e.g. skip NTLM proxy tests if SSL library does not support MD4) + +Documentation +------------- +- remove license warnings about mbedTLS linking (README.mbedtls) + +- update documentation references in systemd unit files + +- sample config files: remove obsolete tls-*.conf files + +- document that auth-user-pass may be inlined + + +Overview of changes in 2.6.9 +============================ + +Security fixes +-------------- +- Windows Installer: fix CVE 2023-7235 where installing to a non-default + directory could lead to a local privilege escalation. + Reported by Will Dormann . + +New features +------------ +- add support for building with mbedTLS 3.x.x + +- new option "--force-tls-key-material-export" to only accept clients + that can do TLS keying material export to generate session keys + (mostly an internal option to better deal with TLS 1.0 PRF failures). + +- Windows: bump vcpkg-ports/pkcs11-helper to 1.30 + +- Log incoming SSL alerts in easier to understand form and move logging + from "--verb 8" to "--verb 3". + +- protocol_dump(): add support for printing "--tls-crypt" packets + + +User visible changes +-------------------- +- license change is now complete, and all code has been re-licensed + under the new license (still GPLv2, but with new linking exception + for Apache2 licensed code). See COPYING for details. + + Code that could not be re-licensed has been removed or rewritten. + +- the original code for the "--tls-export-cert" feature has been removed + (due to the re-licensing effort) and rewritten without looking at the + original code. Feature-compatibility has been tested by other developers, + looking at both old and new code and documentation, so there *should* + not be a user-visible change here. + +- IPv6 route addition/deletion are now logged on the same level (3) as + for IPv4. Previously IPv6 was always logged at "--verb 1". + +- better handling of TLS 1.0 PRF failures in the underlying SSL library + (e.g. on some FIPS builds) - this is now reported on startup, and + clients before 2.6.0 that can not use TLS EKM to generate key material + are rejected by the server. Also, error messages are improved to see + what exactly failed. + +- packaged sample-keys renewed (old keys due to expire in October 2024) + + +Bug fixes / Code cleanup +------------------------ +- Windows GUI: always update tray icon on state change (Github: #669) + (for persistent connection profiles, "connecting" state would not show) + +- FreeBSD: for servers with multiple clients, reporting of peer traffic + statistics would fail due to insufficient buffer space (Github: #487) + +- make interaction between "--http-proxy-user-pass" and "--http-proxy" + more consistent + +- doc: improve documentation on "--http-proxy-user-pass" + +- doc: improve documentation for IV_ variables and IV_PROTO bits + +- doc: improve documentation on CMake requirements + +- fix various coverity-reported complains (signed/unsigned comparison etc), + none of them actual bugs + +- NTLMv2: increase phase 2 buffers so things actually work + +- NTLM: add extra buffer size verification checks + +- doc: improve documentation on "--tls-crypt-v2-verify" + +- autoconf on Linux: improve error reporting for missing libraries - in + case the problem came due to missing "pkg-config" the previous error + was misleading. Now clearly report that Linux builds require "pkg-config" + and abort if not found. + +- MacOS X: fix "undefined behaviour" found by UBSAN in get_default_gateway() + (IV_HWADDR), using getifaddrs(3) instead of old and convoluted + SIOCGIFCONF API. + +- OpenSolaris: correctly implement get_default_gateway() (IV_HWADDR), using + SIOCGIFHWADDR instead of SIOCGIFCONF API. + +- OpenBSD: work around route socket issue in get_default_gateway() + ("--show-gateway") where RA_IFP must not be set on the query message, + otherwise kernel will return EINVAL. + +- doc: improve documentation of --x509-track + +- bugfix: in UDP mode when exceeding "--max-clients", OpenVPN would + incorrectly close the connection to "peer-id 0". Fix by correctly + initializing peer_id with MAX_PEER_ID. + +- Windows: do not attempt to delete DNS or WINS servers if they are not set + +- configure: get rid of AC_TYPE_SIGNAL macro (unused) + +- Linux DCO: add missing check for nl_socket_alloc() failure + +- bugfix: check_session_buf_not_used() was not working as planned + +- remove dead test code for TEST_GET_DEFAULT_GATEWAY (use "--show-gateway") + +- doc: better document "--tls-exit" option + +- Github Actions: clean up LibreSSL builds + + + +Overview of changes in 2.6.8 +============================ + +Bug fixes / Code cleanup +------------------------ +- SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF state + (Github #449) - the new sanity check function introduced in 2.6.7 + sometimes tried to use a NULL pointer after an unsuccessful TLS handshake + +- Windows: --dns option did not work when tap-windows6 driver was used, + because internal flag for "apply DNS option to DHCP server" wasn't set + (Github #447) + +- Windows: fix status/log file permissions, caused by regression after + changing to CMake build system (Github: #454, Trac: #1430) + +- Windows: fix --chdir failures, also caused by error in CMake build system + (Github #448) + +- doc: fix typos in documentation + +User visible changes +-------------------- +- Windows: print warning if pushed options require DHCP (e.g. DOMAIN-SEARCH) + and driver in use does not use DHCP (wintun, dco). + + +Overview of changes in 2.6.7 +============================ + +Bug fixes / Code cleanup +------------------------ +- CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use + a send buffer after it has been free()d in some circumstances, causing + some free()d memory to be sent to the peer. All configurations using TLS + (e.g. not using --secret) are affected by this issue. + (found while tracking down CVE-2023-46849 / Github #400, #417) + +- CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly + restore "--fragment" configuration in some circumstances, leading to + a division by zero when "--fragment" is used. On platforms where + division by zero is fatal, this will cause an OpenVPN crash. + + Reported by Niccolo Belli and WIPocket + (Github #400, #417). + +- cleanup bits and pieces of documentation + +- cleanup code to remove strlen() related warnings in buf_catrunc() + +- DCO on Linux: fix NULL-pointer crash if "--multihome" is used together + with "--proto tcp" + +- work around build fails caused by LibreSSL not longer having engine support + + +User visible changes +-------------------- +- DCO: warn if DATA_V1 packets are sent by the other side - this a hard + incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4 server, + and the only fix is to use "--disable-dco". + +- Remove OpenSSL Engine method for loading a key. This had to be removed + because the original author did not agree to relicensing the code with + the new linking exception added. This was a somewhat obsolete feature + anyway as it only worked with OpenSSL 1.x, which is end-of-support. + +- add warning if p2p NCP client connects to a p2mp server - this is a + combination that used to work without cipher negotiation (pre 2.6 on + both ends), but would fail in non-obvious ways with 2.6 to 2.6. + +- add warning to "--show-groups" that not all supported groups are listed + (this is due the internal enumeration in OpenSSL being a bit weird, + omitting X448 and X25519 curves). + +- "--dns": remove support for "exclude-domains" argument + (this was a new 2.6 option, with no backend support implemented yet + on any platform, and it turns out that no platform supported it at all - + so remove option again) + +- warn user if INFO control message too long, do not forward to management + client (safeguard against protocol-violating server implementations) + + +New features +------------ +- DCO-WIN: get and log driver version (for easier debugging). + +- print "peer temporary key details" in TLS handshake + +- log OpenSSL errors on failure to set certificate, for example if the + algorithms used are in acceptable to OpenSSL (misleading message would + be printed in cryptoapi / pkcs#11 scenarios) + +- add CMake build system for MinGW and MSVC builds + +- remove old MSVC build system + +- improve cmocka unit test building for Windows + + +Overview of changes in 2.6.6 +============================ + +User visible changes +-------------------- +- OCC exit messages are now logged more visibly + (Github #391) + +- OpenSSL error messages are now logged with more details (for example, + when loading a provider fails, which .so was tried, and why did it fail) + (Github #361) + +- print a more user-friendly message when tls-crypt-v2 client auth fails + +- packaging now includes all documentation in the tarball + + +New features +------------ +- set WINS server via interactive service - this adds support for + "dhcp-option WINS 192.0.2.1" for DCO + wintun interfaces where no + DHCP server is used (Github #373). + +Bug fixes / Code cleanup +------------------------ +- route.c was sometimes ignoring return values of add_route3() + (found by coverity) + +- ntlm: clarify use of buffer in case of truncated NTLM challenge, + no actual code change (reported by Trial of Bits, TOB-OVPN-14) + +- pkcs11_openssl.c: disable unused code (found by coverity) + +- options.c: do not hide variable from parent scope (found by coverity) + +- configure: fix typo in LIBCAPNG_CFALGS (Github #371) + +- ignore IPv6 route deletion request on Android, reduce IPv4 route-related + message verbosity on Android + +- manage.c: document missing KID parameter of "client-pending-auth" + (new addition in da083c3b (2.6.2)) in manage interface help text + +- vpn-network-options.rst: fix typo of "dhcp-option" (Github #313) + +- tun.c/windows: quote WMIC call to set DHCP/DNS domain with hyphen + (Github #363) + +- fix CR_RESPONSE management message using wrong key_id + +- work around false positive compiler warnings with MinGW 12 + +- work around false positive compiler warnings with GCC 12.2.0 + +- fix more compiler warnings on FreeBSD + +- test_tls_crypt: improve cmocka testing portability + +- dco-linux: fix counter print format (signed/unsigned) + +- packaging: include everything that is needed for a MSVC build in tarballs + (Github #344) + + +Overview of changes in 2.6.5 +============================ + +User visible changes +-------------------- +- tapctl (windows): generate driver-specific names (if using tapctl to + create additional tap/wintun/dco devices, and not using --name) + (Github #337) + +- interactive service (windows): do not force target desktop for + openvpn.exe - this has no impact for normal use, but enables running + of OpenVPN in a scripted way when no user is logged on (for example, + via task scheduler) (Github OpenVPN/openvpn-gui#626) + +Bug fixes +--------- +- fix use-after-free with EVP_CIPHER_free + +- fix building with MSVC from release tarball (missing version.m4.in) + +- dco-win: repair use of --dev-node to select specific DCO drivers + (Github #336) + +- fix missing malloc() return check in dco_freebsd.c + +- windows: correctly handle unicode names for "exit event" + +- fix memleak in client-connect example plugin + +- fix fortify build problem in keying-material-exporter-demo plugin + +- fix memleak in dco_linux.c/dco_get_peer_stats_multi() - this will + leak a small amount of memory every 15s on DCO enabled servers, + leading to noticeable memory waste for long-running processes. + +- dco_linux.c: properly close dco version file (fd leak) + + +Overview of changes in 2.6.4 +============================ + +User visible changes +-------------------- +- License amendment: all NEW commits fall under a modified license that + explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) - + see COPYING for details. Existing code will fall under the new license + as soon as all contributors have agreed to the change - work ongoing. + +New features +------------ +- DCO: support kernel-triggered key rotation (avoid IV reuse after 2^32 + packets). This is the userland side, accepting a message from kernel, + and initiating a TLS renegotiation. As of release, only implemented in + FreeBSD kernel. + +Bug fixes +--------- +- fix pkcs#11 usage with OpenSSL 3.x and PSS signing (Github #323) + +- fix compile error on TARGET_ANDROID + +- fix typo in help text + +- manpage updates (--topology) + +- encoding of non-ASCII windows error messages in log + management fixed + (use UTF8 "as for everything else", not ANSI codepages) (Github #319) + + Overview of changes in 2.6.3 ============================ @@ -21,7 +611,7 @@ - Windows DCO driver: use correct crypto library so it loads on x86, see GH OpenVPN/ovpn-dco-win#43 - + Overview of changes in 2.6.2 @@ -292,7 +882,7 @@ DCO/Linux robustness fixes. DCO/Linux TCP crashbug (recvfrom(-1) endless loop) worked around - root - cause has not been found, but the condition is detected and the + cause has not been found, but the condition is detected and the offending client is removed, instead of crashing the server. Rename internal TLS state TM_UNTRUSTED to TM_INITIAL, always start new @@ -1104,7 +1694,7 @@ Asynchronous push reply Plug-ins providing support for deferred authentication can benefit from a more responsive authentication where the server sends PUSH_REPLY immediately once - the authentication result is ready, instead of waiting for the the client to + the authentication result is ready, instead of waiting for the client to to send PUSH_REQUEST once more. This requires OpenVPN to be built with ``./configure --enable-async-push``. This is a compile-time only switch. diff -Nru openvpn-2.6.3/Makefile.am openvpn-2.6.14/Makefile.am --- openvpn-2.6.3/Makefile.am 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/Makefile.am 2025-04-02 06:53:10.000000000 +0000 @@ -5,8 +5,8 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2023 OpenVPN Inc -# Copyright (C) 2010-2023 David Sommerseth +# Copyright (C) 2002-2024 OpenVPN Inc +# Copyright (C) 2010-2024 David Sommerseth # Copyright (C) 2006-2012 Alon Bar-Lev # # This program is free software; you can redistribute it and/or modify @@ -41,7 +41,10 @@ EXTRA_DIST = \ contrib \ - debug + debug \ + CMakeLists.txt \ + CMakePresets.json \ + config.h.cmake.in .PHONY: config-version.h doxygen @@ -62,13 +65,13 @@ dist_noinst_DATA = \ .gitignore \ .gitattributes \ + CONTRIBUTING.rst \ PORTS \ - README.mbedtls \ - openvpn.sln - -dist_noinst_HEADERS = \ - config-msvc.h \ - config-msvc-version.h.in + README.cmake.md \ + README.dco.md \ + README.ec \ + README.wolfssl \ + README.mbedtls if WIN32 rootdir=$(prefix) diff -Nru openvpn-2.6.3/Makefile.in openvpn-2.6.14/Makefile.in --- openvpn-2.6.3/Makefile.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/Makefile.in 2025-04-02 06:53:10.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,8 +21,8 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2023 OpenVPN Inc -# Copyright (C) 2010-2023 David Sommerseth +# Copyright (C) 2002-2024 OpenVPN Inc +# Copyright (C) 2010-2024 David Sommerseth # Copyright (C) 2006-2012 Alon Bar-Lev # # This program is free software; you can redistribute it and/or modify @@ -39,7 +39,6 @@ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # - VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -96,6 +95,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -126,7 +127,7 @@ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ $(am__configure_deps) $(dist_doc_DATA) $(dist_noinst_DATA) \ - $(dist_noinst_HEADERS) $(am__DIST_COMMON) + $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d @@ -182,14 +183,12 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(docdir)" "$(DESTDIR)$(rootdir)" DATA = $(dist_doc_DATA) $(dist_noinst_DATA) $(root_DATA) -HEADERS = $(dist_noinst_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ @@ -219,15 +218,15 @@ DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ $(srcdir)/version.sh.in AUTHORS COPYING ChangeLog INSTALL NEWS \ - README compile config.guess config.sub install-sh ltmain.sh \ - missing + README compile config.guess config.sub depcomp install-sh \ + ltmain.sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ - find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -rf "$(distdir)" \ + find "$(distdir)" -type d ! -perm -700 -exec chmod u+rwx {} ';' \ + ; rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) @@ -257,14 +256,16 @@ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz -GZIP_ENV = --best +GZIP_ENV = -9 DIST_TARGETS = dist-gzip # Exists only to be overridden by the user if desired. AM_DISTCHECK_DVI_TARGET = dvi distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' -distcleancheck_listfiles = find . -type f -print +distcleancheck_listfiles = \ + find . \( -type f -a \! \ + \( -name .nfs* -o -name .smb* -o -name .__afs* \) \) -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ @@ -298,6 +299,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GIT = @GIT@ GREP = @GREP@ IFCONFIG = @IFCONFIG@ @@ -408,8 +410,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -474,7 +478,10 @@ EXTRA_DIST = \ contrib \ - debug + debug \ + CMakeLists.txt \ + CMakePresets.json \ + config.h.cmake.in @GIT_CHECKOUT_TRUE@BUILT_SOURCES = \ @GIT_CHECKOUT_TRUE@ config-version.h @@ -490,13 +497,13 @@ dist_noinst_DATA = \ .gitignore \ .gitattributes \ + CONTRIBUTING.rst \ PORTS \ - README.mbedtls \ - openvpn.sln - -dist_noinst_HEADERS = \ - config-msvc.h \ - config-msvc-version.h.in + README.cmake.md \ + README.dco.md \ + README.ec \ + README.wolfssl \ + README.mbedtls @WIN32_TRUE@rootdir = $(prefix) @WIN32_TRUE@root_DATA = version.sh @@ -543,12 +550,12 @@ @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status - @rm -f stamp-h1 - cd $(top_builddir) && $(SHELL) ./config.status config.h + $(AM_V_at)rm -f stamp-h1 + $(AM_V_GEN)cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: $(am__configure_deps) - ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) - rm -f stamp-h1 - touch $@ + $(AM_V_GEN)($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + $(AM_V_at)rm -f stamp-h1 + $(AM_V_at)touch $@ distclean-hdr: -rm -f config.h stamp-h1 @@ -716,7 +723,7 @@ distdir-am: $(DISTFILES) $(am__remove_distdir) - test -d "$(distdir)" || mkdir "$(distdir)" + $(AM_V_at)$(MKDIR_P) "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -827,7 +834,7 @@ distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -837,7 +844,7 @@ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ *.tar.zst*) \ @@ -911,7 +918,7 @@ check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-recursive -all-am: Makefile $(DATA) $(HEADERS) config.h +all-am: Makefile $(DATA) config.h installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(docdir)" "$(DESTDIR)$(rootdir)"; do \ @@ -941,17 +948,17 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + -$(am__rm_f) $(CLEANFILES) distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) + -$(am__rm_f) $(BUILT_SOURCES) + -$(am__rm_f) $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am @@ -1068,3 +1075,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru openvpn-2.6.3/PORTS openvpn-2.6.14/PORTS --- openvpn-2.6.3/PORTS 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/PORTS 2025-04-02 06:53:10.000000000 +0000 @@ -1,5 +1,5 @@ OpenVPN -Copyright (C) 2002-2023 OpenVPN Inc +Copyright (C) 2002-2024 OpenVPN Inc OpenVPN has been written to try to avoid features that are not standardized well across different diff -Nru openvpn-2.6.3/README openvpn-2.6.14/README --- openvpn-2.6.3/README 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/README 2025-04-02 06:53:10.000000000 +0000 @@ -21,6 +21,9 @@ or see the file INSTALL for more info. +For information on how to build OpenVPN on/for Windows with MinGW +or MSVC see README.cmake.md. + ************************************************************************* For detailed information on OpenVPN, including examples, see the man page @@ -69,8 +72,7 @@ https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows6 -The old cross-compilation environment (domake-win) and the Python-based -buildsystem have been replaced with openvpn-build: +Community-provided Windows installers (MSI) and Debian packages are built from https://github.com/OpenVPN/openvpn-build diff -Nru openvpn-2.6.3/README.cmake.md openvpn-2.6.14/README.cmake.md --- openvpn-2.6.3/README.cmake.md 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/README.cmake.md 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,142 @@ +OpenVPN Builds with CMake +========================= + +For Windows builds we do not use the autotools-based buildsystem that we use +for our Unix-like (Linux, BSDs, macOS, etc.) builds. Instead we added a +separate (CMake)[https://cmake.org/]-based buildsystem. + +This buildsystem supports building for Windows both with MSVC (i.e. Visual +Studio) and MinGW. MinGW builds are also supported as cross-compile +from Linux. + +The official builds, which are also available as CMake presets (see +`cmake --list-presets` and `CMakePresets.json`) all use +(VCPKG)[https://github.com/microsoft/vcpkg/#vcpkg-overview] for dependency +management. This allows us to do proper supply-chain management and +also makes cross-building with MinGW on Linux much simpler. However, +builds are also possible by providing the build dependencies manually, +but that might require specifying more information to CMake. + +You need at least CMake version 3.21 or newer for the `CMakePreset.json` +file to be supported. Manual builds might be possible with older CMake +versions, see `cmake_minimum_required` in `CMakeLists.txt`. + +If you're looking to build the full Windows installer MSI, take a look +at https://github.com/OpenVPN/openvpn-build.git . + +MSVC builds +----------- + +The following tools are expected to be present on the system, you +can install them with a package manager of your choice (e.g. +chocolatey, winget) or manually: + +* CMake (>= 3.21) +* Git +* Python (3.x), plus the Python module `docutils` +* Visual Studion 17 (2022), C/C++ Environment + +For example, to prepare the required tools with chocolatey, you +can use the following commands (Powershell): + + # Installing Chocolatey + Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) + & choco.exe install -y git --params "/GitAndUnixToolsOnPath" + & choco.exe install -y python + & python.exe -m ensurepip + & python.exe -m pip install --upgrade pip + & python.exe -m pip install docutils + & choco.exe install -y cmake --installargs 'ADD_CMAKE_TO_PATH=System' + & choco.exe install -y "visualstudio2022buildtools" + & choco.exe install -y "visualstudio2022-workload-vctools" --params "--add Microsoft.VisualStudio.Component.UWP.VC.ARM64 --add Microsoft.VisualStudio.Component.VC.Tools.ARM64 --add Microsoft.VisualStudio.Component.VC.ATL.Spectre --add Microsoft.VisualStudio.Component.VC.ATLMFC.Spectre --add Microsoft.VisualStudio.Component.VC.ATL.ARM64.Spectre --add Microsoft.VisualStudio.Component.VC.MFC.ARM64.Spectre --add Microsoft.VisualStudio.Component.VC.Runtimes.ARM64.Spectre --add Microsoft.VisualStudio.Component.VC.Runtimes.x86.x64.Spectre --quiet" + & choco.exe install -y windows-sdk-10-version-2004-windbg + +One or more restarts of Powershell might be required to pick up new additions +to `PATH` between steps. A Windows restart is probably required after +installing Visual Studio before being able to use it. +You can find the exact commands we use to set up the community build machines +at https://github.com/OpenVPN/openvpn-buildbot/blob/master/jenkins/windows-server/msibuild.pkr.hcl + +To do a default build, assuming you are in a MSVC 17 2022 environment: + + mkdir C:\OpenVPN + cd C:\OpenVPN + git clone https://github.com/microsoft/vcpkg.git + git clone https://github.com/OpenVPN/openvpn.git + set VCPKG_ROOT=C:\OpenVPN\vcpkg + cd openvpn + cmake --preset win-amd64-release + cmake --build --preset win-amd64-release + ctest --preset win-amd64-release + +When using the presets, the build directory is +`out/build//`, you can find the output files there. +No install support is provided directly in OpenVPN build, take a look +at https://github.com/OpenVPN/openvpn-build.git instead. + +MinGW builds (cross-compile on Linux) +------------------------------------- + +To build the Windows executables on a Linux system: + + # install mingw with the package manager of your choice, e.g. + sudo apt-get install -y mingw-w64 + # in addition to mingw we also need a toolchain for host builds, e.g. + sudo apt-get install -y build-essential + # minimum required tools for vcpkg bootstrap: curl, zip, unzip, tar, e.g. + sudo apt-get install -y curl zip unzip tar + # additionally vcpkg requires powershell when building Windows binaries. + # See https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-linux + # e.g. + sudo apt-get install -y wget apt-transport-https software-properties-common + wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb" + sudo dpkg -i packages-microsoft-prod.deb + sudo apt-get update + sudo apt-get install -y powershell + # minimum required tools for build: cmake, docutils, git, ninja, + # pkg-config, python e.g. + sudo apt-get install -y cmake git ninja-build pkg-config python3 python3-docutils + # additionally required to build pkcs11-helper: automake, autoconf, + # man2html, e.g. + sudo apt-get install -y automake autoconf man2html-base + mkdir mingw + cd mingw + git clone https://github.com/microsoft/vcpkg.git + git clone https://github.com/OpenVPN/openvpn.git + export VCPKG_ROOT=$PWD/vcpkg + cd openvpn + # requires CMake 3.21 or newer + cmake --preset mingw-x64 + cmake --build --preset mingw-x64 + # unit tests are built, but no testPreset is provided. You need to copy + # them to a Windows system manually + +The instructions have been verified on a Ubuntu 22.04 LTS system in a +bash shell, and might need adaptions to other Linux distributions/versions. + +Note that the MinGW preset builds use the `Ninja multi-config` generator, so +if you want to build the Debug binaries, use + + cmake --build --preset mingw-x64 --config Debug + +The default build is equivalent to specifying `--config Release`. + +When using the presets, the build directory is +`out/build/mingw/`, you can find the actual output files in +sub-directories called ``. +No install support is provided directly in OpenVPN build, take a look +at https://github.com/OpenVPN/openvpn-build.git instead. + +Unsupported builds +------------------ + +The CMake buildsystem also supports builds on Unix-like platforms. These builds +are sometimes useful for OpenVPN developers (e.g. when they use IDEs with +integrated CMake support). However, they are not officially supported, do not +include any install support and should not be used to distribute/package +OpenVPN. To emphasize this fact, you need to specify `-DUNSUPPORTED_BUILDS=ON` +to cmake to be able to use these builds. + +The `unix-native` CMake preset is available for these builds. This preset does +not require VCPKG and instead assumes all build-dependencies are provided by +the system natively. diff -Nru openvpn-2.6.3/README.dco.md openvpn-2.6.14/README.dco.md --- openvpn-2.6.3/README.dco.md 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/README.dco.md 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,134 @@ +OpenVPN data channel offload +============================ +2.6.0+ implements support for data-channel offloading where the data packets +are directly processed and forwarded in kernel space thanks to the ovpn-dco +kernel module. The userspace openvpn program acts purely as a control plane +application. + + +Overview of current release +--------------------------- +- See the "Limitations by design" and "Current limitations" sections for + features that are not and/or will not be supported by OpenVPN + ovpn-dco. + + +Getting started (Linux) +----------------------- +- Use a recent Linux kernel. Linux 5.4.0 and newer are known to work with + ovpn-dco. + +Get the ovpn-dco module from one these urls and build it: + +* https://gitlab.com/openvpn/ovpn-dco +* https://github.com/OpenVPN/ovpn-dco + +e.g. + + git clone https://github.com/OpenVPN/ovpn-dco + cd ovpn-dco + make + sudo make install + +If you want to report bugs please ensure to compile ovpn-dco with +`make DEBUG=1` and include any debug message being printed by the +kernel (you can view those messages with `dmesg`). + +Clone and build OpenVPN (or use OpenVPN 2.6+). For example: + + git clone https://github.com/openvpn/openvpn.git + cd openvpn + autoreconf -vi + ./configure --enable-dco + make + sudo make install # Or just run src/openvpn/openvpn + +When starting openvpn it will automatically detect DCO support and use the +kernel module. Add the option `--disable-dco` to disable data channel offload +support. If the configuration contains an option that is incompatible with +data channel offloading, OpenVPN will automatically disable DCO support and +warn the user. + +Should OpenVPN be configured to use a feature that is not supported by ovpn-dco +or should the ovpn-dco kernel module not be available on the system, you will +see a message like + + Note: Kernel support for ovpn-dco missing, disabling data channel offload. + +in your log. + + +Getting started (Windows) +------------------------- +Official releases published at https://openvpn.net/community-downloads/ +include ovpn-dco-win driver since 2.6.0. + +There are also snapshot releases available at +https://build.openvpn.net/downloads/snapshots/github-actions/openvpn2/ . +This installer contains the latest OpenVPN code and the ovpn-dco-win driver. + + +DCO and P2P mode +---------------- +DCO is also available when running OpenVPN in P2P mode without `--pull` / +`--client` option. P2P mode is useful for scenarios when the OpenVPN tunnel +should not interfere with overall routing and behave more like a "dumb" tunnel, +like GRE. + +However, DCO requires DATA_V2 to be enabled, which is available for P2P mode +only in OpenVPN 2.6 and later. + +OpenVPN prints a diagnostic message for the P2P NCP result when running in P2P +mode: + + P2P mode NCP negotiation result: TLS_export=1, DATA_v2=1, peer-id 9484735, cipher=AES-256-GCM + +Double check that you have `DATA_v2=1` in your output and a supported AEAD +cipher (AES-XXX-GCM or CHACHA20POLY1305). + + +Routing with ovpn-dco +--------------------- +The ovpn-dco kernel module implements a more transparent approach to +configuring routes to clients (aka "iroutes") and consults the main kernel +routing tables for forwarding decisions. + +- Each client has a VPN IPv4 and/or a VPN IPv6 assigned to it; +- additional IP ranges can be routed to a client by adding a route with + a client VPN IP as the gateway/nexthop (i.e. ip route add a.b.c.d/24 via + $VPNIP); +- due to the point above, there is no real need to add a companion `--route` for + each `--iroute` directive, unless you want to blackhole traffic when the + specific client is not connected; +- no internal routing is available. If you need truly internal routes, this can + be achieved either with filtering using `iptables` or using `ip rule`; +- client-to-client behaviour, as implemented in userspace, does not exist: + packets always reach the tunnel interface and are then re-routed to the + destination peer based on the system routing table. + + +Limitations by design +---------------------- +- Layer 3 (dev tun) only; +- only the following AEAD ciphers are currently supported: Chacha20-Poly1305 + and AES-GCM-128/192/256; +- no support for compression or compression framing: + - see also the `--compress migrate` option to move to a setup without + compression; +- various features not implemented since they have better replacements: + - `--shaper`, use tc instead; + - packet manipulation, use nftables/iptables instead; +- OpenVPN 2.4.0 is the minimum version required for peers to connect: + - older versions are missing support for the AEAD ciphers; +- topology subnet is the only supported `--topology` for servers; +- iroute directives install routes on the host operating system, see also + Routing with ovpn-dco; +- (ovpn-dco-win) client and p2p mode only; +- (ovpn-dco-win) Chacha20-Poly1305 support available starting with Windows 11. + + +Current implementation limitations +------------------- +- `--persist-tun` not tested; +- IPv6 mapped IPv4 addresses need Linux 5.4.189+/5.10.110+/5.12+ to work; +- some incompatible options may not properly fallback to non-dco; +- no per client statistics. Only total statistics available on the interface. diff -Nru openvpn-2.6.3/README.ec openvpn-2.6.14/README.ec --- openvpn-2.6.3/README.ec 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/README.ec 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,36 @@ +Since 2.4.0, OpenVPN has official support for elliptic curve crypto. Elliptic +curves are an alternative to RSA for asymmetric encryption. + +Elliptic curve crypto ('ECC') can be used for the ('TLS') control channel only +in OpenVPN; the data channel (encrypting the actual network traffic) uses +symmetric encryption. ECC can be used in TLS for authentication (ECDSA) and key +exchange (ECDH). + +Key exchange (ECDH) +------------------- +OpenVPN 2.4.0 and newer automatically initialize ECDH parameters. When ECDSA is +used for authentication, the curve used for the server certificate will be used +for ECDH too. When autodetection fails (e.g. when using RSA certificates) +OpenVPN lets the crypto library decide if possible, or falls back to the +secp384r1 curve. The list of groups/curves that the crypto library will choose +from can be set with the --tls-groups option. + +An administrator can force an OpenVPN/OpenSSL server to use a specific curve +using the --ecdh-curve option with one of the curves listed as +available by the --show-groups option. Clients will use the same curve as +selected by the server. + +Note that not all curves listed by --show-groups are available for use with TLS; +in that case connecting will fail with a 'no shared cipher' TLS error. + +Authentication (ECDSA) +---------------------- +Since OpenVPN 2.4.0, using ECDSA certificates works 'out of the box'. Which +specific curves and cipher suites are available depends on your version and +configuration of the crypto library. The crypto library will automatically +select a cipher suite for the TLS control channel. + +Support for generating an ECDSA certificate chain is available in EasyRSA (in +spite of it's name) since EasyRSA 3.0. The parameters you're looking for are +'--use-algo=ec' and '--curve='. See the EasyRSA documentation for +more details on generating ECDSA certificates. diff -Nru openvpn-2.6.3/README.mbedtls openvpn-2.6.14/README.mbedtls --- openvpn-2.6.3/README.mbedtls 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/README.mbedtls 2025-04-02 06:53:10.000000000 +0000 @@ -1,31 +1,13 @@ -This version of OpenVPN has mbed TLS support. To enable follow the following -instructions: +This version of OpenVPN has mbed TLS support. To enable, follow the +instructions below: -To Build and Install, +To build and install, ./configure --with-crypto-library=mbedtls make make install -This version depends on mbed TLS 2.0 (and requires at least 2.0.0). - -************************************************************************* - -Warning: - -As of mbed TLS 2.17, it can be licensed *only* under the Apache v2.0 license. -That license is incompatible with OpenVPN's GPLv2. - -If you wish to distribute OpenVPN linked with mbed TLS, there are two options: - - * Ensure that your case falls under the system library exception in GPLv2, or - - * Use an earlier version of mbed TLS. Version 2.16.12 is the last release - that may be licensed under GPLv2. Unfortunately, this version is - unsupported and won't receive any more updates. - -If nothing changes about the license situation, mbed TLS support may be -deprecated in a future release of OpenVPN. +This version requires mbed TLS version >= 2.0.0 or >= 3.2.1. ************************************************************************* @@ -40,5 +22,9 @@ Plugin/Script features: * X.509 subject line has a different format than the OpenSSL subject line - * X.509 certificate export does not work * X.509 certificate tracking + +************************************************************************* + +Mbed TLS 3 has implemented (parts of) the TLS 1.3 protocol, but we have disabled +support in OpenVPN because the TLS-Exporter function is not yet implemented. diff -Nru openvpn-2.6.3/README.wolfssl openvpn-2.6.14/README.wolfssl --- openvpn-2.6.3/README.wolfssl 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/README.wolfssl 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,30 @@ +Support for wolfSSL is implemented and maintained by wolfSSL Inc. The support is +implemented using wolfSSL's compatibility layer. The wolfSSL support in OpenVPN +receives very limited testing/support from the OpenVPN community itself. + +If bugs in OpenVPN when using wolfSSL are encountered, the user should try to +also compile OpenVPN with OpenSSL to determine if these are bugs in the +wolfSSL TLS implementation or OpenVPN itself. If bugs are caused by compiling +with wolfSSL, please contact support@wolfssl.com directly. + +To Build and Install, + + ./configure --with-crypto-library=wolfssl + make + make install + + +The wolfSSL library will include the installed options.h file by default. +To include a custom user_settings.h file for wolfSSL, + +./configure --with-crypto-library=wolfssl --disable-wolfssl-options-h +make +make install + +************************************************************************* +Due to limitations in the wolfSSL TLS library or its compatibility layer, the +following features are missing + + * blowfish support (BF-CBC), you must use something like + cipher AES-128-CBC to avoid trying to use BF-CBC + * Windows CryptoAPI support diff -Nru openvpn-2.6.3/aclocal.m4 openvpn-2.6.14/aclocal.m4 --- openvpn-2.6.3/aclocal.m4 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/aclocal.m4 2025-04-02 06:53:10.000000000 +0000 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.16.5 -*- Autoconf -*- +# generated automatically by aclocal 1.17 -*- Autoconf -*- -# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copyright (C) 1996-2024 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,13 +14,13 @@ m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],, -[m4_warning([this file was generated for autoconf 2.71. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.72],, +[m4_warning([this file was generated for autoconf 2.72. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2021 Free Software Foundation, Inc. +# Copyright (C) 2002-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,10 +32,10 @@ # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.16' +[am__api_version='1.17' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.16.5], [], +m4_if([$1], [1.17], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,14 +51,14 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.16.5])dnl +[AM_AUTOMAKE_VERSION([1.17])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -110,7 +110,7 @@ # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2021 Free Software Foundation, Inc. +# Copyright (C) 1997-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -141,7 +141,7 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -273,7 +273,7 @@ # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: + # When given -MP, icc 7.0 and 7.1 complain thus: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported @@ -332,7 +332,7 @@ # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -400,7 +400,7 @@ # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copyright (C) 1996-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -534,7 +534,7 @@ fi AC_SUBST([CSCOPE]) -AC_REQUIRE([AM_SILENT_RULES])dnl +AC_REQUIRE([_AM_SILENT_RULES])dnl dnl The testsuite driver may need to know about EXEEXT, so add the dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. @@ -542,47 +542,9 @@ [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl -# POSIX will say in a future version that running "rm -f" with no argument -# is OK; and we want to be able to make that assumption in our Makefile -# recipes. So use an aggressive probe to check that the usage we want is -# actually supported "in the wild" to an acceptable degree. -# See automake bug#10828. -# To make any issue more visible, cause the running configure to be aborted -# by default if the 'rm' program in use doesn't match our expectations; the -# user can still override this though. -if rm -f && rm -fr && rm -rf; then : OK; else - cat >&2 <<'END' -Oops! - -Your 'rm' program seems unable to run without file operands specified -on the command line, even when the '-f' option is present. This is contrary -to the behaviour of most rm programs out there, and not conforming with -the upcoming POSIX standard: - -Please tell bug-automake@gnu.org about your system, including the value -of your $PATH and any error possibly output before this message. This -can help us improve future automake versions. +AC_REQUIRE([_AM_PROG_RM_F]) +AC_REQUIRE([_AM_PROG_XARGS_N]) -END - if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then - echo 'Configuration will proceed anyway, since you have set the' >&2 - echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 - echo >&2 - else - cat >&2 <<'END' -Aborting the configuration process, to ensure you take notice of the issue. - -You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: . - -If you want to complete the configuration process using your problematic -'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM -to "yes", and re-run configure. - -END - AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) - fi -fi dnl The trailing newline in this macro's definition is deliberate, for dnl backward compatibility and to allow trailing 'dnl'-style comments dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. @@ -615,7 +577,7 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -636,7 +598,7 @@ fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2021 Free Software Foundation, Inc. +# Copyright (C) 2003-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -657,7 +619,7 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -700,7 +662,7 @@ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2021 Free Software Foundation, Inc. +# Copyright (C) 1997-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -734,7 +696,7 @@ # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -763,7 +725,7 @@ AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -810,7 +772,23 @@ # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2022-2024 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_RM_F +# --------------- +# Check whether 'rm -f' without any arguments works. +# https://bugs.gnu.org/10828 +AC_DEFUN([_AM_PROG_RM_F], +[am__rm_f_notfound= +AS_IF([(rm -f && rm -fr && rm -rf) 2>/dev/null], [], [am__rm_f_notfound='""']) +AC_SUBST(am__rm_f_notfound) +]) + +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -829,16 +807,169 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copyright (C) 1996-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# _AM_SLEEP_FRACTIONAL_SECONDS +# ---------------------------- +AC_DEFUN([_AM_SLEEP_FRACTIONAL_SECONDS], [dnl +AC_CACHE_CHECK([whether sleep supports fractional seconds], + am_cv_sleep_fractional_seconds, [dnl +AS_IF([sleep 0.001 2>/dev/null], [am_cv_sleep_fractional_seconds=yes], + [am_cv_sleep_fractional_seconds=no]) +])]) + +# _AM_FILESYSTEM_TIMESTAMP_RESOLUTION +# ----------------------------------- +# Determine the filesystem's resolution for file modification +# timestamps. The coarsest we know of is FAT, with a resolution +# of only two seconds, even with the most recent "exFAT" extensions. +# The finest (e.g. ext4 with large inodes, XFS, ZFS) is one +# nanosecond, matching clock_gettime. However, it is probably not +# possible to delay execution of a shell script for less than one +# millisecond, due to process creation overhead and scheduling +# granularity, so we don't check for anything finer than that. (See below.) +AC_DEFUN([_AM_FILESYSTEM_TIMESTAMP_RESOLUTION], [dnl +AC_REQUIRE([_AM_SLEEP_FRACTIONAL_SECONDS]) +AC_CACHE_CHECK([filesystem timestamp resolution], + am_cv_filesystem_timestamp_resolution, [dnl +# Default to the worst case. +am_cv_filesystem_timestamp_resolution=2 + +# Only try to go finer than 1 sec if sleep can do it. +# Don't try 1 sec, because if 0.01 sec and 0.1 sec don't work, +# - 1 sec is not much of a win compared to 2 sec, and +# - it takes 2 seconds to perform the test whether 1 sec works. +# +# Instead, just use the default 2s on platforms that have 1s resolution, +# accept the extra 1s delay when using $sleep in the Automake tests, in +# exchange for not incurring the 2s delay for running the test for all +# packages. +# +am_try_resolutions= +if test "$am_cv_sleep_fractional_seconds" = yes; then + # Even a millisecond often causes a bunch of false positives, + # so just try a hundredth of a second. The time saved between .001 and + # .01 is not terribly consequential. + am_try_resolutions="0.01 0.1 $am_try_resolutions" +fi + +# In order to catch current-generation FAT out, we must *modify* files +# that already exist; the *creation* timestamp is finer. Use names +# that make ls -t sort them differently when they have equal +# timestamps than when they have distinct timestamps, keeping +# in mind that ls -t prints the *newest* file first. +rm -f conftest.ts? +: > conftest.ts1 +: > conftest.ts2 +: > conftest.ts3 + +# Make sure ls -t actually works. Do 'set' in a subshell so we don't +# clobber the current shell's arguments. (Outer-level square brackets +# are removed by m4; they're present so that m4 does not expand +# ; be careful, easy to get confused.) +if ( + set X `[ls -t conftest.ts[12]]` && + { + test "$[]*" != "X conftest.ts1 conftest.ts2" || + test "$[]*" != "X conftest.ts2 conftest.ts1"; + } +); then :; else + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + _AS_ECHO_UNQUOTED( + ["Bad output from ls -t: \"`[ls -t conftest.ts[12]]`\""], + [AS_MESSAGE_LOG_FD]) + AC_MSG_FAILURE([ls -t produces unexpected output. +Make sure there is not a broken ls alias in your environment.]) +fi + +for am_try_res in $am_try_resolutions; do + # Any one fine-grained sleep might happen to cross the boundary + # between two values of a coarser actual resolution, but if we do + # two fine-grained sleeps in a row, at least one of them will fall + # entirely within a coarse interval. + echo alpha > conftest.ts1 + sleep $am_try_res + echo beta > conftest.ts2 + sleep $am_try_res + echo gamma > conftest.ts3 + + # We assume that 'ls -t' will make use of high-resolution + # timestamps if the operating system supports them at all. + if (set X `ls -t conftest.ts?` && + test "$[]2" = conftest.ts3 && + test "$[]3" = conftest.ts2 && + test "$[]4" = conftest.ts1); then + # + # Ok, ls -t worked. If we're at a resolution of 1 second, we're done, + # because we don't need to test make. + make_ok=true + if test $am_try_res != 1; then + # But if we've succeeded so far with a subsecond resolution, we + # have one more thing to check: make. It can happen that + # everything else supports the subsecond mtimes, but make doesn't; + # notably on macOS, which ships make 3.81 from 2006 (the last one + # released under GPLv2). https://bugs.gnu.org/68808 + # + # We test $MAKE if it is defined in the environment, else "make". + # It might get overridden later, but our hope is that in practice + # it does not matter: it is the system "make" which is (by far) + # the most likely to be broken, whereas if the user overrides it, + # probably they did so with a better, or at least not worse, make. + # https://lists.gnu.org/archive/html/automake/2024-06/msg00051.html + # + # Create a Makefile (real tab character here): + rm -f conftest.mk + echo 'conftest.ts1: conftest.ts2' >conftest.mk + echo ' touch conftest.ts2' >>conftest.mk + # + # Now, running + # touch conftest.ts1; touch conftest.ts2; make + # should touch ts1 because ts2 is newer. This could happen by luck, + # but most often, it will fail if make's support is insufficient. So + # test for several consecutive successes. + # + # (We reuse conftest.ts[12] because we still want to modify existing + # files, not create new ones, per above.) + n=0 + make=${MAKE-make} + until test $n -eq 3; do + echo one > conftest.ts1 + sleep $am_try_res + echo two > conftest.ts2 # ts2 should now be newer than ts1 + if $make -f conftest.mk | grep 'up to date' >/dev/null; then + make_ok=false + break # out of $n loop + fi + n=`expr $n + 1` + done + fi + # + if $make_ok; then + # Everything we know to check worked out, so call this resolution good. + am_cv_filesystem_timestamp_resolution=$am_try_res + break # out of $am_try_res loop + fi + # Otherwise, we'll go on to check the next resolution. + fi +done +rm -f conftest.ts? +# (end _am_filesystem_timestamp_resolution) +])]) + # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], -[AC_MSG_CHECKING([whether build environment is sane]) +[AC_REQUIRE([_AM_FILESYSTEM_TIMESTAMP_RESOLUTION]) +# This check should not be cached, as it may vary across builds of +# different projects. +AC_MSG_CHECKING([whether build environment is sane]) # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -857,49 +988,40 @@ # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). -if ( - am_has_slept=no - for am_try in 1 2; do - echo "timestamp, slept: $am_has_slept" > conftest.file - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$[*]" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - if test "$[*]" != "X $srcdir/configure conftest.file" \ - && test "$[*]" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken - alias in your environment]) - fi - if test "$[2]" = conftest.file || test $am_try -eq 2; then - break - fi - # Just in case. - sleep 1 - am_has_slept=yes - done - test "$[2]" = conftest.file - ) -then - # Ok. - : -else - AC_MSG_ERROR([newly created file is older than distributed files! +am_build_env_is_sane=no +am_has_slept=no +rm -f conftest.file +for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[]*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + test "$[]2" = conftest.file + ); then + am_build_env_is_sane=yes + break + fi + # Just in case. + sleep "$am_cv_filesystem_timestamp_resolution" + am_has_slept=yes +done + +AC_MSG_RESULT([$am_build_env_is_sane]) +if test "$am_build_env_is_sane" = no; then + AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi -AC_MSG_RESULT([yes]) + # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= -if grep 'slept: no' conftest.file >/dev/null 2>&1; then - ( sleep 1 ) & +AS_IF([test -e conftest.file || grep 'slept: no' conftest.file >/dev/null 2>&1],, [dnl + ( sleep "$am_cv_filesystem_timestamp_resolution" ) & am_sleep_pid=$! -fi +]) AC_CONFIG_COMMANDS_PRE( [AC_MSG_CHECKING([that generated files are newer than configure]) if test -n "$am_sleep_pid"; then @@ -910,18 +1032,18 @@ rm -f conftest.file ]) -# Copyright (C) 2009-2021 Free Software Foundation, Inc. +# Copyright (C) 2009-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# AM_SILENT_RULES([DEFAULT]) -# -------------------------- -# Enable less verbose build rules; with the default set to DEFAULT -# ("yes" being less verbose, "no" or empty being verbose). -AC_DEFUN([AM_SILENT_RULES], -[AC_ARG_ENABLE([silent-rules], [dnl +# _AM_SILENT_RULES +# ---------------- +# Enable less verbose build rules support. +AC_DEFUN([_AM_SILENT_RULES], +[AM_DEFAULT_VERBOSITY=1 +AC_ARG_ENABLE([silent-rules], [dnl AS_HELP_STRING( [--enable-silent-rules], [less verbose build output (undo: "make V=1")]) @@ -929,11 +1051,6 @@ [--disable-silent-rules], [verbose build output (undo: "make V=0")])dnl ]) -case $enable_silent_rules in @%:@ ((( - yes) AM_DEFAULT_VERBOSITY=0;; - no) AM_DEFAULT_VERBOSITY=1;; - *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; -esac dnl dnl A few 'make' implementations (e.g., NonStop OS and NextStep) dnl do not support nested variable expansions. @@ -952,14 +1069,6 @@ else am_cv_make_support_nested_variables=no fi]) -if test $am_cv_make_support_nested_variables = yes; then - dnl Using '$V' instead of '$(V)' breaks IRIX make. - AM_V='$(V)' - AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' -else - AM_V=$AM_DEFAULT_VERBOSITY - AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY -fi AC_SUBST([AM_V])dnl AM_SUBST_NOTMAKE([AM_V])dnl AC_SUBST([AM_DEFAULT_V])dnl @@ -968,9 +1077,33 @@ AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl +dnl Delay evaluation of AM_DEFAULT_VERBOSITY to the end to allow multiple calls +dnl to AM_SILENT_RULES to change the default value. +AC_CONFIG_COMMANDS_PRE([dnl +case $enable_silent_rules in @%:@ ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; +esac +if test $am_cv_make_support_nested_variables = yes; then + dnl Using '$V' instead of '$(V)' breaks IRIX make. + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +])dnl ]) -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# AM_SILENT_RULES([DEFAULT]) +# -------------------------- +# Set the default verbosity level to DEFAULT ("yes" being less verbose, "no" or +# empty being verbose). +AC_DEFUN([AM_SILENT_RULES], +[AC_REQUIRE([_AM_SILENT_RULES]) +AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1])]) + +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -998,7 +1131,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2021 Free Software Foundation, Inc. +# Copyright (C) 2006-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1017,7 +1150,7 @@ # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2021 Free Software Foundation, Inc. +# Copyright (C) 2004-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1063,15 +1196,19 @@ am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) - if test $am_uid -le $am_max_uid; then - AC_MSG_RESULT([yes]) + if test x$am_uid = xunknown; then + AC_MSG_WARN([ancient id detected; assuming current UID is ok, but dist-ustar might not work]) + elif test $am_uid -le $am_max_uid; then + AC_MSG_RESULT([yes]) else - AC_MSG_RESULT([no]) - _am_tools=none + AC_MSG_RESULT([no]) + _am_tools=none fi AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) - if test $am_gid -le $am_max_gid; then - AC_MSG_RESULT([yes]) + if test x$gm_gid = xunknown; then + AC_MSG_WARN([ancient id detected; assuming current GID is ok, but dist-ustar might not work]) + elif test $am_gid -le $am_max_gid; then + AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none @@ -1148,6 +1285,26 @@ AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +# Copyright (C) 2022-2024 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_XARGS_N +# ---------------- +# Check whether 'xargs -n' works. It should work everywhere, so the fallback +# is not optimized at all as we never expect to use it. +AC_DEFUN([_AM_PROG_XARGS_N], +[AC_CACHE_CHECK([xargs -n works], am_cv_xargs_n_works, [dnl +AS_IF([test "`echo 1 2 3 | xargs -n2 echo`" = "1 2 +3"], [am_cv_xargs_n_works=yes], [am_cv_xargs_n_works=no])]) +AS_IF([test "$am_cv_xargs_n_works" = yes], [am__xargs_n='xargs -n'], [dnl + am__xargs_n='am__xargs_n () { shift; sed "s/ /\\n/g" | while read am__xargs_n_arg; do "$@" "$am__xargs_n_arg"; done; }' +])dnl +AC_SUBST(am__xargs_n) +]) + m4_include([m4/ax_socklen_t.m4]) m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) diff -Nru openvpn-2.6.3/build/Makefile.am openvpn-2.6.14/build/Makefile.am --- openvpn-2.6.3/build/Makefile.am 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/build/Makefile.am 2025-04-02 06:53:10.000000000 +0000 @@ -13,5 +13,3 @@ EXTRA_DIST = \ ltrc.inc - -SUBDIRS = msvc diff -Nru openvpn-2.6.3/build/Makefile.in openvpn-2.6.14/build/Makefile.in --- openvpn-2.6.3/build/Makefile.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/build/Makefile.in 2025-04-02 06:53:10.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -79,6 +79,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -127,72 +129,14 @@ am__v_at_1 = SOURCES = DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ - ctags-recursive dvi-recursive html-recursive info-recursive \ - install-data-recursive install-dvi-recursive \ - install-exec-recursive install-html-recursive \ - install-info-recursive install-pdf-recursive \ - install-ps-recursive install-recursive installcheck-recursive \ - installdirs-recursive pdf-recursive ps-recursive \ - tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -am__recursive_targets = \ - $(RECURSIVE_TARGETS) \ - $(RECURSIVE_CLEAN_TARGETS) \ - $(am__extra_recursive_targets) -AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - distdir distdir-am am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ @@ -226,6 +170,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GIT = @GIT@ GREP = @GREP@ IFCONFIG = @IFCONFIG@ @@ -336,8 +281,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -391,8 +338,7 @@ EXTRA_DIST = \ ltrc.inc -SUBDIRS = msvc -all: all-recursive +all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @@ -430,105 +376,12 @@ clean-libtool: -rm -rf .libs _libs +tags TAGS: -# This directory's subdirectories are mostly independent; you can cd -# into them and run 'make' without going through this Makefile. -# To change the values of 'make' variables: instead of editing Makefiles, -# (1) if the variable is set in 'config.status', edit 'config.status' -# (which will cause the Makefiles to be regenerated when you run 'make'); -# (2) otherwise, pass the desired values on the 'make' command line. -$(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-recursive -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-recursive +ctags CTAGS: -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-recursive - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files +cscope cscopelist: -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -562,45 +415,19 @@ || exit 1; \ fi; \ done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - $(am__make_dryrun) \ - || test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done check-am: all-am -check: check-recursive +check: check-am all-am: Makefile -installdirs: installdirs-recursive -installdirs-am: -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -installcheck: installcheck-recursive +installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ @@ -616,93 +443,92 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-recursive + -$(am__rm_f) $(MAINTAINERCLEANFILES) +clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am -distclean: distclean-recursive +distclean: distclean-am -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-tags +distclean-am: clean-am distclean-generic -dvi: dvi-recursive +dvi: dvi-am dvi-am: -html: html-recursive +html: html-am html-am: -info: info-recursive +info: info-am info-am: install-data-am: -install-dvi: install-dvi-recursive +install-dvi: install-dvi-am install-dvi-am: install-exec-am: -install-html: install-html-recursive +install-html: install-html-am install-html-am: -install-info: install-info-recursive +install-info: install-info-am install-info-am: install-man: -install-pdf: install-pdf-recursive +install-pdf: install-pdf-am install-pdf-am: -install-ps: install-ps-recursive +install-ps: install-ps-am install-ps-am: installcheck-am: -maintainer-clean: maintainer-clean-recursive +maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic -mostlyclean: mostlyclean-recursive +mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool -pdf: pdf-recursive +pdf: pdf-am pdf-am: -ps: ps-recursive +ps: ps-am ps-am: uninstall-am: -.MAKE: $(am__recursive_targets) install-am install-strip +.MAKE: install-am install-strip -.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ - check-am clean clean-generic clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ - installdirs-am maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am tags tags-am uninstall uninstall-am + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags-am uninstall uninstall-am .PRECIOUS: Makefile @@ -710,3 +536,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru openvpn-2.6.3/build/msvc/Makefile.am openvpn-2.6.14/build/msvc/Makefile.am --- openvpn-2.6.3/build/msvc/Makefile.am 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/build/msvc/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -# -# OpenVPN -- An application to securely tunnel IP networks -# over a single UDP port, with support for SSL/TLS-based -# session authentication and key exchange, -# packet encryption, packet authentication, and -# packet compression. -# -# Copyright (C) 2002-2023 OpenVPN Inc -# Copyright (C) 2006-2012 Alon Bar-Lev -# - -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in - -SUBDIRS = msvc-generate diff -Nru openvpn-2.6.3/build/msvc/Makefile.in openvpn-2.6.14/build/msvc/Makefile.in --- openvpn-2.6.3/build/msvc/Makefile.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/build/msvc/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,710 +0,0 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2021 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# -# OpenVPN -- An application to securely tunnel IP networks -# over a single UDP port, with support for SSL/TLS-based -# session authentication and key exchange, -# packet encryption, packet authentication, and -# packet compression. -# -# Copyright (C) 2002-2023 OpenVPN Inc -# Copyright (C) 2006-2012 Alon Bar-Lev -# -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = build/msvc -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/ax_socklen_t.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/pkg.m4 \ - $(top_srcdir)/version.m4 $(top_srcdir)/compat.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h \ - $(top_builddir)/include/openvpn-plugin.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -SOURCES = -DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ - ctags-recursive dvi-recursive html-recursive info-recursive \ - install-data-recursive install-dvi-recursive \ - install-exec-recursive install-html-recursive \ - install-info-recursive install-pdf-recursive \ - install-ps-recursive install-recursive installcheck-recursive \ - installdirs-recursive pdf-recursive ps-recursive \ - tags-recursive uninstall-recursive -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -am__recursive_targets = \ - $(RECURSIVE_TARGETS) \ - $(RECURSIVE_CLEAN_TARGETS) \ - $(am__extra_recursive_targets) -AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - distdir distdir-am -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -DIST_SUBDIRS = $(SUBDIRS) -am__DIST_COMMON = $(srcdir)/Makefile.in -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ -CMOCKA_LIBS = @CMOCKA_LIBS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CSCOPE = @CSCOPE@ -CTAGS = @CTAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DL_LIBS = @DL_LIBS@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -ENABLE_UNITTESTS = @ENABLE_UNITTESTS@ -ETAGS = @ETAGS@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GIT = @GIT@ -GREP = @GREP@ -IFCONFIG = @IFCONFIG@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPROUTE = @IPROUTE@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCAPNG_CFLAGS = @LIBCAPNG_CFLAGS@ -LIBCAPNG_LIBS = @LIBCAPNG_LIBS@ -LIBNL_GENL_CFLAGS = @LIBNL_GENL_CFLAGS@ -LIBNL_GENL_LIBS = @LIBNL_GENL_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBPAM_CFLAGS = @LIBPAM_CFLAGS@ -LIBPAM_LIBS = @LIBPAM_LIBS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -LZ4_CFLAGS = @LZ4_CFLAGS@ -LZ4_LIBS = @LZ4_LIBS@ -LZO_CFLAGS = @LZO_CFLAGS@ -LZO_LIBS = @LZO_LIBS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MBEDTLS_CFLAGS = @MBEDTLS_CFLAGS@ -MBEDTLS_LIBS = @MBEDTLS_LIBS@ -MKDIR_P = @MKDIR_P@ -NETSTAT = @NETSTAT@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENVPN_VERSION_MAJOR = @OPENVPN_VERSION_MAJOR@ -OPENVPN_VERSION_MINOR = @OPENVPN_VERSION_MINOR@ -OPENVPN_VERSION_PATCH = @OPENVPN_VERSION_PATCH@ -OPTIONAL_CRYPTO_CFLAGS = @OPTIONAL_CRYPTO_CFLAGS@ -OPTIONAL_CRYPTO_LIBS = @OPTIONAL_CRYPTO_LIBS@ -OPTIONAL_DL_LIBS = @OPTIONAL_DL_LIBS@ -OPTIONAL_INOTIFY_CFLAGS = @OPTIONAL_INOTIFY_CFLAGS@ -OPTIONAL_INOTIFY_LIBS = @OPTIONAL_INOTIFY_LIBS@ -OPTIONAL_LZ4_CFLAGS = @OPTIONAL_LZ4_CFLAGS@ -OPTIONAL_LZ4_LIBS = @OPTIONAL_LZ4_LIBS@ -OPTIONAL_LZO_CFLAGS = @OPTIONAL_LZO_CFLAGS@ -OPTIONAL_LZO_LIBS = @OPTIONAL_LZO_LIBS@ -OPTIONAL_PKCS11_HELPER_CFLAGS = @OPTIONAL_PKCS11_HELPER_CFLAGS@ -OPTIONAL_PKCS11_HELPER_LIBS = @OPTIONAL_PKCS11_HELPER_LIBS@ -OPTIONAL_SELINUX_LIBS = @OPTIONAL_SELINUX_LIBS@ -OPTIONAL_SYSTEMD_LIBS = @OPTIONAL_SYSTEMD_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -P11KIT_CFLAGS = @P11KIT_CFLAGS@ -P11KIT_LIBS = @P11KIT_LIBS@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@ -PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -PLUGINDIR = @PLUGINDIR@ -PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@ -PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@ -RANLIB = @RANLIB@ -RC = @RC@ -ROUTE = @ROUTE@ -RST2HTML = @RST2HTML@ -RST2MAN = @RST2MAN@ -SED = @SED@ -SELINUX_LIBS = @SELINUX_LIBS@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKETS_LIBS = @SOCKETS_LIBS@ -STRIP = @STRIP@ -SYSTEMD_ASK_PASSWORD = @SYSTEMD_ASK_PASSWORD@ -SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@ -TAP_CFLAGS = @TAP_CFLAGS@ -TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@ -TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@ -TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@ -TEST_CFLAGS = @TEST_CFLAGS@ -TEST_LDFLAGS = @TEST_LDFLAGS@ -TMPFILES_DIR = @TMPFILES_DIR@ -VERSION = @VERSION@ -WOLFSSL_CFLAGS = @WOLFSSL_CFLAGS@ -WOLFSSL_INCLUDEDIR = @WOLFSSL_INCLUDEDIR@ -WOLFSSL_LIBS = @WOLFSSL_LIBS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libsystemd_CFLAGS = @libsystemd_CFLAGS@ -libsystemd_LIBS = @libsystemd_LIBS@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -plugindir = @plugindir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -runstatedir = @runstatedir@ -sampledir = @sampledir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -systemdunitdir = @systemdunitdir@ -target_alias = @target_alias@ -tmpfilesdir = @tmpfilesdir@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in - -SUBDIRS = msvc-generate -all: all-recursive - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign build/msvc/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign build/msvc/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -# This directory's subdirectories are mostly independent; you can cd -# into them and run 'make' without going through this Makefile. -# To change the values of 'make' variables: instead of editing Makefiles, -# (1) if the variable is set in 'config.status', edit 'config.status' -# (which will cause the Makefiles to be regenerated when you run 'make'); -# (2) otherwise, pass the desired values on the 'make' command line. -$(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-recursive -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-recursive - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-recursive - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -distdir-am: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - $(am__make_dryrun) \ - || test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-recursive -all-am: Makefile -installdirs: installdirs-recursive -installdirs-am: -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-recursive - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-recursive - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -html-am: - -info: info-recursive - -info-am: - -install-data-am: - -install-dvi: install-dvi-recursive - -install-dvi-am: - -install-exec-am: - -install-html: install-html-recursive - -install-html-am: - -install-info: install-info-recursive - -install-info-am: - -install-man: - -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: - -.MAKE: $(am__recursive_targets) install-am install-strip - -.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ - check-am clean clean-generic clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am tags tags-am uninstall uninstall-am - -.PRECIOUS: Makefile - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru openvpn-2.6.3/build/msvc/msvc-generate/Makefile.am openvpn-2.6.14/build/msvc/msvc-generate/Makefile.am --- openvpn-2.6.3/build/msvc/msvc-generate/Makefile.am 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/build/msvc/msvc-generate/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -# -# OpenVPN -- An application to securely tunnel IP networks -# over a single UDP port, with support for SSL/TLS-based -# session authentication and key exchange, -# packet encryption, packet authentication, and -# packet compression. -# -# Copyright (C) 2002-2023 OpenVPN Inc -# Copyright (C) 2006-2012 Alon Bar-Lev -# - -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in - -dist_noinst_DATA = \ - msvc-generate.vcxproj \ - Makefile.mak \ - msvc-generate.js diff -Nru openvpn-2.6.3/build/msvc/msvc-generate/Makefile.in openvpn-2.6.14/build/msvc/msvc-generate/Makefile.in --- openvpn-2.6.3/build/msvc/msvc-generate/Makefile.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/build/msvc/msvc-generate/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,539 +0,0 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2021 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# -# OpenVPN -- An application to securely tunnel IP networks -# over a single UDP port, with support for SSL/TLS-based -# session authentication and key exchange, -# packet encryption, packet authentication, and -# packet compression. -# -# Copyright (C) 2002-2023 OpenVPN Inc -# Copyright (C) 2006-2012 Alon Bar-Lev -# - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = build/msvc/msvc-generate -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/ax_socklen_t.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/pkg.m4 \ - $(top_srcdir)/version.m4 $(top_srcdir)/compat.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(dist_noinst_DATA) \ - $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h \ - $(top_builddir)/include/openvpn-plugin.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -SOURCES = -DIST_SOURCES = -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -DATA = $(dist_noinst_DATA) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -am__DIST_COMMON = $(srcdir)/Makefile.in -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ -CMOCKA_LIBS = @CMOCKA_LIBS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CSCOPE = @CSCOPE@ -CTAGS = @CTAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DL_LIBS = @DL_LIBS@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -ENABLE_UNITTESTS = @ENABLE_UNITTESTS@ -ETAGS = @ETAGS@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GIT = @GIT@ -GREP = @GREP@ -IFCONFIG = @IFCONFIG@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPROUTE = @IPROUTE@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCAPNG_CFLAGS = @LIBCAPNG_CFLAGS@ -LIBCAPNG_LIBS = @LIBCAPNG_LIBS@ -LIBNL_GENL_CFLAGS = @LIBNL_GENL_CFLAGS@ -LIBNL_GENL_LIBS = @LIBNL_GENL_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBPAM_CFLAGS = @LIBPAM_CFLAGS@ -LIBPAM_LIBS = @LIBPAM_LIBS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -LZ4_CFLAGS = @LZ4_CFLAGS@ -LZ4_LIBS = @LZ4_LIBS@ -LZO_CFLAGS = @LZO_CFLAGS@ -LZO_LIBS = @LZO_LIBS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MBEDTLS_CFLAGS = @MBEDTLS_CFLAGS@ -MBEDTLS_LIBS = @MBEDTLS_LIBS@ -MKDIR_P = @MKDIR_P@ -NETSTAT = @NETSTAT@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENVPN_VERSION_MAJOR = @OPENVPN_VERSION_MAJOR@ -OPENVPN_VERSION_MINOR = @OPENVPN_VERSION_MINOR@ -OPENVPN_VERSION_PATCH = @OPENVPN_VERSION_PATCH@ -OPTIONAL_CRYPTO_CFLAGS = @OPTIONAL_CRYPTO_CFLAGS@ -OPTIONAL_CRYPTO_LIBS = @OPTIONAL_CRYPTO_LIBS@ -OPTIONAL_DL_LIBS = @OPTIONAL_DL_LIBS@ -OPTIONAL_INOTIFY_CFLAGS = @OPTIONAL_INOTIFY_CFLAGS@ -OPTIONAL_INOTIFY_LIBS = @OPTIONAL_INOTIFY_LIBS@ -OPTIONAL_LZ4_CFLAGS = @OPTIONAL_LZ4_CFLAGS@ -OPTIONAL_LZ4_LIBS = @OPTIONAL_LZ4_LIBS@ -OPTIONAL_LZO_CFLAGS = @OPTIONAL_LZO_CFLAGS@ -OPTIONAL_LZO_LIBS = @OPTIONAL_LZO_LIBS@ -OPTIONAL_PKCS11_HELPER_CFLAGS = @OPTIONAL_PKCS11_HELPER_CFLAGS@ -OPTIONAL_PKCS11_HELPER_LIBS = @OPTIONAL_PKCS11_HELPER_LIBS@ -OPTIONAL_SELINUX_LIBS = @OPTIONAL_SELINUX_LIBS@ -OPTIONAL_SYSTEMD_LIBS = @OPTIONAL_SYSTEMD_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -P11KIT_CFLAGS = @P11KIT_CFLAGS@ -P11KIT_LIBS = @P11KIT_LIBS@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@ -PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -PLUGINDIR = @PLUGINDIR@ -PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@ -PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@ -RANLIB = @RANLIB@ -RC = @RC@ -ROUTE = @ROUTE@ -RST2HTML = @RST2HTML@ -RST2MAN = @RST2MAN@ -SED = @SED@ -SELINUX_LIBS = @SELINUX_LIBS@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKETS_LIBS = @SOCKETS_LIBS@ -STRIP = @STRIP@ -SYSTEMD_ASK_PASSWORD = @SYSTEMD_ASK_PASSWORD@ -SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@ -TAP_CFLAGS = @TAP_CFLAGS@ -TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@ -TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@ -TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@ -TEST_CFLAGS = @TEST_CFLAGS@ -TEST_LDFLAGS = @TEST_LDFLAGS@ -TMPFILES_DIR = @TMPFILES_DIR@ -VERSION = @VERSION@ -WOLFSSL_CFLAGS = @WOLFSSL_CFLAGS@ -WOLFSSL_INCLUDEDIR = @WOLFSSL_INCLUDEDIR@ -WOLFSSL_LIBS = @WOLFSSL_LIBS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libsystemd_CFLAGS = @libsystemd_CFLAGS@ -libsystemd_LIBS = @libsystemd_LIBS@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -plugindir = @plugindir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -runstatedir = @runstatedir@ -sampledir = @sampledir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -systemdunitdir = @systemdunitdir@ -target_alias = @target_alias@ -tmpfilesdir = @tmpfilesdir@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in - -dist_noinst_DATA = \ - msvc-generate.vcxproj \ - Makefile.mak \ - msvc-generate.js - -all: all-am - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign build/msvc/msvc-generate/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign build/msvc/msvc-generate/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -tags TAGS: - -ctags CTAGS: - -cscope cscopelist: - -distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -distdir-am: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(DATA) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: all all-am check check-am clean clean-generic clean-libtool \ - cscopelist-am ctags-am distclean distclean-generic \ - distclean-libtool distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags-am uninstall uninstall-am - -.PRECIOUS: Makefile - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru openvpn-2.6.3/build/msvc/msvc-generate/Makefile.mak openvpn-2.6.14/build/msvc/msvc-generate/Makefile.mak --- openvpn-2.6.3/build/msvc/msvc-generate/Makefile.mak 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/build/msvc/msvc-generate/Makefile.mak 1970-01-01 00:00:00.000000000 +0000 @@ -1,67 +0,0 @@ -# -# OpenVPN -- An application to securely tunnel IP networks -# over a single UDP port, with support for SSL/TLS-based -# session authentication and key exchange, -# packet encryption, packet authentication, and -# packet compression. -# -# Copyright (C) 2002-2023 OpenVPN Inc -# Copyright (C) 2008-2012 Alon Bar-Lev -# Copyright (C) 2022-2022 Lev Stipakov -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 -# as published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# - -CONFIG=$(SOLUTIONDIR)/version.m4 - -INPUT_MSVC_VER=$(SOLUTIONDIR)/config-msvc-version.h.in -OUTPUT_MSVC_VER=$(SOLUTIONDIR)/config-msvc-version.h - -INPUT_PLUGIN=$(SOLUTIONDIR)/include/openvpn-plugin.h.in -OUTPUT_PLUGIN=$(SOLUTIONDIR)/include/openvpn-plugin.h - -INPUT_PLUGIN_CONFIG=version.m4.in -OUTPUT_PLUGIN_CONFIG=version.m4 - -INPUT_MAN=$(SOLUTIONDIR)/doc/openvpn.8.rst -OUTPUT_MAN=$(SOLUTIONDIR)/doc/openvpn.8.html - -OUTPUT_MSVC_GIT_CONFIG=$(SOLUTIONDIR)/config-version.h - -all: $(OUTPUT_MSVC_VER) $(OUTPUT_PLUGIN) $(OUTPUT_MAN) $(OUTPUT_MSVC_GIT_CONFIG) - -$(OUTPUT_MSVC_VER): $(INPUT_MSVC_VER) $(CONFIG) - cscript //nologo msvc-generate.js --config="$(CONFIG)" --input="$(INPUT_MSVC_VER)" --output="$(OUTPUT_MSVC_VER)" - -$(OUTPUT_PLUGIN_CONFIG): $(INPUT_PLUGIN_CONFIG) - cscript //nologo msvc-generate.js --config="$(CONFIG)" --input="$(INPUT_PLUGIN_CONFIG)" --output="$(OUTPUT_PLUGIN_CONFIG)" - -$(OUTPUT_PLUGIN): $(INPUT_PLUGIN) $(OUTPUT_PLUGIN_CONFIG) - cscript //nologo msvc-generate.js --config="$(OUTPUT_PLUGIN_CONFIG)" --input="$(INPUT_PLUGIN)" --output="$(OUTPUT_PLUGIN)" - -$(OUTPUT_MAN): $(INPUT_MAN) - -FOR /F %i IN ('where rst2html.py') DO python %i "$(INPUT_MAN)" "$(OUTPUT_MAN)" - -# Force regeneration because we can't detect whether it is outdated -$(OUTPUT_MSVC_GIT_CONFIG): FORCE - python git-version.py $(SOLUTIONDIR) - -FORCE: - -clean: - -del "$(OUTPUT_MSVC_VER)" - -del "$(OUTPUT_PLUGIN)" - -del "$(OUTPUT_PLUGIN_CONFIG)" - -del "$(OUTPUT_MAN)" - -del "$(OUTPUT_MSVC_GIT_CONFIG)" diff -Nru openvpn-2.6.3/build/msvc/msvc-generate/msvc-generate.js openvpn-2.6.14/build/msvc/msvc-generate/msvc-generate.js --- openvpn-2.6.3/build/msvc/msvc-generate/msvc-generate.js 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/build/msvc/msvc-generate/msvc-generate.js 1970-01-01 00:00:00.000000000 +0000 @@ -1,118 +0,0 @@ -/* - * msvc-generate.js - string transformation - * - * Copyright (C) 2008-2012 Alon Bar-Lev - * - * BSD License - * ============ - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * o Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * o Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * o Neither the name of the Alon Bar-Lev nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - */ - -var ForReading = 1; -var fso = new ActiveXObject("Scripting.FileSystemObject"); -var input = "nul"; -var output = "nul"; -var files = new Array(); -var env = new Array(); - -function initialize() { - for (var i=0;i - - - - Debug - ARM64 - - - Debug - Win32 - - - Debug - x64 - - - Release - ARM64 - - - Release - Win32 - - - Release - x64 - - - - {8598C2C8-34C4-47A1-99B0-7C295A890615} - msvc-generate - MakeFileProj - 10.0 - - - - Makefile - v143 - - - Makefile - v143 - - - Makefile - v143 - - - Makefile - v143 - - - Makefile - v143 - - - Makefile - v143 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30319.1 - $(Configuration)\ - $(Configuration)\ - nmake -f Makefile.mak all - nmake -f Makefile.mak all - nmake -f Makefile.mak all - nmake -f Makefile.mak clean all - nmake -f Makefile.mak clean all - nmake -f Makefile.mak clean all - nmake -f Makefile.mak clean - nmake -f Makefile.mak clean - nmake -f Makefile.mak clean - config-msvc-version.h - config-msvc-version.h - config-msvc-version.h - WIN32;_DEBUG;$(NMakePreprocessorDefinitions) - WIN32;_DEBUG;$(NMakePreprocessorDefinitions) - WIN32;_DEBUG;$(NMakePreprocessorDefinitions) - $(NMakeIncludeSearchPath) - $(NMakeIncludeSearchPath) - $(NMakeIncludeSearchPath) - $(NMakeForcedIncludes) - $(NMakeForcedIncludes) - $(NMakeForcedIncludes) - $(NMakeAssemblySearchPath) - $(NMakeAssemblySearchPath) - $(NMakeAssemblySearchPath) - $(NMakeForcedUsingAssemblies) - $(NMakeForcedUsingAssemblies) - $(NMakeForcedUsingAssemblies) - $(Configuration)\ - $(Configuration)\ - nmake -f Makefile.mak all - nmake -f Makefile.mak all - nmake -f Makefile.mak all - nmake -f Makefile.mak clean all - nmake -f Makefile.mak clean all - nmake -f Makefile.mak clean all - nmake -f Makefile.mak clean - nmake -f Makefile.mak clean - nmake -f Makefile.mak clean - config-msvc-version.h - config-msvc-version.h - config-msvc-version.h - WIN32;NDEBUG;$(NMakePreprocessorDefinitions) - WIN32;NDEBUG;$(NMakePreprocessorDefinitions) - WIN32;NDEBUG;$(NMakePreprocessorDefinitions) - $(NMakeIncludeSearchPath) - $(NMakeIncludeSearchPath) - $(NMakeIncludeSearchPath) - $(NMakeForcedIncludes) - $(NMakeForcedIncludes) - $(NMakeForcedIncludes) - $(NMakeAssemblySearchPath) - $(NMakeAssemblySearchPath) - $(NMakeAssemblySearchPath) - $(NMakeForcedUsingAssemblies) - $(NMakeForcedUsingAssemblies) - $(NMakeForcedUsingAssemblies) - - - - - - - - - - - \ No newline at end of file diff -Nru openvpn-2.6.3/config-msvc-version.h.in openvpn-2.6.14/config-msvc-version.h.in --- openvpn-2.6.3/config-msvc-version.h.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/config-msvc-version.h.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -#define PACKAGE_NAME "@PRODUCT_NAME@" -#define PACKAGE_STRING "@PRODUCT_NAME@ @PRODUCT_VERSION_MAJOR@.@PRODUCT_VERSION_MINOR@@PRODUCT_VERSION_PATCH@" -#define PACKAGE_TARNAME "@PRODUCT_TARNAME@" -#define PACKAGE "@PRODUCT_TARNAME@" -#define PRODUCT_VERSION_MAJOR "@PRODUCT_VERSION_MAJOR@" -#define PRODUCT_VERSION_MINOR "@PRODUCT_VERSION_MINOR@" -#define PRODUCT_VERSION_PATCH "@PRODUCT_VERSION_PATCH@" -#define PACKAGE_VERSION "@PRODUCT_VERSION_MAJOR@.@PRODUCT_VERSION_MINOR@@PRODUCT_VERSION_PATCH@" -#define PRODUCT_VERSION "@PRODUCT_VERSION_MAJOR@.@PRODUCT_VERSION_MINOR@@PRODUCT_VERSION_PATCH@" -#define PRODUCT_BUGREPORT "@PRODUCT_BUGREPORT@" -#define OPENVPN_VERSION_RESOURCE @PRODUCT_VERSION_RESOURCE@ -#define TAP_WIN_COMPONENT_ID "@PRODUCT_TAP_WIN_COMPONENT_ID@" -#define TAP_WIN_MIN_MAJOR @PRODUCT_TAP_WIN_MIN_MAJOR@ -#define TAP_WIN_MIN_MINOR @PRODUCT_TAP_WIN_MIN_MINOR@ diff -Nru openvpn-2.6.3/config-msvc.h openvpn-2.6.14/config-msvc.h --- openvpn-2.6.3/config-msvc.h 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/config-msvc.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,93 +0,0 @@ -#include - -#define CONFIGURE_DEFINES "N/A" - -#define ENABLE_PF 1 -#define ENABLE_CRYPTO_OPENSSL 1 -#define ENABLE_FRAGMENT 1 -#define ENABLE_HTTP_PROXY 1 -#define ENABLE_LZO 1 -#define ENABLE_LZ4 1 -#define ENABLE_MANAGEMENT 1 -#define ENABLE_PKCS11 1 -#define ENABLE_PLUGIN 1 -#define ENABLE_PORT_SHARE 1 -#define ENABLE_SOCKS 1 - -#define HAVE_FCNTL_H 1 -#define HAVE_STDIO_H 1 -#define HAVE_STDLIB_H 1 -#define HAVE_STRERROR 1 -#define HAVE_STRINGS_H 1 -#define HAVE_STRING_H 1 -#define HAVE_LIMITS_H 1 -#define HAVE_SYSTEM 1 -#define HAVE_TIME 1 -#define HAVE_TIME_H 1 -#define HAVE_WINDOWS_H 1 -#define HAVE_WINSOCK2_H 1 -#define HAVE_WS2TCPIP_H 1 -#define HAVE_IO_H 1 -#define HAVE_SYS_TYPES_H 1 -#define HAVE_SYS_STAT_H 1 -#define HAVE_LZO_LZO1X_H 1 -#define HAVE_LZO_LZOUTIL_H 1 -#define HAVE_VERSIONHELPERS_H 1 - -#define HAVE_ACCESS 1 -#define HAVE_CHDIR 1 -#define HAVE_CHSIZE 1 -#define HAVE_IN_PKTINFO 1 - -#define HAVE_OPENSSL_ENGINE 1 -#define HAVE_EXPORT_KEYING_MATERIAL 1 - -#define HAVE_DIINSTALLDEVICE 1 - -#ifndef __cplusplus -#define inline __inline -#endif - -#define TARGET_WIN32 1 -#define TARGET_ALIAS "Windows-MSVC" - -#define HAVE_DECL_SO_MARK 0 - -#define strncasecmp strnicmp -#define strcasecmp _stricmp - -#if _MSC_VER<1900 -#define snprintf _snprintf -#endif - -#if _MSC_VER < 1800 -#define strtoull strtoul -#endif - -#define in_addr_t uint32_t -#define ssize_t SSIZE_T - -#define S_IRUSR _S_IREAD -#define S_IWUSR _S_IWRITE -#define S_IRGRP (S_IRUSR >> 3) -#define R_OK 4 -#define W_OK 2 -#define X_OK 1 -#define F_OK 0 - -#define SIGHUP 1 -#define SIGINT 2 -#define SIGUSR1 10 -#define SIGUSR2 12 -#define SIGTERM 15 - -#include -typedef uint16_t in_port_t; - -#ifdef HAVE_CONFIG_MSVC_LOCAL_H -#include -#endif - -#define ENABLE_DCO 1 - -#define HAVE_CONFIG_VERSION_H 1 diff -Nru openvpn-2.6.3/config.guess openvpn-2.6.14/config.guess --- openvpn-2.6.3/config.guess 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/config.guess 2025-04-02 06:53:10.000000000 +0000 @@ -1,14 +1,14 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2022 Free Software Foundation, Inc. +# Copyright 1992-2021 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2022-01-09' +timestamp='2021-06-03' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -60,7 +60,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2022 Free Software Foundation, Inc. +Copyright 1992-2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -437,7 +437,7 @@ # This test works for both compilers. if test "$CC_FOR_BUILD" != no_compiler_found; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH=x86_64 @@ -929,9 +929,6 @@ i*:PW*:*) GUESS=$UNAME_MACHINE-pc-pw32 ;; - *:SerenityOS:*:*) - GUESS=$UNAME_MACHINE-pc-serenity - ;; *:Interix*:*) case $UNAME_MACHINE in x86) @@ -1525,9 +1522,6 @@ i*86:rdos:*:*) GUESS=$UNAME_MACHINE-pc-rdos ;; - i*86:Fiwix:*:*) - GUESS=$UNAME_MACHINE-pc-fiwix - ;; *:AROS:*:*) GUESS=$UNAME_MACHINE-unknown-aros ;; diff -Nru openvpn-2.6.3/config.h.cmake.in openvpn-2.6.14/config.h.cmake.in --- openvpn-2.6.3/config.h.cmake.in 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/config.h.cmake.in 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,473 @@ + +/* Configuration settings */ +#define CONFIGURE_DEFINES "N/A" + +/* Enable async push */ +#cmakedefine ENABLE_ASYNC_PUSH + +/* Use mbed TLS library */ +#cmakedefine ENABLE_CRYPTO_MBEDTLS + +/* Use Openssl */ +#cmakedefine ENABLE_CRYPTO_OPENSSL + +/* Use wolfSSL crypto library */ +#cmakedefine ENABLE_CRYPTO_WOLFSSL + +/* Enable shared data channel offload */ +#cmakedefine ENABLE_DCO + +/* Enable debugging support (needed for verb>=4) */ +#define ENABLE_DEBUG 1 + +/* We have persist tun capability */ +#cmakedefine ENABLE_FEATURE_TUN_PERSIST + +/* Enable internal fragmentation support */ +#define ENABLE_FRAGMENT 1 + +/* Enable linux data channel offload */ +#cmakedefine ENABLE_LINUXDCO + +/* Enable LZ4 compression library */ +#cmakedefine ENABLE_LZ4 + +/* Enable LZO compression library */ +#cmakedefine ENABLE_LZO + +/* Enable management server capability */ +#define ENABLE_MANAGEMENT 1 + +/* Enable OFB and CFB cipher modes */ +#define ENABLE_OFB_CFB_MODE + +/* Enable PKCS11 */ +#cmakedefine ENABLE_PKCS11 + +/* Enable plug-in support */ +#define ENABLE_PLUGIN 1 + +/* Enable TCP Server port sharing */ +#cmakedefine ENABLE_PORT_SHARE + +/* SELinux support */ +#cmakedefine ENABLE_SELINUX + +/* enable sitnl support */ +#cmakedefine ENABLE_SITNL + +/* Enable systemd integration */ +/* #undef ENABLE_SYSTEMD */ + +/* Enable --x509-username-field feature */ +#cmakedefine ENABLE_X509ALTUSERNAME + +/* Compiler supports anonymous unions */ +#define HAVE_ANONYMOUS_UNION_SUPPORT + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_ARPA_INET_H 1 + +/* Define to 1 if you have the `basename' function. */ +#cmakedefine HAVE_BASENAME + +/* Define to 1 if you have the `chdir' function. */ +#cmakedefine HAVE_CHDIR + +/* Define to 1 if you have the `chroot' function. */ +#cmakedefine HAVE_CHROOT + +/* Define to 1 if you have the `chsize' function. */ +#cmakedefine HAVE_CHSIZE + +/* struct cmsghdr needed for extended socket error support */ +#cmakedefine HAVE_CMSGHDR + +/* git version information in config-version.h */ +#cmakedefine HAVE_CONFIG_VERSION_H + +/* Define to 1 if you have the `daemon' function. */ +#cmakedefine HAVE_DAEMON + +/* Define to 1 if you have the declaration of `SO_MARK', and to 0 if you +don't. */ +#cmakedefine01 HAVE_DECL_SO_MARK + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_DIRECT_H + +/* Define to 1 if you have the `dirname' function. */ +#cmakedefine HAVE_DIRNAME + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_DLFCN_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_DMALLOC_H + +/* Define to 1 if you have the `dup' function. */ +#cmakedefine HAVE_DUP + +/* Define to 1 if you have the `dup2' function. */ +#cmakedefine HAVE_DUP2 + +/* Define to 1 if you have the `epoll_create' function. */ +#cmakedefine HAVE_EPOLL_CREATE + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_ERR_H + +/* Crypto library supports keying material exporter */ +#define HAVE_EXPORT_KEYING_MATERIAL 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_FCNTL_H + +/* Define to 1 if you have the `fork' function. */ +#cmakedefine HAVE_FORK +#cmakedefine HAVE_EXECVE + +/* Define to 1 if you have the `ftruncate' function. */ +#cmakedefine HAVE_FTRUNCATE + +/* Define to 1 if you have the `getgrnam' function. */ +#cmakedefine HAVE_GETGRNAM + +/* Define to 1 if you have the `getpeereid' function. */ +#cmakedefine HAVE_GETPEEREID + +/* Define to 1 if you have the `getpwnam' function. */ +#cmakedefine HAVE_GETPWNAM + +/* Define to 1 if you have the `getrlimit' function. */ +#undef HAVE_GETRLIMIT + +/* Define to 1 if you have the `getsockname' function. */ +#cmakedefine HAVE_GETSOCKNAME + +/* Define to 1 if you have the `gettimeofday' function. */ +#cmakedefine HAVE_GETTIMEOFDAY + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_GRP_H + +/* struct in_pktinfo needed for IP_PKTINFO support */ +#cmakedefine HAVE_IN_PKTINFO + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_IO_H + +/* struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support */ +#cmakedefine HAVE_IPI_SPEC_DST + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LIBGEN_H + +/* Define to 1 if you have the header file. */ +#define HAVE_LIMITS_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LINUX_IF_TUN_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LINUX_SOCKIOS_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LINUX_TYPES_H + +/* Define to 1 if you have the header file. */ +#define HAVE_LZO1X_H 1 + +/* Define to 1 if you have the `mlockall' function. */ +#cmakedefine HAVE_MLOCKALL + +/* struct msghdr needed for extended socket error support */ +#cmakedefine HAVE_MSGHDR + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NETDB_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NETINET_IN_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NETINET_IP_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETINET_TCP_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NET_IF_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NET_IF_TUN_H + +/* Define to 1 if you have the header file. */ +#cmakedefine01 HAVE_NET_IF_UTUN_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NET_TUN_IF_TUN_H + +/* Define to 1 if you have the `nice' function. */ +#cmakedefine HAVE_NICE + +/* Define to 1 if you have the `openlog' function. */ +#cmakedefine HAVE_OPENLOG + +/* OpenSSL engine support available */ +#undef HAVE_OPENSSL_ENGINE + +/* Define to 1 if you have the `poll' function. */ +#undef HAVE_POLL + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_POLL_H + +/* Define to 1 if you have the `putenv' function. */ +#undef HAVE_PUTENV + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_PWD_H + +/* Define to 1 if you have the `readv' function. */ +#undef HAVE_READV + +/* Define to 1 if you have the `recvmsg' function. */ +#cmakedefine HAVE_RECVMSG +#cmakedefine HAVE_SENDMSG + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_RESOLV_H + +/* sa_family_t, needed to hold AF_* info */ +#cmakedefine HAVE_SA_FAMILY_T + +/* Define to 1 if you have the `sd_booted' function. */ +#undef HAVE_SD_BOOTED + +/* Define to 1 if you have the `setgid' function. */ +#cmakedefine HAVE_SETGID + +/* Define to 1 if you have the `setgroups' function. */ +#undef HAVE_SETGROUPS + +/* Define to 1 if you have the `setsid' function. */ +#cmakedefine HAVE_SETSID + +/* Define to 1 if you have the `setsockopt' function. */ +#define HAVE_SETSOCKOPT 1 + +/* Define to 1 if you have the `setuid' function. */ +#cmakedefine HAVE_SETUID + +/* Define to 1 if you have the header file. */ +#undef HAVE_SIGNAL_H + +/* Define to 1 if you have the `socket' function. */ +#undef HAVE_SOCKET + +/* struct sock_extended_err needed for extended socket error support */ +#undef HAVE_SOCK_EXTENDED_ERR + +/* Define to 1 if you have the `stat' function. */ +#define HAVE_STAT 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDARG_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDIO_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strsep' function. */ +#undef HAVE_STRSEP + +/* Define to 1 if you have the `syslog' function. */ +#cmakedefine HAVE_SYSLOG + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYSLOG_H + +/* Define to 1 if you have the `system' function. */ +#undef HAVE_SYSTEM + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYSTEMD_SD_DAEMON_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_EPOLL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_FILE_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_INOTIFY_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_IOCTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_KERN_CONTROL_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_MMAN_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKIO_H + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_TIME_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_UIO_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_UN_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_WAIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_TAP_WINDOWS_H + +/* Define to 1 if you have the `time' function. */ +#define HAVE_TIME 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_TIME_H 1 + +/* Define to 1 if you have the header file. */ +#undef HAVE_UAPI_H + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_UNISTD_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_VALGRIND_MEMCHECK_H + +/* Define to 1 if you have the `vfork' function. */ +#undef HAVE_VFORK + +/* Define to 1 if you have the header file. */ +#undef HAVE_VFORK_H + +/* Define to 1 if you have the `vsnprintf' function. */ +#undef HAVE_VSNPRINTF + +/* we always assume a recent mbed TLS version */ +#define HAVE_MBEDTLS_PSA_CRYPTO_H 1 +#define HAVE_MBEDTLS_SSL_TLS_PRF 1 +#define HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB 1 +#define HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET 1 + +/* Path to ifconfig tool */ +#define IFCONFIG_PATH "@IFCONFIG_PATH@" + +/* Path to iproute tool */ +#define IPROUTE_PATH "@IPROUTE_PATH@" + +/* Path to route tool */ +#define ROUTE_PATH "@ROUTE_PATH@" + +/* OpenVPN version in Windows resource format - string */ +#define OPENVPN_VERSION_RESOURCE @OPENVPN_VERSION_RESOURCE@ + +/* Name of package */ +#define PACKAGE "openvpn" + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "OpenVPN" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "OpenVPN @OPENVPN_VERSION_MAJOR@.@OPENVPN_VERSION_MINOR@@OPENVPN_VERSION_PATCH@" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "@OPENVPN_VERSION_MAJOR@.@OPENVPN_VERSION_MINOR@@OPENVPN_VERSION_PATCH@" + +/* Path to systemd-ask-password tool */ +#undef SYSTEMD_ASK_PASSWORD_PATH + +/* systemd is newer than v216 */ +#define SYSTEMD_NEWER_THAN_216 + +/* The tap-windows id */ +#define TAP_WIN_COMPONENT_ID "tap0901" + +/* The tap-windows version number is required for OpenVPN */ +#define TAP_WIN_MIN_MAJOR 9 + +/* The tap-windows version number is required for OpenVPN */ +#define TAP_WIN_MIN_MINOR 9 + +/* Are we running on Mac OS X? */ +#cmakedefine TARGET_DARWIN + +/* Are we running on FreeBSD? */ +#cmakedefine TARGET_FREEBSD + +/* Are we running on Linux? */ +#cmakedefine TARGET_LINUX + +/* Are we running WIN32? */ +#cmakedefine TARGET_WIN32 + +#define TARGET_ALIAS "@CMAKE_SYSTEM_NAME@" + +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE 1 +#endif + + +#if defined(_WIN32) +#include +typedef uint32_t in_addr_t; +typedef uint16_t in_port_t; + +#define SIGHUP 1 +#define SIGINT 2 +#define SIGUSR1 10 +#define SIGUSR2 12 +#define SIGTERM 15 +#endif + +#if defined(_MSC_VER) +#include +typedef SSIZE_T ssize_t; +#define strncasecmp strnicmp +#define strcasecmp _stricmp + +#define S_IRUSR _S_IREAD +#define S_IWUSR _S_IWRITE +#define R_OK 4 +#define W_OK 2 +#define X_OK 1 +#define F_OK 0 +#endif + diff -Nru openvpn-2.6.3/config.h.in openvpn-2.6.14/config.h.in --- openvpn-2.6.3/config.h.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/config.h.in 2025-04-02 06:53:10.000000000 +0000 @@ -84,7 +84,7 @@ /* Include options.h from wolfSSL library */ #undef EXTERNAL_OPTS_OPENVPN -/* Define to 1 if you have the `access' function. */ +/* Define to 1 if you have the 'access' function. */ #undef HAVE_ACCESS /* Compiler supports anonymous unions */ @@ -93,16 +93,16 @@ /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_INET_H -/* Define to 1 if you have the `basename' function. */ +/* Define to 1 if you have the 'basename' function. */ #undef HAVE_BASENAME -/* Define to 1 if you have the `chdir' function. */ +/* Define to 1 if you have the 'chdir' function. */ #undef HAVE_CHDIR -/* Define to 1 if you have the `chroot' function. */ +/* Define to 1 if you have the 'chroot' function. */ #undef HAVE_CHROOT -/* Define to 1 if you have the `chsize' function. */ +/* Define to 1 if you have the 'chsize' function. */ #undef HAVE_CHSIZE /* struct cmsghdr needed for extended socket error support */ @@ -111,41 +111,38 @@ /* extra version available in config-version.h */ #undef HAVE_CONFIG_VERSION_H -/* Use mbedtls_ctr_drbg_update_ret from mbed TLS */ -#undef HAVE_CTR_DRBG_UPDATE_RET - -/* Define to 1 if you have the `daemon' function. */ +/* Define to 1 if you have the 'daemon' function. */ #undef HAVE_DAEMON -/* Define to 1 if you have the declaration of `SIGHUP', and to 0 if you don't. +/* Define to 1 if you have the declaration of 'SIGHUP', and to 0 if you don't. */ #undef HAVE_DECL_SIGHUP -/* Define to 1 if you have the declaration of `SIGINT', and to 0 if you don't. +/* Define to 1 if you have the declaration of 'SIGINT', and to 0 if you don't. */ #undef HAVE_DECL_SIGINT -/* Define to 1 if you have the declaration of `SIGTERM', and to 0 if you +/* Define to 1 if you have the declaration of 'SIGTERM', and to 0 if you don't. */ #undef HAVE_DECL_SIGTERM -/* Define to 1 if you have the declaration of `SIGUSR1', and to 0 if you +/* Define to 1 if you have the declaration of 'SIGUSR1', and to 0 if you don't. */ #undef HAVE_DECL_SIGUSR1 -/* Define to 1 if you have the declaration of `SIGUSR2', and to 0 if you +/* Define to 1 if you have the declaration of 'SIGUSR2', and to 0 if you don't. */ #undef HAVE_DECL_SIGUSR2 -/* Define to 1 if you have the declaration of `SO_MARK', and to 0 if you +/* Define to 1 if you have the declaration of 'SO_MARK', and to 0 if you don't. */ #undef HAVE_DECL_SO_MARK -/* Define to 1 if you have the declaration of `TUNSETPERSIST', and to 0 if you +/* Define to 1 if you have the declaration of 'TUNSETPERSIST', and to 0 if you don't. */ #undef HAVE_DECL_TUNSETPERSIST -/* Define to 1 if you have the `dirname' function. */ +/* Define to 1 if you have the 'dirname' function. */ #undef HAVE_DIRNAME /* Define to 1 if you have the header file. */ @@ -154,25 +151,25 @@ /* Define to 1 if you have the header file. */ #undef HAVE_DMALLOC_H -/* Define to 1 if you have the `dup' function. */ +/* Define to 1 if you have the 'dup' function. */ #undef HAVE_DUP -/* Define to 1 if you have the `dup2' function. */ +/* Define to 1 if you have the 'dup2' function. */ #undef HAVE_DUP2 -/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */ +/* Define to 1 if you have the 'ENGINE_load_builtin_engines' function. */ #undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES -/* Define to 1 if you have the `ENGINE_register_all_complete' function. */ +/* Define to 1 if you have the 'ENGINE_register_all_complete' function. */ #undef HAVE_ENGINE_REGISTER_ALL_COMPLETE -/* Define to 1 if you have the `epoll_create' function. */ +/* Define to 1 if you have the 'epoll_create' function. */ #undef HAVE_EPOLL_CREATE /* Define to 1 if you have the header file. */ #undef HAVE_ERR_H -/* Define to 1 if you have the `execve' function. */ +/* Define to 1 if you have the 'execve' function. */ #undef HAVE_EXECVE /* Crypto library supports keying material exporter */ @@ -181,28 +178,28 @@ /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H -/* Define to 1 if you have the `flock' function. */ +/* Define to 1 if you have the 'flock' function. */ #undef HAVE_FLOCK -/* Define to 1 if you have the `fork' function. */ +/* Define to 1 if you have the 'fork' function. */ #undef HAVE_FORK -/* Define to 1 if you have the `ftruncate' function. */ +/* Define to 1 if you have the 'ftruncate' function. */ #undef HAVE_FTRUNCATE -/* Define to 1 if you have the `getgrnam' function. */ +/* Define to 1 if you have the 'getgrnam' function. */ #undef HAVE_GETGRNAM -/* Define to 1 if you have the `getpeereid' function. */ +/* Define to 1 if you have the 'getpeereid' function. */ #undef HAVE_GETPEEREID -/* Define to 1 if you have the `getpwnam' function. */ +/* Define to 1 if you have the 'getpwnam' function. */ #undef HAVE_GETPWNAM -/* Define to 1 if you have the `getrlimit' function. */ +/* Define to 1 if you have the 'getrlimit' function. */ #undef HAVE_GETRLIMIT -/* Define to 1 if you have the `gettimeofday' function. */ +/* Define to 1 if you have the 'gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY /* Define to 1 if you have the header file. */ @@ -211,13 +208,13 @@ /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H -/* Define to 1 if the system has the type `in_addr_t'. */ +/* Define to 1 if the system has the type 'in_addr_t'. */ #undef HAVE_IN_ADDR_T /* struct in_pktinfo needed for IP_PKTINFO support */ #undef HAVE_IN_PKTINFO -/* Define to 1 if the system has the type `in_port_t'. */ +/* Define to 1 if the system has the type 'in_port_t'. */ #undef HAVE_IN_PORT_T /* Define to 1 if you have the header file. */ @@ -235,10 +232,10 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LIBGEN_H -/* Define to 1 if you have the `lz4' library (-llz4). */ +/* Define to 1 if you have the 'lz4' library (-llz4). */ #undef HAVE_LIBLZ4 -/* Define to 1 if you have the `wolfssl' library (-lwolfssl). */ +/* Define to 1 if you have the 'wolfssl' library (-lwolfssl). */ #undef HAVE_LIBWOLFSSL /* Define to 1 if you have the header file. */ @@ -259,25 +256,34 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LZO1X_H -/* Define to 1 if you have the header file. */ -#undef HAVE_LZOUTIL_H - /* Define to 1 if you have the header file. */ #undef HAVE_LZO_LZO1X_H -/* Define to 1 if you have the header file. */ -#undef HAVE_LZO_LZOUTIL_H - -/* Define to 1 if you have the `mbedtls_cipher_check_tag' function. */ +/* Define to 1 if you have the 'mbedtls_cipher_check_tag' function. */ #undef HAVE_MBEDTLS_CIPHER_CHECK_TAG -/* Define to 1 if you have the `mbedtls_cipher_write_tag' function. */ +/* Define to 1 if you have the 'mbedtls_cipher_write_tag' function. */ #undef HAVE_MBEDTLS_CIPHER_WRITE_TAG +/* Use mbedtls_ctr_drbg_update_ret from mbed TLS */ +#undef HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET + +/* no */ +#undef HAVE_MBEDTLS_PSA_CRYPTO_H + +/* no */ +#undef HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB + +/* no */ +#undef HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB + +/* no */ +#undef HAVE_MBEDTLS_SSL_TLS_PRF + /* Define to 1 if you have the header file. */ #undef HAVE_MINIX_CONFIG_H -/* Define to 1 if you have the `mlockall' function. */ +/* Define to 1 if you have the 'mlockall' function. */ #undef HAVE_MLOCKALL /* struct msghdr needed for extended socket error support */ @@ -313,10 +319,10 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NET_TUN_IF_TUN_H -/* Define to 1 if you have the `nice' function. */ +/* Define to 1 if you have the 'nice' function. */ #undef HAVE_NICE -/* Define to 1 if you have the `openlog' function. */ +/* Define to 1 if you have the 'openlog' function. */ #undef HAVE_OPENLOG /* OpenSSL engine support available */ @@ -328,10 +334,10 @@ /* Define to 1 if you have the header file. */ #undef HAVE_PWD_H -/* Define to 1 if you have the `readv' function. */ +/* Define to 1 if you have the 'readv' function. */ #undef HAVE_READV -/* Define to 1 if you have the `recvmsg' function. */ +/* Define to 1 if you have the 'recvmsg' function. */ #undef HAVE_RECVMSG /* Define to 1 if you have the header file. */ @@ -340,25 +346,25 @@ /* sa_family_t, needed to hold AF_* info */ #undef HAVE_SA_FAMILY_T -/* Define to 1 if you have the `sd_booted' function. */ +/* Define to 1 if you have the 'sd_booted' function. */ #undef HAVE_SD_BOOTED -/* Define to 1 if you have the `sendmsg' function. */ +/* Define to 1 if you have the 'sendmsg' function. */ #undef HAVE_SENDMSG -/* Define to 1 if you have the `setgid' function. */ +/* Define to 1 if you have the 'setgid' function. */ #undef HAVE_SETGID -/* Define to 1 if you have the `setgroups' function. */ +/* Define to 1 if you have the 'setgroups' function. */ #undef HAVE_SETGROUPS -/* Define to 1 if you have the `setsid' function. */ +/* Define to 1 if you have the 'setsid' function. */ #undef HAVE_SETSID -/* Define to 1 if you have the `setuid' function. */ +/* Define to 1 if you have the 'setuid' function. */ #undef HAVE_SETUID -/* Define to 1 if you have the `SSL_CTX_new' function. */ +/* Define to 1 if you have the 'SSL_CTX_new' function. */ #undef HAVE_SSL_CTX_NEW /* Define to 1 if you have the header file. */ @@ -379,16 +385,16 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STROPTS_H -/* Define to 1 if you have the `strsep' function. */ +/* Define to 1 if you have the 'strsep' function. */ #undef HAVE_STRSEP -/* Define to 1 if you have the `syslog' function. */ +/* Define to 1 if you have the 'syslog' function. */ #undef HAVE_SYSLOG /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H -/* Define to 1 if you have the `system' function. */ +/* Define to 1 if you have the 'system' function. */ #undef HAVE_SYSTEM /* Define to 1 if you have the header file. */ @@ -442,7 +448,7 @@ /* Define to 1 if you have the header file. */ #undef HAVE_TERMIOS_H -/* Define to 1 if you have the `time' function. */ +/* Define to 1 if you have the 'time' function. */ #undef HAVE_TIME /* Define to 1 if you have the header file. */ @@ -451,10 +457,7 @@ /* Define to 1 if you have the header file. */ #undef HAVE_VALGRIND_MEMCHECK_H -/* Define to 1 if you have the header file. */ -#undef HAVE_VERSIONHELPERS_H - -/* Define to 1 if you have the `vfork' function. */ +/* Define to 1 if you have the 'vfork' function. */ #undef HAVE_VFORK /* Define to 1 if you have the header file. */ @@ -463,13 +466,13 @@ /* Define to 1 if you have the header file. */ #undef HAVE_WCHAR_H -/* Define to 1 if `fork' works. */ +/* Define to 1 if 'fork' works. */ #undef HAVE_WORKING_FORK -/* Define to 1 if `vfork' works. */ +/* Define to 1 if 'vfork' works. */ #undef HAVE_WORKING_VFORK -/* Define to 1 if you have the `writev' function. */ +/* Define to 1 if you have the 'writev' function. */ #undef HAVE_WRITEV /* Path to ifconfig tool */ @@ -517,9 +520,6 @@ /* Enable pedantic mode */ #undef PEDANTIC -/* Define as the return type of signal handlers (`int' or `void'). */ -#undef RETSIGTYPE - /* Path to route tool */ #undef ROUTE_PATH @@ -538,13 +538,13 @@ /* SIGUSR2 replacement */ #undef SIGUSR2 -/* The size of `unsigned int', as computed by sizeof. */ +/* The size of 'unsigned int', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_INT -/* The size of `unsigned long', as computed by sizeof. */ +/* The size of 'unsigned long', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_LONG -/* Define to 1 if all of the C90 standard headers exist (not just the ones +/* Define to 1 if all of the C89 standard headers exist (not just the ones required in a freestanding environment). This macro is provided for backward compatibility; new code need not use it. */ #undef STDC_HEADERS @@ -600,7 +600,7 @@ /* dlopen libpam */ #undef USE_PAM_DLOPEN -/* Enable extensions on AIX 3, Interix. */ +/* Enable extensions on AIX, Interix, z/OS. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif @@ -661,11 +661,15 @@ #ifndef __STDC_WANT_IEC_60559_DFP_EXT__ # undef __STDC_WANT_IEC_60559_DFP_EXT__ #endif +/* Enable extensions specified by C23 Annex F. */ +#ifndef __STDC_WANT_IEC_60559_EXT__ +# undef __STDC_WANT_IEC_60559_EXT__ +#endif /* Enable extensions specified by ISO/IEC TS 18661-4:2015. */ #ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__ # undef __STDC_WANT_IEC_60559_FUNCS_EXT__ #endif -/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */ +/* Enable extensions specified by C23 Annex H and ISO/IEC TS 18661-3:2015. */ #ifndef __STDC_WANT_IEC_60559_TYPES_EXT__ # undef __STDC_WANT_IEC_60559_TYPES_EXT__ #endif @@ -697,10 +701,10 @@ /* Use custom user_settings.h file for wolfSSL library */ #undef WOLFSSL_USER_SETTINGS -/* Define to empty if `const' does not conform to ANSI C. */ +/* Define to empty if 'const' does not conform to ANSI C. */ #undef const -/* Define to `int' if doesn't define. */ +/* Define as 'int' if doesn't define. */ #undef gid_t /* Workaround missing in_addr_t */ @@ -709,30 +713,30 @@ /* Workaround missing in_port_t */ #undef in_port_t -/* Define to `__inline__' or `__inline' if that's what the C compiler +/* Define to '__inline__' or '__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus #undef inline #endif -/* Define to `long int' if does not define. */ +/* Define to 'long int' if does not define. */ #undef off_t /* Define as a signed integer type capable of holding a process identifier. */ #undef pid_t -/* Define to `unsigned int' if does not define. */ +/* Define as 'unsigned int' if doesn't define. */ #undef size_t /* type to use in place of socklen_t if not defined */ #undef socklen_t -/* Define to `int' if doesn't define. */ +/* Define as 'int' if doesn't define. */ #undef uid_t -/* Define as `fork' if `vfork' does not work. */ +/* Define as 'fork' if 'vfork' does not work. */ #undef vfork -/* Define to empty if the keyword `volatile' does not work. Warning: valid - code using `volatile' can become incorrect without. Disable with care. */ +/* Define to empty if the keyword 'volatile' does not work. Warning: valid + code using 'volatile' can become incorrect without. Disable with care. */ #undef volatile diff -Nru openvpn-2.6.3/config.sub openvpn-2.6.14/config.sub --- openvpn-2.6.3/config.sub 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/config.sub 2025-04-02 06:53:10.000000000 +0000 @@ -1,14 +1,14 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2022 Free Software Foundation, Inc. +# Copyright 1992-2021 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2022-01-03' +timestamp='2021-08-14' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -76,7 +76,7 @@ version="\ GNU config.sub ($timestamp) -Copyright 1992-2022 Free Software Foundation, Inc. +Copyright 1992-2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -1020,11 +1020,6 @@ ;; # Here we normalize CPU types with a missing or matching vendor - armh-unknown | armh-alt) - cpu=armv7l - vendor=alt - basic_os=${basic_os:-linux-gnueabihf} - ;; dpx20-unknown | dpx20-bull) cpu=rs6000 vendor=bull @@ -1126,7 +1121,7 @@ xscale-* | xscalee[bl]-*) cpu=`echo "$cpu" | sed 's/^xscale/arm/'` ;; - arm64-* | aarch64le-*) + arm64-*) cpu=aarch64 ;; @@ -1309,7 +1304,7 @@ if test x$basic_os != x then -# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just +# First recognize some ad-hoc caes, or perhaps split kernel-os, or else just # set os. case $basic_os in gnu/linux*) @@ -1753,8 +1748,7 @@ | skyos* | haiku* | rdos* | toppers* | drops* | es* \ | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ - | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \ - | fiwix* ) + | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr*) ;; # This one is extra strict with allowed versions sco3.2v2 | sco3.2v[4-9]* | sco5v6*) diff -Nru openvpn-2.6.3/configure openvpn-2.6.14/configure --- openvpn-2.6.3/configure 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/configure 2025-04-02 06:53:10.000000000 +0000 @@ -1,11 +1,11 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for OpenVPN 2.6.3. +# Generated by GNU Autoconf 2.72 for OpenVPN 2.6.14. # # Report bugs to . # # -# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, +# Copyright (C) 1992-1996, 1998-2017, 2020-2023 Free Software Foundation, # Inc. # # @@ -17,7 +17,6 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh @@ -26,12 +25,13 @@ # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else $as_nop - case `(set -o) 2>/dev/null` in #( +else case e in #( + e) case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi @@ -103,7 +103,7 @@ ;; esac -# We did not find ourselves, most probably we were run as `sh COMMAND' +# We did not find ourselves, most probably we were run as 'sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 @@ -133,15 +133,14 @@ esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. +# out after a failed 'exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="as_nop=: -if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 + as_bourne_compatible="if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: @@ -149,12 +148,13 @@ # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST -else \$as_nop - case \`(set -o) 2>/dev/null\` in #( +else case e in #( + e) case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi " @@ -172,8 +172,9 @@ if ( set x; as_fn_ret_success y && test x = \"\$1\" ) then : -else \$as_nop - exitcode=1; echo positional parameters were not saved. +else case e in #( + e) exitcode=1; echo positional parameters were not saved. ;; +esac fi test x\$exitcode = x0 || exit 1 blah=\$(echo \$(echo blah)) @@ -195,14 +196,15 @@ if (eval "$as_required") 2>/dev/null then : as_have_required=yes -else $as_nop - as_have_required=no +else case e in #( + e) as_have_required=no ;; +esac fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null then : -else $as_nop - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else case e in #( + e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do @@ -235,12 +237,13 @@ if $as_found then : -else $as_nop - if { test -f "$SHELL" || test -f "$SHELL.exe"; } && +else case e in #( + e) if { test -f "$SHELL" || test -f "$SHELL.exe"; } && as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null then : CONFIG_SHELL=$SHELL as_have_required=yes -fi +fi ;; +esac fi @@ -262,7 +265,7 @@ esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. +# out after a failed 'exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi @@ -282,7 +285,8 @@ $0: have one." fi exit 1 -fi +fi ;; +esac fi fi SHELL=${CONFIG_SHELL-/bin/sh} @@ -321,14 +325,6 @@ as_fn_set_status $1 exit $1 } # as_fn_exit -# as_fn_nop -# --------- -# Do nothing but, unlike ":", preserve the value of $?. -as_fn_nop () -{ - return $? -} -as_nop=as_fn_nop # as_fn_mkdir_p # ------------- @@ -397,11 +393,12 @@ { eval $1+=\$2 }' -else $as_nop - as_fn_append () +else case e in #( + e) as_fn_append () { eval $1=\$$1\$2 - } + } ;; +esac fi # as_fn_append # as_fn_arith ARG... @@ -415,21 +412,14 @@ { as_val=$(( $* )) }' -else $as_nop - as_fn_arith () +else case e in #( + e) as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } + } ;; +esac fi # as_fn_arith -# as_fn_nop -# --------- -# Do nothing but, unlike ":", preserve the value of $?. -as_fn_nop () -{ - return $? -} -as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- @@ -503,6 +493,8 @@ /[$]LINENO/= ' <$as_myself | sed ' + t clear + :clear s/[$]LINENO.*/&-/ t lineno b @@ -551,7 +543,6 @@ as_echo='printf %s\n' as_echo_n='printf %s' - rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -563,9 +554,9 @@ if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. + # In both cases, we have to default to 'cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then @@ -590,10 +581,12 @@ as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" +as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated # Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" +as_tr_sh="eval sed '$as_sed_sh'" # deprecated SHELL=${CONFIG_SHELL-/bin/sh} @@ -621,8 +614,8 @@ # Identity of this package. PACKAGE_NAME='OpenVPN' PACKAGE_TARNAME='openvpn' -PACKAGE_VERSION='2.6.3' -PACKAGE_STRING='OpenVPN 2.6.3' +PACKAGE_VERSION='2.6.14' +PACKAGE_STRING='OpenVPN 2.6.14' PACKAGE_BUGREPORT='openvpn-users@lists.sourceforge.net' PACKAGE_URL='' @@ -747,6 +740,7 @@ RANLIB ac_ct_AR AR +FILECMD NM ac_ct_DUMPBIN DUMPBIN @@ -805,6 +799,8 @@ build_vendor build_cpu build +am__xargs_n +am__rm_f_notfound AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V @@ -914,8 +910,10 @@ with_openssl_engine enable_shared enable_static +enable_pic with_pic enable_fast_install +enable_aix_soname with_aix_soname with_gnu_ld with_sysroot @@ -1082,7 +1080,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: \`$ac_useropt'" + as_fn_error $? "invalid feature name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1108,7 +1106,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: \`$ac_useropt'" + as_fn_error $? "invalid feature name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1321,7 +1319,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: \`$ac_useropt'" + as_fn_error $? "invalid package name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1337,7 +1335,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: \`$ac_useropt'" + as_fn_error $? "invalid package name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1367,8 +1365,8 @@ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error $? "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information" + -*) as_fn_error $? "unrecognized option: '$ac_option' +Try '$0 --help' for more information" ;; *=*) @@ -1376,7 +1374,7 @@ # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + as_fn_error $? "invalid variable name: '$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -1426,7 +1424,7 @@ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done -# There might be people who depend on the old broken behavior: `$host' +# There might be people who depend on the old broken behavior: '$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias @@ -1494,7 +1492,7 @@ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi -ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_msg="sources are in $srcdir, but 'cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` @@ -1522,7 +1520,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenVPN 2.6.3 to adapt to many kinds of systems. +'configure' configures OpenVPN 2.6.14 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1536,11 +1534,11 @@ --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking ...' messages + -q, --quiet, --silent do not print 'checking ...' messages --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' + -C, --config-cache alias for '--cache-file=config.cache' -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or \`..'] + --srcdir=DIR find the sources in DIR [configure dir or '..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX @@ -1548,10 +1546,10 @@ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] -By default, \`make install' will install all the files in -\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -an installation prefix other than \`$ac_default_prefix' using \`--prefix', -for instance \`--prefix=\$HOME'. +By default, 'make install' will install all the files in +'$ac_default_prefix/bin', '$ac_default_prefix/lib' etc. You can specify +an installation prefix other than '$ac_default_prefix' using '--prefix', +for instance '--prefix=\$HOME'. For better control, use the options below. @@ -1593,7 +1591,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenVPN 2.6.3:";; + short | recursive ) echo "Configuration of OpenVPN 2.6.14:";; esac cat <<\_ACEOF @@ -1655,8 +1653,13 @@ Disable including options.h in wolfSSL [default=yes] --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] + --enable-pic[=PKGS] try to use only PIC/non-PIC objects [default=use + both] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] + --enable-aix-soname=aix|svr4|both + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. --disable-libtool-lock avoid locking (might break parallel builds) --disable-unit-tests Disables building and running the unit tests suite @@ -1672,11 +1675,6 @@ TYPE=openssl|mbedtls|wolfssl [default=openssl] --with-openssl-engine enable engine support with OpenSSL. Default enabled for OpenSSL < 3.0, auto,yes,no [default=auto] - --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use - both] - --with-aix-soname=aix|svr4|both - shared library versioning (aka "SONAME") variant to - provide on AIX, [default=aix]. --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot[=DIR] Search for dependent libraries within DIR (or the compiler's sysroot if not specified). @@ -1763,7 +1761,7 @@ C compiler flags for CMOCKA, overriding pkg-config CMOCKA_LIBS linker flags for CMOCKA, overriding pkg-config -Use these variables to override the choices made by `configure' or to help +Use these variables to override the choices made by 'configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . @@ -1830,10 +1828,10 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -OpenVPN configure 2.6.3 -generated by GNU Autoconf 2.71 +OpenVPN configure 2.6.14 +generated by GNU Autoconf 2.72 -Copyright (C) 2021 Free Software Foundation, Inc. +Copyright (C) 2023 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1872,11 +1870,12 @@ } && test -s conftest.$ac_objext then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval @@ -1895,8 +1894,8 @@ if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> @@ -1904,10 +1903,12 @@ if ac_fn_c_try_compile "$LINENO" then : eval "$3=yes" -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -1943,11 +1944,12 @@ } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval @@ -1985,11 +1987,12 @@ } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would @@ -2012,15 +2015,15 @@ if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. */ + which can conflict with char $2 (void); below. */ #include #undef $2 @@ -2031,7 +2034,7 @@ #ifdef __cplusplus extern "C" #endif -char $2 (); +char $2 (void); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ @@ -2050,11 +2053,13 @@ if ac_fn_c_try_link "$LINENO" then : eval "$3=yes" -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext + conftest$ac_exeext conftest.$ac_ext ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -2075,8 +2080,8 @@ if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 @@ -2106,12 +2111,14 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - eval "$3=yes" +else case e in #( + e) eval "$3=yes" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -2150,12 +2157,13 @@ test $ac_status = 0; }; } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: program exited with status $ac_status" >&5 +else case e in #( + e) printf "%s\n" "$as_me: program exited with status $ac_status" >&5 printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=$ac_status + ac_retval=$ac_status ;; +esac fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno @@ -2208,18 +2216,19 @@ if ac_fn_c_try_compile "$LINENO" then : ac_hi=$ac_mid; break -else $as_nop - as_fn_arith $ac_mid + 1 && ac_lo=$as_val +else case e in #( + e) as_fn_arith $ac_mid + 1 && ac_lo=$as_val if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= break fi - as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val + as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int @@ -2254,20 +2263,23 @@ if ac_fn_c_try_compile "$LINENO" then : ac_lo=$ac_mid; break -else $as_nop - as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val +else case e in #( + e) as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= break fi - as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val + as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done -else $as_nop - ac_lo= ac_hi= +else case e in #( + e) ac_lo= ac_hi= ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext # Binary search between lo and hi bounds. @@ -2290,8 +2302,9 @@ if ac_fn_c_try_compile "$LINENO" then : ac_hi=$ac_mid -else $as_nop - as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +else case e in #( + e) as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done @@ -2339,8 +2352,9 @@ if ac_fn_c_try_run "$LINENO" then : echo >>conftest.val; read $3 &6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int @@ -2381,8 +2395,8 @@ if ac_fn_c_try_compile "$LINENO" then : eval "$4=yes" -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int @@ -2398,12 +2412,15 @@ if ac_fn_c_try_compile "$LINENO" then : eval "$4=yes" -else $as_nop - eval "$4=no" +else case e in #( + e) eval "$4=no" ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi eval ac_res=\$$4 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -2425,8 +2442,8 @@ if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` +else case e in #( + e) as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` eval ac_save_FLAGS=\$$6 as_fn_append $6 " $5" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2450,12 +2467,14 @@ if ac_fn_c_try_compile "$LINENO" then : eval "$3=yes" -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext eval $6=\$ac_save_FLAGS - + ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -2487,8 +2506,8 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenVPN $as_me 2.6.3, which was -generated by GNU Autoconf 2.71. Invocation command line was +It was created by OpenVPN $as_me 2.6.14, which was +generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -2734,10 +2753,10 @@ printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ - || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } fi done @@ -2774,9 +2793,7 @@ /* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ struct buf { int x; }; struct buf * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; +static char *e (char **p, int i) { return p[i]; } @@ -2790,6 +2807,21 @@ return s; } +/* C89 style stringification. */ +#define noexpand_stringify(a) #a +const char *stringified = noexpand_stringify(arbitrary+token=sequence); + +/* C89 style token pasting. Exercises some of the corner cases that + e.g. old MSVC gets wrong, but not very hard. */ +#define noexpand_concat(a,b) a##b +#define expand_concat(a,b) noexpand_concat(a,b) +extern int vA; +extern int vbee; +#define aye A +#define bee B +int *pvA = &expand_concat(v,aye); +int *pvbee = &noexpand_concat(v,bee); + /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not \xHH hex character constants. These do not provoke an error unfortunately, instead are silently treated @@ -2817,16 +2849,19 @@ # Test code for whether the C compiler supports C99 (global declarations) ac_c_conftest_c99_globals=' -// Does the compiler advertise C99 conformance? +/* Does the compiler advertise C99 conformance? */ #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L # error "Compiler does not advertise C99 conformance" #endif +// See if C++-style comments work. + #include extern int puts (const char *); extern int printf (const char *, ...); extern int dprintf (int, const char *, ...); extern void *malloc (size_t); +extern void free (void *); // Check varargs macros. These examples are taken from C99 6.10.3.5. // dprintf is used instead of fprintf to avoid needing to declare @@ -2876,7 +2911,6 @@ static inline int test_restrict (ccp restrict text) { - // See if C++-style comments work. // Iterate through items via the restricted pointer. // Also check for declarations in for loops. for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) @@ -2942,6 +2976,8 @@ ia->datasize = 10; for (int i = 0; i < ia->datasize; ++i) ia->data[i] = i * 1.234; + // Work around memory leak warnings. + free (ia); // Check named initializers. struct named_init ni = { @@ -2963,7 +2999,7 @@ # Test code for whether the C compiler supports C11 (global declarations) ac_c_conftest_c11_globals=' -// Does the compiler advertise C11 conformance? +/* Does the compiler advertise C11 conformance? */ #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L # error "Compiler does not advertise C11 conformance" #endif @@ -3159,8 +3195,9 @@ if $as_found then : -else $as_nop - as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 ;; +esac fi @@ -3188,12 +3225,12 @@ eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) @@ -3202,18 +3239,18 @@ ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: '$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: '$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: '$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: '$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: '$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. @@ -3229,11 +3266,11 @@ fi done if $ac_cache_corrupted; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' + as_fn_error $? "run '${MAKE-make} distclean' and/or 'rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## @@ -3267,13 +3304,13 @@ fi -printf "%s\n" "#define OPENVPN_VERSION_RESOURCE 2,6,3,0" >>confdefs.h +printf "%s\n" "#define OPENVPN_VERSION_RESOURCE 2,6,14,0" >>confdefs.h OPENVPN_VERSION_MAJOR=2 OPENVPN_VERSION_MINOR=6 -OPENVPN_VERSION_PATCH=.3 +OPENVPN_VERSION_PATCH=.14 printf "%s\n" "#define OPENVPN_VERSION_MAJOR 2" >>confdefs.h @@ -3282,7 +3319,7 @@ printf "%s\n" "#define OPENVPN_VERSION_MINOR 6" >>confdefs.h -printf "%s\n" "#define OPENVPN_VERSION_PATCH \".3\"" >>confdefs.h +printf "%s\n" "#define OPENVPN_VERSION_PATCH \".14\"" >>confdefs.h @@ -3297,7 +3334,7 @@ # This foreign option prevents autoreconf from overriding our COPYING and # INSTALL targets: -am__api_version='1.16' +am__api_version='1.17' @@ -3321,8 +3358,8 @@ if test ${ac_cv_path_install+y} then : printf %s "(cached) " >&6 -else $as_nop - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else case e in #( + e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS @@ -3376,7 +3413,8 @@ IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir - + ;; +esac fi if test ${ac_cv_path_install+y}; then INSTALL=$ac_cv_path_install @@ -3399,6 +3437,165 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether sleep supports fractional seconds" >&5 +printf %s "checking whether sleep supports fractional seconds... " >&6; } +if test ${am_cv_sleep_fractional_seconds+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if sleep 0.001 2>/dev/null +then : + am_cv_sleep_fractional_seconds=yes +else case e in #( + e) am_cv_sleep_fractional_seconds=no ;; +esac +fi + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_sleep_fractional_seconds" >&5 +printf "%s\n" "$am_cv_sleep_fractional_seconds" >&6; } + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking filesystem timestamp resolution" >&5 +printf %s "checking filesystem timestamp resolution... " >&6; } +if test ${am_cv_filesystem_timestamp_resolution+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) # Default to the worst case. +am_cv_filesystem_timestamp_resolution=2 + +# Only try to go finer than 1 sec if sleep can do it. +# Don't try 1 sec, because if 0.01 sec and 0.1 sec don't work, +# - 1 sec is not much of a win compared to 2 sec, and +# - it takes 2 seconds to perform the test whether 1 sec works. +# +# Instead, just use the default 2s on platforms that have 1s resolution, +# accept the extra 1s delay when using $sleep in the Automake tests, in +# exchange for not incurring the 2s delay for running the test for all +# packages. +# +am_try_resolutions= +if test "$am_cv_sleep_fractional_seconds" = yes; then + # Even a millisecond often causes a bunch of false positives, + # so just try a hundredth of a second. The time saved between .001 and + # .01 is not terribly consequential. + am_try_resolutions="0.01 0.1 $am_try_resolutions" +fi + +# In order to catch current-generation FAT out, we must *modify* files +# that already exist; the *creation* timestamp is finer. Use names +# that make ls -t sort them differently when they have equal +# timestamps than when they have distinct timestamps, keeping +# in mind that ls -t prints the *newest* file first. +rm -f conftest.ts? +: > conftest.ts1 +: > conftest.ts2 +: > conftest.ts3 + +# Make sure ls -t actually works. Do 'set' in a subshell so we don't +# clobber the current shell's arguments. (Outer-level square brackets +# are removed by m4; they're present so that m4 does not expand +# ; be careful, easy to get confused.) +if ( + set X `ls -t conftest.ts[12]` && + { + test "$*" != "X conftest.ts1 conftest.ts2" || + test "$*" != "X conftest.ts2 conftest.ts1"; + } +); then :; else + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + printf "%s\n" ""Bad output from ls -t: \"`ls -t conftest.ts[12]`\""" >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +as_fn_error $? "ls -t produces unexpected output. +Make sure there is not a broken ls alias in your environment. +See 'config.log' for more details" "$LINENO" 5; } +fi + +for am_try_res in $am_try_resolutions; do + # Any one fine-grained sleep might happen to cross the boundary + # between two values of a coarser actual resolution, but if we do + # two fine-grained sleeps in a row, at least one of them will fall + # entirely within a coarse interval. + echo alpha > conftest.ts1 + sleep $am_try_res + echo beta > conftest.ts2 + sleep $am_try_res + echo gamma > conftest.ts3 + + # We assume that 'ls -t' will make use of high-resolution + # timestamps if the operating system supports them at all. + if (set X `ls -t conftest.ts?` && + test "$2" = conftest.ts3 && + test "$3" = conftest.ts2 && + test "$4" = conftest.ts1); then + # + # Ok, ls -t worked. If we're at a resolution of 1 second, we're done, + # because we don't need to test make. + make_ok=true + if test $am_try_res != 1; then + # But if we've succeeded so far with a subsecond resolution, we + # have one more thing to check: make. It can happen that + # everything else supports the subsecond mtimes, but make doesn't; + # notably on macOS, which ships make 3.81 from 2006 (the last one + # released under GPLv2). https://bugs.gnu.org/68808 + # + # We test $MAKE if it is defined in the environment, else "make". + # It might get overridden later, but our hope is that in practice + # it does not matter: it is the system "make" which is (by far) + # the most likely to be broken, whereas if the user overrides it, + # probably they did so with a better, or at least not worse, make. + # https://lists.gnu.org/archive/html/automake/2024-06/msg00051.html + # + # Create a Makefile (real tab character here): + rm -f conftest.mk + echo 'conftest.ts1: conftest.ts2' >conftest.mk + echo ' touch conftest.ts2' >>conftest.mk + # + # Now, running + # touch conftest.ts1; touch conftest.ts2; make + # should touch ts1 because ts2 is newer. This could happen by luck, + # but most often, it will fail if make's support is insufficient. So + # test for several consecutive successes. + # + # (We reuse conftest.ts[12] because we still want to modify existing + # files, not create new ones, per above.) + n=0 + make=${MAKE-make} + until test $n -eq 3; do + echo one > conftest.ts1 + sleep $am_try_res + echo two > conftest.ts2 # ts2 should now be newer than ts1 + if $make -f conftest.mk | grep 'up to date' >/dev/null; then + make_ok=false + break # out of $n loop + fi + n=`expr $n + 1` + done + fi + # + if $make_ok; then + # Everything we know to check worked out, so call this resolution good. + am_cv_filesystem_timestamp_resolution=$am_try_res + break # out of $am_try_res loop + fi + # Otherwise, we'll go on to check the next resolution. + fi +done +rm -f conftest.ts? +# (end _am_filesystem_timestamp_resolution) + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_filesystem_timestamp_resolution" >&5 +printf "%s\n" "$am_cv_filesystem_timestamp_resolution" >&6; } + +# This check should not be cached, as it may vary across builds of +# different projects. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 printf %s "checking whether build environment is sane... " >&6; } # Reject unsafe characters in $srcdir or the absolute working directory @@ -3419,49 +3616,45 @@ # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). -if ( - am_has_slept=no - for am_try in 1 2; do - echo "timestamp, slept: $am_has_slept" > conftest.file - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$*" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - if test "$*" != "X $srcdir/configure conftest.file" \ - && test "$*" != "X conftest.file $srcdir/configure"; then +am_build_env_is_sane=no +am_has_slept=no +rm -f conftest.file +for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + test "$2" = conftest.file + ); then + am_build_env_is_sane=yes + break + fi + # Just in case. + sleep "$am_cv_filesystem_timestamp_resolution" + am_has_slept=yes +done - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - as_fn_error $? "ls -t appears to fail. Make sure there is not a broken - alias in your environment" "$LINENO" 5 - fi - if test "$2" = conftest.file || test $am_try -eq 2; then - break - fi - # Just in case. - sleep 1 - am_has_slept=yes - done - test "$2" = conftest.file - ) -then - # Ok. - : -else - as_fn_error $? "newly created file is older than distributed files! +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_build_env_is_sane" >&5 +printf "%s\n" "$am_build_env_is_sane" >&6; } +if test "$am_build_env_is_sane" = no; then + as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } + # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= -if grep 'slept: no' conftest.file >/dev/null 2>&1; then - ( sleep 1 ) & +if test -e conftest.file || grep 'slept: no' conftest.file >/dev/null 2>&1 +then : + +else case e in #( + e) ( sleep "$am_cv_filesystem_timestamp_resolution" ) & am_sleep_pid=$! + ;; +esac fi rm -f conftest.file @@ -3472,7 +3665,7 @@ test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. -# By default was `s,x,x', remove it if useless. +# By default was 's,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"` @@ -3515,8 +3708,8 @@ if test ${ac_cv_prog_STRIP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$STRIP"; then +else case e in #( + e) if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -3538,7 +3731,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then @@ -3560,8 +3754,8 @@ if test ${ac_cv_prog_ac_ct_STRIP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_STRIP"; then +else case e in #( + e) if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -3583,7 +3777,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then @@ -3619,8 +3814,8 @@ if test ${ac_cv_path_mkdir+y} then : printf %s "(cached) " >&6 -else $as_nop - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else case e in #( + e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS @@ -3634,7 +3829,7 @@ as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir ('*'coreutils) '* | \ - 'BusyBox '* | \ + *'BusyBox '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext break 3;; @@ -3643,18 +3838,17 @@ done done IFS=$as_save_IFS - + ;; +esac fi test -d ./--version && rmdir ./--version if test ${ac_cv_path_mkdir+y}; then MKDIR_P="$ac_cv_path_mkdir -p" else - # As a last resort, use the slow shell script. Don't cache a - # value for MKDIR_P within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - MKDIR_P="$ac_install_sh -d" + # As a last resort, use plain mkdir -p, + # in the hope it doesn't have the bugs of ancient mkdir. + MKDIR_P='mkdir -p' fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 @@ -3669,8 +3863,8 @@ if test ${ac_cv_prog_AWK+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$AWK"; then +else case e in #( + e) if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -3692,7 +3886,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then @@ -3714,8 +3909,8 @@ if eval test \${ac_cv_prog_make_${ac_make}_set+y} then : printf %s "(cached) " >&6 -else $as_nop - cat >conftest.make <<\_ACEOF +else case e in #( + e) cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' @@ -3727,7 +3922,8 @@ *) eval ac_cv_prog_make_${ac_make}_set=no;; esac -rm -f conftest.make +rm -f conftest.make ;; +esac fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -3748,25 +3944,21 @@ fi rmdir .tst 2>/dev/null +AM_DEFAULT_VERBOSITY=1 # Check whether --enable-silent-rules was given. if test ${enable_silent_rules+y} then : enableval=$enable_silent_rules; fi -case $enable_silent_rules in # ((( - yes) AM_DEFAULT_VERBOSITY=0;; - no) AM_DEFAULT_VERBOSITY=1;; - *) AM_DEFAULT_VERBOSITY=1;; -esac am_make=${MAKE-make} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 printf %s "checking whether $am_make supports nested variables... " >&6; } if test ${am_cv_make_support_nested_variables+y} then : printf %s "(cached) " >&6 -else $as_nop - if printf "%s\n" 'TRUE=$(BAR$(V)) +else case e in #( + e) if printf "%s\n" 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 @@ -3776,19 +3968,50 @@ am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no -fi +fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 printf "%s\n" "$am_cv_make_support_nested_variables" >&6; } -if test $am_cv_make_support_nested_variables = yes; then - AM_V='$(V)' - AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' -else - AM_V=$AM_DEFAULT_VERBOSITY - AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY -fi AM_BACKSLASH='\' +am__rm_f_notfound= +if (rm -f && rm -fr && rm -rf) 2>/dev/null +then : + +else case e in #( + e) am__rm_f_notfound='""' ;; +esac +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking xargs -n works" >&5 +printf %s "checking xargs -n works... " >&6; } +if test ${am_cv_xargs_n_works+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if test "`echo 1 2 3 | xargs -n2 echo`" = "1 2 +3" +then : + am_cv_xargs_n_works=yes +else case e in #( + e) am_cv_xargs_n_works=no ;; +esac +fi ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_xargs_n_works" >&5 +printf "%s\n" "$am_cv_xargs_n_works" >&6; } +if test "$am_cv_xargs_n_works" = yes +then : + am__xargs_n='xargs -n' +else case e in #( + e) am__xargs_n='am__xargs_n () { shift; sed "s/ /\\n/g" | while read am__xargs_n_arg; do "" "$am__xargs_n_arg"; done; }' + ;; +esac +fi + if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." @@ -3811,7 +4034,7 @@ # Define the identity of the package. PACKAGE='openvpn' - VERSION='2.6.3' + VERSION='2.6.14' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -3872,47 +4095,9 @@ -# POSIX will say in a future version that running "rm -f" with no argument -# is OK; and we want to be able to make that assumption in our Makefile -# recipes. So use an aggressive probe to check that the usage we want is -# actually supported "in the wild" to an acceptable degree. -# See automake bug#10828. -# To make any issue more visible, cause the running configure to be aborted -# by default if the 'rm' program in use doesn't match our expectations; the -# user can still override this though. -if rm -f && rm -fr && rm -rf; then : OK; else - cat >&2 <<'END' -Oops! - -Your 'rm' program seems unable to run without file operands specified -on the command line, even when the '-f' option is present. This is contrary -to the behaviour of most rm programs out there, and not conforming with -the upcoming POSIX standard: - -Please tell bug-automake@gnu.org about your system, including the value -of your $PATH and any error possibly output before this message. This -can help us improve future automake versions. -END - if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then - echo 'Configuration will proceed anyway, since you have set the' >&2 - echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 - echo >&2 - else - cat >&2 <<'END' -Aborting the configuration process, to ensure you take notice of the issue. -You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: . -If you want to complete the configuration process using your problematic -'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM -to "yes", and re-run configure. - -END - as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 - fi -fi # Make sure we can run config.sub. @@ -3924,15 +4109,16 @@ if test ${ac_cv_build+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_build_alias=$build_alias +else case e in #( + e) ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` || as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5 - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 printf "%s\n" "$ac_cv_build" >&6; } @@ -3959,14 +4145,15 @@ if test ${ac_cv_host+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "x$host_alias" = x; then +else case e in #( + e) if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` || as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5 fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 printf "%s\n" "$ac_cv_host" >&6; } @@ -4074,8 +4261,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4097,7 +4284,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4119,8 +4307,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4142,7 +4330,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -4177,8 +4366,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4200,7 +4389,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4222,8 +4412,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no @@ -4262,7 +4452,8 @@ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4286,8 +4477,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4309,7 +4500,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4335,8 +4527,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4358,7 +4550,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -4396,8 +4589,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4419,7 +4612,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4441,8 +4635,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4464,7 +4658,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -4493,10 +4688,10 @@ fi -test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -4568,8 +4763,8 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' + # Autoconf-2.13 could set the ac_cv_exeext variable to 'no'. +# So ignore a value of 'no', otherwise this would lead to 'EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. @@ -4589,7 +4784,7 @@ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' + # safe: cross compilers may not add the suffix if given an '-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. @@ -4600,8 +4795,9 @@ done test "$ac_cv_exeext" = no && ac_cv_exeext= -else $as_nop - ac_file='' +else case e in #( + e) ac_file='' ;; +esac fi if test -z "$ac_file" then : @@ -4610,13 +4806,14 @@ printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } +See 'config.log' for more details" "$LINENO" 5; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 printf %s "checking for C compiler default output file name... " >&6; } @@ -4640,10 +4837,10 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. + # If both 'conftest.exe' and 'conftest' are 'present' (well, observable) +# catch 'conftest.exe'. For instance with Cygwin, 'ls conftest' will +# work properly (i.e., refer to 'conftest.exe'), while it won't with +# 'rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in @@ -4653,11 +4850,12 @@ * ) break;; esac done -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f conftest conftest$ac_cv_exeext { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 @@ -4673,6 +4871,8 @@ main (void) { FILE *f = fopen ("conftest.out", "w"); + if (!f) + return 1; return ferror (f) || fclose (f) != 0; ; @@ -4712,26 +4912,27 @@ if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } +If you meant to cross compile, use '--host'. +See 'config.log' for more details" "$LINENO" 5; } fi fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 printf "%s\n" "$cross_compiling" >&6; } -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +rm -f conftest.$ac_ext conftest$ac_cv_exeext \ + conftest.o conftest.obj conftest.out ac_clean_files=$ac_clean_files_save { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 printf %s "checking for suffix of object files... " >&6; } if test ${ac_cv_objext+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4763,16 +4964,18 @@ break;; esac done -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext +rm -f conftest.$ac_cv_objext conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 printf "%s\n" "$ac_cv_objext" >&6; } @@ -4783,8 +4986,8 @@ if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4801,12 +5004,14 @@ if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else $as_nop - ac_compiler_gnu=no +else case e in #( + e) ac_compiler_gnu=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } @@ -4824,8 +5029,8 @@ if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_c_werror_flag=$ac_c_werror_flag +else case e in #( + e) ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" @@ -4843,8 +5048,8 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes -else $as_nop - CFLAGS="" +else case e in #( + e) CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4859,8 +5064,8 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - ac_c_werror_flag=$ac_save_c_werror_flag +else case e in #( + e) ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4877,12 +5082,15 @@ then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + ac_c_werror_flag=$ac_save_c_werror_flag ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } @@ -4909,8 +5117,8 @@ if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c11=no +else case e in #( + e) ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4927,25 +5135,28 @@ test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c11" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } - CC="$CC $ac_cv_prog_cc_c11" + CC="$CC $ac_cv_prog_cc_c11" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 - ac_prog_cc_stdc=c11 + ac_prog_cc_stdc=c11 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno @@ -4955,8 +5166,8 @@ if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c99=no +else case e in #( + e) ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4973,25 +5184,28 @@ test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c99" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } - CC="$CC $ac_cv_prog_cc_c99" + CC="$CC $ac_cv_prog_cc_c99" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 - ac_prog_cc_stdc=c99 + ac_prog_cc_stdc=c99 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno @@ -5001,8 +5215,8 @@ if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c89=no +else case e in #( + e) ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5019,25 +5233,28 @@ test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c89" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } - CC="$CC $ac_cv_prog_cc_c89" + CC="$CC $ac_cv_prog_cc_c89" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 - ac_prog_cc_stdc=c89 + ac_prog_cc_stdc=c89 ;; +esac fi fi @@ -5058,8 +5275,8 @@ if test ${am_cv_prog_cc_c_o+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -5089,7 +5306,8 @@ fi done rm -f core conftest* - unset am_i + unset am_i ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 printf "%s\n" "$am_cv_prog_cc_c_o" >&6; } @@ -5115,8 +5333,8 @@ if test ${am_cv_CC_dependencies_compiler_type+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then +else case e in #( + e) if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up @@ -5203,7 +5421,7 @@ # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: + # When given -MP, icc 7.0 and 7.1 complain thus: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported @@ -5220,7 +5438,8 @@ else am_cv_CC_dependencies_compiler_type=none fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; } @@ -5278,8 +5497,8 @@ if test ${ac_cv_safe_to_define___extensions__+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define __EXTENSIONS__ 1 @@ -5295,10 +5514,12 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_safe_to_define___extensions__=yes -else $as_nop - ac_cv_safe_to_define___extensions__=no +else case e in #( + e) ac_cv_safe_to_define___extensions__=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 printf "%s\n" "$ac_cv_safe_to_define___extensions__" >&6; } @@ -5308,8 +5529,8 @@ if test ${ac_cv_should_define__xopen_source+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_should_define__xopen_source=no +else case e in #( + e) ac_cv_should_define__xopen_source=no if test $ac_cv_header_wchar_h = yes then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -5328,8 +5549,8 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _XOPEN_SOURCE 500 @@ -5347,10 +5568,12 @@ then : ac_cv_should_define__xopen_source=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -fi +fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_should_define__xopen_source" >&5 printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; } @@ -5375,6 +5598,8 @@ printf "%s\n" "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_EXT__ 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h printf "%s\n" "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h @@ -5394,8 +5619,9 @@ printf "%s\n" "#define _POSIX_1_SOURCE 2" >>confdefs.h -else $as_nop - MINIX= +else case e in #( + e) MINIX= ;; +esac fi if test $ac_cv_safe_to_define___extensions__ = yes then : @@ -5413,9 +5639,10 @@ if test ${enable_lzo+y} then : enableval=$enable_lzo; -else $as_nop - enable_lzo="yes" - +else case e in #( + e) enable_lzo="yes" + ;; +esac fi @@ -5423,9 +5650,10 @@ if test ${enable_lz4+y} then : enableval=$enable_lz4; enable_lz4="$enableval" -else $as_nop - enable_lz4="yes" - +else case e in #( + e) enable_lz4="yes" + ;; +esac fi @@ -5433,9 +5661,10 @@ if test ${enable_comp_stub+y} then : enableval=$enable_comp_stub; enable_comp_stub="$enableval" -else $as_nop - enable_comp_stub="no" - +else case e in #( + e) enable_comp_stub="no" + ;; +esac fi @@ -5443,9 +5672,10 @@ if test ${enable_ofb_cfb+y} then : enableval=$enable_ofb_cfb; -else $as_nop - enable_crypto_ofb_cfb="yes" - +else case e in #( + e) enable_crypto_ofb_cfb="yes" + ;; +esac fi @@ -5453,9 +5683,10 @@ if test ${enable_x509_alt_username+y} then : enableval=$enable_x509_alt_username; -else $as_nop - enable_x509_alt_username="no" - +else case e in #( + e) enable_x509_alt_username="no" + ;; +esac fi @@ -5463,9 +5694,10 @@ if test ${enable_plugins+y} then : enableval=$enable_plugins; -else $as_nop - enable_plugins="yes" - +else case e in #( + e) enable_plugins="yes" + ;; +esac fi @@ -5473,9 +5705,10 @@ if test ${enable_management+y} then : enableval=$enable_management; -else $as_nop - enable_management="yes" - +else case e in #( + e) enable_management="yes" + ;; +esac fi @@ -5483,9 +5716,10 @@ if test ${enable_pkcs11+y} then : enableval=$enable_pkcs11; -else $as_nop - enable_pkcs11="no" - +else case e in #( + e) enable_pkcs11="no" + ;; +esac fi @@ -5493,9 +5727,10 @@ if test ${enable_fragment+y} then : enableval=$enable_fragment; -else $as_nop - enable_fragment="yes" - +else case e in #( + e) enable_fragment="yes" + ;; +esac fi @@ -5503,9 +5738,10 @@ if test ${enable_port_share+y} then : enableval=$enable_port_share; -else $as_nop - enable_port_share="yes" - +else case e in #( + e) enable_port_share="yes" + ;; +esac fi @@ -5513,9 +5749,10 @@ if test ${enable_debug+y} then : enableval=$enable_debug; -else $as_nop - enable_debug="yes" - +else case e in #( + e) enable_debug="yes" + ;; +esac fi @@ -5523,9 +5760,10 @@ if test ${enable_small+y} then : enableval=$enable_small; -else $as_nop - enable_small="no" - +else case e in #( + e) enable_small="no" + ;; +esac fi @@ -5533,8 +5771,8 @@ if test ${enable_dco+y} then : enableval=$enable_dco; -else $as_nop - +else case e in #( + e) case "$host" in *-*-linux*) enable_dco="auto" @@ -5548,7 +5786,8 @@ ;; esac - + ;; +esac fi @@ -5556,9 +5795,10 @@ if test ${enable_iproute2+y} then : enableval=$enable_iproute2; -else $as_nop - enable_iproute2="no" - +else case e in #( + e) enable_iproute2="no" + ;; +esac fi @@ -5566,15 +5806,16 @@ if test ${enable_plugin_auth_pam+y} then : enableval=$enable_plugin_auth_pam; -else $as_nop - +else case e in #( + e) case "$host" in *-*-openbsd*) enable_plugin_auth_pam="no";; *-mingw*) enable_plugin_auth_pam="no";; *) enable_plugin_auth_pam="yes";; esac - + ;; +esac fi @@ -5582,14 +5823,15 @@ if test ${enable_plugin_down_root+y} then : enableval=$enable_plugin_down_root; -else $as_nop - +else case e in #( + e) case "$host" in *-mingw*) enable_plugin_down_root="no";; *) enable_plugin_down_root="yes";; esac - + ;; +esac fi @@ -5597,9 +5839,10 @@ if test ${enable_pam_dlopen+y} then : enableval=$enable_pam_dlopen; -else $as_nop - enable_pam_dlopen="no" - +else case e in #( + e) enable_pam_dlopen="no" + ;; +esac fi @@ -5607,9 +5850,10 @@ if test ${enable_strict+y} then : enableval=$enable_strict; -else $as_nop - enable_strict="no" - +else case e in #( + e) enable_strict="no" + ;; +esac fi @@ -5617,9 +5861,10 @@ if test ${enable_pedantic+y} then : enableval=$enable_pedantic; -else $as_nop - enable_pedantic="no" - +else case e in #( + e) enable_pedantic="no" + ;; +esac fi @@ -5627,9 +5872,10 @@ if test ${enable_werror+y} then : enableval=$enable_werror; -else $as_nop - enable_werror="no" - +else case e in #( + e) enable_werror="no" + ;; +esac fi @@ -5637,9 +5883,10 @@ if test ${enable_strict_options+y} then : enableval=$enable_strict_options; -else $as_nop - enable_strict_options="no" - +else case e in #( + e) enable_strict_options="no" + ;; +esac fi @@ -5647,9 +5894,10 @@ if test ${enable_selinux+y} then : enableval=$enable_selinux; -else $as_nop - enable_selinux="no" - +else case e in #( + e) enable_selinux="no" + ;; +esac fi @@ -5657,9 +5905,10 @@ if test ${enable_systemd+y} then : enableval=$enable_systemd; -else $as_nop - enable_systemd="no" - +else case e in #( + e) enable_systemd="no" + ;; +esac fi @@ -5667,9 +5916,10 @@ if test ${enable_async_push+y} then : enableval=$enable_async_push; -else $as_nop - enable_async_push="no" - +else case e in #( + e) enable_async_push="no" + ;; +esac fi @@ -5694,9 +5944,10 @@ *) as_fn_error $? "bad value ${withval} for --mem-check" "$LINENO" 5 ;; esac -else $as_nop - with_mem_check="no" - +else case e in #( + e) with_mem_check="no" + ;; +esac fi @@ -5710,9 +5961,10 @@ *) as_fn_error $? "bad value ${withval} for --with-crypto-library" "$LINENO" 5 ;; esac -else $as_nop - with_crypto_library="openssl" - +else case e in #( + e) with_crypto_library="openssl" + ;; +esac fi @@ -5720,9 +5972,10 @@ if test ${enable_wolfssl_options_h+y} then : enableval=$enable_wolfssl_options_h; -else $as_nop - enable_wolfssl_options_h="yes" - +else case e in #( + e) enable_wolfssl_options_h="yes" + ;; +esac fi @@ -5736,9 +5989,10 @@ *) as_fn_error $? "bad value ${withval} for --with-engine" "$LINENO" 5 ;; esac -else $as_nop - with_openssl_engine="auto" - +else case e in #( + e) with_openssl_engine="auto" + ;; +esac fi @@ -5777,6 +6031,7 @@ printf "%s\n" "#define TARGET_PREFIX \"L\"" >>confdefs.h have_sitnl="yes" + pkg_config_required="yes" ;; *-*-solaris*) @@ -5888,8 +6143,8 @@ if test ${ac_cv_path_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - case $PKG_CONFIG in +else case e in #( + e) case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; @@ -5914,6 +6169,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG @@ -5936,8 +6192,8 @@ if test ${ac_cv_path_ac_pt_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - case $ac_pt_PKG_CONFIG in +else case e in #( + e) case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; @@ -5962,6 +6218,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG @@ -6002,6 +6259,16 @@ PKG_CONFIG="" fi fi +# Add variable to print if pkg-config is found or not. Users often miss that +if test "${PKG_CONFIG}" = ""; then + if test "${pkg_config_required}" = "yes"; then + as_fn_error $? "pkg-config is required" "$LINENO" 5 + fi + pkg_config_found="(not found)" +else + pkg_config_found="(${PKG_CONFIG})" +fi + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -6017,8 +6284,8 @@ if test ${ac_cv_prog_CPP+y} then : printf %s "(cached) " >&6 -else $as_nop - # Double quotes because $CC needs to be expanded +else case e in #( + e) # Double quotes because $CC needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false @@ -6036,9 +6303,10 @@ if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -6052,15 +6320,16 @@ then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : @@ -6069,7 +6338,8 @@ done ac_cv_prog_CPP=$CPP - + ;; +esac fi CPP=$ac_cv_prog_CPP else @@ -6092,9 +6362,10 @@ if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -6108,24 +6379,26 @@ then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi ac_ext=c @@ -6151,8 +6424,8 @@ if test ${ac_cv_path_SED+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ +else case e in #( + e) ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done @@ -6177,9 +6450,10 @@ as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED -case `"$ac_path_SED" --version 2>&1` in +case `"$ac_path_SED" --version 2>&1` in #( *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -6214,7 +6488,8 @@ else ac_cv_path_SED=$SED fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 printf "%s\n" "$ac_cv_path_SED" >&6; } @@ -6228,8 +6503,8 @@ if eval test \${ac_cv_prog_make_${ac_make}_set+y} then : printf %s "(cached) " >&6 -else $as_nop - cat >conftest.make <<\_ACEOF +else case e in #( + e) cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' @@ -6241,7 +6516,8 @@ *) eval ac_cv_prog_make_${ac_make}_set=no;; esac -rm -f conftest.make +rm -f conftest.make ;; +esac fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -6271,8 +6547,8 @@ if test ${ac_cv_path_IFCONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - case $IFCONFIG in +else case e in #( + e) case $IFCONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_IFCONFIG="$IFCONFIG" # Let the user override the test with a path. ;; @@ -6298,6 +6574,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi IFCONFIG=$ac_cv_path_IFCONFIG @@ -6322,8 +6599,8 @@ if test ${ac_cv_path_ROUTE+y} then : printf %s "(cached) " >&6 -else $as_nop - case $ROUTE in +else case e in #( + e) case $ROUTE in [\\/]* | ?:[\\/]*) ac_cv_path_ROUTE="$ROUTE" # Let the user override the test with a path. ;; @@ -6349,6 +6626,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi ROUTE=$ac_cv_path_ROUTE @@ -6373,8 +6651,8 @@ if test ${ac_cv_path_IPROUTE+y} then : printf %s "(cached) " >&6 -else $as_nop - case $IPROUTE in +else case e in #( + e) case $IPROUTE in [\\/]* | ?:[\\/]*) ac_cv_path_IPROUTE="$IPROUTE" # Let the user override the test with a path. ;; @@ -6400,6 +6678,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi IPROUTE=$ac_cv_path_IPROUTE @@ -6424,8 +6703,8 @@ if test ${ac_cv_path_SYSTEMD_ASK_PASSWORD+y} then : printf %s "(cached) " >&6 -else $as_nop - case $SYSTEMD_ASK_PASSWORD in +else case e in #( + e) case $SYSTEMD_ASK_PASSWORD in [\\/]* | ?:[\\/]*) ac_cv_path_SYSTEMD_ASK_PASSWORD="$SYSTEMD_ASK_PASSWORD" # Let the user override the test with a path. ;; @@ -6451,6 +6730,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi SYSTEMD_ASK_PASSWORD=$ac_cv_path_SYSTEMD_ASK_PASSWORD @@ -6475,8 +6755,8 @@ if test ${ac_cv_prog_NETSTAT+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$NETSTAT"; then +else case e in #( + e) if test -n "$NETSTAT"; then ac_cv_prog_NETSTAT="$NETSTAT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6499,7 +6779,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi NETSTAT=$ac_cv_prog_NETSTAT if test -n "$NETSTAT"; then @@ -6524,8 +6805,8 @@ if test ${ac_cv_prog_GIT+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$GIT"; then +else case e in #( + e) if test -n "$GIT"; then ac_cv_prog_GIT="$GIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6547,7 +6828,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi GIT=$ac_cv_prog_GIT if test -n "$GIT"; then @@ -6589,8 +6871,8 @@ if test ${ac_cv_prog_RST2MAN+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RST2MAN"; then +else case e in #( + e) if test -n "$RST2MAN"; then ac_cv_prog_RST2MAN="$RST2MAN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6612,7 +6894,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi RST2MAN=$ac_cv_prog_RST2MAN if test -n "$RST2MAN"; then @@ -6636,8 +6919,8 @@ if test ${ac_cv_prog_RST2HTML+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RST2HTML"; then +else case e in #( + e) if test -n "$RST2HTML"; then ac_cv_prog_RST2HTML="$RST2HTML" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6659,7 +6942,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi RST2HTML=$ac_cv_prog_RST2HTML if test -n "$RST2HTML"; then @@ -6701,8 +6985,8 @@ -macro_version='2.4.6' -macro_revision='2.4.6' +macro_version='2.5.4' +macro_revision='2.5.4' @@ -6793,8 +7077,8 @@ if test ${ac_cv_path_SED+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ +else case e in #( + e) ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done @@ -6819,9 +7103,10 @@ as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED -case `"$ac_path_SED" --version 2>&1` in +case `"$ac_path_SED" --version 2>&1` in #( *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -6856,7 +7141,8 @@ else ac_cv_path_SED=$SED fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 printf "%s\n" "$ac_cv_path_SED" >&6; } @@ -6881,8 +7167,8 @@ if test ${ac_cv_path_GREP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$GREP"; then +else case e in #( + e) if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6901,9 +7187,10 @@ as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in +case `"$ac_path_GREP" --version 2>&1` in #( *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -6938,7 +7225,8 @@ else ac_cv_path_GREP=$GREP fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 printf "%s\n" "$ac_cv_path_GREP" >&6; } @@ -6950,8 +7238,8 @@ if test ${ac_cv_path_EGREP+y} then : printf %s "(cached) " >&6 -else $as_nop - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 +else case e in #( + e) if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then @@ -6973,9 +7261,10 @@ as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in +case `"$ac_path_EGREP" --version 2>&1` in #( *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -7011,20 +7300,23 @@ ac_cv_path_EGREP=$EGREP fi - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 printf "%s\n" "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" + EGREP_TRADITIONAL=$EGREP + ac_cv_path_EGREP_TRADITIONAL=$EGREP { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 printf %s "checking for fgrep... " >&6; } if test ${ac_cv_path_FGREP+y} then : printf %s "(cached) " >&6 -else $as_nop - if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 +else case e in #( + e) if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else if test -z "$FGREP"; then @@ -7046,9 +7338,10 @@ as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP -case `"$ac_path_FGREP" --version 2>&1` in +case `"$ac_path_FGREP" --version 2>&1` in #( *GNU*) ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -7084,7 +7377,8 @@ ac_cv_path_FGREP=$FGREP fi - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 printf "%s\n" "$ac_cv_path_FGREP" >&6; } @@ -7115,8 +7409,9 @@ if test ${with_gnu_ld+y} then : withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes -else $as_nop - with_gnu_ld=no +else case e in #( + e) with_gnu_ld=no ;; +esac fi ac_prog=ld @@ -7125,7 +7420,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 printf %s "checking for ld used by $CC... " >&6; } case $host in - *-*-mingw*) + *-*-mingw* | *-*-windows*) # gcc leaves a trailing carriage return, which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) @@ -7161,8 +7456,8 @@ if test ${lt_cv_path_LD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$LD"; then +else case e in #( + e) if test -z "$LD"; then lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS=$lt_save_ifs @@ -7185,7 +7480,8 @@ IFS=$lt_save_ifs else lt_cv_path_LD=$LD # Let the user override the test with a path. -fi +fi ;; +esac fi LD=$lt_cv_path_LD @@ -7202,8 +7498,8 @@ if test ${lt_cv_prog_gnu_ld+y} then : printf %s "(cached) " >&6 -else $as_nop - # I'd rather use --version here, but apparently some GNU lds only accept -v. +else case e in #( + e) # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 @@ -7230,8 +7527,8 @@ if test ${lt_cv_path_NM+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$NM"; then +else case e in #( + e) if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM=$NM else @@ -7252,16 +7549,16 @@ # Tru64's nm complains that /dev/null is an invalid object file # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty case $build_os in - mingw*) lt_bad_file=conftest.nm/nofile ;; + mingw* | windows*) lt_bad_file=conftest.nm/nofile ;; *) lt_bad_file=/dev/null ;; esac - case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break 2 ;; *) - case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break 2 @@ -7278,7 +7575,8 @@ IFS=$lt_save_ifs done : ${lt_cv_path_NM=no} -fi +fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 printf "%s\n" "$lt_cv_path_NM" >&6; } @@ -7299,8 +7597,8 @@ if test ${ac_cv_prog_DUMPBIN+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$DUMPBIN"; then +else case e in #( + e) if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -7322,7 +7620,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then @@ -7348,8 +7647,8 @@ if test ${ac_cv_prog_ac_ct_DUMPBIN+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_DUMPBIN"; then +else case e in #( + e) if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -7371,7 +7670,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then @@ -7399,7 +7699,7 @@ fi fi - case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols -headers" ;; @@ -7425,8 +7725,8 @@ if test ${lt_cv_nm_interface+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_nm_interface="BSD nm" +else case e in #( + e) lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) @@ -7439,7 +7739,8 @@ if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi - rm -f conftest* + rm -f conftest* ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 printf "%s\n" "$lt_cv_nm_interface" >&6; } @@ -7450,8 +7751,8 @@ if test ${lt_cv_sys_max_cmd_len+y} then : printf %s "(cached) " >&6 -else $as_nop - i=0 +else case e in #( + e) i=0 teststring=ABCD case $build_os in @@ -7463,14 +7764,14 @@ lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; - gnu*) - # Under GNU Hurd, this test is not required because there is - # no limit to the length of command line arguments. + gnu* | ironclad*) + # Under GNU Hurd and Ironclad, this test is not required because there + # is no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; - cygwin* | mingw* | cegcc*) + cygwin* | mingw* | windows* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, @@ -7492,7 +7793,7 @@ lt_cv_sys_max_cmd_len=8192; ;; - bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) + darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` @@ -7535,7 +7836,7 @@ sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then - lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[ ]//'` else lt_cv_sys_max_cmd_len=32768 fi @@ -7573,7 +7874,8 @@ fi ;; esac - + ;; +esac fi if test -n "$lt_cv_sys_max_cmd_len"; then @@ -7630,11 +7932,11 @@ if test ${lt_cv_to_host_file_cmd+y} then : printf %s "(cached) " >&6 -else $as_nop - case $host in +else case e in #( + e) case $host in *-*-mingw* ) case $build in - *-*-mingw* ) # actually msys + *-*-mingw* | *-*-windows* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) @@ -7647,7 +7949,7 @@ ;; *-*-cygwin* ) case $build in - *-*-mingw* ) # actually msys + *-*-mingw* | *-*-windows* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) @@ -7662,7 +7964,8 @@ lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac - + ;; +esac fi to_host_file_cmd=$lt_cv_to_host_file_cmd @@ -7678,19 +7981,20 @@ if test ${lt_cv_to_tool_file_cmd+y} then : printf %s "(cached) " >&6 -else $as_nop - #assume ordinary cross tools, or native build. +else case e in #( + e) #assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in - *-*-mingw* ) + *-*-mingw* | *-*-windows* ) case $build in - *-*-mingw* ) # actually msys + *-*-mingw* | *-*-windows* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac - + ;; +esac fi to_tool_file_cmd=$lt_cv_to_tool_file_cmd @@ -7706,8 +8010,9 @@ if test ${lt_cv_ld_reload_flag+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_ld_reload_flag='-r' +else case e in #( + e) lt_cv_ld_reload_flag='-r' ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 printf "%s\n" "$lt_cv_ld_reload_flag" >&6; } @@ -7718,7 +8023,7 @@ esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in - cygwin* | mingw* | pw32* | cegcc*) + cygwin* | mingw* | windows* | pw32* | cegcc*) if test yes != "$GCC"; then reload_cmds=false fi @@ -7740,6 +8045,56 @@ +# Extract the first word of "file", so it can be a program name with args. +set dummy file; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_FILECMD+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if test -n "$FILECMD"; then + ac_cv_prog_FILECMD="$FILECMD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_FILECMD="file" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_prog_FILECMD" && ac_cv_prog_FILECMD=":" +fi ;; +esac +fi +FILECMD=$ac_cv_prog_FILECMD +if test -n "$FILECMD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $FILECMD" >&5 +printf "%s\n" "$FILECMD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + + + + + + if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 @@ -7748,8 +8103,8 @@ if test ${ac_cv_prog_OBJDUMP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$OBJDUMP"; then +else case e in #( + e) if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -7771,7 +8126,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then @@ -7793,8 +8149,8 @@ if test ${ac_cv_prog_ac_ct_OBJDUMP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_OBJDUMP"; then +else case e in #( + e) if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -7816,7 +8172,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then @@ -7854,8 +8211,8 @@ if test ${lt_cv_deplibs_check_method+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_file_magic_cmd='$MAGIC_CMD' +else case e in #( + e) lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support @@ -7863,7 +8220,6 @@ # 'none' -- dependencies not supported. # 'unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. -# 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path # that responds to the $file_magic_cmd with a given extended regex. # If you have 'file' or equivalent on your system and you're not sure @@ -7880,7 +8236,7 @@ bsdi[45]*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' - lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_cmd='$FILECMD -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; @@ -7890,7 +8246,7 @@ lt_cv_file_magic_cmd='func_win32_libid' ;; -mingw* | pw32*) +mingw* | windows* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. @@ -7899,7 +8255,7 @@ lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. - lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64|pe-aarch64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; @@ -7914,14 +8270,14 @@ lt_cv_deplibs_check_method=pass_all ;; -freebsd* | dragonfly*) +freebsd* | dragonfly* | midnightbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac @@ -7935,7 +8291,7 @@ ;; hpux10.20* | hpux11*) - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' @@ -7972,6 +8328,10 @@ lt_cv_deplibs_check_method=pass_all ;; +*-mlibc) + lt_cv_deplibs_check_method=pass_all + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' @@ -7982,7 +8342,7 @@ newos6*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' - lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_cmd=$FILECMD lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; @@ -7990,7 +8350,7 @@ lt_cv_deplibs_check_method=pass_all ;; -openbsd* | bitrig*) +openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else @@ -8006,6 +8366,10 @@ lt_cv_deplibs_check_method=pass_all ;; +serenity*) + lt_cv_deplibs_check_method=pass_all + ;; + solaris*) lt_cv_deplibs_check_method=pass_all ;; @@ -8048,7 +8412,8 @@ lt_cv_deplibs_check_method=pass_all ;; esac - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 printf "%s\n" "$lt_cv_deplibs_check_method" >&6; } @@ -8057,7 +8422,7 @@ want_nocaseglob=no if test "$build" = "$host"; then case $host_os in - mingw* | pw32*) + mingw* | windows* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else @@ -8100,8 +8465,8 @@ if test ${ac_cv_prog_DLLTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$DLLTOOL"; then +else case e in #( + e) if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8123,7 +8488,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then @@ -8145,8 +8511,8 @@ if test ${ac_cv_prog_ac_ct_DLLTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_DLLTOOL"; then +else case e in #( + e) if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8168,7 +8534,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then @@ -8207,11 +8574,11 @@ if test ${lt_cv_sharedlib_from_linklib_cmd+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_sharedlib_from_linklib_cmd='unknown' +else case e in #( + e) lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in -cygwin* | mingw* | pw32* | cegcc*) +cygwin* | mingw* | windows* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh; # decide which one to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in @@ -8228,7 +8595,8 @@ lt_cv_sharedlib_from_linklib_cmd=$ECHO ;; esac - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; } @@ -8242,6 +8610,110 @@ if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_RANLIB+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi ;; +esac +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +printf "%s\n" "$RANLIB" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_RANLIB+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi ;; +esac +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +printf "%s\n" "$ac_ct_RANLIB" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +if test -n "$ac_tool_prefix"; then for ac_prog in ar do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. @@ -8251,8 +8723,8 @@ if test ${ac_cv_prog_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$AR"; then +else case e in #( + e) if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8274,7 +8746,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi AR=$ac_cv_prog_AR if test -n "$AR"; then @@ -8300,8 +8773,8 @@ if test ${ac_cv_prog_ac_ct_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_AR"; then +else case e in #( + e) if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8323,7 +8796,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then @@ -8352,13 +8826,29 @@ fi : ${AR=ar} -: ${AR_FLAGS=cr} +# Use ARFLAGS variable as AR's operation code to sync the variable naming with +# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have +# higher priority because that's what people were doing historically (setting +# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS +# variable obsoleted/removed. + +test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr} +lt_ar_flags=$AR_FLAGS + + + + + + +# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override +# by AR_FLAGS because that was never working and AR_FLAGS is about to die. + @@ -8369,8 +8859,8 @@ if test ${lt_cv_ar_at_file+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_ar_at_file=no +else case e in #( + e) lt_cv_ar_at_file=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8407,7 +8897,8 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 printf "%s\n" "$lt_cv_ar_at_file" >&6; } @@ -8432,8 +8923,8 @@ if test ${ac_cv_prog_STRIP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$STRIP"; then +else case e in #( + e) if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8455,7 +8946,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then @@ -8477,8 +8969,8 @@ if test ${ac_cv_prog_ac_ct_STRIP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_STRIP"; then +else case e in #( + e) if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8500,7 +8992,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then @@ -8533,107 +9026,6 @@ -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. -set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_prog_RANLIB+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -RANLIB=$ac_cv_prog_RANLIB -if test -n "$RANLIB"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 -printf "%s\n" "$RANLIB" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_RANLIB"; then - ac_ct_RANLIB=$RANLIB - # Extract the first word of "ranlib", so it can be a program name with args. -set dummy ranlib; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_prog_ac_ct_RANLIB+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RANLIB"; then - ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_RANLIB="ranlib" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB -if test -n "$ac_ct_RANLIB"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 -printf "%s\n" "$ac_ct_RANLIB" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - if test "x$ac_ct_RANLIB" = x; then - RANLIB=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - RANLIB=$ac_ct_RANLIB - fi -else - RANLIB="$ac_cv_prog_RANLIB" -fi test -z "$RANLIB" && RANLIB=: @@ -8648,15 +9040,8 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then - case $host_os in - bitrig* | openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" - ;; - *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" - ;; - esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in @@ -8720,8 +9105,8 @@ if test ${lt_cv_sys_global_symbol_pipe+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] @@ -8736,7 +9121,7 @@ aix*) symcode='[BCDT]' ;; -cygwin* | mingw* | pw32* | cegcc*) +cygwin* | mingw* | windows* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) @@ -8751,7 +9136,7 @@ symcode='[BCDEGQRST]' ;; solaris*) - symcode='[BDRT]' + symcode='[BCDRT]' ;; sco3.2v5*) symcode='[DT]' @@ -8775,7 +9160,7 @@ if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Gets list of data symbols to import. - lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'" # Adjust the below global symbol transforms to fixup imported variables. lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" @@ -8793,20 +9178,20 @@ # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +lt_cv_sys_global_symbol_to_cdecl="$SED -n"\ $lt_cdecl_hook\ " -e 's/^T .* \(.*\)$/extern int \1();/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\ $lt_c_name_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" # Transform an extracted symbol line into symbol name with lib prefix and # symbol address. -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\ $lt_c_name_lib_hook\ " -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ " -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ @@ -8815,7 +9200,7 @@ # Handle CRLF in mingw tool chain opt_cr= case $build_os in -mingw*) +mingw* | windows*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac @@ -8830,7 +9215,7 @@ if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function, # D for any global variable and I for any imported variable. - # Also find C++ and __fastcall symbols from MSVC++, + # Also find C++ and __fastcall symbols from MSVC++ or ICC, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ @@ -8848,9 +9233,9 @@ " s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx" else - lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi - lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no @@ -8866,7 +9251,7 @@ #ifdef __cplusplus } #endif -int main(){nm_test_var='a';nm_test_func();return(0);} +int main(void){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 @@ -8973,7 +9358,8 @@ lt_cv_sys_global_symbol_pipe= fi done - + ;; +esac fi if test -z "$lt_cv_sys_global_symbol_pipe"; then @@ -9037,8 +9423,9 @@ if test ${with_sysroot+y} then : withval=$with_sysroot; -else $as_nop - with_sysroot=no +else case e in #( + e) with_sysroot=no ;; +esac fi @@ -9046,11 +9433,13 @@ case $with_sysroot in #( yes) if test yes = "$GCC"; then - lt_sysroot=`$CC --print-sysroot 2>/dev/null` + # Trim trailing / since we'll always append absolute paths and we want + # to avoid //, if only for less confusing output for the user. + lt_sysroot=`$CC --print-sysroot 2>/dev/null | $SED 's:/\+$::'` fi ;; #( /*) - lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"` ;; #( no|'') ;; #( @@ -9073,8 +9462,8 @@ if test ${ac_cv_path_lt_DD+y} then : printf %s "(cached) " >&6 -else $as_nop - printf 0123456789abcdef0123456789abcdef >conftest.i +else case e in #( + e) printf 0123456789abcdef0123456789abcdef >conftest.i cat conftest.i conftest.i >conftest2.i : ${lt_DD:=$DD} if test -z "$lt_DD"; then @@ -9110,7 +9499,8 @@ ac_cv_path_lt_DD=$lt_DD fi -rm -f conftest.i conftest2.i conftest.out +rm -f conftest.i conftest2.i conftest.out ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 printf "%s\n" "$ac_cv_path_lt_DD" >&6; } @@ -9121,8 +9511,8 @@ if test ${lt_cv_truncate_bin+y} then : printf %s "(cached) " >&6 -else $as_nop - printf 0123456789abcdef0123456789abcdef >conftest.i +else case e in #( + e) printf 0123456789abcdef0123456789abcdef >conftest.i cat conftest.i conftest.i >conftest2.i lt_cv_truncate_bin= if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then @@ -9130,7 +9520,8 @@ && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" fi rm -f conftest.i conftest2.i conftest.out -test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 printf "%s\n" "$lt_cv_truncate_bin" >&6; } @@ -9175,7 +9566,7 @@ ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE=32 ;; @@ -9196,7 +9587,7 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test yes = "$lt_cv_prog_gnu_ld"; then - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; @@ -9208,7 +9599,7 @@ ;; esac else - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; @@ -9234,7 +9625,7 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then emul=elf - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *32-bit*) emul="${emul}32" ;; @@ -9242,7 +9633,7 @@ emul="${emul}64" ;; esac - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *MSB*) emul="${emul}btsmip" ;; @@ -9250,7 +9641,7 @@ emul="${emul}ltsmip" ;; esac - case `/usr/bin/file conftest.$ac_objext` in + case `$FILECMD conftest.$ac_objext` in *N32*) emul="${emul}n32" ;; @@ -9261,7 +9652,7 @@ ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ -s390*-*linux*|s390*-*tpf*|sparc*-*linux*) +s390*-*linux*|s390*-*tpf*|sparc*-*linux*|x86_64-gnu*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. Note that the listed cases only cover the # situations where additional linker options are needed (such as when @@ -9274,14 +9665,14 @@ ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - case `/usr/bin/file conftest.o` in + case `$FILECMD conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; - x86_64-*linux*) - case `/usr/bin/file conftest.o` in + x86_64-*linux*|x86_64-gnu*) + case `$FILECMD conftest.o` in *x86-64*) LD="${LD-ld} -m elf32_x86_64" ;; @@ -9309,7 +9700,7 @@ x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; - x86_64-*linux*) + x86_64-*linux*|x86_64-gnu*) LD="${LD-ld} -m elf_x86_64" ;; powerpcle-*linux*) @@ -9340,8 +9731,8 @@ if test ${lt_cv_cc_needs_belf+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_ext=c +else case e in #( + e) ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' @@ -9361,8 +9752,9 @@ if ac_fn_c_try_link "$LINENO" then : lt_cv_cc_needs_belf=yes -else $as_nop - lt_cv_cc_needs_belf=no +else case e in #( + e) lt_cv_cc_needs_belf=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -9371,7 +9763,8 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 printf "%s\n" "$lt_cv_cc_needs_belf" >&6; } @@ -9389,7 +9782,7 @@ ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - case `/usr/bin/file conftest.o` in + case `$FILECMD conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) @@ -9429,8 +9822,8 @@ if test ${ac_cv_prog_MANIFEST_TOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$MANIFEST_TOOL"; then +else case e in #( + e) if test -n "$MANIFEST_TOOL"; then ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9452,7 +9845,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL if test -n "$MANIFEST_TOOL"; then @@ -9474,8 +9868,8 @@ if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_MANIFEST_TOOL"; then +else case e in #( + e) if test -n "$ac_ct_MANIFEST_TOOL"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9497,7 +9891,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL if test -n "$ac_ct_MANIFEST_TOOL"; then @@ -9526,22 +9921,23 @@ test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } -if test ${lt_cv_path_mainfest_tool+y} +if test ${lt_cv_path_manifest_tool+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_path_mainfest_tool=no +else case e in #( + e) lt_cv_path_manifest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&5 if $GREP 'Manifest Tool' conftest.out > /dev/null; then - lt_cv_path_mainfest_tool=yes + lt_cv_path_manifest_tool=yes fi - rm -f conftest* + rm -f conftest* ;; +esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 -printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; } -if test yes != "$lt_cv_path_mainfest_tool"; then +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_manifest_tool" >&5 +printf "%s\n" "$lt_cv_path_manifest_tool" >&6; } +if test yes != "$lt_cv_path_manifest_tool"; then MANIFEST_TOOL=: fi @@ -9560,8 +9956,8 @@ if test ${ac_cv_prog_DSYMUTIL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$DSYMUTIL"; then +else case e in #( + e) if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9583,7 +9979,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then @@ -9605,8 +10002,8 @@ if test ${ac_cv_prog_ac_ct_DSYMUTIL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_DSYMUTIL"; then +else case e in #( + e) if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9628,7 +10025,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then @@ -9662,8 +10060,8 @@ if test ${ac_cv_prog_NMEDIT+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$NMEDIT"; then +else case e in #( + e) if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9685,7 +10083,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then @@ -9707,8 +10106,8 @@ if test ${ac_cv_prog_ac_ct_NMEDIT+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_NMEDIT"; then +else case e in #( + e) if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9730,7 +10129,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then @@ -9764,8 +10164,8 @@ if test ${ac_cv_prog_LIPO+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$LIPO"; then +else case e in #( + e) if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9787,7 +10187,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then @@ -9809,8 +10210,8 @@ if test ${ac_cv_prog_ac_ct_LIPO+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_LIPO"; then +else case e in #( + e) if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9832,7 +10233,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then @@ -9866,8 +10268,8 @@ if test ${ac_cv_prog_OTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$OTOOL"; then +else case e in #( + e) if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9889,7 +10291,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then @@ -9911,8 +10314,8 @@ if test ${ac_cv_prog_ac_ct_OTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_OTOOL"; then +else case e in #( + e) if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9934,7 +10337,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then @@ -9968,8 +10372,8 @@ if test ${ac_cv_prog_OTOOL64+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$OTOOL64"; then +else case e in #( + e) if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9991,7 +10395,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then @@ -10013,8 +10418,8 @@ if test ${ac_cv_prog_ac_ct_OTOOL64+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_OTOOL64"; then +else case e in #( + e) if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10036,7 +10441,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then @@ -10093,8 +10499,8 @@ if test ${lt_cv_apple_cc_single_mod+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_apple_cc_single_mod=no +else case e in #( + e) lt_cv_apple_cc_single_mod=no if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE @@ -10120,18 +10526,58 @@ fi rm -rf libconftest.dylib* rm -f conftest.* - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; } + # Feature test to disable chained fixups since it is not + # compatible with '-undefined dynamic_lookup' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -no_fixup_chains linker flag" >&5 +printf %s "checking for -no_fixup_chains linker flag... " >&6; } +if test ${lt_cv_support_no_fixup_chains+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,-no_fixup_chains" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + lt_cv_support_no_fixup_chains=yes +else case e in #( + e) lt_cv_support_no_fixup_chains=no + ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_support_no_fixup_chains" >&5 +printf "%s\n" "$lt_cv_support_no_fixup_chains" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 printf %s "checking for -exported_symbols_list linker flag... " >&6; } if test ${lt_cv_ld_exported_symbols_list+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_ld_exported_symbols_list=no +else case e in #( + e) lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" @@ -10149,13 +10595,15 @@ if ac_fn_c_try_link "$LINENO" then : lt_cv_ld_exported_symbols_list=yes -else $as_nop - lt_cv_ld_exported_symbols_list=no +else case e in #( + e) lt_cv_ld_exported_symbols_list=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; } @@ -10165,19 +10613,19 @@ if test ${lt_cv_ld_force_load+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_ld_force_load=no +else case e in #( + e) lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 - echo "$AR cr libconftest.a conftest.o" >&5 - $AR cr libconftest.a conftest.o 2>&5 + echo "$AR $AR_FLAGS libconftest.a conftest.o" >&5 + $AR $AR_FLAGS libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF -int main() { return 0;} +int main(void) { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err @@ -10191,7 +10639,8 @@ fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 printf "%s\n" "$lt_cv_ld_force_load" >&6; } @@ -10200,23 +10649,37 @@ _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - darwin*) # darwin 5.x on - # if running on 10.5 or later, the deployment target defaults - # to the OS version, if on x86, and 10.4, the deployment - # target defaults to 10.4. Don't you love it? - case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[912]*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.[012][,.]*) - _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*|11.*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + darwin*) + case $MACOSX_DEPLOYMENT_TARGET,$host in + 10.[012],*|,*powerpc*-darwin[5-8]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + *) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' + if test yes = "$lt_cv_support_no_fixup_chains"; then + as_fn_append _lt_dar_allow_undefined ' $wl-no_fixup_chains' + fi + ;; esac ;; esac if test yes = "$lt_cv_apple_cc_single_mod"; then _lt_dar_single_mod='$single_module' fi + _lt_dar_needs_single_mod=no + case $host_os in + rhapsody* | darwin1.*) + _lt_dar_needs_single_mod=yes ;; + darwin*) + # When targeting Mac OS X 10.4 (darwin 8) or later, + # -single_module is the default and -multi_module is unsupported. + # The toolchain on macOS 10.14 (darwin 18) and later cannot + # target any OS version that needs -single_module. + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*-darwin[567].*|10.[0-3],*-darwin[5-9].*|10.[0-3],*-darwin1[0-7].*) + _lt_dar_needs_single_mod=yes ;; + esac + ;; + esac if test yes = "$lt_cv_ld_exported_symbols_list"; then _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' else @@ -10281,7 +10744,7 @@ enable_win32_dll=yes case $host in -*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) +*-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-cegcc*) if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}as", so it can be a program name with args. set dummy ${ac_tool_prefix}as; ac_word=$2 @@ -10290,8 +10753,8 @@ if test ${ac_cv_prog_AS+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$AS"; then +else case e in #( + e) if test -n "$AS"; then ac_cv_prog_AS="$AS" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10313,7 +10776,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi AS=$ac_cv_prog_AS if test -n "$AS"; then @@ -10335,8 +10799,8 @@ if test ${ac_cv_prog_ac_ct_AS+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_AS"; then +else case e in #( + e) if test -n "$ac_ct_AS"; then ac_cv_prog_ac_ct_AS="$ac_ct_AS" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10358,7 +10822,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_AS=$ac_cv_prog_ac_ct_AS if test -n "$ac_ct_AS"; then @@ -10392,8 +10857,8 @@ if test ${ac_cv_prog_DLLTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$DLLTOOL"; then +else case e in #( + e) if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10415,7 +10880,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then @@ -10437,8 +10903,8 @@ if test ${ac_cv_prog_ac_ct_DLLTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_DLLTOOL"; then +else case e in #( + e) if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10460,7 +10926,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then @@ -10494,8 +10961,8 @@ if test ${ac_cv_prog_OBJDUMP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$OBJDUMP"; then +else case e in #( + e) if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10517,7 +10984,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then @@ -10539,8 +11007,8 @@ if test ${ac_cv_prog_ac_ct_OBJDUMP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_OBJDUMP"; then +else case e in #( + e) if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10562,7 +11030,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then @@ -10635,8 +11104,9 @@ IFS=$lt_save_ifs ;; esac -else $as_nop - enable_shared=yes +else case e in #( + e) enable_shared=yes ;; +esac fi @@ -10667,8 +11137,9 @@ IFS=$lt_save_ifs ;; esac -else $as_nop - enable_static=yes +else case e in #( + e) enable_static=yes ;; +esac fi @@ -10679,28 +11150,52 @@ - -# Check whether --with-pic was given. + # Check whether --enable-pic was given. +if test ${enable_pic+y} +then : + enableval=$enable_pic; lt_p=${PACKAGE-default} + case $enableval in + yes|no) pic_mode=$enableval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else case e in #( + e) # Check whether --with-pic was given. if test ${with_pic+y} then : withval=$with_pic; lt_p=${PACKAGE-default} - case $withval in - yes|no) pic_mode=$withval ;; - *) - pic_mode=default - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for lt_pkg in $withval; do - IFS=$lt_save_ifs - if test "X$lt_pkg" = "X$lt_p"; then - pic_mode=yes - fi - done - IFS=$lt_save_ifs - ;; - esac -else $as_nop - pic_mode=default + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $withval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else case e in #( + e) pic_mode=default ;; +esac +fi + + ;; +esac fi @@ -10730,8 +11225,9 @@ IFS=$lt_save_ifs ;; esac -else $as_nop - enable_fast_install=yes +else case e in #( + e) enable_fast_install=yes ;; +esac fi @@ -10746,29 +11242,46 @@ power*-*-aix[5-9]*,yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 printf %s "checking which variant of shared library versioning to provide... " >&6; } - -# Check whether --with-aix-soname was given. + # Check whether --enable-aix-soname was given. +if test ${enable_aix_soname+y} +then : + enableval=$enable_aix_soname; case $enableval in + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --enable-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$enable_aix_soname +else case e in #( + e) # Check whether --with-aix-soname was given. if test ${with_aix_soname+y} then : withval=$with_aix_soname; case $withval in - aix|svr4|both) - ;; - *) - as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 - ;; - esac - lt_cv_with_aix_soname=$with_aix_soname -else $as_nop - if test ${lt_cv_with_aix_soname+y} + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +else case e in #( + e) if test ${lt_cv_with_aix_soname+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_with_aix_soname=aix +else case e in #( + e) lt_cv_with_aix_soname=aix ;; +esac +fi + ;; +esac fi - with_aix_soname=$lt_cv_with_aix_soname + enable_aix_soname=$lt_cv_with_aix_soname ;; +esac fi + with_aix_soname=$enable_aix_soname { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 printf "%s\n" "$with_aix_soname" >&6; } if test aix != "$with_aix_soname"; then @@ -10857,8 +11370,8 @@ if test ${lt_cv_objdir+y} then : printf %s "(cached) " >&6 -else $as_nop - rm -f .libs 2>/dev/null +else case e in #( + e) rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs @@ -10866,7 +11379,8 @@ # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi -rmdir .libs 2>/dev/null +rmdir .libs 2>/dev/null ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 printf "%s\n" "$lt_cv_objdir" >&6; } @@ -10897,8 +11411,8 @@ ofile=libtool can_build_shared=yes -# All known linkers require a '.a' archive for static linking (except MSVC, -# which needs '.lib'). +# All known linkers require a '.a' archive for static linking (except MSVC and +# ICC, which need '.lib'). libext=a with_gnu_ld=$lt_cv_prog_gnu_ld @@ -10927,8 +11441,8 @@ if test ${lt_cv_path_MAGIC_CMD+y} then : printf %s "(cached) " >&6 -else $as_nop - case $MAGIC_CMD in +else case e in #( + e) case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; @@ -10971,6 +11485,7 @@ IFS=$lt_save_ifs MAGIC_CMD=$lt_save_MAGIC_CMD ;; +esac ;; esac fi @@ -10994,8 +11509,8 @@ if test ${lt_cv_path_MAGIC_CMD+y} then : printf %s "(cached) " >&6 -else $as_nop - case $MAGIC_CMD in +else case e in #( + e) case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; @@ -11038,6 +11553,7 @@ IFS=$lt_save_ifs MAGIC_CMD=$lt_save_MAGIC_CMD ;; +esac ;; esac fi @@ -11081,7 +11597,7 @@ lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests -lt_simple_link_test_code='int main(){return(0);}' +lt_simple_link_test_code='int main(void){return(0);}' @@ -11137,8 +11653,8 @@ if test ${lt_cv_prog_compiler_rtti_exceptions+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_rtti_exceptions=no +else case e in #( + e) lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment @@ -11166,7 +11682,8 @@ fi fi $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; } @@ -11222,7 +11739,7 @@ # PIC is the default for these OSes. ;; - mingw* | cygwin* | pw32* | os2* | cegcc*) + mingw* | windows* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style @@ -11325,7 +11842,7 @@ esac ;; - mingw* | cygwin* | pw32* | os2* | cegcc*) + mingw* | windows* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' @@ -11366,8 +11883,8 @@ lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; - # flang / f18. f95 an alias for gfortran or flang on Debian - flang* | f18* | f95*) + *flang* | ftn | f18* | f95*) + # Flang compiler. lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' @@ -11416,7 +11933,7 @@ lt_prog_compiler_static='-qstaticlink' ;; *) - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' @@ -11454,6 +11971,12 @@ lt_prog_compiler_static='-Bstatic' ;; + *-mlibc) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. @@ -11470,6 +11993,9 @@ lt_prog_compiler_static='-non_shared' ;; + serenity*) + ;; + solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' @@ -11537,8 +12063,9 @@ if test ${lt_cv_prog_compiler_pic+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_pic=$lt_prog_compiler_pic +else case e in #( + e) lt_cv_prog_compiler_pic=$lt_prog_compiler_pic ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; } @@ -11553,8 +12080,8 @@ if test ${lt_cv_prog_compiler_pic_works+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_pic_works=no +else case e in #( + e) lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment @@ -11582,7 +12109,8 @@ fi fi $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; } @@ -11618,8 +12146,8 @@ if test ${lt_cv_prog_compiler_static_works+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_static_works=no +else case e in #( + e) lt_cv_prog_compiler_static_works=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext @@ -11640,7 +12168,8 @@ fi $RM -r conftest* LDFLAGS=$save_LDFLAGS - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; } @@ -11662,8 +12191,8 @@ if test ${lt_cv_prog_compiler_c_o+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_c_o=no +else case e in #( + e) lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest @@ -11703,7 +12232,8 @@ cd .. $RM -r conftest $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } @@ -11718,8 +12248,8 @@ if test ${lt_cv_prog_compiler_c_o+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_c_o=no +else case e in #( + e) lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest @@ -11759,7 +12289,8 @@ cd .. $RM -r conftest $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } @@ -11838,24 +12369,18 @@ extract_expsyms_cmds= case $host_os in - cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time + cygwin* | mingw* | windows* | pw32* | cegcc*) + # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. if test yes != "$GCC"; then with_gnu_ld=no fi ;; interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) + # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC) with_gnu_ld=yes ;; - openbsd* | bitrig*) - with_gnu_ld=no - ;; - linux* | k*bsd*-gnu | gnu*) - link_all_deplibs=no - ;; esac ld_shlibs=yes @@ -11902,7 +12427,7 @@ whole_archive_flag_spec= fi supports_anon_versioning=no - case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in + case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... @@ -11956,7 +12481,7 @@ fi ;; - cygwin* | mingw* | pw32* | cegcc*) + cygwin* | mingw* | windows* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' @@ -11966,6 +12491,7 @@ enable_shared_with_static_runtimes=yes export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + file_list_spec='@' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' @@ -11985,7 +12511,7 @@ haiku*) archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - link_all_deplibs=yes + link_all_deplibs=no ;; os2*) @@ -12012,8 +12538,9 @@ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ emximp -o $lib $output_objdir/$libname.def' - old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + old_archive_from_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' enable_shared_with_static_runtimes=yes + file_list_spec='@' ;; interix[3-9]*) @@ -12028,7 +12555,7 @@ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) @@ -12071,7 +12598,7 @@ compiler_needs_object=yes ;; esac - case `$CC -V 2>&1 | sed 5q` in + case `$CC -V 2>&1 | $SED 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' compiler_needs_object=yes @@ -12083,13 +12610,14 @@ if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in tcc*) + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' export_dynamic_flag_spec='-rdynamic' ;; xlf* | bgf* | bgxlf* | mpixlf*) @@ -12099,7 +12627,7 @@ archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi @@ -12110,6 +12638,11 @@ fi ;; + *-mlibc) + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' @@ -12231,7 +12764,7 @@ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no @@ -12356,8 +12889,8 @@ if test ${lt_cv_aix_libpath_+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -12389,7 +12922,8 @@ if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib fi - + ;; +esac fi aix_libpath=$lt_cv_aix_libpath_ @@ -12411,8 +12945,8 @@ if test ${lt_cv_aix_libpath_+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -12444,7 +12978,8 @@ if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib fi - + ;; +esac fi aix_libpath=$lt_cv_aix_libpath_ @@ -12500,14 +13035,14 @@ export_dynamic_flag_spec=-rdynamic ;; - cygwin* | mingw* | pw32* | cegcc*) + cygwin* | mingw* | windows* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. + # Microsoft Visual C++ or Intel C++ Compiler. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in - cl*) - # Native MSVC + cl* | icl*) + # Native MSVC or ICC hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported always_export_symbols=yes @@ -12517,14 +13052,14 @@ # Tell ltmain to make .dll files, not .so files. shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. - archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_cmds='$CC -Fe$output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then cp "$export_symbols" "$output_objdir/$soname.def"; echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; else $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + $CC -Fe$tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' @@ -12548,7 +13083,7 @@ fi' ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. @@ -12589,8 +13124,8 @@ output_verbose_link_cmd=func_echo_all archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" - archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" - module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + archive_expsym_cmds="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" else ld_shlibs=no @@ -12624,7 +13159,7 @@ ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | dragonfly*) + freebsd* | dragonfly* | midnightbsd*) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes @@ -12695,8 +13230,8 @@ if test ${lt_cv_prog_compiler__b+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler__b=no +else case e in #( + e) lt_cv_prog_compiler__b=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -b" echo "$lt_simple_link_test_code" > conftest.$ac_ext @@ -12717,7 +13252,8 @@ fi $RM -r conftest* LDFLAGS=$save_LDFLAGS - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 printf "%s\n" "$lt_cv_prog_compiler__b" >&6; } @@ -12765,8 +13301,8 @@ if test ${lt_cv_irix_exported_symbol+y} then : printf %s "(cached) " >&6 -else $as_nop - save_LDFLAGS=$LDFLAGS +else case e in #( + e) save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -12775,19 +13311,20 @@ if ac_fn_c_try_link "$LINENO" then : lt_cv_irix_exported_symbol=yes -else $as_nop - lt_cv_irix_exported_symbol=no +else case e in #( + e) lt_cv_irix_exported_symbol=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$save_LDFLAGS + LDFLAGS=$save_LDFLAGS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi - link_all_deplibs=no else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -12805,10 +13342,14 @@ # Fabrice Bellard et al's Tiny C Compiler ld_shlibs=yes archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ;; esac ;; + *-mlibc) + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out @@ -12831,7 +13372,7 @@ *nto* | *qnx*) ;; - openbsd* | bitrig*) + openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no @@ -12874,8 +13415,9 @@ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ emximp -o $lib $output_objdir/$libname.def' - old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + old_archive_from_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' enable_shared_with_static_runtimes=yes + file_list_spec='@' ;; osf3*) @@ -12909,6 +13451,9 @@ hardcode_libdir_separator=: ;; + serenity*) + ;; + solaris*) no_undefined_flag=' -z defs' if test yes = "$GCC"; then @@ -13106,8 +13651,8 @@ if test ${lt_cv_archive_cmds_need_lc+y} then : printf %s "(cached) " >&6 -else $as_nop - $RM conftest* +else case e in #( + e) $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 @@ -13143,7 +13688,8 @@ cat conftest.err 1>&5 fi $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; } @@ -13314,7 +13860,7 @@ *) lt_awk_arg='/^libraries:/' ;; esac case $host_os in - mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; + mingw* | windows* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; *) lt_sed_strip_eq='s|=/|/|g' ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` @@ -13372,7 +13918,7 @@ # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in - mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + mingw* | windows* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's|/\([A-Za-z]:\)|\1|g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` @@ -13446,7 +13992,7 @@ # Unfortunately, runtime linking may impact performance, so we do # not want this to be the default eventually. Also, we use the # versioned .so libs for executables only if there is the -brtl - # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # linker flag in LDFLAGS as well, or --enable-aix-soname=svr4 only. # To allow for filename-based versioning support, we need to create # libNAME.so.V as an archive file, containing: # *) an Import File, referring to the versioned filename of the @@ -13540,7 +14086,7 @@ # libtool to hard-code these into programs ;; -cygwin* | mingw* | pw32* | cegcc*) +cygwin* | mingw* | windows* | pw32* | cegcc*) version_type=windows shrext_cmds=.dll need_version=no @@ -13551,15 +14097,29 @@ # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \$file`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname~ - if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then - eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; - fi' + # If user builds GCC with multilib enabled, + # it should just install on $(libdir) + # not on $(libdir)/../bin or 32 bits dlls would override 64 bit ones. + if test xyes = x"$multilib"; then + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + $install_prog $dir/$dlname $destdir/$dlname~ + chmod a+x $destdir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib $destdir/$dlname'\'' || exit \$?; + fi' + else + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + fi postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' @@ -13568,30 +14128,30 @@ case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; - mingw* | cegcc*) + mingw* | windows* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' ;; - *,cl*) - # Native MSVC + *,cl* | *,icl*) + # Native MSVC or ICC libname_spec='$name' soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' library_names_spec='$libname.dll.lib' case $build_os in - mingw*) + mingw* | windows*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' @@ -13604,7 +14164,7 @@ done IFS=$lt_save_ifs # Convert to MSYS style. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form @@ -13641,7 +14201,7 @@ ;; *) - # Assume MSVC wrapper + # Assume MSVC and ICC wrapper library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; @@ -13674,7 +14234,7 @@ shlibpath_var=LD_LIBRARY_PATH ;; -freebsd* | dragonfly*) +freebsd* | dragonfly* | midnightbsd*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then @@ -13698,7 +14258,28 @@ need_version=yes ;; esac + case $host_cpu in + powerpc64) + # On FreeBSD bi-arch platforms, a different variable is used for 32-bit + # binaries. See . + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int test_pointer_size[sizeof (void *) - 5]; + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : shlibpath_var=LD_LIBRARY_PATH +else case e in #( + e) shlibpath_var=LD_32_LIBRARY_PATH ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ;; + *) + shlibpath_var=LD_LIBRARY_PATH + ;; + esac case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes @@ -13728,8 +14309,9 @@ soname_spec='$libname$release$shared_ext$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=no - sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' - hardcode_into_libs=yes + sys_lib_search_path_spec='/boot/system/non-packaged/develop/lib /boot/system/develop/lib' + sys_lib_dlsearch_path_spec='/boot/home/config/non-packaged/lib /boot/home/config/lib /boot/system/non-packaged/lib /boot/system/lib' + hardcode_into_libs=no ;; hpux9* | hpux10* | hpux11*) @@ -13839,7 +14421,7 @@ version_type=none # Android doesn't support versioned libraries. need_lib_prefix=no need_version=no - library_names_spec='$libname$release$shared_ext' + library_names_spec='$libname$release$shared_ext $libname$shared_ext' soname_spec='$libname$release$shared_ext' finish_cmds= shlibpath_var=LD_LIBRARY_PATH @@ -13851,8 +14433,9 @@ hardcode_into_libs=yes dynamic_linker='Android linker' - # Don't embed -rpath directories since the linker doesn't support them. - hardcode_libdir_flag_spec='-L$libdir' + # -rpath works at least for libraries that are not overridden by + # libraries installed in system locations. + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ;; # This must be glibc/ELF. @@ -13870,8 +14453,8 @@ if test ${lt_cv_shlibpath_overrides_runpath+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_shlibpath_overrides_runpath=no +else case e in #( + e) lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ @@ -13898,7 +14481,8 @@ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir - + ;; +esac fi shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath @@ -13908,7 +14492,7 @@ # before this can be enabled. hardcode_into_libs=yes - # Ideally, we could use ldconfig to report *all* directores which are + # Ideally, we could use ldconfig to report *all* directories which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, @@ -13932,8 +14516,8 @@ version_type=linux need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes @@ -13958,6 +14542,18 @@ hardcode_into_libs=yes ;; +*-mlibc) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='mlibc ld.so' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' @@ -13977,7 +14573,7 @@ dynamic_linker='ldqnx.so' ;; -openbsd* | bitrig*) +openbsd*) version_type=sunos sys_lib_dlsearch_path_spec=/usr/lib need_lib_prefix=no @@ -14037,6 +14633,17 @@ dynamic_linker=no ;; +serenity*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + dynamic_linker='SerenityOS LibELF' + ;; + solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no @@ -14134,6 +14741,496 @@ shlibpath_var=LD_LIBRARY_PATH ;; +emscripten*) + version_type=none + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + dynamic_linker="Emscripten linker" + lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + + + if test yes = "$GCC"; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + lt_prog_compiler_pic='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | windows* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + lt_prog_compiler_wl='-Xlinker ' + if test -n "$lt_prog_compiler_pic"; then + lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + + mingw* | windows* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='$wl-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + # old Intel for x86_64, which still supported -KPIC. + ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + *flang* | ftn | f18* | f95*) + # Flang compiler. + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | $SED 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + *Sun\ F* | *Sun*Fortran*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + *Intel*\ [CF]*Compiler*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *Portland\ Group*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *-mlibc) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + + serenity*) + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +printf %s "checking for $compiler option to produce PIC... " >&6; } +if test ${lt_cv_prog_compiler_pic+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) lt_cv_prog_compiler_pic=$lt_prog_compiler_pic ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; } +lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if test ${lt_cv_prog_compiler_pic_works+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_pic_works"; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if test ${lt_cv_prog_compiler_static_works+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) lt_cv_prog_compiler_static_works=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works=yes + fi + else + lt_cv_prog_compiler_static_works=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_static_works"; then + : +else + lt_prog_compiler_static= +fi + + + +='-fPIC' + archive_cmds='$CC -sSIDE_MODULE=2 -shared $libobjs $deplibs $compiler_flags -o $lib' + archive_expsym_cmds='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -sSIDE_MODULE=2 -shared $libobjs $deplibs $compiler_flags -o $lib -s EXPORTED_FUNCTIONS=@$output_objdir/$soname.expsym' + archive_cmds_need_lc=no + no_undefined_flag= + ;; + *) dynamic_linker=no ;; @@ -14318,7 +15415,7 @@ lt_cv_dlopen_self=yes ;; - mingw* | pw32* | cegcc*) + mingw* | windows* | pw32* | cegcc*) lt_cv_dlopen=LoadLibrary lt_cv_dlopen_libs= ;; @@ -14335,16 +15432,22 @@ if test ${ac_cv_lib_dl_dlopen+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dlopen (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (void); int main (void) { @@ -14356,24 +15459,27 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dl_dlopen=yes -else $as_nop - ac_cv_lib_dl_dlopen=no +else case e in #( + e) ac_cv_lib_dl_dlopen=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else $as_nop - +else case e in #( + e) lt_cv_dlopen=dyld lt_cv_dlopen_libs= lt_cv_dlopen_self=yes - + ;; +esac fi ;; @@ -14391,22 +15497,28 @@ if test "x$ac_cv_func_shl_load" = xyes then : lt_cv_dlopen=shl_load -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 printf %s "checking for shl_load in -ldld... " >&6; } if test ${ac_cv_lib_dld_shl_load+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char shl_load (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (void); int main (void) { @@ -14418,39 +15530,47 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dld_shl_load=yes -else $as_nop - ac_cv_lib_dld_shl_load=no +else case e in #( + e) ac_cv_lib_dld_shl_load=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes then : lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld -else $as_nop - ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +else case e in #( + e) ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = xyes then : lt_cv_dlopen=dlopen -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 printf %s "checking for dlopen in -ldl... " >&6; } if test ${ac_cv_lib_dl_dlopen+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dlopen (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (void); int main (void) { @@ -14462,34 +15582,42 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dl_dlopen=yes -else $as_nop - ac_cv_lib_dl_dlopen=no +else case e in #( + e) ac_cv_lib_dl_dlopen=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 printf %s "checking for dlopen in -lsvld... " >&6; } if test ${ac_cv_lib_svld_dlopen+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dlopen (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (void); int main (void) { @@ -14501,34 +15629,42 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_svld_dlopen=yes -else $as_nop - ac_cv_lib_svld_dlopen=no +else case e in #( + e) ac_cv_lib_svld_dlopen=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 printf %s "checking for dld_link in -ldld... " >&6; } if test ${ac_cv_lib_dld_dld_link+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dld_link (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (void); int main (void) { @@ -14540,12 +15676,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dld_dld_link=yes -else $as_nop - ac_cv_lib_dld_dld_link=no +else case e in #( + e) ac_cv_lib_dld_dld_link=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; } @@ -14554,19 +15692,24 @@ lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld fi - + ;; +esac fi - + ;; +esac fi - + ;; +esac fi - + ;; +esac fi - + ;; +esac fi ;; @@ -14594,8 +15737,8 @@ if test ${lt_cv_dlopen_self+y} then : printf %s "(cached) " >&6 -else $as_nop - if test yes = "$cross_compiling"; then : +else case e in #( + e) if test yes = "$cross_compiling"; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -14645,11 +15788,11 @@ /* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) -int fnord () __attribute__((visibility("default"))); +int fnord (void) __attribute__((visibility("default"))); #endif -int fnord () { return 42; } -int main () +int fnord (void) { return 42; } +int main (void) { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; @@ -14689,7 +15832,8 @@ fi rm -fr conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 printf "%s\n" "$lt_cv_dlopen_self" >&6; } @@ -14701,8 +15845,8 @@ if test ${lt_cv_dlopen_self_static+y} then : printf %s "(cached) " >&6 -else $as_nop - if test yes = "$cross_compiling"; then : +else case e in #( + e) if test yes = "$cross_compiling"; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -14752,11 +15896,11 @@ /* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) -int fnord () __attribute__((visibility("default"))); +int fnord (void) __attribute__((visibility("default"))); #endif -int fnord () { return 42; } -int main () +int fnord (void) { return 42; } +int main (void) { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; @@ -14796,7 +15940,8 @@ fi rm -fr conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 printf "%s\n" "$lt_cv_dlopen_self_static" >&6; } @@ -14839,30 +15984,41 @@ old_striplib= { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 printf %s "checking whether stripping libraries is possible... " >&6; } -if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } +if test -z "$STRIP"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP"; then + if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + case $host_os in + darwin*) + # FIXME - insert some real tests, host_os isn't really good enough striplib="$STRIP -x" old_striplib="$STRIP -S" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + ;; + freebsd*) + if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then + old_striplib="$STRIP --strip-debug" + striplib="$STRIP --strip-unneeded" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - fi - ;; - *) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + fi + ;; + *) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - ;; - esac + ;; + esac + fi fi @@ -14959,8 +16115,8 @@ if test ${ac_cv_prog_RC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RC"; then +else case e in #( + e) if test -n "$RC"; then ac_cv_prog_RC="$RC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -14982,7 +16138,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi RC=$ac_cv_prog_RC if test -n "$RC"; then @@ -15004,8 +16161,8 @@ if test ${ac_cv_prog_ac_ct_RC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RC"; then +else case e in #( + e) if test -n "$ac_ct_RC"; then ac_cv_prog_ac_ct_RC="$ac_ct_RC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -15027,7 +16184,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_RC=$ac_cv_prog_ac_ct_RC if test -n "$ac_ct_RC"; then @@ -15138,8 +16296,8 @@ if test ${ac_cv_c_const+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -15203,10 +16361,12 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_const=yes -else $as_nop - ac_cv_c_const=no +else case e in #( + e) ac_cv_c_const=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 printf "%s\n" "$ac_cv_c_const" >&6; } @@ -15221,8 +16381,8 @@ if test ${ac_cv_c_inline+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_c_inline=no +else case e in #( + e) ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15240,7 +16400,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext test "$ac_cv_c_inline" != no && break done - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 printf "%s\n" "$ac_cv_c_inline" >&6; } @@ -15265,8 +16426,8 @@ if test ${ac_cv_c_volatile+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -15283,10 +16444,12 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_volatile=yes -else $as_nop - ac_cv_c_volatile=no +else case e in #( + e) ac_cv_c_volatile=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5 printf "%s\n" "$ac_cv_c_volatile" >&6; } @@ -15300,10 +16463,11 @@ if test "x$ac_cv_type_off_t" = xyes then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define off_t long int" >>confdefs.h - + ;; +esac fi @@ -15312,8 +16476,8 @@ if test "x$ac_cv_type_pid_t" = xyes then : -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #if defined _WIN64 && !defined __CYGWIN__ @@ -15332,14 +16496,16 @@ if ac_fn_c_try_compile "$LINENO" then : ac_pid_type='int' -else $as_nop - ac_pid_type='__int64' +else case e in #( + e) ac_pid_type='__int64' ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext printf "%s\n" "#define pid_t $ac_pid_type" >>confdefs.h - + ;; +esac fi @@ -15347,77 +16513,34 @@ if test "x$ac_cv_type_size_t" = xyes then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define size_t unsigned int" >>confdefs.h - + ;; +esac fi - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 -printf %s "checking for uid_t in sys/types.h... " >&6; } -if test ${ac_cv_type_uid_t+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "uid_t" >/dev/null 2>&1 +ac_fn_c_check_type "$LINENO" "uid_t" "ac_cv_type_uid_t" "$ac_includes_default" +if test "x$ac_cv_type_uid_t" = xyes then : - ac_cv_type_uid_t=yes -else $as_nop - ac_cv_type_uid_t=no -fi -rm -rf conftest* - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 -printf "%s\n" "$ac_cv_type_uid_t" >&6; } -if test $ac_cv_type_uid_t = no; then +else case e in #( + e) printf "%s\n" "#define uid_t int" >>confdefs.h - - -printf "%s\n" "#define gid_t int" >>confdefs.h - + ;; +esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 -printf %s "checking return type of signal handlers... " >&6; } -if test ${ac_cv_type_signal+y} +ac_fn_c_check_type "$LINENO" "gid_t" "ac_cv_type_gid_t" "$ac_includes_default" +if test "x$ac_cv_type_gid_t" = xyes then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -int -main (void) -{ -return *(signal (0, 0)) (0) == 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ac_cv_type_signal=int -else $as_nop - ac_cv_type_signal=void -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +else case e in #( + e) +printf "%s\n" "#define gid_t int" >>confdefs.h + ;; +esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 -printf "%s\n" "$ac_cv_type_signal" >&6; } - -printf "%s\n" "#define RETSIGTYPE $ac_cv_type_signal" >>confdefs.h - ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " @@ -15433,15 +16556,15 @@ if test "x$ac_cv_type_socklen_t" = xyes then : -else $as_nop - +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5 printf %s "checking for socklen_t equivalent... " >&6; } if test ${ax_cv_socklen_t_equiv+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) #AS_CASE is not supported on >confdefs.h - + ;; +esac fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_socklen_t_equiv" >&5 printf "%s\n" "$ax_cv_socklen_t_equiv" >&6; } - + ;; +esac fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5 printf %s "checking size of unsigned int... " >&6; } if test ${ac_cv_sizeof_unsigned_int+y} then : printf %s "(cached) " >&6 -else $as_nop - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default" +else case e in #( + e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default" then : -else $as_nop - if test "$ac_cv_type_unsigned_int" = yes; then - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) if test "$ac_cv_type_unsigned_int" = yes; then + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned int) -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_int=0 - fi + fi ;; +esac fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5 printf "%s\n" "$ac_cv_sizeof_unsigned_int" >&6; } @@ -15533,28 +16661,30 @@ # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5 printf %s "checking size of unsigned long... " >&6; } if test ${ac_cv_sizeof_unsigned_long+y} then : printf %s "(cached) " >&6 -else $as_nop - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default" +else case e in #( + e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default" then : -else $as_nop - if test "$ac_cv_type_unsigned_long" = yes; then - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) if test "$ac_cv_type_unsigned_long" = yes; then + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long) -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_long=0 - fi + fi ;; +esac fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5 printf "%s\n" "$ac_cv_sizeof_unsigned_long" >&6; } @@ -15630,12 +16760,6 @@ printf "%s\n" "#define HAVE_NETDB_H 1" >>confdefs.h fi -ac_fn_c_check_header_compile "$LINENO" "versionhelpers.h" "ac_cv_header_versionhelpers_h" "$ac_includes_default" -if test "x$ac_cv_header_versionhelpers_h" = xyes -then : - printf "%s\n" "#define HAVE_VERSIONHELPERS_H 1" >>confdefs.h - -fi ac_fn_c_check_header_compile "$LINENO" "sys/time.h" "ac_cv_header_sys_time_h" "$ac_includes_default" if test "x$ac_cv_header_sys_time_h" = xyes @@ -15855,10 +16979,11 @@ printf "%s\n" "#define HAVE_IN_ADDR_T 1" >>confdefs.h -else $as_nop - +else case e in #( + e) printf "%s\n" "#define in_addr_t uint32_t" >>confdefs.h - + ;; +esac fi ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "${SOCKET_INCLUDES} @@ -15870,10 +16995,11 @@ printf "%s\n" "#define HAVE_IN_PORT_T 1" >>confdefs.h -else $as_nop - +else case e in #( + e) printf "%s\n" "#define in_port_t uint16_t" >>confdefs.h - + ;; +esac fi ac_fn_c_check_type "$LINENO" "struct iphdr" "ac_cv_type_struct_iphdr" "${SOCKET_INCLUDES} @@ -15942,8 +17068,9 @@ if test "x$ac_cv_type_struct_sockaddr_in6" = xyes then : -else $as_nop - as_fn_error $? "struct sockaddr_in6 not found, needed for ipv6 transport support." "$LINENO" 5 +else case e in #( + e) as_fn_error $? "struct sockaddr_in6 not found, needed for ipv6 transport support." "$LINENO" 5 ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC options needed to detect all undeclared functions" >&5 @@ -15951,8 +17078,8 @@ if test ${ac_cv_c_undeclared_builtin_options+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_CFLAGS=$CFLAGS +else case e in #( + e) ac_save_CFLAGS=$CFLAGS ac_cv_c_undeclared_builtin_options='cannot detect' for ac_arg in '' -fno-builtin; do CFLAGS="$ac_save_CFLAGS $ac_arg" @@ -15971,8 +17098,8 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - # This test program should compile successfully. +else case e in #( + e) # This test program should compile successfully. # No library function is consistently available on # freestanding implementations, so test against a dummy # declaration. Include always-available headers on the @@ -16000,26 +17127,29 @@ if test x"$ac_arg" = x then : ac_cv_c_undeclared_builtin_options='none needed' -else $as_nop - ac_cv_c_undeclared_builtin_options=$ac_arg +else case e in #( + e) ac_cv_c_undeclared_builtin_options=$ac_arg ;; +esac fi break fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done CFLAGS=$ac_save_CFLAGS - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5 printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; } case $ac_cv_c_undeclared_builtin_options in #( 'cannot detect') : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot make $CC report undeclared builtins -See \`config.log' for more details" "$LINENO" 5; } ;; #( +See 'config.log' for more details" "$LINENO" 5; } ;; #( 'none needed') : ac_c_undeclared_builtin_options='' ;; #( *) : @@ -16032,8 +17162,9 @@ if test "x$ac_cv_have_decl_SO_MARK" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_SO_MARK $ac_have_decl" >>confdefs.h @@ -16070,10 +17201,11 @@ printf "%s\n" "#define HAVE_ANONYMOUS_UNION_SUPPORT /**/" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -16108,9 +17240,10 @@ printf "%s\n" "yes" >&6; } have_ld_wrap_support=yes -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -16124,17 +17257,19 @@ if test "x$ac_cv_have_decl_SIGHUP" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_SIGHUP $ac_have_decl" >>confdefs.h if test $ac_have_decl = 1 then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define SIGHUP 1" >>confdefs.h - + ;; +esac fi ac_fn_check_decl "$LINENO" "SIGINT" "ac_cv_have_decl_SIGINT" " @@ -16145,17 +17280,19 @@ if test "x$ac_cv_have_decl_SIGINT" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_SIGINT $ac_have_decl" >>confdefs.h if test $ac_have_decl = 1 then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define SIGINT 2" >>confdefs.h - + ;; +esac fi ac_fn_check_decl "$LINENO" "SIGUSR1" "ac_cv_have_decl_SIGUSR1" " @@ -16166,17 +17303,19 @@ if test "x$ac_cv_have_decl_SIGUSR1" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_SIGUSR1 $ac_have_decl" >>confdefs.h if test $ac_have_decl = 1 then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define SIGUSR1 10" >>confdefs.h - + ;; +esac fi ac_fn_check_decl "$LINENO" "SIGUSR2" "ac_cv_have_decl_SIGUSR2" " @@ -16187,17 +17326,19 @@ if test "x$ac_cv_have_decl_SIGUSR2" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_SIGUSR2 $ac_have_decl" >>confdefs.h if test $ac_have_decl = 1 then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define SIGUSR2 12" >>confdefs.h - + ;; +esac fi ac_fn_check_decl "$LINENO" "SIGTERM" "ac_cv_have_decl_SIGTERM" " @@ -16208,17 +17349,19 @@ if test "x$ac_cv_have_decl_SIGTERM" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_SIGTERM $ac_have_decl" >>confdefs.h if test $ac_have_decl = 1 then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define SIGTERM 15" >>confdefs.h - + ;; +esac fi @@ -16245,19 +17388,19 @@ if test ${ac_cv_func_fork_works+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "$cross_compiling" = yes +else case e in #( + e) if test "$cross_compiling" = yes then : ac_cv_func_fork_works=cross -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main (void) { - /* By Ruediger Kuhlmann. */ + /* By R. Kuhlmann. */ return fork () < 0; ; @@ -16267,13 +17410,16 @@ if ac_fn_c_try_run "$LINENO" then : ac_cv_func_fork_works=yes -else $as_nop - ac_cv_func_fork_works=no +else case e in #( + e) ac_cv_func_fork_works=no ;; +esac fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 printf "%s\n" "$ac_cv_func_fork_works" >&6; } @@ -16301,12 +17447,12 @@ if test ${ac_cv_func_vfork_works+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "$cross_compiling" = yes +else case e in #( + e) if test "$cross_compiling" = yes then : ac_cv_func_vfork_works=cross -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Thanks to Paul Eggert for this test. */ $ac_includes_default @@ -16417,13 +17563,16 @@ if ac_fn_c_try_run "$LINENO" then : ac_cv_func_vfork_works=yes -else $as_nop - ac_cv_func_vfork_works=no +else case e in #( + e) ac_cv_func_vfork_works=no ;; +esac fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 printf "%s\n" "$ac_cv_func_vfork_works" >&6; } @@ -16644,16 +17793,22 @@ if test ${ac_cv_lib_dl_dlopen+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dlopen (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (void); int main (void) { @@ -16665,12 +17820,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dl_dlopen=yes -else $as_nop - ac_cv_lib_dl_dlopen=no +else case e in #( + e) ac_cv_lib_dl_dlopen=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } @@ -16687,16 +17844,22 @@ if test ${ac_cv_lib_nsl_inet_ntoa+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char inet_ntoa (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntoa (void); int main (void) { @@ -16708,12 +17871,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_nsl_inet_ntoa=yes -else $as_nop - ac_cv_lib_nsl_inet_ntoa=no +else case e in #( + e) ac_cv_lib_nsl_inet_ntoa=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_inet_ntoa" >&5 printf "%s\n" "$ac_cv_lib_nsl_inet_ntoa" >&6; } @@ -16728,16 +17893,22 @@ if test ${ac_cv_lib_socket_socket+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char socket (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char socket (void); int main (void) { @@ -16749,12 +17920,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_socket_socket=yes -else $as_nop - ac_cv_lib_socket_socket=no +else case e in #( + e) ac_cv_lib_socket_socket=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5 printf "%s\n" "$ac_cv_lib_socket_socket" >&6; } @@ -16769,16 +17942,22 @@ if test ${ac_cv_lib_resolv_gethostbyname+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char gethostbyname (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char gethostbyname (void); int main (void) { @@ -16790,12 +17969,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_resolv_gethostbyname=yes -else $as_nop - ac_cv_lib_resolv_gethostbyname=no +else case e in #( + e) ac_cv_lib_resolv_gethostbyname=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_gethostbyname" >&5 printf "%s\n" "$ac_cv_lib_resolv_gethostbyname" >&6; } @@ -16831,15 +18012,21 @@ if test ${ac_cv_search___res_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char __res_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char __res_init (void); int main (void) { @@ -16870,11 +18057,13 @@ if test ${ac_cv_search___res_init+y} then : -else $as_nop - ac_cv_search___res_init=no +else case e in #( + e) ac_cv_search___res_init=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___res_init" >&5 printf "%s\n" "$ac_cv_search___res_init" >&6; } @@ -16883,21 +18072,27 @@ then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing res_9_init" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing res_9_init" >&5 printf %s "checking for library containing res_9_init... " >&6; } if test ${ac_cv_search_res_9_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char res_9_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char res_9_init (void); int main (void) { @@ -16928,11 +18123,13 @@ if test ${ac_cv_search_res_9_init+y} then : -else $as_nop - ac_cv_search_res_9_init=no +else case e in #( + e) ac_cv_search_res_9_init=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_9_init" >&5 printf "%s\n" "$ac_cv_search_res_9_init" >&6; } @@ -16941,21 +18138,27 @@ then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing res_init" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing res_init" >&5 printf %s "checking for library containing res_init... " >&6; } if test ${ac_cv_search_res_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char res_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char res_init (void); int main (void) { @@ -16986,11 +18189,13 @@ if test ${ac_cv_search_res_init+y} then : -else $as_nop - ac_cv_search_res_init=no +else case e in #( + e) ac_cv_search_res_init=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_init" >&5 printf "%s\n" "$ac_cv_search_res_init" >&6; } @@ -17000,9 +18205,11 @@ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi - + ;; +esac fi - + ;; +esac fi @@ -17011,12 +18218,12 @@ CFLAGS="${CFLAGS} ${TAP_CFLAGS}" for ac_header in net/if_tun.h net/tun/if_tun.h linux/if_tun.h tap-windows.h do : - as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | sed "$as_sed_sh"` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | sed "$as_sed_cpp"` 1 _ACEOF have_tap_header="yes" @@ -17033,8 +18240,9 @@ if test "x$ac_cv_have_decl_TUNSETPERSIST" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_TUNSETPERSIST $ac_have_decl" >>confdefs.h if test $ac_have_decl = 1 @@ -17052,16 +18260,22 @@ if test ${ac_cv_lib_selinux_setcon+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lselinux $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char setcon (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char setcon (void); int main (void) { @@ -17073,12 +18287,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_selinux_setcon=yes -else $as_nop - ac_cv_lib_selinux_setcon=no +else case e in #( + e) ac_cv_lib_selinux_setcon=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setcon" >&5 printf "%s\n" "$ac_cv_lib_selinux_setcon" >&6; } @@ -17098,16 +18314,22 @@ if test ${ac_cv_lib_pam_pam_start+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pam_start (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pam_start (void); int main (void) { @@ -17119,12 +18341,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_pam_pam_start=yes -else $as_nop - ac_cv_lib_pam_pam_start=no +else case e in #( + e) ac_cv_lib_pam_pam_start=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 printf "%s\n" "$ac_cv_lib_pam_pam_start" >&6; } @@ -17150,9 +18374,10 @@ printf "%s\n" "#define USE_VALGRIND 1" >>confdefs.h -else $as_nop - as_fn_error $? "valgrind headers not found." "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "valgrind headers not found." "$LINENO" 5 + ;; +esac fi done @@ -17169,16 +18394,22 @@ if test ${ac_cv_lib_dmalloc_malloc+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldmalloc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char malloc (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char malloc (void); int main (void) { @@ -17190,12 +18421,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dmalloc_malloc=yes -else $as_nop - ac_cv_lib_dmalloc_malloc=no +else case e in #( + e) ac_cv_lib_dmalloc_malloc=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dmalloc_malloc" >&5 printf "%s\n" "$ac_cv_lib_dmalloc_malloc" >&6; } @@ -17207,14 +18440,16 @@ printf "%s\n" "#define DMALLOC 1" >>confdefs.h -else $as_nop - as_fn_error $? "dmalloc library not found." "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "dmalloc library not found." "$LINENO" 5 + ;; +esac fi -else $as_nop - as_fn_error $? "dmalloc headers not found." "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "dmalloc headers not found." "$LINENO" 5 + ;; +esac fi done @@ -17225,16 +18460,22 @@ if test ${ac_cv_lib_ssl_CRYPTO_mem_ctrl+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lssl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char CRYPTO_mem_ctrl (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char CRYPTO_mem_ctrl (void); int main (void) { @@ -17246,12 +18487,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_ssl_CRYPTO_mem_ctrl=yes -else $as_nop - ac_cv_lib_ssl_CRYPTO_mem_ctrl=no +else case e in #( + e) ac_cv_lib_ssl_CRYPTO_mem_ctrl=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_CRYPTO_mem_ctrl" >&5 printf "%s\n" "$ac_cv_lib_ssl_CRYPTO_mem_ctrl" >&6; } @@ -17264,9 +18507,10 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG" >&5 printf "%s\n" "$as_me: NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG" >&6;} -else $as_nop - as_fn_error $? "Memory Debugging function in OpenSSL library not found." "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "Memory Debugging function in OpenSSL library not found." "$LINENO" 5 + ;; +esac fi ;; @@ -17424,14 +18668,14 @@ echo "$LIBNL_GENL_PKG_ERRORS" >&5 - as_fn_error $? "libnl-genl-3.0 package not found or too old. Is the development package and pkg-config installed? Must be version 3.4.0 or newer for DCO" "$LINENO" 5 + as_fn_error $? "libnl-genl-3.0 package not found or too old. Is the development package and pkg-config ${pkg_config_found} installed? Must be version 3.4.0 or newer for DCO" "$LINENO" 5 elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - as_fn_error $? "libnl-genl-3.0 package not found or too old. Is the development package and pkg-config installed? Must be version 3.4.0 or newer for DCO" "$LINENO" 5 + as_fn_error $? "libnl-genl-3.0 package not found or too old. Is the development package and pkg-config ${pkg_config_found} installed? Must be version 3.4.0 or newer for DCO" "$LINENO" 5 else @@ -17466,13 +18710,14 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Enabled ovpn-dco support for FreeBSD" >&5 printf "%s\n" "$as_me: Enabled ovpn-dco support for FreeBSD" >&6;} -else $as_nop - +else case e in #( + e) enable_dco="no" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: DCO header not found." >&5 printf "%s\n" "$as_me: WARNING: DCO header not found." >&2;} - + ;; +esac fi done @@ -17498,6 +18743,7 @@ case "$host" in *-*-linux*) + # We require pkg-config pkg_failed=no { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for LIBCAPNG" >&5 @@ -17557,12 +18803,12 @@ # Put the nasty error message in config.log where it belongs echo "$LIBCAPNG_PKG_ERRORS" >&5 - as_fn_error $? "libcap-ng package not found. Is the development package and pkg-config installed?" "$LINENO" 5 + as_fn_error $? "libcap-ng package not found. Is the development package and pkg-config ${pkg_config_found} installed?" "$LINENO" 5 elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - as_fn_error $? "libcap-ng package not found. Is the development package and pkg-config installed?" "$LINENO" 5 + as_fn_error $? "libcap-ng package not found. Is the development package and pkg-config ${pkg_config_found} installed?" "$LINENO" 5 else LIBCAPNG_CFLAGS=$pkg_cv_LIBCAPNG_CFLAGS @@ -17575,12 +18821,13 @@ if test "x$ac_cv_header_sys_prctl_h" = xyes then : -else $as_nop - as_fn_error $? "sys/prctl.h not found!" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "sys/prctl.h not found!" "$LINENO" 5 ;; +esac fi - CFLAGS="${CFLAGS} ${LIBCAPNG_CFALGS}" + CFLAGS="${CFLAGS} ${LIBCAPNG_CFLAGS}" LIBS="${LIBS} ${LIBCAPNG_LIBS}" printf "%s\n" "#define HAVE_LIBCAPNG 1" >>confdefs.h @@ -17654,12 +18901,14 @@ # Put the nasty error message in config.log where it belongs echo "$OPENSSL_PKG_ERRORS" >&5 - # If this fails, we will do another test next + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL not found by pkg-config ${pkg_config_found}" >&5 +printf "%s\n" "$as_me: WARNING: OpenSSL not found by pkg-config ${pkg_config_found}" >&2;} # If this fails, we will do another test next elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - # If this fails, we will do another test next + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL not found by pkg-config ${pkg_config_found}" >&5 +printf "%s\n" "$as_me: WARNING: OpenSSL not found by pkg-config ${pkg_config_found}" >&2;} # If this fails, we will do another test next else OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS @@ -17704,9 +18953,10 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5 printf "%s\n" "ok" >&6; } -else $as_nop - as_fn_error $? "OpenSSL version too old" "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "OpenSSL version too old" "$LINENO" 5 + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi @@ -17719,9 +18969,10 @@ then : printf "%s\n" "#define HAVE_SSL_CTX_NEW 1" >>confdefs.h -else $as_nop - as_fn_error $? "openssl check failed" "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "openssl check failed" "$LINENO" 5 + ;; +esac fi done @@ -17731,6 +18982,7 @@ /* end confdefs.h. */ #include + #include int main (void) @@ -17738,7 +18990,12 @@ /* Version encoding: MNNFFPPS - see opensslv.h for details */ #if OPENSSL_VERSION_NUMBER >= 0x30000000L - #error Engine supported disabled by default in OpenSSL 3.0+ + #error Engine support disabled by default in OpenSSL 3.0+ + #endif + + /* BoringSSL and LibreSSL >= 3.8.1 removed engine support */ + #ifdef OPENSSL_NO_ENGINE + #error Engine support disabled in openssl/opensslconf.h #endif @@ -17749,26 +19006,28 @@ if ac_fn_c_try_compile "$LINENO" then : have_openssl_engine="yes" -else $as_nop - have_openssl_engine="no" - +else case e in #( + e) have_openssl_engine="no" + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext if test "${have_openssl_engine}" = "yes"; then for ac_func in ENGINE_load_builtin_engines ENGINE_register_all_complete do : - as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | sed "$as_sed_sh"` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | sed "$as_sed_cpp"` 1 _ACEOF -else $as_nop - have_openssl_engine="no"; break - +else case e in #( + e) have_openssl_engine="no"; break + ;; +esac fi done @@ -17779,17 +19038,18 @@ for ac_func in ENGINE_load_builtin_engines ENGINE_register_all_complete do : - as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | sed "$as_sed_sh"` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | sed "$as_sed_cpp"` 1 _ACEOF -else $as_nop - as_fn_error $? "OpenSSL engine support not found" "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "OpenSSL engine support not found" "$LINENO" 5 + ;; +esac fi done @@ -17805,9 +19065,10 @@ if test "x$ac_cv_func_EVP_aes_256_gcm" = xyes then : -else $as_nop - as_fn_error $? "OpenSSL check for AES-256-GCM support failed" "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "OpenSSL check for AES-256-GCM support failed" "$LINENO" 5 + ;; +esac fi @@ -17838,8 +19099,8 @@ if test ${ac_cv_lib_mbedtls_mbedtls_ssl_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lmbedtls ${PKCS11_HELPER_LIBS} $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -17847,8 +19108,14 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char mbedtls_ssl_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char mbedtls_ssl_init (void); int main (void) { @@ -17860,20 +19127,23 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_mbedtls_mbedtls_ssl_init=yes -else $as_nop - ac_cv_lib_mbedtls_mbedtls_ssl_init=no +else case e in #( + e) ac_cv_lib_mbedtls_mbedtls_ssl_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_mbedtls_mbedtls_ssl_init" >&5 printf "%s\n" "$ac_cv_lib_mbedtls_mbedtls_ssl_init" >&6; } if test "x$ac_cv_lib_mbedtls_mbedtls_ssl_init" = xyes then : MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto" -else $as_nop - as_fn_error $? "Could not find mbed TLS." "$LINENO" 5 +else case e in #( + e) as_fn_error $? "Could not find mbed TLS." "$LINENO" 5 ;; +esac fi fi @@ -17892,7 +19162,7 @@ main (void) { -#if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000 +#if MBEDTLS_VERSION_NUMBER < 0x02000000 || (MBEDTLS_VERSION_NUMBER >= 0x03000000 && MBEDTLS_VERSION_NUMBER < 0x03020100) #error invalid version #endif @@ -17905,46 +19175,102 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5 printf "%s\n" "ok" >&6; } -else $as_nop - as_fn_error $? "mbed TLS 2.y.z required" "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "mbed TLS version >= 2.0.0 or >= 3.2.1 required" "$LINENO" 5 + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ac_fn_c_check_header_compile "$LINENO" "psa/crypto.h" "ac_cv_header_psa_crypto_h" "$ac_includes_default" +if test "x$ac_cv_header_psa_crypto_h" = xyes +then : + +printf "%s\n" "#define HAVE_MBEDTLS_PSA_CRYPTO_H 1" >>confdefs.h + +else case e in #( + e) +printf "%s\n" "#define HAVE_MBEDTLS_PSA_CRYPTO_H 0" >>confdefs.h + + ;; +esac +fi + + for ac_func in mbedtls_cipher_write_tag mbedtls_cipher_check_tag do : - as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | sed "$as_sed_sh"` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | sed "$as_sed_cpp"` 1 _ACEOF -else $as_nop - as_fn_error $? "mbed TLS check for AEAD support failed" "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "mbed TLS check for AEAD support failed" "$LINENO" 5 + ;; +esac fi done + ac_fn_c_check_func "$LINENO" "mbedtls_ssl_tls_prf" "ac_cv_func_mbedtls_ssl_tls_prf" +if test "x$ac_cv_func_mbedtls_ssl_tls_prf" = xyes +then : + +printf "%s\n" "#define HAVE_MBEDTLS_SSL_TLS_PRF 1" >>confdefs.h + +else case e in #( + e) +printf "%s\n" "#define HAVE_MBEDTLS_SSL_TLS_PRF 0" >>confdefs.h + + ;; +esac +fi + + have_export_keying_material="yes" ac_fn_c_check_func "$LINENO" "mbedtls_ssl_conf_export_keys_ext_cb" "ac_cv_func_mbedtls_ssl_conf_export_keys_ext_cb" if test "x$ac_cv_func_mbedtls_ssl_conf_export_keys_ext_cb" = xyes then : -else $as_nop - have_export_keying_material="no" +printf "%s\n" "#define HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB 1" >>confdefs.h + +else case e in #( + e) +printf "%s\n" "#define HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB 0" >>confdefs.h + ;; +esac fi + if test "x$ac_cv_func_mbedtls_ssl_conf_export_keys_ext_cb" != xyes; then + ac_fn_c_check_func "$LINENO" "mbedtls_ssl_set_export_keys_cb" "ac_cv_func_mbedtls_ssl_set_export_keys_cb" +if test "x$ac_cv_func_mbedtls_ssl_set_export_keys_cb" = xyes +then : + +printf "%s\n" "#define HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB 1" >>confdefs.h + +else case e in #( + e) +printf "%s\n" "#define HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB 0" >>confdefs.h + + ;; +esac +fi + + if test "x$ac_cv_func_mbedtls_ssl_set_export_keys_cb" != xyes; then + have_export_keying_material="no" + fi + fi ac_fn_c_check_func "$LINENO" "mbedtls_ctr_drbg_update_ret" "ac_cv_func_mbedtls_ctr_drbg_update_ret" if test "x$ac_cv_func_mbedtls_ctr_drbg_update_ret" = xyes then : -printf "%s\n" "#define HAVE_CTR_DRBG_UPDATE_RET 1" >>confdefs.h +printf "%s\n" "#define HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET 1" >>confdefs.h fi @@ -18025,12 +19351,12 @@ # Put the nasty error message in config.log where it belongs echo "$WOLFSSL_PKG_ERRORS" >&5 - as_fn_error $? "Could not find wolfSSL." "$LINENO" 5 + as_fn_error $? "Could not find wolfSSL using pkg-config ${pkg_config_found}" "$LINENO" 5 elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - as_fn_error $? "Could not find wolfSSL." "$LINENO" 5 + as_fn_error $? "Could not find wolfSSL using pkg-config ${pkg_config_found}" "$LINENO" 5 else WOLFSSL_CFLAGS=$pkg_cv_WOLFSSL_CFLAGS @@ -18079,16 +19405,22 @@ if test ${ac_cv_lib_wolfssl_wolfSSL_Init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lwolfssl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char wolfSSL_Init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char wolfSSL_Init (void); int main (void) { @@ -18100,12 +19432,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_wolfssl_wolfSSL_Init=yes -else $as_nop - ac_cv_lib_wolfssl_wolfSSL_Init=no +else case e in #( + e) ac_cv_lib_wolfssl_wolfSSL_Init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_wolfssl_wolfSSL_Init" >&5 printf "%s\n" "$ac_cv_lib_wolfssl_wolfSSL_Init" >&6; } @@ -18115,17 +19449,19 @@ LIBS="-lwolfssl $LIBS" -else $as_nop - as_fn_error $? "Could not link wolfSSL library." "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "Could not link wolfSSL library." "$LINENO" 5 + ;; +esac fi ac_fn_c_check_header_compile "$LINENO" "wolfssl/options.h" "ac_cv_header_wolfssl_options_h" "$ac_includes_default" if test "x$ac_cv_header_wolfssl_options_h" = xyes then : -else $as_nop - as_fn_error $? "wolfSSL header wolfssl/options.h not found!" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "wolfSSL header wolfssl/options.h not found!" "$LINENO" 5 ;; +esac fi @@ -18161,23 +19497,106 @@ -have_lzo="yes" -if test -z "${LZO_LIBS}"; then +if test -z "${LZO_CFLAGS}" -a -z "${LZO_LIBS}"; then + # if the user did not explicitly specify flags, try to autodetect + +pkg_failed=no +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for LZO" >&5 +printf %s "checking for LZO... " >&6; } + +if test -n "$LZO_CFLAGS"; then + pkg_cv_LZO_CFLAGS="$LZO_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lzo2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lzo2") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LZO_CFLAGS=`$PKG_CONFIG --cflags "lzo2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LZO_LIBS"; then + pkg_cv_LZO_LIBS="$LZO_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lzo2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lzo2") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LZO_LIBS=`$PKG_CONFIG --libs "lzo2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LZO_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lzo2" 2>&1` + else + LZO_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lzo2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LZO_PKG_ERRORS" >&5 + + + +elif test $pkg_failed = untried; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + + +else + LZO_CFLAGS=$pkg_cv_LZO_CFLAGS + LZO_LIBS=$pkg_cv_LZO_LIBS + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + have_lzo="yes" +fi + + if test "${have_lzo}" != "yes"; then + # try to detect without pkg-config + have_lzo="yes" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lzo1x_1_15_compress in -llzo2" >&5 printf %s "checking for lzo1x_1_15_compress in -llzo2... " >&6; } if test ${ac_cv_lib_lzo2_lzo1x_1_15_compress+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-llzo2 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char lzo1x_1_15_compress (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char lzo1x_1_15_compress (void); int main (void) { @@ -18189,34 +19608,42 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_lzo2_lzo1x_1_15_compress=yes -else $as_nop - ac_cv_lib_lzo2_lzo1x_1_15_compress=no +else case e in #( + e) ac_cv_lib_lzo2_lzo1x_1_15_compress=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzo2_lzo1x_1_15_compress" >&5 printf "%s\n" "$ac_cv_lib_lzo2_lzo1x_1_15_compress" >&6; } if test "x$ac_cv_lib_lzo2_lzo1x_1_15_compress" = xyes then : LZO_LIBS="-llzo2" -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lzo1x_1_15_compress in -llzo" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lzo1x_1_15_compress in -llzo" >&5 printf %s "checking for lzo1x_1_15_compress in -llzo... " >&6; } if test ${ac_cv_lib_lzo_lzo1x_1_15_compress+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-llzo $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char lzo1x_1_15_compress (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char lzo1x_1_15_compress (void); int main (void) { @@ -18228,55 +19655,38 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_lzo_lzo1x_1_15_compress=yes -else $as_nop - ac_cv_lib_lzo_lzo1x_1_15_compress=no +else case e in #( + e) ac_cv_lib_lzo_lzo1x_1_15_compress=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzo_lzo1x_1_15_compress" >&5 printf "%s\n" "$ac_cv_lib_lzo_lzo1x_1_15_compress" >&6; } if test "x$ac_cv_lib_lzo_lzo1x_1_15_compress" = xyes then : LZO_LIBS="-llzo" -else $as_nop - have_lzo="no" - +else case e in #( + e) have_lzo="no" + ;; +esac fi - + ;; +esac fi + fi +else + # assume the user configured it correctly + have_lzo="yes" fi if test "${have_lzo}" = "yes"; then saved_CFLAGS="${CFLAGS}" CFLAGS="${CFLAGS} ${LZO_CFLAGS}" - for ac_header in lzo/lzoutil.h -do : - ac_fn_c_check_header_compile "$LINENO" "lzo/lzoutil.h" "ac_cv_header_lzo_lzoutil_h" "$ac_includes_default" -if test "x$ac_cv_header_lzo_lzoutil_h" = xyes -then : - printf "%s\n" "#define HAVE_LZO_LZOUTIL_H 1" >>confdefs.h - -else $as_nop - for ac_header in lzoutil.h -do : - ac_fn_c_check_header_compile "$LINENO" "lzoutil.h" "ac_cv_header_lzoutil_h" "$ac_includes_default" -if test "x$ac_cv_header_lzoutil_h" = xyes -then : - printf "%s\n" "#define HAVE_LZOUTIL_H 1" >>confdefs.h - -else $as_nop - as_fn_error $? "lzoutil.h is missing" "$LINENO" 5 - -fi - -done - -fi - -done for ac_header in lzo/lzo1x.h do : ac_fn_c_check_header_compile "$LINENO" "lzo/lzo1x.h" "ac_cv_header_lzo_lzo1x_h" "$ac_includes_default" @@ -18284,21 +19694,25 @@ then : printf "%s\n" "#define HAVE_LZO_LZO1X_H 1" >>confdefs.h -else $as_nop - for ac_header in lzo1x.h +else case e in #( + e) for ac_header in lzo1x.h do : - ac_fn_c_check_header_compile "$LINENO" "lzo1x.h" "ac_cv_header_lzo1x_h" "$ac_includes_default" + ac_fn_c_check_header_compile "$LINENO" "lzo1x.h" "ac_cv_header_lzo1x_h" "#include + #include + #include + +" if test "x$ac_cv_header_lzo1x_h" = xyes then : printf "%s\n" "#define HAVE_LZO1X_H 1" >>confdefs.h -else $as_nop - as_fn_error $? "lzo1x.h is missing" "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "lzo1x.h is missing" "$LINENO" 5 ;; +esac fi -done - +done ;; +esac fi done @@ -18438,9 +19852,10 @@ printf "%s\n" "ok" >&6; } have_lz4="yes" -else $as_nop - as_fn_error $? "system LZ4 library is too old" "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "system LZ4 library is too old" "$LINENO" 5 + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi @@ -18453,16 +19868,22 @@ if test ${ac_cv_lib_lz4_LZ4_compress_default+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-llz4 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char LZ4_compress_default (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char LZ4_compress_default (void); int main (void) { @@ -18474,12 +19895,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_lz4_LZ4_compress_default=yes -else $as_nop - ac_cv_lib_lz4_LZ4_compress_default=no +else case e in #( + e) ac_cv_lib_lz4_LZ4_compress_default=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lz4_LZ4_compress_default" >&5 printf "%s\n" "$ac_cv_lib_lz4_LZ4_compress_default" >&6; } @@ -18489,8 +19912,9 @@ LIBS="-llz4 $LIBS" -else $as_nop - have_lz4="no" +else case e in #( + e) have_lz4="no" ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for LZ4_decompress_safe in -llz4" >&5 @@ -18498,16 +19922,22 @@ if test ${ac_cv_lib_lz4_LZ4_decompress_safe+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-llz4 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char LZ4_decompress_safe (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char LZ4_decompress_safe (void); int main (void) { @@ -18519,12 +19949,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_lz4_LZ4_decompress_safe=yes -else $as_nop - ac_cv_lib_lz4_LZ4_decompress_safe=no +else case e in #( + e) ac_cv_lib_lz4_LZ4_decompress_safe=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lz4_LZ4_decompress_safe" >&5 printf "%s\n" "$ac_cv_lib_lz4_LZ4_decompress_safe" >&6; } @@ -18534,8 +19966,9 @@ LIBS="-llz4 $LIBS" -else $as_nop - have_lz4="no" +else case e in #( + e) have_lz4="no" ;; +esac fi fi @@ -18694,8 +20127,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -18705,7 +20138,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else libsystemd_CFLAGS=$pkg_cv_libsystemd_CFLAGS libsystemd_LIBS=$pkg_cv_libsystemd_LIBS @@ -18789,8 +20222,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -18800,7 +20233,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else libsystemd_CFLAGS=$pkg_cv_libsystemd_CFLAGS libsystemd_LIBS=$pkg_cv_libsystemd_LIBS @@ -18836,10 +20269,11 @@ then : printf "%s\n" "#define HAVE_SYSTEMD_SD_DAEMON_H 1" >>confdefs.h -else $as_nop - +else case e in #( + e) as_fn_error $? "systemd development headers not found." "$LINENO" 5 - + ;; +esac fi done @@ -18854,8 +20288,9 @@ then : printf "%s\n" "#define HAVE_SD_BOOTED 1" >>confdefs.h -else $as_nop - as_fn_error $? "systemd library is missing sd_booted()" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "systemd library is missing sd_booted()" "$LINENO" 5 ;; +esac fi done @@ -19106,9 +20541,10 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; }; CFLAGS="-Wno-stringop-truncation $old_cflags" -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; }; CFLAGS="$old_cflags" +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; }; CFLAGS="$old_cflags" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -19132,9 +20568,10 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; }; CFLAGS="-Wall $old_cflags" -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; }; CFLAGS="$old_cflags" +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; }; CFLAGS="$old_cflags" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -19241,8 +20678,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -19252,7 +20689,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else OPTIONAL_INOTIFY_CFLAGS=$pkg_cv_OPTIONAL_INOTIFY_CFLAGS OPTIONAL_INOTIFY_LIBS=$pkg_cv_OPTIONAL_INOTIFY_LIBS @@ -19278,9 +20715,10 @@ printf "%s\n" "#define ENABLE_ASYNC_PUSH 1" >>confdefs.h -else $as_nop - as_fn_error $? "inotify.h not found." "$LINENO" 5 - +else case e in #( + e) as_fn_error $? "inotify.h not found." "$LINENO" 5 + ;; +esac fi done @@ -19388,9 +20826,10 @@ if test ${enable_unit_tests+y} then : enableval=$enable_unit_tests; -else $as_nop - enable_unit_tests="yes" - +else case e in #( + e) enable_unit_tests="yes" + ;; +esac fi @@ -19454,14 +20893,14 @@ # Put the nasty error message in config.log where it belongs echo "$CMOCKA_PKG_ERRORS" >&5 - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cmocka.pc not found on the system. Unit tests disabled" >&5 -printf "%s\n" "$as_me: WARNING: cmocka.pc not found on the system. Unit tests disabled" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cmocka.pc not found on the system using pkg-config ${pkg_config_found}. Unit tests disabled" >&5 +printf "%s\n" "$as_me: WARNING: cmocka.pc not found on the system using pkg-config ${pkg_config_found}. Unit tests disabled" >&2;} elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cmocka.pc not found on the system. Unit tests disabled" >&5 -printf "%s\n" "$as_me: WARNING: cmocka.pc not found on the system. Unit tests disabled" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cmocka.pc not found on the system using pkg-config ${pkg_config_found}. Unit tests disabled" >&5 +printf "%s\n" "$as_me: WARNING: cmocka.pc not found on the system using pkg-config ${pkg_config_found}. Unit tests disabled" >&2;} else CMOCKA_CFLAGS=$pkg_cv_CMOCKA_CFLAGS @@ -19489,7 +20928,7 @@ -ac_config_files="$ac_config_files version.sh Makefile build/Makefile build/msvc/Makefile build/msvc/msvc-generate/Makefile distro/Makefile distro/systemd/Makefile doc/Makefile doc/doxygen/Makefile doc/doxygen/openvpn.doxyfile include/Makefile sample/sample-plugins/Makefile src/Makefile src/compat/Makefile src/openvpn/Makefile src/openvpnmsica/Makefile src/openvpnserv/Makefile src/plugins/Makefile src/plugins/auth-pam/Makefile src/plugins/down-root/Makefile src/tapctl/Makefile tests/Makefile tests/unit_tests/Makefile tests/unit_tests/example_test/Makefile tests/unit_tests/openvpn/Makefile tests/unit_tests/plugins/Makefile tests/unit_tests/plugins/auth-pam/Makefile tests/unit_tests/engine-key/Makefile sample/Makefile" +ac_config_files="$ac_config_files version.sh Makefile build/Makefile distro/Makefile distro/systemd/Makefile doc/Makefile doc/doxygen/Makefile doc/doxygen/openvpn.doxyfile include/Makefile sample/sample-plugins/Makefile src/Makefile src/compat/Makefile src/openvpn/Makefile src/openvpnmsica/Makefile src/openvpnserv/Makefile src/plugins/Makefile src/plugins/auth-pam/Makefile src/plugins/down-root/Makefile src/tapctl/Makefile tests/Makefile tests/unit_tests/Makefile tests/unit_tests/example_test/Makefile tests/unit_tests/openvpn/Makefile tests/unit_tests/plugins/Makefile tests/unit_tests/plugins/auth-pam/Makefile sample/Makefile" ac_config_files="$ac_config_files tests/t_client.sh" @@ -19503,8 +20942,8 @@ # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # -# `ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* `ac_cv_foo' will be assigned the +# 'ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* 'ac_cv_foo' will be assigned the # following values. _ACEOF @@ -19534,14 +20973,14 @@ (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes: double-quote + # 'set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) - # `set' quotes correctly as required by POSIX, so do not add quotes. + # 'set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | @@ -19610,6 +21049,18 @@ fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5 printf "%s\n" "done" >&6; } +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; +esac +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi + if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' @@ -19711,7 +21162,6 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh @@ -19720,12 +21170,13 @@ # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else $as_nop - case `(set -o) 2>/dev/null` in #( +else case e in #( + e) case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi @@ -19797,7 +21248,7 @@ ;; esac -# We did not find ourselves, most probably we were run as `sh COMMAND' +# We did not find ourselves, most probably we were run as 'sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 @@ -19826,7 +21277,6 @@ } # as_fn_error - # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -19866,11 +21316,12 @@ { eval $1+=\$2 }' -else $as_nop - as_fn_append () +else case e in #( + e) as_fn_append () { eval $1=\$$1\$2 - } + } ;; +esac fi # as_fn_append # as_fn_arith ARG... @@ -19884,11 +21335,12 @@ { as_val=$(( $* )) }' -else $as_nop - as_fn_arith () +else case e in #( + e) as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } + } ;; +esac fi # as_fn_arith @@ -19971,9 +21423,9 @@ if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. + # In both cases, we have to default to 'cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then @@ -20054,10 +21506,12 @@ as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" +as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated # Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" +as_tr_sh="eval sed '$as_sed_sh'" # deprecated exec 6>&1 @@ -20072,8 +21526,8 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by OpenVPN $as_me 2.6.3, which was -generated by GNU Autoconf 2.71. Invocation command line was +This file was extended by OpenVPN $as_me 2.6.14, which was +generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -20105,7 +21559,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ -\`$as_me' instantiates files and other configuration actions +'$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. @@ -20140,11 +21594,11 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -OpenVPN config.status 2.6.3 -configured by $0, generated by GNU Autoconf 2.71, +OpenVPN config.status 2.6.14 +configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" -Copyright (C) 2021 Free Software Foundation, Inc. +Copyright (C) 2023 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -20206,8 +21660,8 @@ ac_need_defaults=false;; --he | --h) # Conflict between --help and --header - as_fn_error $? "ambiguous option: \`$1' -Try \`$0 --help' for more information.";; + as_fn_error $? "ambiguous option: '$1' +Try '$0 --help' for more information.";; --help | --hel | -h ) printf "%s\n" "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ @@ -20215,8 +21669,8 @@ ac_cs_silent=: ;; # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' -Try \`$0 --help' for more information." ;; + -*) as_fn_error $? "unrecognized option: '$1' +Try '$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; @@ -20306,12 +21760,14 @@ lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' +FILECMD='`$ECHO "$FILECMD" | $SED "$delay_single_quote_subst"`' deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +lt_ar_flags='`$ECHO "$lt_ar_flags" | $SED "$delay_single_quote_subst"`' AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' @@ -20477,13 +21933,13 @@ lt_SP2NL \ lt_NL2SP \ reload_flag \ +FILECMD \ deplibs_check_method \ file_magic_cmd \ file_magic_glob \ want_nocaseglob \ sharedlib_from_linklib_cmd \ AR \ -AR_FLAGS \ archiver_list_spec \ STRIP \ RANLIB \ @@ -20635,8 +22091,6 @@ "version.sh") CONFIG_FILES="$CONFIG_FILES version.sh" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "build/Makefile") CONFIG_FILES="$CONFIG_FILES build/Makefile" ;; - "build/msvc/Makefile") CONFIG_FILES="$CONFIG_FILES build/msvc/Makefile" ;; - "build/msvc/msvc-generate/Makefile") CONFIG_FILES="$CONFIG_FILES build/msvc/msvc-generate/Makefile" ;; "distro/Makefile") CONFIG_FILES="$CONFIG_FILES distro/Makefile" ;; "distro/systemd/Makefile") CONFIG_FILES="$CONFIG_FILES distro/systemd/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; @@ -20659,11 +22113,10 @@ "tests/unit_tests/openvpn/Makefile") CONFIG_FILES="$CONFIG_FILES tests/unit_tests/openvpn/Makefile" ;; "tests/unit_tests/plugins/Makefile") CONFIG_FILES="$CONFIG_FILES tests/unit_tests/plugins/Makefile" ;; "tests/unit_tests/plugins/auth-pam/Makefile") CONFIG_FILES="$CONFIG_FILES tests/unit_tests/plugins/auth-pam/Makefile" ;; - "tests/unit_tests/engine-key/Makefile") CONFIG_FILES="$CONFIG_FILES tests/unit_tests/engine-key/Makefile" ;; "sample/Makefile") CONFIG_FILES="$CONFIG_FILES sample/Makefile" ;; "tests/t_client.sh") CONFIG_FILES="$CONFIG_FILES tests/t_client.sh" ;; - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: '$ac_config_target'" "$LINENO" 5;; esac done @@ -20683,7 +22136,7 @@ # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. +# after its creation but before its name has been assigned to '$tmp'. $debug || { tmp= ac_tmp= @@ -20707,7 +22160,7 @@ # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. -# This happens for instance with `./config.status config.h'. +# This happens for instance with './config.status config.h'. if test -n "$CONFIG_FILES"; then @@ -20865,13 +22318,13 @@ # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. -# This happens for instance with `./config.status Makefile'. +# This happens for instance with './config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF -# Transform confdefs.h into an awk script `defines.awk', embedded as +# Transform confdefs.h into an awk script 'defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. @@ -20981,7 +22434,7 @@ esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag '$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -21003,19 +22456,19 @@ -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. + # because $ac_f cannot contain ':'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: '$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done - # Let's still pretend it is `configure' which instantiates (i.e., don't + # Let's still pretend it is 'configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` @@ -21148,7 +22601,7 @@ esac _ACEOF -# Neutralize VPATH when `$srcdir' = `.'. +# Neutralize VPATH when '$srcdir' = '.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 @@ -21179,9 +22632,9 @@ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable 'datarootdir' which seems to be undefined. Please make sure it is defined" >&5 -printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable 'datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" @@ -21336,15 +22789,15 @@ (exit $ac_status); } || am_rc=$? done if test $am_rc -ne 0; then - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "Something went wrong bootstrapping makefile fragments for automatic dependency tracking. If GNU make was not used, consider re-running the configure script with MAKE=\"gmake\" (or whatever is necessary). You can also try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking). -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } fi { am_dirpart=; unset am_dirpart;} { am_filepart=; unset am_filepart;} @@ -21373,13 +22826,13 @@ # Provide generalized library-building support services. # Written by Gordon Matzigkeit, 1996 -# Copyright (C) 2014 Free Software Foundation, Inc. +# Copyright (C) 2024 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of of the License, or +# the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # As a special exception to the GNU General Public License, if you @@ -21496,6 +22949,9 @@ # convert \$build files to toolchain format. to_tool_file_cmd=$lt_cv_to_tool_file_cmd +# A file(cmd) program that detects file types. +FILECMD=$lt_FILECMD + # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method @@ -21514,8 +22970,11 @@ # The archiver. AR=$lt_AR +# Flags to create an archive (by configure). +lt_ar_flags=$lt_ar_flags + # Flags to create an archive. -AR_FLAGS=$lt_AR_FLAGS +AR_FLAGS=\${ARFLAGS-"\$lt_ar_flags"} # How to feed a file listing to the archiver. archiver_list_spec=$lt_archiver_list_spec @@ -21757,7 +23216,7 @@ # Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary and the resulting library dependency is -# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# "absolute",i.e. impossible to change by setting \$shlibpath_var if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute @@ -21891,7 +23350,7 @@ # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? - sed '$q' "$ltmain" >> "$cfgfile" \ + $SED '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" || @@ -21986,7 +23445,7 @@ # Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary and the resulting library dependency is -# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# "absolute",i.e. impossible to change by setting \$shlibpath_var if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute_RC diff -Nru openvpn-2.6.3/configure.ac openvpn-2.6.14/configure.ac --- openvpn-2.6.3/configure.ac 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/configure.ac 2025-04-02 06:53:10.000000000 +0000 @@ -4,7 +4,7 @@ dnl packet encryption, packet authentication, and dnl packet compression. dnl -dnl Copyright (C) 2002-2023 OpenVPN Inc +dnl Copyright (C) 2002-2024 OpenVPN Inc dnl Copyright (C) 2006-2012 Alon Bar-Lev dnl dnl This program is free software; you can redistribute it and/or modify @@ -329,6 +329,7 @@ AM_CONDITIONAL([TARGET_LINUX], [true]) AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix]) have_sitnl="yes" + pkg_config_required="yes" ;; *-*-solaris*) AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?]) @@ -382,6 +383,16 @@ AM_CONDITIONAL([CROSS_COMPILING], test "${cross_compiling}" = "yes") PKG_PROG_PKG_CONFIG +# Add variable to print if pkg-config is found or not. Users often miss that +if test "${PKG_CONFIG}" = ""; then + if test "${pkg_config_required}" = "yes"; then + AC_MSG_ERROR([pkg-config is required]) + fi + pkg_config_found="(not found)" +else + pkg_config_found="(${PKG_CONFIG})" +fi + AC_PROG_CPP AC_PROG_INSTALL AC_PROG_LN_S @@ -445,7 +456,6 @@ AC_TYPE_PID_T AC_TYPE_SIZE_T AC_TYPE_UID_T -AC_TYPE_SIGNAL AX_TYPE_SOCKLEN_T AC_CHECK_SIZEOF([unsigned int]) AC_CHECK_SIZEOF([unsigned long]) @@ -455,7 +465,6 @@ unistd.h dlfcn.h \ netinet/in.h netinet/in_systm.h \ netinet/tcp.h arpa/inet.h netdb.h \ - versionhelpers.h \ ]) AC_CHECK_HEADERS([ \ sys/time.h sys/ioctl.h sys/stat.h \ @@ -821,7 +830,7 @@ [libnl-genl-3.0 >= 3.4.0], [have_libnl="yes"], [ - AC_MSG_ERROR([libnl-genl-3.0 package not found or too old. Is the development package and pkg-config installed? Must be version 3.4.0 or newer for DCO]) + AC_MSG_ERROR([libnl-genl-3.0 package not found or too old. Is the development package and pkg-config ${pkg_config_found} installed? Must be version 3.4.0 or newer for DCO]) ] ) CFLAGS="${CFLAGS} ${LIBNL_GENL_CFLAGS}" @@ -865,14 +874,15 @@ dnl case "$host" in *-*-linux*) + # We require pkg-config PKG_CHECK_MODULES([LIBCAPNG], [libcap-ng], [], - [AC_MSG_ERROR([libcap-ng package not found. Is the development package and pkg-config installed?])] + [AC_MSG_ERROR([libcap-ng package not found. Is the development package and pkg-config ${pkg_config_found} installed?])] ) AC_CHECK_HEADER([sys/prctl.h],,[AC_MSG_ERROR([sys/prctl.h not found!])]) - CFLAGS="${CFLAGS} ${LIBCAPNG_CFALGS}" + CFLAGS="${CFLAGS} ${LIBCAPNG_CFLAGS}" LIBS="${LIBS} ${LIBCAPNG_LIBS}" AC_DEFINE(HAVE_LIBCAPNG, 1, [Enable libcap-ng support]) ;; @@ -889,7 +899,7 @@ [OPENSSL], [openssl >= 1.0.2], [have_openssl="yes"], - [] # If this fails, we will do another test next + [AC_MSG_WARN([OpenSSL not found by pkg-config ${pkg_config_found}])] # If this fails, we will do another test next ) OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto} fi @@ -930,11 +940,17 @@ [AC_LANG_PROGRAM( [[ #include + #include ]], [[ /* Version encoding: MNNFFPPS - see opensslv.h for details */ #if OPENSSL_VERSION_NUMBER >= 0x30000000L - #error Engine supported disabled by default in OpenSSL 3.0+ + #error Engine support disabled by default in OpenSSL 3.0+ + #endif + + /* BoringSSL and LibreSSL >= 3.8.1 removed engine support */ + #ifdef OPENSSL_NO_ENGINE + #error Engine support disabled in openssl/opensslconf.h #endif ]] )], @@ -1013,13 +1029,19 @@ #include ]], [[ -#if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000 +#if MBEDTLS_VERSION_NUMBER < 0x02000000 || (MBEDTLS_VERSION_NUMBER >= 0x03000000 && MBEDTLS_VERSION_NUMBER < 0x03020100) #error invalid version #endif ]] )], [AC_MSG_RESULT([ok])], - [AC_MSG_ERROR([mbed TLS 2.y.z required])] + [AC_MSG_ERROR([mbed TLS version >= 2.0.0 or >= 3.2.1 required])] + ) + + AC_CHECK_HEADER( + psa/crypto.h, + [AC_DEFINE([HAVE_MBEDTLS_PSA_CRYPTO_H], [1], [yes])], + [AC_DEFINE([HAVE_MBEDTLS_PSA_CRYPTO_H], [0], [no])] ) AC_CHECK_FUNCS( @@ -1031,16 +1053,32 @@ [AC_MSG_ERROR([mbed TLS check for AEAD support failed])] ) + AC_CHECK_FUNC( + [mbedtls_ssl_tls_prf], + [AC_DEFINE([HAVE_MBEDTLS_SSL_TLS_PRF], [1], [yes])], + [AC_DEFINE([HAVE_MBEDTLS_SSL_TLS_PRF], [0], [no])] + ) + have_export_keying_material="yes" AC_CHECK_FUNC( [mbedtls_ssl_conf_export_keys_ext_cb], - , - [have_export_keying_material="no"] + [AC_DEFINE([HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB], [1], [yes])], + [AC_DEFINE([HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB], [0], [no])] ) + if test "x$ac_cv_func_mbedtls_ssl_conf_export_keys_ext_cb" != xyes; then + AC_CHECK_FUNC( + [mbedtls_ssl_set_export_keys_cb], + [AC_DEFINE([HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB], [1], [yes])], + [AC_DEFINE([HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB], [0], [no])] + ) + if test "x$ac_cv_func_mbedtls_ssl_set_export_keys_cb" != xyes; then + have_export_keying_material="no" + fi + fi AC_CHECK_FUNC( [mbedtls_ctr_drbg_update_ret], - AC_DEFINE([HAVE_CTR_DRBG_UPDATE_RET], [1], + AC_DEFINE([HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET], [1], [Use mbedtls_ctr_drbg_update_ret from mbed TLS]), ) @@ -1066,7 +1104,7 @@ [WOLFSSL], [wolfssl], [], - [AC_MSG_ERROR([Could not find wolfSSL.])] + [AC_MSG_ERROR([Could not find wolfSSL using pkg-config ${pkg_config_found}])] ) PKG_CHECK_VAR( [WOLFSSL_INCLUDEDIR], @@ -1114,8 +1152,17 @@ AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo]) AC_ARG_VAR([LZO_LIBS], [linker flags for lzo]) -have_lzo="yes" -if test -z "${LZO_LIBS}"; then +if test -z "${LZO_CFLAGS}" -a -z "${LZO_LIBS}"; then + # if the user did not explicitly specify flags, try to autodetect + PKG_CHECK_MODULES([LZO], + [lzo2], + [have_lzo="yes"], + [] + ) + + if test "${have_lzo}" != "yes"; then + # try to detect without pkg-config + have_lzo="yes" AC_CHECK_LIB( [lzo2], [lzo1x_1_15_compress], @@ -1127,27 +1174,25 @@ [have_lzo="no"] )] ) + fi +else + # assume the user configured it correctly + have_lzo="yes" fi if test "${have_lzo}" = "yes"; then saved_CFLAGS="${CFLAGS}" CFLAGS="${CFLAGS} ${LZO_CFLAGS}" AC_CHECK_HEADERS( - [lzo/lzoutil.h], - , - [AC_CHECK_HEADERS( - [lzoutil.h], - , - [AC_MSG_ERROR([lzoutil.h is missing])] - )] - ) - AC_CHECK_HEADERS( [lzo/lzo1x.h], , [AC_CHECK_HEADERS( [lzo1x.h], , - [AC_MSG_ERROR([lzo1x.h is missing])] - )] + [AC_MSG_ERROR([lzo1x.h is missing])], + [#include + #include + #include ] + )], ) CFLAGS="${saved_CFLAGS}" fi @@ -1474,7 +1519,7 @@ PKG_CHECK_MODULES( [CMOCKA], [cmocka], [have_cmocka="yes"], - [AC_MSG_WARN([cmocka.pc not found on the system. Unit tests disabled])] + [AC_MSG_WARN([cmocka.pc not found on the system using pkg-config ${pkg_config_found}. Unit tests disabled])] ) AM_CONDITIONAL([ENABLE_UNITTESTS], [test "${enable_unit_tests}" = "yes" -a "${have_cmocka}" = "yes" ]) AC_SUBST([ENABLE_UNITTESTS]) @@ -1492,8 +1537,6 @@ version.sh Makefile build/Makefile - build/msvc/Makefile - build/msvc/msvc-generate/Makefile distro/Makefile distro/systemd/Makefile doc/Makefile @@ -1516,7 +1559,6 @@ tests/unit_tests/openvpn/Makefile tests/unit_tests/plugins/Makefile tests/unit_tests/plugins/auth-pam/Makefile - tests/unit_tests/engine-key/Makefile sample/Makefile ]) AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh]) diff -Nru openvpn-2.6.3/contrib/OCSP_check/OCSP_check.sh openvpn-2.6.14/contrib/OCSP_check/OCSP_check.sh --- openvpn-2.6.3/contrib/OCSP_check/OCSP_check.sh 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/contrib/OCSP_check/OCSP_check.sh 2025-04-02 06:53:10.000000000 +0000 @@ -89,7 +89,7 @@ # # NOTE: It is needed to check the exit code of OpenSSL explicitly. OpenSSL # can in some circumstances give a "good" result if it could not - # reach the the OSCP server. In this case, the exit code will indicate + # reach the OSCP server. In this case, the exit code will indicate # if OpenSSL itself failed or not. If OpenSSL's exit code is not 0, # don't trust the OpenSSL status. diff -Nru openvpn-2.6.3/contrib/cmake/git-version.py openvpn-2.6.14/contrib/cmake/git-version.py --- openvpn-2.6.3/contrib/cmake/git-version.py 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/cmake/git-version.py 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,83 @@ +# +# OpenVPN -- An application to securely tunnel IP networks +# over a single UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2022-2024 OpenVPN Inc +# Copyright (C) 2022-2022 Lev Stipakov +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# + +# Usage: ./git-version.py [directory] +# Find a good textual representation of the git commit currently checked out. +# Make that representation available as CONFIGURE_GIT_REVISION in +# /config-version.h. +# It will prefer a tag name if it is checked out exactly, otherwise will use +# the branch name. 'none' if no branch is checked out (detached HEAD). +# This is used to enhance the output of openvpn --version with Git information. + +import os +import sys +import subprocess + +def run_command(args): + sp = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL) + o, _ = sp.communicate() + return o.decode("utf-8")[:-1] + +def get_branch_commit_id(): + commit_id = run_command(["git", "rev-parse", "--short=16", "HEAD"]) + if not commit_id: + raise + branch = run_command(["git", "describe", "--exact-match"]) + if not branch: + # this returns an array like ["master"] or ["release", "2.6"] + branch = run_command(["git", "rev-parse", "--symbolic-full-name", "HEAD"]).split("/")[2:] + if not branch: + branch = ["none"] + branch = "/" .join(branch) # handle cases like release/2.6 + + return branch, commit_id + +def main(): + try: + branch, commit_id = get_branch_commit_id() + except: + branch, commit_id = "unknown", "unknown" + + prev_content = "" + + name = os.path.join("%s" % (sys.argv[1] if len(sys.argv) > 1 else "."), "config-version.h") + try: + with open(name, "r") as f: + prev_content = f.read() + except: + # file doesn't exist + pass + + content = "#define CONFIGURE_GIT_REVISION \"%s/%s\"\n" % (branch, commit_id) + content += "#define CONFIGURE_GIT_FLAGS \"\"\n" + + if prev_content != content: + print("Writing %s" % name) + with open(name, "w") as f: + f.write(content) + else: + print("Content of %s hasn't changed" % name) + +if __name__ == "__main__": + main() diff -Nru openvpn-2.6.3/contrib/cmake/parse-version.m4.py openvpn-2.6.14/contrib/cmake/parse-version.m4.py --- openvpn-2.6.3/contrib/cmake/parse-version.m4.py 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/cmake/parse-version.m4.py 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,64 @@ +# +# OpenVPN -- An application to securely tunnel IP networks +# over a single UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2022-2024 OpenVPN Inc +# Copyright (C) 2022-2022 Lev Stipakov +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# + +# Usage: ./parse-version.m4.py m4file [directory] +# Read , extract all lines looking like M4 define(), and translate +# them into CMake style set(). Those are then written out to file +# /version.cmake. +# Intended to be used on top-level version.m4 file. + +import os +import re +import sys + +def main(): + assert len(sys.argv) > 1 + version_path = sys.argv[1] + output = [] + with open(version_path, 'r') as version_file: + for line in version_file: + match = re.match(r'[ \t]*define\(\[(.*)\],[ \t]*\[(.*)\]\)[ \t]*', line) + if match is not None: + output.append(match.expand(r'set(\1 \2)')) + out_path = os.path.join("%s" % (sys.argv[2] if len(sys.argv) > 2 else "."), "version.cmake") + + prev_content = "" + try: + with open(out_path, "r") as out_file: + prev_content = out_file.read() + except: + # file doesn't exist + pass + + content = "\n".join(output) + "\n" + if prev_content != content: + print("Writing %s" % out_path) + with open(out_path, "w") as out_file: + out_file.write(content) + else: + print("Content of %s hasn't changed" % out_path) + +if __name__ == "__main__": + main() + diff -Nru openvpn-2.6.3/contrib/vcpkg-manifests/mingw/vcpkg.json openvpn-2.6.14/contrib/vcpkg-manifests/mingw/vcpkg.json --- openvpn-2.6.3/contrib/vcpkg-manifests/mingw/vcpkg.json 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-manifests/mingw/vcpkg.json 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,13 @@ +{ + "$schema": "https://raw.githubusercontent.com/microsoft/vcpkg/master/scripts/vcpkg.schema.json", + "name": "openvpn", + "version": "2.7", + "dependencies": [ + "openssl", + "tap-windows6", + "lzo", + "lz4", + "pkcs11-helper", + "cmocka" + ] +} diff -Nru openvpn-2.6.3/contrib/vcpkg-manifests/windows/vcpkg.json openvpn-2.6.14/contrib/vcpkg-manifests/windows/vcpkg.json --- openvpn-2.6.3/contrib/vcpkg-manifests/windows/vcpkg.json 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-manifests/windows/vcpkg.json 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,20 @@ +{ + "$schema": "https://raw.githubusercontent.com/microsoft/vcpkg/master/scripts/vcpkg.schema.json", + "name": "openvpn", + "version": "2.7", + "dependencies": [ + { + "name": "openssl", + "features": ["tools"] + }, + "tap-windows6", + "lzo", + "lz4", + "pkcs11-helper", + "cmocka", + { + "name": "pkgconf", + "host": true + } + ] +} diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-compatibility-with-vcpkg-nmake.patch openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-compatibility-with-vcpkg-nmake.patch --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-compatibility-with-vcpkg-nmake.patch 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-compatibility-with-vcpkg-nmake.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -From 2d3a2c05383f653544b9c7194dd1349c6d5f3067 Mon Sep 17 00:00:00 2001 -From: Lev Stipakov -Date: Tue, 11 Jan 2022 13:24:51 +0200 -Subject: [PATCH] nmake: compatibility with vcpkg nmake - -Remove options which contradict or already set -by vcpkg nmake scripts. - -Signed-off-by: Lev Stipakov ---- - lib/Makefile.w32-vc | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/lib/Makefile.w32-vc b/lib/Makefile.w32-vc -index 96f1f89..be68a00 100644 ---- a/lib/Makefile.w32-vc -+++ b/lib/Makefile.w32-vc -@@ -75,15 +75,11 @@ OPENSSL_LIBS=-LIBPATH:$(OPENSSL_LIB) user32.lib advapi32.lib $(OPENSSL_STATIC) - CFLAGS = -I../include $(OPENSSL_CFLAGS) -DWIN32 -DWIN32_LEAN_AND_MEAN -D_MBCS -D_CRT_SECURE_NO_DEPRECATE -D_WIN32_WINNT=0x0400 - CC=cl.exe - RC=rc.exe --CCPARAMS=/nologo /W3 /O2 /FD /c -- --CCPARAMS=$(CCPARAMS) /MD --CFLAGS=$(CFLAGS) -DNDEBUG -+CCPARAMS=/c - - LINK32=link.exe - LIB32=lib.exe --LINK32_FLAGS=/nologo /subsystem:windows /dll /incremental:no /release --LIB32_FLAGS=/nologo -+LINK32_FLAGS=/dll - - HEADERS = \ - config.h \ --- -2.23.0.windows.1 - diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/0002-config-w32-vc.h.in-indicate-OpenSSL.patch openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/0002-config-w32-vc.h.in-indicate-OpenSSL.patch --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/0002-config-w32-vc.h.in-indicate-OpenSSL.patch 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/0002-config-w32-vc.h.in-indicate-OpenSSL.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ -From c2293864de70fec322fe7e559055530ef56b9641 Mon Sep 17 00:00:00 2001 -From: Lev Stipakov -Date: Tue, 11 Jan 2022 13:35:42 +0200 -Subject: [PATCH] config-w32-vc.h.in: indicate OpenSSL EC support - -Signed-off-by: Lev Stipakov ---- - config-w32-vc.h.in | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/config-w32-vc.h b/config-w32-vc.h -index 6d94841..db83825 100644 ---- a/config-w32-vc.h -+++ b/config-w32-vc.h -@@ -218,3 +218,15 @@ - - /* Define to 1 if you have the `DSA_SIG_set0' function. */ - #define HAVE_DSA_SIG_SET0 1 -+ -+/* Define to 1 if you have the `ECDSA_SIG_set0' function. */ -+#define HAVE_ECDSA_SIG_SET0 1 -+ -+/* Define to 1 if you have the `EC_KEY_METHOD_get_sign' function. */ -+#define HAVE_EC_KEY_METHOD_GET_SIGN 1 -+ -+/* Define to 1 if you have the `EC_KEY_METHOD_set_sign' function. */ -+#define HAVE_EC_KEY_METHOD_SET_SIGN 1 -+ -+/* Define to 1 if OpenSSL has EC support. */ -+#define ENABLE_PKCS11H_OPENSSL_EC 1 --- -2.23.0.windows.1 - diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/CONTROL openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/CONTROL --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/CONTROL 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/CONTROL 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -Source: pkcs11-helper -Version: 1.29-1 -Homepage: https://github.com/OpenSC/pkcs11-helper -Description: pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/config-w32-vc.h.in-indicate-OpenSSL.patch openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/config-w32-vc.h.in-indicate-OpenSSL.patch --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/config-w32-vc.h.in-indicate-OpenSSL.patch 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/config-w32-vc.h.in-indicate-OpenSSL.patch 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,33 @@ +From c2293864de70fec322fe7e559055530ef56b9641 Mon Sep 17 00:00:00 2001 +From: Lev Stipakov +Date: Tue, 11 Jan 2022 13:35:42 +0200 +Subject: [PATCH] config-w32-vc.h.in: indicate OpenSSL EC support + +Signed-off-by: Lev Stipakov +--- + config-w32-vc.h.in | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/config-w32-vc.h b/config-w32-vc.h +index 6d94841..db83825 100644 +--- a/config-w32-vc.h ++++ b/config-w32-vc.h +@@ -218,3 +218,15 @@ + + /* Define to 1 if you have the `DSA_SIG_set0' function. */ + #define HAVE_DSA_SIG_SET0 1 ++ ++/* Define to 1 if you have the `ECDSA_SIG_set0' function. */ ++#define HAVE_ECDSA_SIG_SET0 1 ++ ++/* Define to 1 if you have the `EC_KEY_METHOD_get_sign' function. */ ++#define HAVE_EC_KEY_METHOD_GET_SIGN 1 ++ ++/* Define to 1 if you have the `EC_KEY_METHOD_set_sign' function. */ ++#define HAVE_EC_KEY_METHOD_SET_SIGN 1 ++ ++/* Define to 1 if OpenSSL has EC support. */ ++#define ENABLE_PKCS11H_OPENSSL_EC 1 +-- +2.23.0.windows.1 + diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/nmake-compatibility-with-vcpkg-nmake.patch openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/nmake-compatibility-with-vcpkg-nmake.patch --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/nmake-compatibility-with-vcpkg-nmake.patch 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/nmake-compatibility-with-vcpkg-nmake.patch 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,38 @@ +From 2d3a2c05383f653544b9c7194dd1349c6d5f3067 Mon Sep 17 00:00:00 2001 +From: Lev Stipakov +Date: Tue, 11 Jan 2022 13:24:51 +0200 +Subject: [PATCH] nmake: compatibility with vcpkg nmake + +Remove options which contradict or already set +by vcpkg nmake scripts. + +Signed-off-by: Lev Stipakov +--- + lib/Makefile.w32-vc | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/lib/Makefile.w32-vc b/lib/Makefile.w32-vc +index 96f1f89..be68a00 100644 +--- a/lib/Makefile.w32-vc ++++ b/lib/Makefile.w32-vc +@@ -75,15 +75,11 @@ OPENSSL_LIBS=-LIBPATH:$(OPENSSL_LIB) user32.lib advapi32.lib $(OPENSSL_STATIC) + CFLAGS = -I../include $(OPENSSL_CFLAGS) -DWIN32 -DWIN32_LEAN_AND_MEAN -D_MBCS -D_CRT_SECURE_NO_DEPRECATE -D_WIN32_WINNT=0x0400 + CC=cl.exe + RC=rc.exe +-CCPARAMS=/nologo /W3 /O2 /FD /c +- +-CCPARAMS=$(CCPARAMS) /MD +-CFLAGS=$(CFLAGS) -DNDEBUG ++CCPARAMS=/c + + LINK32=link.exe + LIB32=lib.exe +-LINK32_FLAGS=/nologo /subsystem:windows /dll /incremental:no /release +-LIB32_FLAGS=/nologo ++LINK32_FLAGS=/dll + + HEADERS = \ + config.h \ +-- +2.23.0.windows.1 + diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch 2025-04-02 06:53:10.000000000 +0000 @@ -1,3 +1,5 @@ +upstream PR: https://github.com/OpenSC/pkcs11-helper/pull/4 + commit 90590b02085edc3830bdfe0942a46c4e7bf3f1ab (HEAD -> master) Author: David Woodhouse Date: Thu Apr 30 14:58:24 2015 +0100 diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,102 +0,0 @@ -From 934197611dd1260d17ae0f11ae81c1d2e85612d2 Mon Sep 17 00:00:00 2001 -From: Marc Becker -Date: Fri, 22 Jul 2022 10:33:05 +0200 -Subject: [PATCH] core: add provider property for loader flags - -support flags for dynamic loader via provider property -set original values as defaults, use verbatim (user-supplied) value ---- - include/pkcs11-helper-1.0/pkcs11h-core.h | 11 ++++++++++- - lib/_pkcs11h-core.h | 2 ++ - lib/pkcs11h-core.c | 13 +++++++++++-- - 3 files changed, 23 insertions(+), 3 deletions(-) - -diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h -index 9028c277..56f87718 100644 ---- a/include/pkcs11-helper-1.0/pkcs11h-core.h -+++ b/include/pkcs11-helper-1.0/pkcs11h-core.h -@@ -384,8 +384,17 @@ extern "C" { - */ - #define PKCS11H_PROVIDER_PROPERTY_PROVIDER_DESTRUCT_HOOK_DATA 8 - -+/** -+ * @brief Provider loader flags for platform. -+ * Value type is unsigned. -+ * Default value is platform dependent: -+ * win32 -> 0 -+ * dlopen -> RTLD_NOW | RTLD_LOCAL -+ */ -+#define PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS 9 -+ - /** @private */ --#define _PKCS11H_PROVIDER_PROPERTY_LAST 9 -+#define _PKCS11H_PROVIDER_PROPERTY_LAST 10 - - /** @} */ - -diff --git a/lib/_pkcs11h-core.h b/lib/_pkcs11h-core.h -index f879c0e8..1c02e35d 100644 ---- a/lib/_pkcs11h-core.h -+++ b/lib/_pkcs11h-core.h -@@ -134,6 +134,8 @@ struct _pkcs11h_provider_s { - #if defined(ENABLE_PKCS11H_SLOTEVENT) - _pkcs11h_thread_t slotevent_thread; - #endif -+ -+ unsigned loader_flags; - }; - - struct _pkcs11h_session_s { -diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c -index 0bf11e87..409ad9e2 100644 ---- a/lib/pkcs11h-core.c -+++ b/lib/pkcs11h-core.c -@@ -138,6 +138,7 @@ static const char * __pkcs11h_provider_preperty_names[] = { - "init_args", - "provider_destruct_hook", - "provider_destruct_hook_data", -+ "provider_loader_flags", - NULL - }; - -@@ -916,6 +917,10 @@ pkcs11h_registerProvider ( - reference - ); - -+#if !defined(_WIN32) -+ provider->loader_flags = RTLD_NOW | RTLD_LOCAL; -+#endif -+ - _PKCS11H_DEBUG ( - PKCS11H_LOG_DEBUG2, - "PKCS#11: pkcs11h_registerProvider Provider '%s'", -@@ -1001,6 +1006,7 @@ pkcs11h_setProviderPropertyByName ( - case PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD: - case PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE: - case PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL: -+ case PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS: - *(unsigned *)value = (unsigned)strtol(value_str, 0, 0); - value_size = sizeof(unsigned); - break; -@@ -1084,6 +1090,9 @@ __pkcs11h_providerPropertyAddress( - case PKCS11H_PROVIDER_PROPERTY_PROVIDER_DESTRUCT_HOOK_DATA: - *value = &provider->destruct_hook_data; - *value_size = sizeof(provider->destruct_hook_data); -+ case PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS: -+ *value = &provider->loader_flags; -+ *value_size = sizeof(provider->loader_flags); - break; - } - rv = CKR_OK; -@@ -1254,9 +1263,9 @@ pkcs11h_initializeProvider ( - } - - #if defined(_WIN32) -- provider->handle = LoadLibraryA (provider->provider_location); -+ provider->handle = LoadLibraryExA (provider->provider_location, NULL, provider->loader_flags); - #else -- provider->handle = dlopen (provider->provider_location, RTLD_NOW | RTLD_LOCAL); -+ provider->handle = dlopen (provider->provider_location, provider->loader_flags); - #endif - - if (provider->handle == NULL) { diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake 2025-04-02 06:53:10.000000000 +0000 @@ -1,9 +1,9 @@ -set(VERSION 1.29.0) +set(VERSION 1.30.0) vcpkg_download_distfile(ARCHIVE URLS "https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${VERSION}/pkcs11-helper-${VERSION}.tar.bz2" FILENAME "pkcs11-helper-${VERSION}.tar.bz2" - SHA512 c530f5a4b5826a02bfe787a1293a7595d5a0d6348daa16675bd10c6d6734b1f24a3cc73b5b89433cf1edf8815f8b7298fdfd1ed686f096bb5edfb425e9430eb2 + SHA512 19fba76e41210cc17f9efa4501d0214d4a5c777ab7b2671888fd280b150bae4a6b190c7f47fb783015f9aa40d409fd6087264e531d6f28d0bed4293dcbf8bdd5 ) vcpkg_extract_source_archive_ex( @@ -11,26 +11,59 @@ ARCHIVE ${ARCHIVE} REF ${VERSION} PATCHES - 0001-nmake-compatibility-with-vcpkg-nmake.patch - 0002-config-w32-vc.h.in-indicate-OpenSSL.patch + nmake-compatibility-with-vcpkg-nmake.patch + config-w32-vc.h.in-indicate-OpenSSL.patch pkcs11-helper-001-RFC7512.patch - pkcs11-helper-002-dynamic_loader_flags.patch ) -vcpkg_build_nmake( +if(VCPKG_TARGET_IS_WINDOWS AND NOT VCPKG_TARGET_IS_MINGW) + vcpkg_build_nmake( SOURCE_PATH ${SOURCE_PATH} PROJECT_SUBPATH lib PROJECT_NAME Makefile.w32-vc OPTIONS OPENSSL=1 OPENSSL_HOME=${CURRENT_PACKAGES_DIR}/../openssl_${TARGET_TRIPLET} -) + ) + + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/lib RENAME pkcs11-helper.lib) + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/debug/lib RENAME pkcs11-helper.lib) + + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/bin) + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/debug/bin) + + set(PACKAGE_VERSION "${VERSION}") + set(libdir [[${prefix}/lib]]) + set(exec_prefix [[${prefix}]]) + set(PKCS11H_FEATURES key_prompt openssl engine_crypto_cryptoapi engine_crypto_openssl debug threading token data certificate slotevent engine_crypto) + set(LIBS -lkernel32 -luser32 -lgdi32 -lwinspool -lshell32 -lole32 -loleaut32 -luuid -lcomdlg32 -ladvapi32) + if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "release") + set(includedir [[${prefix}/include]]) + set(outfile "${CURRENT_PACKAGES_DIR}/lib/pkgconfig/libpkcs11-helper-1.pc") + configure_file("${SOURCE_PATH}/lib/libpkcs11-helper-1.pc.in" "${outfile}" @ONLY) + endif() + if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "debug") + set(includedir [[${prefix}/../include]]) + set(outfile "${CURRENT_PACKAGES_DIR}/debug/lib/pkgconfig/libpkcs11-helper-1.pc") + configure_file("${SOURCE_PATH}/lib/libpkcs11-helper-1.pc.in" "${outfile}" @ONLY) + endif() + + file(INSTALL ${SOURCE_PATH}/include/pkcs11-helper-1.0 DESTINATION ${CURRENT_PACKAGES_DIR}/include/) + +else() + find_program(man_to_html man2html REQUIRED) + + vcpkg_configure_make( + SOURCE_PATH ${SOURCE_PATH} + OPTIONS --disable-crypto-engine-gnutls --disable-crypto-engine-nss + --disable-crypto-engine-polarssl --disable-crypto-engine-mbedtls + ) + vcpkg_install_make() -file(INSTALL ${SOURCE_PATH}/include/pkcs11-helper-1.0 DESTINATION ${CURRENT_PACKAGES_DIR}/include/) -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/lib) -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/debug/lib) + file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/share") +endif() -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/bin) -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/debug/bin) +vcpkg_fixup_pkgconfig() +vcpkg_copy_pdbs() file(INSTALL ${SOURCE_PATH}/COPYING DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT} RENAME copyright) diff -Nru openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json --- openvpn-2.6.3/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,7 @@ +{ + "name": "pkcs11-helper", + "version": "1.30.0", + "description": "pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications.", + "homepage": "https://github.com/OpenSC/pkcs11-helper", + "license": "BSD-3-Clause OR GPL-2.0-only" +} diff -Nru openvpn-2.6.3/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake openvpn-2.6.14/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake --- openvpn-2.6.3/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,8 @@ +set(VCPKG_TARGET_ARCHITECTURE x64) +set(VCPKG_CRT_LINKAGE dynamic) +set(VCPKG_LIBRARY_LINKAGE static) +set(VCPKG_ENV_PASSTHROUGH PATH) + +set(VCPKG_CMAKE_SYSTEM_NAME MinGW) + +set(VCPKG_MAKE_BUILD_TRIPLET --host=x86_64-w64-mingw32) diff -Nru openvpn-2.6.3/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake openvpn-2.6.14/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake --- openvpn-2.6.3/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,8 @@ +set(VCPKG_TARGET_ARCHITECTURE x86) +set(VCPKG_CRT_LINKAGE dynamic) +set(VCPKG_LIBRARY_LINKAGE static) +set(VCPKG_ENV_PASSTHROUGH PATH) + +set(VCPKG_CMAKE_SYSTEM_NAME MinGW) + +set(VCPKG_MAKE_BUILD_TRIPLET --host=i686-w64-mingw32) diff -Nru openvpn-2.6.3/debian/changelog openvpn-2.6.14/debian/changelog --- openvpn-2.6.3/debian/changelog 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/changelog 2026-05-05 20:20:39.000000000 +0000 @@ -1,3 +1,23 @@ +openvpn (2.6.14-0+deb12u1) bookworm-security; urgency=medium + + [ Bernhard Schmidt ] + * Import upstream version 2.6.14 from debian/trixie stable branch + - Drop patches superseded by new upstream version + * Cherry-pick upstream security patches + - CVE-2026-40215: fix race condition in TLS handshake that could lead to + leaking of packet data from a previous handshake under specific + circumstances + - CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed + packet with a valid tls-crypt-v2 key + * d/openvpn@.service: Add CAP_SETPCAP required for openvpn-dco-dkms + (Closes: #1074504) + * Remove superfluous entries in d/copyright + + [ Remus-Gabriel Chelu ] + * Add Romanian templates translation + + -- Bernhard Schmidt Tue, 05 May 2026 22:20:39 +0200 + openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium [ Bernhard Schmidt ] diff -Nru openvpn-2.6.3/debian/copyright openvpn-2.6.14/debian/copyright --- openvpn-2.6.3/debian/copyright 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/copyright 2026-05-05 20:20:39.000000000 +0000 @@ -50,14 +50,9 @@ License: GPL-2 Files: build/ltrc.inc - build/msvc/msvc-generate/Makefile.mak Copyright: 2008-2012 Alon Bar-Lev License: GPL-2 -Files: build/msvc/msvc-generate/msvc-generate.js -Copyright: 2008-2012 Alon Bar-Lev -License: BSD-3 - Files: src/openvpnmsica/* Copyright: 2018-2021 Simon Rozman License: GPL-2 diff -Nru openvpn-2.6.3/debian/openvpn@.service openvpn-2.6.14/debian/openvpn@.service --- openvpn-2.6.3/debian/openvpn@.service 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/openvpn@.service 2026-05-05 20:20:39.000000000 +0000 @@ -15,7 +15,7 @@ ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid PIDFile=/run/openvpn/%i.pid KillMode=process -CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE TasksMax=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw diff -Nru openvpn-2.6.3/debian/patches/CVE-2023-46849.patch openvpn-2.6.14/debian/patches/CVE-2023-46849.patch --- openvpn-2.6.3/debian/patches/CVE-2023-46849.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/CVE-2023-46849.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,113 +0,0 @@ -From 1cfca659244e362f372d9843351257f456392a2f Mon Sep 17 00:00:00 2001 -From: Arne Schwabe -Date: Thu, 19 Oct 2023 15:14:33 +0200 -Subject: [PATCH] Remove saving initial frame code - -This code was necessary before the frame/buffer refactoring as we -always did relative adjustment to the frame. - -This also fixes also that previously initial_frame was initialised too -early before the fragment related options were initialised and contained -0 for the maximum frame size. This resulted in a DIV by 0 that caused an -abort on platforms that throw an exception for that. - -CVE: 2023-46849 - -Only people with --fragment in their config are affected - -Change-Id: Icc612bab5700879606290639e1b8773f61ec670d -Signed-off-by: Arne Schwabe -Acked-by: David Sommerseth -Acked-by: Heiko Hund -Message-Id: <20231108124947.76816-1-gert@greenie.muc.de> -URL: https://www.mail-archive.com/search?l=mid&q=20231108124947.76816-1-gert@greenie.muc.de -Signed-off-by: Gert Doering ---- - src/openvpn/forward.c | 9 --------- - src/openvpn/init.c | 19 ++++++++----------- - src/openvpn/openvpn.h | 3 --- - 3 files changed, 8 insertions(+), 23 deletions(-) - -diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c -index 2510410f905..0443ca0a01f 100644 ---- a/src/openvpn/forward.c -+++ b/src/openvpn/forward.c -@@ -1078,15 +1078,6 @@ process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, boo - if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co, - floated, &ad_start)) - { -- /* Restore pre-NCP frame parameters */ -- if (is_hard_reset_method2(opcode)) -- { -- c->c2.frame = c->c2.frame_initial; --#ifdef ENABLE_FRAGMENT -- c->c2.frame_fragment = c->c2.frame_fragment_initial; --#endif -- } -- - interval_action(&c->c2.tmp_int); - - /* reset packet received timer if TLS packet */ -diff --git a/src/openvpn/init.c b/src/openvpn/init.c -index 6fb6900de67..079c4f5e18f 100644 ---- a/src/openvpn/init.c -+++ b/src/openvpn/init.c -@@ -3547,15 +3547,6 @@ do_init_frame(struct context *c) - */ - frame_finalize_options(c, NULL); - --#ifdef ENABLE_FRAGMENT -- /* -- * Set frame parameter for fragment code. This is necessary because -- * the fragmentation code deals with payloads which have already been -- * passed through the compression code. -- */ -- c->c2.frame_fragment = c->c2.frame; -- c->c2.frame_fragment_initial = c->c2.frame_fragment; --#endif - - #if defined(ENABLE_FRAGMENT) - /* -@@ -3751,6 +3742,14 @@ static void - do_init_fragment(struct context *c) - { - ASSERT(c->options.ce.fragment); -+ -+ /* -+ * Set frame parameter for fragment code. This is necessary because -+ * the fragmentation code deals with payloads which have already been -+ * passed through the compression code. -+ */ -+ c->c2.frame_fragment = c->c2.frame; -+ - frame_calculate_dynamic(&c->c2.frame_fragment, &c->c1.ks.key_type, - &c->options, get_link_socket_info(c)); - fragment_frame_init(c->c2.fragment, &c->c2.frame_fragment); -@@ -4658,8 +4657,6 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f - c->c2.did_open_tun = do_open_tun(c, &error_flags); - } - -- c->c2.frame_initial = c->c2.frame; -- - /* print MTU info */ - do_print_data_channel_mtu_parms(c); - -diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h -index 077effeb9ec..5b2be63f98c 100644 ---- a/src/openvpn/openvpn.h -+++ b/src/openvpn/openvpn.h -@@ -249,14 +249,11 @@ struct context_2 - - /* MTU frame parameters */ - struct frame frame; /* Active frame parameters */ -- struct frame frame_initial; /* Restored on new session */ - - #ifdef ENABLE_FRAGMENT - /* Object to handle advanced MTU negotiation and datagram fragmentation */ - struct fragment_master *fragment; - struct frame frame_fragment; -- struct frame frame_fragment_initial; -- struct frame frame_fragment_omit; - #endif - - /* diff -Nru openvpn-2.6.3/debian/patches/CVE-2023-46850.patch openvpn-2.6.14/debian/patches/CVE-2023-46850.patch --- openvpn-2.6.3/debian/patches/CVE-2023-46850.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/CVE-2023-46850.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -From a0afe035cbca26f8c74b670a8c2a20b3d9c2294b Mon Sep 17 00:00:00 2001 -From: Arne Schwabe -Date: Fri, 27 Oct 2023 14:19:37 +0200 -Subject: [PATCH] Fix using to_link buffer after freed - -When I refactored the tls_state_change method in -9a7b95fda5 I accidentally changed a break into -a return true while it should return a false. - -The code here is extremely fragile in the sense -that it assumes that settings a keystate to S_ERROR -cannot have any outgoing buffer or we will have a -use after free. The previous break and now restored -return false ensure this by skipping any further -tls_process_state loops that might set to ks->S_ERROR -and ensure that the to_link is sent out and cleared -before having more loops in tls_state_change. - -CVE: 2023-46850 - -This affects everyone, even with tls-auth/tls-crypt enabled. - -Change-Id: I2a0f1c665d992da8e24a421ff0ddcb40f7945ea8 -Signed-off-by: Arne Schwabe -Acked-by: David Sommerseth -Acked-by: Heiko Hund -Message-Id: <20231108124947.76816-3-gert@greenie.muc.de> -URL: https://www.mail-archive.com/search?l=mid&q=20231108124947.76816-3-gert@greenie.muc.de -Signed-off-by: Gert Doering -(cherry picked from commit 57a5cd1e12f193927c9b7429f8778fec7e04c50a) ---- - src/openvpn/ssl.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c -index e15f951d6a0..cee4afe19f3 100644 ---- a/src/openvpn/ssl.c -+++ b/src/openvpn/ssl.c -@@ -2903,7 +2903,13 @@ tls_process_state(struct tls_multi *multi, - CONTROL_SEND_ACK_MAX, true); - *to_link = b; - dmsg(D_TLS_DEBUG, "Reliable -> TCP/UDP"); -- return true; -+ -+ /* This changed the state of the outgoing buffer. In order to avoid -+ * running this function again/further and invalidating the key_state -+ * buffer and accessing the buffer that is now in to_link after it being -+ * freed for a potential error, we shortcircuit exiting of the outer -+ * process here. */ -+ return false; - } - - /* Write incoming ciphertext to TLS object */ diff -Nru openvpn-2.6.3/debian/patches/CVE-2024-28882.patch openvpn-2.6.14/debian/patches/CVE-2024-28882.patch --- openvpn-2.6.3/debian/patches/CVE-2024-28882.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/CVE-2024-28882.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,131 +0,0 @@ -From 65fb67cd6c320a426567b2922c4282fb8738ba3f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= -Date: Thu, 16 May 2024 13:58:08 +0200 -Subject: [PATCH] Only schedule_exit() once -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If an exit has already been scheduled we should not schedule it again. -Otherwise, the exit signal is never emitted if the peer reschedules the -exit before the timeout occurs. - -schedule_exit() now only takes the context as argument. The signal is -hard coded to SIGTERM, and the interval is read directly from the -context options. - -Furthermore, schedule_exit() now returns a bool signifying whether an -exit was scheduled; false if exit is already scheduled. The call sites -are updated accordingly. A notable difference is that management is only -notified *once* when an exit is scheduled - we no longer notify -management on redundant exit. - -This patch was assigned a CVE number after already reviewed and ACKed, -because it was discovered that a misbehaving client can use the (now -fixed) server behaviour to avoid being disconnected by means of a -managment interface "client-kill" command - the security issue here is -"client can circumvent security policy set by management interface". - -This only affects previously authenticated clients, and only management -client-kill, so normal renegotion / AUTH_FAIL ("your session ends") is not -affected. - -CVE: 2024-28882 - -Change-Id: I9457f005f4ba970502e6b667d9dc4299a588d661 -Signed-off-by: Reynir Björnsson -Acked-by: Arne Schwabe -Message-Id: <20240516120434.23499-1-gert@greenie.muc.de> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28679.html -Signed-off-by: Gert Doering -(cherry picked from commit 55bb3260c12bae33b6a8eac73cbb6972f8517411) ---- - src/openvpn/forward.c | 15 +++++++++++---- - src/openvpn/forward.h | 2 +- - src/openvpn/push.c | 12 +++++++----- - 3 files changed, 19 insertions(+), 10 deletions(-) - ---- a/src/openvpn/forward.c -+++ b/src/openvpn/forward.c -@@ -516,17 +516,24 @@ check_server_poll_timeout(struct context - } - - /* -- * Schedule a signal n_seconds from now. -+ * Schedule a SIGTERM signal c->options.scheduled_exit_interval seconds from now. - */ --void --schedule_exit(struct context *c, const int n_seconds, const int signal) -+bool -+schedule_exit(struct context *c) - { -+ const int n_seconds = c->options.scheduled_exit_interval; -+ /* don't reschedule if already scheduled. */ -+ if (event_timeout_defined(&c->c2.scheduled_exit)) -+ { -+ return false; -+ } - tls_set_single_session(c->c2.tls_multi); - update_time(); - reset_coarse_timers(c); - event_timeout_init(&c->c2.scheduled_exit, n_seconds, now); -- c->c2.scheduled_exit_signal = signal; -+ c->c2.scheduled_exit_signal = SIGTERM; - msg(D_SCHED_EXIT, "Delayed exit in %d seconds", n_seconds); -+ return true; - } - - /* ---- a/src/openvpn/forward.h -+++ b/src/openvpn/forward.h -@@ -302,7 +302,7 @@ void reschedule_multi_process(struct con - - void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf); - --void schedule_exit(struct context *c, const int n_seconds, const int signal); -+bool schedule_exit(struct context *c); - - static inline struct link_socket_info * - get_link_socket_info(struct context *c) ---- a/src/openvpn/push.c -+++ b/src/openvpn/push.c -@@ -206,7 +206,11 @@ receive_exit_message(struct context *c) - * */ - if (c->options.mode == MODE_SERVER) - { -- schedule_exit(c, c->options.scheduled_exit_interval, SIGTERM); -+ if (!schedule_exit(c)) -+ { -+ /* Return early when we don't need to notify management */ -+ return; -+ } - } - else - { -@@ -387,7 +391,7 @@ __attribute__ ((format(__printf__, 4, 5) - void - send_auth_failed(struct context *c, const char *client_reason) - { -- if (event_timeout_defined(&c->c2.scheduled_exit)) -+ if (!schedule_exit(c)) - { - msg(D_TLS_DEBUG, "exit already scheduled for context"); - return; -@@ -397,8 +401,6 @@ send_auth_failed(struct context *c, cons - static const char auth_failed[] = "AUTH_FAILED"; - size_t len; - -- schedule_exit(c, c->options.scheduled_exit_interval, SIGTERM); -- - len = (client_reason ? strlen(client_reason)+1 : 0) + sizeof(auth_failed); - if (len > PUSH_BUNDLE_SIZE) - { -@@ -488,7 +490,7 @@ send_auth_pending_messages(struct tls_mu - void - send_restart(struct context *c, const char *kill_msg) - { -- schedule_exit(c, c->options.scheduled_exit_interval, SIGTERM); -+ schedule_exit(c); - send_control_channel_string(c, kill_msg ? kill_msg : "RESTART", D_PUSH); - } - diff -Nru openvpn-2.6.3/debian/patches/CVE-2024-5594-regression-fix.patch openvpn-2.6.14/debian/patches/CVE-2024-5594-regression-fix.patch --- openvpn-2.6.3/debian/patches/CVE-2024-5594-regression-fix.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/CVE-2024-5594-regression-fix.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,203 +0,0 @@ -From: Arne Schwabe -Date: Wed, 10 Jul 2024 16:06:23 +0200 -Subject: Allow trailing \r and \n in control channel message - -Writing a reason from a script will easily end up adding extra \r\n characters -at the end of the reason. Our current code pushes this to the peer. So be more -liberal in accepting these message. - -Github: closes OpenVPN/openvpn#568 - -Change-Id: I47c992b6b73b1475cbff8a28f720cf50dc1fbe3e -Signed-off-by: Arne Schwabe -Acked-by: Frank Lichtenheld -Message-Id: <20240710140623.172829-1-frank@lichtenheld.com> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28910.html -Signed-off-by: Gert Doering -(cherry picked from commit be31325e1dfdffbb152374985c2ae7b6644e3519) - -Origin: upstream, https://github.com/OpenVPN/openvpn/commit/343573990135023d855d151fcd9248e5c26d9f8b -Bug: https://github.com/OpenVPN/openvpn/issues/568 -Last-Update: 2025-08-24 ---- - src/openvpn/forward.c | 33 +++--------------------------- - src/openvpn/ssl_pkt.c | 40 +++++++++++++++++++++++++++++++++++++ - src/openvpn/ssl_pkt.h | 14 +++++++++++++ - tests/unit_tests/openvpn/test_pkt.c | 35 ++++++++++++++++++++++++++++++++ - 4 files changed, 92 insertions(+), 30 deletions(-) - -diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c -index b565bfa..48c4276 100644 ---- a/src/openvpn/forward.c -+++ b/src/openvpn/forward.c -@@ -292,41 +292,14 @@ check_incoming_control_channel(struct context *c) - struct buffer buf = alloc_buf_gc(len, &gc); - if (tls_rec_payload(c->c2.tls_multi, &buf)) - { -- - while (BLEN(&buf) > 1) - { -- /* commands on the control channel are seperated by 0x00 bytes. -- * cmdlen does not include the 0 byte of the string */ -- int cmdlen = (int)strnlen(BSTR(&buf), BLEN(&buf)); -- -- if (cmdlen < BLEN(&buf)) -- { -- /* include the NUL byte and ensure NUL termination */ -- int cmdlen = (int)strlen(BSTR(&buf)) + 1; -+ struct buffer cmdbuf = extract_command_buffer(&buf, &gc); - -- /* Construct a buffer that only holds the current command and -- * its closing NUL byte */ -- struct buffer cmdbuf = alloc_buf_gc(cmdlen, &gc); -- buf_write(&cmdbuf, BPTR(&buf), cmdlen); -- -- /* check we have only printable characters or null byte in the -- * command string and no newlines */ -- if (!string_check_buf(&buf, CC_PRINT | CC_NULL, CC_CRLF)) -- { -- msg(D_PUSH_ERRORS, "WARNING: Received control with invalid characters: %s", -- format_hex(BPTR(&buf), BLEN(&buf), 256, &gc)); -- } -- else -- { -- parse_incoming_control_channel_command(c, &cmdbuf); -- } -- } -- else -+ if (cmdbuf.len > 0) - { -- msg(D_PUSH_ERRORS, "WARNING: Ignoring control channel " -- "message command without NUL termination"); -+ parse_incoming_control_channel_command(c, &cmdbuf); - } -- buf_advance(&buf, cmdlen); - } - } - else -diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c -index 7229f55..42cb130 100644 ---- a/src/openvpn/ssl_pkt.c -+++ b/src/openvpn/ssl_pkt.c -@@ -560,3 +560,43 @@ check_session_id_hmac(struct tls_pre_decrypt_state *state, - } - return false; - } -+ -+struct buffer -+extract_command_buffer(struct buffer *buf, struct gc_arena *gc) -+{ -+ /* commands on the control channel are seperated by 0x00 bytes. -+ * cmdlen does not include the 0 byte of the string */ -+ int cmdlen = (int)strnlen(BSTR(buf), BLEN(buf)); -+ -+ if (cmdlen >= BLEN(buf)) -+ { -+ buf_advance(buf, cmdlen); -+ /* Return empty buffer */ -+ struct buffer empty = { 0 }; -+ return empty; -+ } -+ -+ /* include the NUL byte and ensure NUL termination */ -+ cmdlen += 1; -+ -+ /* Construct a buffer that only holds the current command and -+ * its closing NUL byte */ -+ struct buffer cmdbuf = alloc_buf_gc(cmdlen, gc); -+ buf_write(&cmdbuf, BPTR(buf), cmdlen); -+ -+ /* Remove \r and \n at the end of the buffer to avoid -+ * problems with scripts and other that add extra \r and \n */ -+ buf_chomp(&cmdbuf); -+ -+ /* check we have only printable characters or null byte in the -+ * command string and no newlines */ -+ if (!string_check_buf(&cmdbuf, CC_PRINT | CC_NULL, CC_CRLF)) -+ { -+ msg(D_PUSH_ERRORS, "WARNING: Received control with invalid characters: %s", -+ format_hex(BPTR(&cmdbuf), BLEN(&cmdbuf), 256, gc)); -+ cmdbuf.len = 0; -+ } -+ -+ buf_advance(buf, cmdlen); -+ return cmdbuf; -+} -diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h -index 43c303f..f92eacc 100644 ---- a/src/openvpn/ssl_pkt.h -+++ b/src/openvpn/ssl_pkt.h -@@ -238,6 +238,20 @@ tls_reset_standalone(struct tls_wrap_ctx *ctx, - uint8_t header, - bool request_resend_wkc); - -+ -+/** -+ * Extracts a control channel message from buf and adjusts the size of -+ * buf after the message has been extracted -+ * @param buf The buffer the message should be extracted from -+ * @param gc gc_arena to be used for the returned buffer and displaying -+ * diagnostic messages -+ * @return A buffer with a control channel message or a buffer with -+ * with length 0 if there is no message or the message has -+ * invalid characters. -+ */ -+struct buffer -+extract_command_buffer(struct buffer *buf, struct gc_arena *gc); -+ - static inline const char * - packet_opcode_name(int op) - { -diff --git a/tests/unit_tests/openvpn/test_pkt.c b/tests/unit_tests/openvpn/test_pkt.c -index 736f131..f3dc855 100644 ---- a/tests/unit_tests/openvpn/test_pkt.c -+++ b/tests/unit_tests/openvpn/test_pkt.c -@@ -636,6 +636,40 @@ test_generate_reset_packet_tls_auth(void **ut_state) - free_tas(&tas_server); - } - -+static void -+test_extract_control_message(void **ut_state) -+{ -+ struct gc_arena gc = gc_new(); -+ struct buffer input_buf = alloc_buf_gc(1024, &gc); -+ -+ /* This message will have a \0x00 at the end since it is a C string */ -+ const char input[] = "valid control message\r\n\0\0Invalid\r\none\0valid one again"; -+ -+ buf_write(&input_buf, input, sizeof(input)); -+ struct buffer cmd1 = extract_command_buffer(&input_buf, &gc); -+ struct buffer cmd2 = extract_command_buffer(&input_buf, &gc); -+ struct buffer cmd3 = extract_command_buffer(&input_buf, &gc); -+ struct buffer cmd4 = extract_command_buffer(&input_buf, &gc); -+ struct buffer cmd5 = extract_command_buffer(&input_buf, &gc); -+ -+ assert_string_equal(BSTR(&cmd1), "valid control message"); -+ /* empty message with just a \0x00 */ -+ assert_int_equal(cmd2.len, 1); -+ assert_string_equal(BSTR(&cmd2), ""); -+ assert_int_equal(cmd3.len, 0); -+ assert_string_equal(BSTR(&cmd4), "valid one again"); -+ assert_int_equal(cmd5.len, 0); -+ -+ const uint8_t nonull[6] = { 'n', 'o', ' ', 'N', 'U', 'L'}; -+ struct buffer nonull_buf = alloc_buf_gc(1024, &gc); -+ -+ buf_write(&nonull_buf, nonull, sizeof(nonull)); -+ struct buffer nonullcmd = extract_command_buffer(&nonull_buf, &gc); -+ assert_int_equal(nonullcmd.len, 0); -+ -+ gc_free(&gc); -+} -+ - int - main(void) - { -@@ -649,6 +683,7 @@ main(void) - cmocka_unit_test(test_verify_hmac_tls_auth), - cmocka_unit_test(test_generate_reset_packet_plain), - cmocka_unit_test(test_generate_reset_packet_tls_auth), -+ cmocka_unit_test(test_extract_control_message) - }; - - #if defined(ENABLE_CRYPTO_OPENSSL) diff -Nru openvpn-2.6.3/debian/patches/CVE-2024-5594.patch openvpn-2.6.14/debian/patches/CVE-2024-5594.patch --- openvpn-2.6.3/debian/patches/CVE-2024-5594.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/CVE-2024-5594.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,355 +0,0 @@ -From 90e7a858e5594d9a019ad2b4ac6154124986291a Mon Sep 17 00:00:00 2001 -From: Arne Schwabe -Date: Mon, 27 May 2024 15:02:41 +0200 -Subject: [PATCH] Properly handle null bytes and invalid characters in control - messages -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This makes OpenVPN more picky in accepting control message in two aspects: -- Characters are checked in the whole buffer and not until the first - NUL byte -- if the message contains invalid characters, we no longer continue - evaluating a fixed up version of the message but rather stop - processing it completely. - -Previously it was possible to get invalid characters to end up in log -files or on a terminal. - -This also prepares the logic a bit in the direction of having a proper -framing of control messages separated by null bytes instead of relying -on the TLS framing for that. All OpenVPN implementations write the 0 -bytes between control commands. - -This patch also include several improvement suggestion from Reynir -(thanks!). - -CVE: 2024-5594 - -Reported-By: Reynir Björnsson -Change-Id: I0d926f910637dabc89bf5fa919dc6beef1eb46d9 -Signed-off-by: Arne Schwabe -Acked-by: Antonio Quartulli - -Message-Id: <20240619103004.56460-1-gert@greenie.muc.de> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28791.html -Signed-off-by: Gert Doering -(cherry picked from commit 414f428fa29694090ec4c46b10a8aba419c85659) ---- - src/openvpn/buffer.c | 17 ++++ - src/openvpn/buffer.h | 11 +++ - src/openvpn/forward.c | 121 ++++++++++++++++--------- - tests/unit_tests/openvpn/test_buffer.c | 109 ++++++++++++++++++++++ - 4 files changed, 215 insertions(+), 43 deletions(-) - ---- a/src/openvpn/buffer.c -+++ b/src/openvpn/buffer.c -@@ -1115,6 +1115,23 @@ string_mod(char *str, const unsigned int - return ret; - } - -+bool -+string_check_buf(struct buffer *buf, const unsigned int inclusive, const unsigned int exclusive) -+{ -+ ASSERT(buf); -+ -+ for (int i = 0; i < BLEN(buf); i++) -+ { -+ char c = BSTR(buf)[i]; -+ -+ if (!char_inc_exc(c, inclusive, exclusive)) -+ { -+ return false; -+ } -+ } -+ return true; -+} -+ - const char * - string_mod_const(const char *str, - const unsigned int inclusive, ---- a/src/openvpn/buffer.h -+++ b/src/openvpn/buffer.h -@@ -945,6 +945,17 @@ bool string_class(const char *str, const - - bool string_mod(char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace); - -+/** -+ * Check a buffer if it only consists of allowed characters. -+ * -+ * @param buf The buffer to be checked. -+ * @param inclusive The character classes that are allowed. -+ * @param exclusive Character classes that are not allowed even if they are also in inclusive. -+ * @return True if the string consists only of allowed characters, false otherwise. -+ */ -+bool -+string_check_buf(struct buffer *buf, const unsigned int inclusive, const unsigned int exclusive); -+ - const char *string_mod_const(const char *str, - const unsigned int inclusive, - const unsigned int exclusive, ---- a/src/openvpn/forward.c -+++ b/src/openvpn/forward.c -@@ -232,6 +232,51 @@ check_tls(struct context *c) - } - } - -+static void -+parse_incoming_control_channel_command(struct context *c, struct buffer *buf) -+{ -+ if (buf_string_match_head_str(buf, "AUTH_FAILED")) -+ { -+ receive_auth_failed(c, buf); -+ } -+ else if (buf_string_match_head_str(buf, "PUSH_")) -+ { -+ incoming_push_message(c, buf); -+ } -+ else if (buf_string_match_head_str(buf, "RESTART")) -+ { -+ server_pushed_signal(c, buf, true, 7); -+ } -+ else if (buf_string_match_head_str(buf, "HALT")) -+ { -+ server_pushed_signal(c, buf, false, 4); -+ } -+ else if (buf_string_match_head_str(buf, "INFO_PRE")) -+ { -+ server_pushed_info(c, buf, 8); -+ } -+ else if (buf_string_match_head_str(buf, "INFO")) -+ { -+ server_pushed_info(c, buf, 4); -+ } -+ else if (buf_string_match_head_str(buf, "CR_RESPONSE")) -+ { -+ receive_cr_response(c, buf); -+ } -+ else if (buf_string_match_head_str(buf, "AUTH_PENDING")) -+ { -+ receive_auth_pending(c, buf); -+ } -+ else if (buf_string_match_head_str(buf, "EXIT")) -+ { -+ receive_exit_message(c); -+ } -+ else -+ { -+ msg(D_PUSH_ERRORS, "WARNING: Received unknown control message: %s", BSTR(buf)); -+ } -+} -+ - /* - * Handle incoming configuration - * messages on the control channel. -@@ -247,51 +292,41 @@ check_incoming_control_channel(struct co - struct buffer buf = alloc_buf_gc(len, &gc); - if (tls_rec_payload(c->c2.tls_multi, &buf)) - { -- /* force null termination of message */ -- buf_null_terminate(&buf); -- -- /* enforce character class restrictions */ -- string_mod(BSTR(&buf), CC_PRINT, CC_CRLF, 0); - -- if (buf_string_match_head_str(&buf, "AUTH_FAILED")) -- { -- receive_auth_failed(c, &buf); -- } -- else if (buf_string_match_head_str(&buf, "PUSH_")) -- { -- incoming_push_message(c, &buf); -- } -- else if (buf_string_match_head_str(&buf, "RESTART")) -- { -- server_pushed_signal(c, &buf, true, 7); -- } -- else if (buf_string_match_head_str(&buf, "HALT")) -- { -- server_pushed_signal(c, &buf, false, 4); -- } -- else if (buf_string_match_head_str(&buf, "INFO_PRE")) -- { -- server_pushed_info(c, &buf, 8); -- } -- else if (buf_string_match_head_str(&buf, "INFO")) -+ while (BLEN(&buf) > 1) - { -- server_pushed_info(c, &buf, 4); -- } -- else if (buf_string_match_head_str(&buf, "CR_RESPONSE")) -- { -- receive_cr_response(c, &buf); -- } -- else if (buf_string_match_head_str(&buf, "AUTH_PENDING")) -- { -- receive_auth_pending(c, &buf); -- } -- else if (buf_string_match_head_str(&buf, "EXIT")) -- { -- receive_exit_message(c); -- } -- else -- { -- msg(D_PUSH_ERRORS, "WARNING: Received unknown control message: %s", BSTR(&buf)); -+ /* commands on the control channel are seperated by 0x00 bytes. -+ * cmdlen does not include the 0 byte of the string */ -+ int cmdlen = (int)strnlen(BSTR(&buf), BLEN(&buf)); -+ -+ if (cmdlen < BLEN(&buf)) -+ { -+ /* include the NUL byte and ensure NUL termination */ -+ int cmdlen = (int)strlen(BSTR(&buf)) + 1; -+ -+ /* Construct a buffer that only holds the current command and -+ * its closing NUL byte */ -+ struct buffer cmdbuf = alloc_buf_gc(cmdlen, &gc); -+ buf_write(&cmdbuf, BPTR(&buf), cmdlen); -+ -+ /* check we have only printable characters or null byte in the -+ * command string and no newlines */ -+ if (!string_check_buf(&buf, CC_PRINT | CC_NULL, CC_CRLF)) -+ { -+ msg(D_PUSH_ERRORS, "WARNING: Received control with invalid characters: %s", -+ format_hex(BPTR(&buf), BLEN(&buf), 256, &gc)); -+ } -+ else -+ { -+ parse_incoming_control_channel_command(c, &cmdbuf); -+ } -+ } -+ else -+ { -+ msg(D_PUSH_ERRORS, "WARNING: Ignoring control channel " -+ "message command without NUL termination"); -+ } -+ buf_advance(&buf, cmdlen); - } - } - else ---- a/tests/unit_tests/openvpn/test_buffer.c -+++ b/tests/unit_tests/openvpn/test_buffer.c -@@ -261,6 +261,112 @@ test_buffer_gc_realloc(void **state) - gc_free(&gc); - } - -+static void -+test_character_class(void **state) -+{ -+ char buf[256]; -+ strcpy(buf, "There is \x01 a nice 1234 year old tr\x7f ee!"); -+ assert_false(string_mod(buf, CC_PRINT, 0, '@')); -+ assert_string_equal(buf, "There is @ a nice 1234 year old tr@ ee!"); -+ -+ strcpy(buf, "There is \x01 a nice 1234 year old tr\x7f ee!"); -+ assert_true(string_mod(buf, CC_ANY, 0, '@')); -+ assert_string_equal(buf, "There is \x01 a nice 1234 year old tr\x7f ee!"); -+ -+ /* 0 as replace removes characters */ -+ strcpy(buf, "There is \x01 a nice 1234 year old tr\x7f ee!"); -+ assert_false(string_mod(buf, CC_PRINT, 0, '\0')); -+ assert_string_equal(buf, "There is a nice 1234 year old tr ee!"); -+ -+ strcpy(buf, "There is \x01 a nice 1234 year old tr\x7f ee!"); -+ assert_false(string_mod(buf, CC_PRINT, CC_DIGIT, '@')); -+ assert_string_equal(buf, "There is @ a nice @@@@ year old tr@ ee!"); -+ -+ strcpy(buf, "There is \x01 a nice 1234 year old tr\x7f ee!"); -+ assert_false(string_mod(buf, CC_ALPHA, CC_DIGIT, '.')); -+ assert_string_equal(buf, "There.is...a.nice......year.old.tr..ee."); -+ -+ strcpy(buf, "There is \x01 a 'nice' \"1234\"\n year old \ntr\x7f ee!"); -+ assert_false(string_mod(buf, CC_ALPHA|CC_DIGIT|CC_NEWLINE|CC_SINGLE_QUOTE, CC_DOUBLE_QUOTE|CC_BLANK, '.')); -+ assert_string_equal(buf, "There.is...a.'nice'..1234.\n.year.old.\ntr..ee."); -+ -+ strcpy(buf, "There is a \\'nice\\' \"1234\" [*] year old \ntree!"); -+ assert_false(string_mod(buf, CC_PRINT, CC_BACKSLASH|CC_ASTERISK, '.')); -+ assert_string_equal(buf, "There is a .'nice.' \"1234\" [.] year old .tree!"); -+} -+ -+ -+static void -+test_character_string_mod_buf(void **state) -+{ -+ struct gc_arena gc = gc_new(); -+ -+ struct buffer buf = alloc_buf_gc(1024, &gc); -+ -+ const char test1[] = "There is a nice 1234\x00 year old tree!"; -+ buf_write(&buf, test1, sizeof(test1)); -+ -+ /* allow the null bytes and string but not the ! */ -+ assert_false(string_check_buf(&buf, CC_ALNUM | CC_SPACE | CC_NULL, 0)); -+ -+ /* remove final ! and null byte to pass */ -+ buf_inc_len(&buf, -2); -+ assert_true(string_check_buf(&buf, CC_ALNUM | CC_SPACE | CC_NULL, 0)); -+ -+ /* Check excluding digits works */ -+ assert_false(string_check_buf(&buf, CC_ALNUM | CC_SPACE | CC_NULL, CC_DIGIT)); -+ gc_free(&gc); -+} -+ -+static void -+test_snprintf(void **state) -+{ -+ /* we used to have a custom openvpn_snprintf function because some -+ * OS (the comment did not specify which) did not always put the -+ * null byte there. So we unit test this to be sure. -+ * -+ * This probably refers to the MSVC behaviour, see also -+ * https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating -+ */ -+ -+ /* Instead of trying to trick the compiler here, disable the warnings -+ * for this unit test. We know that the results will be truncated -+ * and we want to test that */ -+#if defined(__GNUC__) -+/* some clang version do not understand -Wformat-truncation, so ignore the -+ * warning to avoid warnings/errors (-Werror) about unknown pragma/option */ -+#if defined(__clang__) -+#pragma clang diagnostic push -+#pragma clang diagnostic ignored "-Wunknown-warning-option" -+#endif -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wformat-truncation" -+#endif -+ -+ char buf[10] = { 'a' }; -+ int ret = 0; -+ -+ ret = snprintf(buf, sizeof(buf), "0123456789abcde"); -+ assert_int_equal(ret, 15); -+ assert_int_equal(buf[9], '\0'); -+ -+ memset(buf, 'b', sizeof(buf)); -+ ret = snprintf(buf, sizeof(buf), "- %d - %d -", 77, 88); -+ assert_int_equal(ret, 11); -+ assert_int_equal(buf[9], '\0'); -+ -+ memset(buf, 'c', sizeof(buf)); -+ ret = snprintf(buf, sizeof(buf), "- %8.2f", 77.8899); -+ assert_int_equal(ret, 10); -+ assert_int_equal(buf[9], '\0'); -+ -+#if defined(__GNUC__) -+#pragma GCC diagnostic pop -+#if defined(__clang__) -+#pragma clang diagnostic pop -+#endif -+#endif -+} - - int - main(void) -@@ -291,6 +397,9 @@ main(void) - cmocka_unit_test(test_buffer_free_gc_one), - cmocka_unit_test(test_buffer_free_gc_two), - cmocka_unit_test(test_buffer_gc_realloc), -+ cmocka_unit_test(test_character_class), -+ cmocka_unit_test(test_character_string_mod_buf), -+ cmocka_unit_test(test_snprintf) - }; - - return cmocka_run_group_tests_name("buffer", tests, NULL, NULL); diff -Nru openvpn-2.6.3/debian/patches/CVE-2025-2704.patch openvpn-2.6.14/debian/patches/CVE-2025-2704.patch --- openvpn-2.6.3/debian/patches/CVE-2025-2704.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/CVE-2025-2704.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,282 +0,0 @@ -From d3015bfd65348db629dab51e20a9d4e2f3b23493 Mon Sep 17 00:00:00 2001 -From: Arne Schwabe -Date: Tue, 1 Apr 2025 19:30:37 +0200 -Subject: [PATCH] Allow tls-crypt-v2 to be setup only on initial packet of a - session - -This fixes an internal server error condition that can be triggered by a -malicous authenticated client, a very unlucky corruption of packets in -transit or by an attacker that is able to inject a specially created -packet at the right time and is able to observe the traffic to construct -the packet. - -The error condition results in an ASSERT statement being triggered, - -NOTE: due to the security sensitive nature, this patch was prepared -under embargo on the security@openvpn.net mailing list, and thus has -no publically available "mailing list discussion before merge" URL. - -CVE: 2025-2704 -Change-Id: I07c1352204d308e5bde5f0b85e561a5dd0bc63c8 -Signed-off-by: Arne Schwabe -Acked-by: Gert Doering -Message-Id: <385d88f0-d7c9-4330-82ff-9f5931183afd@rfc2549.org> -Signed-off-by: Gert Doering -(cherry picked from commit 82ee2fe4b42d9988c59ae3f83bd56a54d54e8c76) ---- - src/openvpn/ssl.c | 26 +++++++++++++++++++---- - src/openvpn/ssl_common.h | 15 +++++++------ - src/openvpn/ssl_pkt.c | 7 +++--- - src/openvpn/ssl_pkt.h | 12 +++++++++-- - src/openvpn/tls_crypt.c | 24 ++++++++++++++++++++- - src/openvpn/tls_crypt.h | 7 +++++- - tests/unit_tests/openvpn/test_tls_crypt.c | 2 +- - 7 files changed, 75 insertions(+), 18 deletions(-) - -diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c -index 4fa7ea6fc45..5a0bf95aace 100644 ---- a/src/openvpn/ssl.c -+++ b/src/openvpn/ssl.c -@@ -848,6 +848,9 @@ state_name(int state) - case S_INITIAL: - return "S_INITIAL"; - -+ case S_PRE_START_SKIP: -+ return "S_PRE_START_SKIP"; -+ - case S_PRE_START: - return "S_PRE_START"; - -@@ -2598,7 +2601,7 @@ session_move_pre_start(const struct tls_session *session, - } - INCR_GENERATED; - -- ks->state = S_PRE_START; -+ ks->state = skip_initial_send ? S_PRE_START_SKIP : S_PRE_START; - - struct gc_arena gc = gc_new(); - dmsg(D_TLS_DEBUG, "TLS: Initial Handshake, sid=%s", -@@ -3801,7 +3804,7 @@ tls_pre_decrypt(struct tls_multi *multi, - } - - if (!read_control_auth(buf, tls_session_get_tls_wrap(session, key_id), from, -- session->opt)) -+ session->opt, true)) - { - goto error; - } -@@ -3871,7 +3874,7 @@ tls_pre_decrypt(struct tls_multi *multi, - if (op == P_CONTROL_SOFT_RESET_V1 && ks->state >= S_GENERATED_KEYS) - { - if (!read_control_auth(buf, tls_session_get_tls_wrap(session, key_id), -- from, session->opt)) -+ from, session->opt, false)) - { - goto error; - } -@@ -3884,6 +3887,15 @@ tls_pre_decrypt(struct tls_multi *multi, - } - else - { -+ bool initial_packet = false; -+ if (ks->state == S_PRE_START_SKIP) -+ { -+ /* When we are coming from the session_skip_to_pre_start -+ * method, we allow this initial packet to setup the -+ * tls-crypt-v2 peer specific key */ -+ initial_packet = true; -+ ks->state = S_PRE_START; -+ } - /* - * Remote responding to our key renegotiation request? - */ -@@ -3893,8 +3905,14 @@ tls_pre_decrypt(struct tls_multi *multi, - } - - if (!read_control_auth(buf, tls_session_get_tls_wrap(session, key_id), -- from, session->opt)) -+ from, session->opt, initial_packet)) - { -+ /* if an initial packet in read_control_auth, we rather -+ * error out than anything else */ -+ if (initial_packet) -+ { -+ multi->n_hard_errors++; -+ } - goto error; - } - -diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h -index 085256347ec..8b6ae3f2430 100644 ---- a/src/openvpn/ssl_common.h -+++ b/src/openvpn/ssl_common.h -@@ -80,22 +80,25 @@ - #define S_INITIAL 1 /**< Initial \c key_state state after - * initialization by \c key_state_init() - * before start of three-way handshake. */ --#define S_PRE_START 2 /**< Waiting for the remote OpenVPN peer -+#define S_PRE_START_SKIP 2 /**< Waiting for the remote OpenVPN peer - * to acknowledge during the initial - * three-way handshake. */ --#define S_START 3 /**< Three-way handshake is complete, -+#define S_PRE_START 3 /**< Waiting for the remote OpenVPN peer -+ * to acknowledge during the initial -+ * three-way handshake. */ -+#define S_START 4 /**< Three-way handshake is complete, - * start of key exchange. */ --#define S_SENT_KEY 4 /**< Local OpenVPN process has sent its -+#define S_SENT_KEY 5 /**< Local OpenVPN process has sent its - * part of the key material. */ --#define S_GOT_KEY 5 /**< Local OpenVPN process has received -+#define S_GOT_KEY 6 /**< Local OpenVPN process has received - * the remote's part of the key - * material. */ --#define S_ACTIVE 6 /**< Operational \c key_state state -+#define S_ACTIVE 7 /**< Operational \c key_state state - * immediately after negotiation has - * completed while still within the - * handshake window. Deferred auth and - * client connect can still be pending. */ --#define S_GENERATED_KEYS 7 /**< The data channel keys have been generated -+#define S_GENERATED_KEYS 8 /**< The data channel keys have been generated - * The TLS session is fully authenticated - * when reaching this state. */ - -diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c -index 689cd7f99f9..41299f462db 100644 ---- a/src/openvpn/ssl_pkt.c -+++ b/src/openvpn/ssl_pkt.c -@@ -200,7 +200,8 @@ bool - read_control_auth(struct buffer *buf, - struct tls_wrap_ctx *ctx, - const struct link_socket_actual *from, -- const struct tls_options *opt) -+ const struct tls_options *opt, -+ bool initial_packet) - { - struct gc_arena gc = gc_new(); - bool ret = false; -@@ -208,7 +209,7 @@ read_control_auth(struct buffer *buf, - const uint8_t opcode = *(BPTR(buf)) >> P_OPCODE_SHIFT; - if ((opcode == P_CONTROL_HARD_RESET_CLIENT_V3 - || opcode == P_CONTROL_WKC_V1) -- && !tls_crypt_v2_extract_client_key(buf, ctx, opt)) -+ && !tls_crypt_v2_extract_client_key(buf, ctx, opt, initial_packet)) - { - msg(D_TLS_ERRORS, - "TLS Error: can not extract tls-crypt-v2 client key from %s", -@@ -373,7 +374,7 @@ tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, - * into newbuf or just setting newbuf to point to the start of control - * message */ - bool status = read_control_auth(&state->newbuf, &state->tls_wrap_tmp, -- from, NULL); -+ from, NULL, true); - - if (!status) - { -diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h -index c8a27fba9d7..2033da61ff7 100644 ---- a/src/openvpn/ssl_pkt.h -+++ b/src/openvpn/ssl_pkt.h -@@ -207,14 +207,22 @@ write_control_auth(struct tls_session *session, - bool prepend_ack); - - --/* -+ -+/** - * Read a control channel authentication record. -+ * @param buf buffer that holds the incoming packet -+ * @param ctx control channel security context -+ * @param from incoming link socket address -+ * @param opt tls options struct for the session -+ * @param initial_packet whether this is the initial packet for the connection -+ * @return if the packet was successfully processed - */ - bool - read_control_auth(struct buffer *buf, - struct tls_wrap_ctx *ctx, - const struct link_socket_actual *from, -- const struct tls_options *opt); -+ const struct tls_options *opt, -+ bool initial_packet); - - - /** -diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c -index 975d31fafb5..50228e786e0 100644 ---- a/src/openvpn/tls_crypt.c -+++ b/src/openvpn/tls_crypt.c -@@ -612,7 +612,8 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, - bool - tls_crypt_v2_extract_client_key(struct buffer *buf, - struct tls_wrap_ctx *ctx, -- const struct tls_options *opt) -+ const struct tls_options *opt, -+ bool initial_packet) - { - if (!ctx->tls_crypt_v2_server_key.cipher) - { -@@ -641,6 +642,27 @@ tls_crypt_v2_extract_client_key(struct buffer *buf, - return false; - } - -+ if (!initial_packet) -+ { -+ /* This might be a harmless resend of the packet but it is better to -+ * just ignore the WKC part than trying to setup tls-crypt keys again. -+ * -+ * A CONTROL_WKC_V1 packets has a normal packet part and an appended -+ * wrapped control key. These are authenticated individually. We already -+ * set up tls-crypt with the wrapped key, so we are ignoring this part -+ * of the message but we return the normal packet part as the normal -+ * part of the message might have been corrupted earlier and discarded -+ * and this is resend. So return the normal part of the packet, -+ * basically transforming the CONTROL_WKC_V1 into a normal CONTROL_V1 -+ * packet*/ -+ msg(D_TLS_ERRORS, "control channel security already setup ignoring " -+ "wrapped key part of packet."); -+ -+ /* Remove client key from buffer so tls-crypt code can unwrap message */ -+ ASSERT(buf_inc_len(buf, -(BLEN(&wrapped_client_key)))); -+ return true; -+ } -+ - ctx->tls_crypt_v2_metadata = alloc_buf(TLS_CRYPT_V2_MAX_METADATA_LEN); - if (!tls_crypt_v2_unwrap_client_key(&ctx->original_wrap_keydata, - &ctx->tls_crypt_v2_metadata, -diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h -index 8c87e2080a1..331c0c060a7 100644 ---- a/src/openvpn/tls_crypt.h -+++ b/src/openvpn/tls_crypt.h -@@ -207,11 +207,16 @@ void tls_crypt_v2_init_client_key(struct key_ctx_bi *key, - * message. - * @param ctx tls-wrap context to be initialized with the client key. - * -+ * @param initial_packet whether this is the initial packet of the -+ * connection. Only in these scenarios unwrapping -+ * of a tls-crypt-v2 key is allowed -+ * - * @returns true if a key was successfully extracted. - */ - bool tls_crypt_v2_extract_client_key(struct buffer *buf, - struct tls_wrap_ctx *ctx, -- const struct tls_options *opt); -+ const struct tls_options *opt, -+ bool initial_packet); - - /** - * Generate a tls-crypt-v2 server key, and write to file. -diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c -index 465543a740e..3eac04cf9ce 100644 ---- a/tests/unit_tests/openvpn/test_tls_crypt.c -+++ b/tests/unit_tests/openvpn/test_tls_crypt.c -@@ -533,7 +533,7 @@ tls_crypt_v2_wrap_unwrap_max_metadata(void **state) - .mode = TLS_WRAP_CRYPT, - .tls_crypt_v2_server_key = ctx->server_keys.encrypt, - }; -- assert_true(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL)); -+ assert_true(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL, true)); - tls_wrap_free(&wrap_ctx); - } - diff -Nru openvpn-2.6.3/debian/patches/CVE-2026-35058.patch openvpn-2.6.14/debian/patches/CVE-2026-35058.patch --- openvpn-2.6.3/debian/patches/CVE-2026-35058.patch 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/debian/patches/CVE-2026-35058.patch 2026-05-05 20:20:39.000000000 +0000 @@ -0,0 +1,91 @@ +From 0dc820fe1d0de369d101702151fa06fff0eb360c Mon Sep 17 00:00:00 2001 +From: Steffan Karger +Date: Sun, 12 Apr 2026 13:37:56 +0200 +Subject: [PATCH] tls-crypt-v2: Avoid interpreting opcode as part of WKc + +The buffer we pass to tls_crypt_v2_extract_client_key contains the +entire received control channel packet. We should skip the opcode before +trying to read WKC. + +This logic error is a second bug behind the XlabAI finding, next too the +too-strict ASSERT in tls_crypt_unwrap. + +Also remove a too strict ASSERT in tls_crypt_unwrap. We already check +a few lines later for a too short packet and return a proper error +("packet too short"). + +XlabAI found a way of triggering this ASSERT that requires a tls-crypt-v2 +client key that has a specific property (a specific byte need to have a +specific value, about 1/256 probability). If an attacker can get hold of +such a tls-crypt-v2 client key or observe a handshake using such a key, +the attacker can trigger the ASSERT, crashing the server. Setups that do +not use tls-crypt-v2 are not affected. + +Independently, Cisco Talos reported a way to trigger this ASSERT with any +tls-crypt-v2 key but this requires the attacker to be also in possession +of the private key part of the tls-crypt-v2 client key or to inject packet +into a live session of a client session. + +CVE: 2026-35058 +Reported-By: XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com) +Reported-By: Guannan Wang (wgnbuaa@gmail.com +Reported-By: Zhanpeng Liu (pkugenuine@gmail.com) +Reported-By: Guancheng Li (lgcpku@gmail.com) +Reported-By: Emma Reuter of Cisco ASIG (TALOS-2026-2381) +Signed-off-by: Steffan Karger +Signed-off-by: Arne Schwabe + +Change-Id: I623733c0476c98f436d19009ee8990693c1579b5 +Private-URL: https://github.com/OpenVPN/openvpn-private-issues/issues/111 +Acked-by: Gert Doering +Signed-off-by: Gert Doering +(cherry picked from commit 18270324a5fd43122ca1b8c29b224c5dd5905429) +--- + src/openvpn/tls_crypt.c | 4 ++-- + tests/unit_tests/openvpn/test_tls_crypt.c | 11 ++++++++++- + 2 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c +index 50228e786e0..386aaf12fe2 100644 +--- a/src/openvpn/tls_crypt.c ++++ b/src/openvpn/tls_crypt.c +@@ -229,7 +229,6 @@ tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, + gc_init(&gc); + + ASSERT(opt); +- ASSERT(src->len > 0); + ASSERT(ctx->cipher); + ASSERT(packet_id_initialized(&opt->packet_id) + || (opt->flags & CO_IGNORE_PACKET_ID)); +@@ -627,7 +626,8 @@ tls_crypt_v2_extract_client_key(struct buffer *buf, + struct buffer wrapped_client_key = *buf; + uint16_t net_len = 0; + +- if (BLEN(&wrapped_client_key) < sizeof(net_len)) ++ if (!buf_advance(&wrapped_client_key, 1) ++ || BLEN(&wrapped_client_key) < 1 + sizeof(net_len)) + { + msg(D_TLS_ERRORS, "Can not read tls-crypt-v2 client key length"); + return false; +diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c +index bf5a8cef0c0..fcf6f9a00eb 100644 +--- a/tests/unit_tests/openvpn/test_tls_crypt.c ++++ b/tests/unit_tests/openvpn/test_tls_crypt.c +@@ -534,7 +534,16 @@ tls_crypt_v2_wrap_unwrap_max_metadata(void **state) + .mode = TLS_WRAP_CRYPT, + .tls_crypt_v2_server_key = ctx->server_keys.encrypt, + }; +- assert_true(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL, true)); ++ ++ /* a buffer that only contains the wrapped key should fail */ ++ assert_false(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL, true)); ++ ++ /* add a opcode in front of the key to make it valid to extract */ ++ struct buffer wkcop = alloc_buf_gc(buf_len(&ctx->wkc) + 1, &ctx->gc); ++ buf_write_u8(&wkcop, 0x50); ++ buf_copy(&wkcop, &ctx->wkc); ++ assert_true(tls_crypt_v2_extract_client_key(&wkcop, &wrap_ctx, NULL, true)); ++ + tls_wrap_free(&wrap_ctx); + } + diff -Nru openvpn-2.6.3/debian/patches/CVE-2026-40215.patch openvpn-2.6.14/debian/patches/CVE-2026-40215.patch --- openvpn-2.6.3/debian/patches/CVE-2026-40215.patch 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/debian/patches/CVE-2026-40215.patch 2026-05-05 20:20:39.000000000 +0000 @@ -0,0 +1,54 @@ +From 4472265ea2d18b88bb5f59fb30d4067a0323aff5 Mon Sep 17 00:00:00 2001 +From: Arne Schwabe +Date: Fri, 10 Apr 2026 16:59:53 +0200 +Subject: [PATCH] Ensure that buffer of freed session are not used + +In a race condition an old TLS session could still try to send a packet but +also get replaced by a new session. In this case, the buffer of the new +session is still referenced. Add the check_session_buf_not_used function +to mitigate this problem. + +Also make the check if the to_link pointer is in one of the memory +regions a bit better even though this not make a difference with the +way we use these structs. But better safe than sorry. + +A better solution to remove the TM_INITIAL state and handle reconnecting +session in their own complete tls_multi is a more involved fix that requires +a lot more refactoring. + +CVE: 2026-40215 +Reported-By: XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com) +Reported-By: Guannan Wang (wgnbuaa@gmail.com +Reported-By: Zhanpeng Liu (pkugenuine@gmail.com) +Reported-By: Guancheng Li (lgcpku@gmail.com) +Signed-off-by: Arne Schwabe + +Change-Id: I7c5fa2a7a2563b7a8955d386411f3ceffe5b092f +Private-URL: https://github.com/OpenVPN/openvpn-private-issues/issues/112 +Acked-by: Gert Doering +Signed-off-by: Gert Doering +(cherry picked from commit b2a15fb84d85790eeae4a2e12b431cbfd0b0302f) +--- + src/openvpn/ssl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c +index 9814bb39494..aaf40319fa5 100644 +--- a/src/openvpn/ssl.c ++++ b/src/openvpn/ssl.c +@@ -3373,6 +3373,7 @@ tls_multi_process(struct tls_multi *multi, + && ks_lame->state >= S_GENERATED_KEYS + && !multi->opt.single_session) + { ++ check_session_buf_not_used(to_link, session); + move_session(multi, TM_LAME_DUCK, TM_ACTIVE, true); + } + else +@@ -3445,6 +3446,7 @@ tls_multi_process(struct tls_multi *multi, + */ + if (TLS_AUTHENTICATED(multi, &multi->session[TM_INITIAL].key[KS_PRIMARY])) + { ++ check_session_buf_not_used(to_link, &multi->session[TM_ACTIVE]); + move_session(multi, TM_ACTIVE, TM_INITIAL, true); + tas = tls_authentication_status(multi); + msg(D_TLS_DEBUG_LOW, "TLS: tls_multi_process: initial untrusted " diff -Nru openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch openvpn-2.6.14/debian/patches/fix-dangling-pointer-in-pkcs11.patch --- openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/fix-dangling-pointer-in-pkcs11.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -From 7e4becb4cd8be7f0d5ff80cf80877ea152f99830 Mon Sep 17 00:00:00 2001 -From: Selva Nair -Date: Tue, 9 May 2023 13:05:17 -0400 -Subject: [PATCH] Bugfix: dangling pointer passed to pkcs11-helper - -Github: Fixes OpenVPN/openvpn#323 - -Signed-off-by: Selva Nair -Acked-by: Gert Doering -Message-Id: <20230509170517.2637245-1-selva.nair@gmail.com> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26640.html -Signed-off-by: Gert Doering -(cherry picked from commit f4850745709c5b80ab7d09c03a86c5ceea6d10a2) ---- - src/openvpn/pkcs11_openssl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c -index eee86e17b6f..9b0ab39f9cf 100644 ---- a/src/openvpn/pkcs11_openssl.c -+++ b/src/openvpn/pkcs11_openssl.c -@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, - { - pkcs11h_certificate_t cert = handle; - CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */ -+ CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; - - unsigned char buf[EVP_MAX_MD_SIZE]; - size_t buflen; -@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, - } - else if (!strcmp(sigalg.padmode, "pss")) - { -- CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; - mech.mechanism = CKM_RSA_PKCS_PSS; - - if (!set_pss_params(&pss_params, sigalg, cert)) diff -Nru openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch openvpn-2.6.14/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch --- openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ -From 5e8a571af165c867ccb9c4c9e6334620f42013ac Mon Sep 17 00:00:00 2001 -From: Frank Lichtenheld -Date: Mon, 15 May 2023 16:21:16 +0200 -Subject: [PATCH] DCO: fix memory leak in dco_get_peer_stats_multi for Linux - -Leaks a small amount of memory every 15s. - -Signed-off-by: Frank Lichtenheld -Acked-by: Antonio Quartulli -Message-Id: <20230515142116.33135-1-frank@lichtenheld.com> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26659.html -Signed-off-by: Gert Doering -(cherry picked from commit 276f7c86d70666bc2ab4e6192ef5f1dcbd6a230f) ---- - src/openvpn/dco_linux.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c -index 796e6f25da4..2bfdf980a3a 100644 ---- a/src/openvpn/dco_linux.c -+++ b/src/openvpn/dco_linux.c -@@ -925,7 +925,10 @@ dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m) - - nlmsg_hdr(nl_msg)->nlmsg_flags |= NLM_F_DUMP; - -- return ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__); -+ int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__); -+ -+ nlmsg_free(nl_msg); -+ return ret; - } - - static int diff -Nru openvpn-2.6.3/debian/patches/sample-keys-renew-10-years.patch openvpn-2.6.14/debian/patches/sample-keys-renew-10-years.patch --- openvpn-2.6.3/debian/patches/sample-keys-renew-10-years.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/sample-keys-renew-10-years.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,1618 +0,0 @@ -Origin: https://github.com/OpenVPN/openvpn/commit/78e0c5f2f57a18e8ea60951696a458a4b3ff3621 -Reviewed-by: Aquila Macedo Costa -Last-Update: 2025-03-04 - -From 78e0c5f2f57a18e8ea60951696a458a4b3ff3621 Mon Sep 17 00:00:00 2001 -From: Frank Lichtenheld -Date: Tue, 21 Nov 2023 12:04:30 +0100 -Subject: [PATCH] sample-keys: renew for the next 10 years - -Old expiration was October 2024, less than a year away. -Give everyone the chance to get the new keys before tests -start failing. - -Change-Id: Ie264ec1ec61fd71e8cc87987be3e2adc2735c201 -Signed-off-by: Frank Lichtenheld -Message-Id: <20231121110430.16893-1-frank@lichtenheld.com> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27530.html -Signed-off-by: Gert Doering ---- - sample/sample-config-files/loopback-client | 313 +++++++++++++++-------------- - sample/sample-keys/ca.crt | 67 +++--- - sample/sample-keys/ca.key | 100 ++++----- - sample/sample-keys/client-ec.crt | 129 ++++++------ - sample/sample-keys/client-ec.key | 6 +- - sample/sample-keys/client-pass.key | 60 +++--- - sample/sample-keys/client.crt | 162 +++++++-------- - sample/sample-keys/client.key | 52 ++--- - sample/sample-keys/client.p12 | Bin 4533 -> 4707 bytes - sample/sample-keys/dh2048.pem | 12 +- - sample/sample-keys/gen-sample-keys.sh | 3 +- - sample/sample-keys/server-ec.crt | 132 ++++++------ - sample/sample-keys/server-ec.key | 6 +- - sample/sample-keys/server.crt | 166 +++++++-------- - sample/sample-keys/server.key | 52 ++--- - sample/sample-keys/ta.key | 32 +-- - 16 files changed, 648 insertions(+), 644 deletions(-) - -diff --git a/sample/sample-config-files/loopback-client b/sample/sample-config-files/loopback-client -index 8ac3d1d..7965eb6 100644 ---- a/sample/sample-config-files/loopback-client -+++ b/sample/sample-config-files/loopback-client -@@ -24,70 +24,71 @@ remote-cert-tls server - #ca sample-keys/ca.crt - - -----BEGIN CERTIFICATE----- --MIIGKDCCBBCgAwIBAgIJAKFO3vqQ8q6BMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV --BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM --T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w --HhcNMTQxMDIyMjE1OTUyWhcNMjQxMDE5MjE1OTUyWjBmMQswCQYDVQQGEwJLRzEL --MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq --hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsJVPCqt3vtoDW2U0DII1QIh2Qs0dqh88 --8nivxAIm2LTq93e9fJhsq3P/UVYAYSeCIrekXypR0EQgSgcNTvGBMe20BoHO5yvb --GjKPmjfLj6XRotCOGy8EDl/hLgRY9efiA8wsVfuvF2q/FblyJQPR/gPiDtTmUiqF --qXa7AJmMrqFsnWppOuGd7Qc6aTsae4TF1e/gUTCTraa7NeHowDaKhdyFmEEnCYR5 --CeUsx2JlFWAH8PCrxBpHYbmGyvS0kH3+rQkaSM/Pzc2bS4ayHaOYRK5XsGq8XiNG --KTTLnSaCdPeHsI+3xMHmEh+u5Og2DFGgvyD22gde6W2ezvEKCUDrzR7bsnYqqyUy --n7LxnkPXGyvR52T06G8KzLKQRmDlPIXhzKMO07qkHmIonXTdF7YI1azwHpAtN4dS --rUe1bvjiTSoEsQPfOAyvD0RMK/CBfgEZUzAB50e/IlbZ84c0DJfUMOm4xCyft1HF --YpYeyCf5dxoIjweCPOoP426+aTXM7kqq0ieIr6YxnKV6OGGLKEY+VNZh1DS7enqV --HP5i8eimyuUYPoQhbK9xtDGMgghnc6Hn8BldPMcvz98HdTEH4rBfA3yNuCxLSNow --4jJuLjNXh2QeiUtWtkXja7ec+P7VqKTduJoRaX7cs+8E3ImigiRnvmK+npk7Nt1y --YE9hBRhSoLsCAwEAAaOB2DCB1TAdBgNVHQ4EFgQUK0DlyX319JY46S/jL9lAZMmO --BZswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJ --BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE --ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h --aW6CCQChTt76kPKugTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG --9w0BAQsFAAOCAgEABc77f4C4P8fIS+V8qCJmVNSDU44UZBc+D+J6ZTgW8JeOHUIj --Bh++XDg3gwat7pIWQ8AU5R7h+fpBI9n3dadyIsMHGwSogHY9Gw7di2RVtSFajEth --rvrq0JbzpwoYedMh84sJ2qI/DGKW9/Is9+O52fR+3z3dY3gNRDPQ5675BQ5CQW9I --AJgLOqzD8Q0qrXYi7HaEqzNx6p7RDTuhFgvTd+vS5d5+28Z5fm2umnq+GKHF8W5P --ylp2Js119FTVO7brusAMKPe5emc7tC2ov8OFFemQvfHR41PLryap2VD81IOgmt/J --kX/j/y5KGux5HZ3lxXqdJbKcAq4NKYQT0mCkRD4l6szaCEJ+k0SiM9DdTcBDefhR --9q+pCOyMh7d8QjQ1075mF7T+PGkZQUW1DUjEfrZhICnKgq+iEoUmM0Ee5WtRqcnu --5BTGQ2mSfc6rV+Vr+eYXqcg7Nxb3vFXYSTod1UhefonVqwdmyJ2sC79zp36Tbo2+ --65NW2WJK7KzPUyOJU0U9bcu0utvDOvGWmG+aHbymJgcoFzvZmlXqMXn97pSFn4jV --y3SLRgJXOw1QLXL2Y5abcuoBVr4gCOxxk2vBeVxOMRXNqSWZOFIF1bu/PxuDA+Sa --hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw= -+MIIGPjCCBCagAwIBAgIUb1C400ZucjRZvAAz3XyuEusnRgYwDQYJKoZIhvcNAQEL -+BQAwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgMAk5BMRAwDgYDVQQHDAdCSVNIS0VL -+MRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEWEm1lQG15aG9z -+dC5teWRvbWFpbjAeFw0yMzExMDcxMjIzMzlaFw0zMzExMDQxMjIzMzlaMGYxCzAJ -+BgNVBAYTAktHMQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEVMBMGA1UE -+CgwMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h -+aW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCI+p/ZLGUHCANTTFaK -+nw+J3wi+ef2EKJ5WHt5PWMuBeaDpeU4Ghuaow8HlRPjG9lDRHtn+WQgZz9nUejYH -++wtmN2BHwJAM4OeUVoB95tBrxd/VDCrdIvypVKldHsU3VkEbvPAl1jq68WVk+DXM -+FZqTUoafDK+irOvL7Z5j2gA3FDzRUQs0L+jCvRTl4omFSjSQwoBCoVXxNEAg9jgy -+lNWUHx+JHDB8dk+gEmDai20ggBWeAeThUU9dVZvwjv4E7zMRMx1skCRdWcyALJQf -+fjc9q6gnB9X9nPxXdWb/lYKcivJBmBRHLeirnUFL2S2IYRc2H0ZbX1d+WzDJV37+ -+DKYy9ehltyHFiaXmZThJ2Kg/mAD55U3NCWNBXmQ0CvzhUh6QIQiOJNQHmK0qxgnc -+POJeE4X55dv1nAGD/0fGeHTcuShzUoipCKAd1CZdXK2Ge3gZRH2WUvlQGd5JARd4 -+3zbd2wXZX0h0e1/BWQVeXx/Cg6u31B5lll7B3rWeoZHvfV9DSC7e3IEOhgzG5cyA -+h+wrtlCszjiMreHSSYCQh9tlyK+ACOJUFtZFGdseBsMxRgXWtHr+ypW2iJI4KsEU -+/MNXr1Bqg7FGxIw0Oyc2zyzjgD9aq4CKEy64MYB1ZYf41Rbc2Z+pMx1MW9orsPp7 -+qSp6SmpTk0RTHpH0O2wNC9F26wIDAQABo4HjMIHgMB0GA1UdDgQWBBRzsbjWipVr -+EuB0fMVXVZiUW6x4XjCBowYDVR0jBIGbMIGYgBRzsbjWipVrEuB0fMVXVZiUW6x4 -+XqFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgMAk5BMRAwDgYDVQQHDAdCSVNI -+S0VLMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEWEm1lQG15 -+aG9zdC5teWRvbWFpboIUb1C400ZucjRZvAAz3XyuEusnRgYwDAYDVR0TBAUwAwEB -+/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBABqhFuSPgqplHQtFnWwQ -+TKfrElQJ07gF0eaBBijQVSm2MswB2xnWF/S2NRjIpw7k5ZlmZsAbCVcGMwqJOkfJ -+yX3Z7gK+yNrZehzNSOCkv+H79ExsS9/HETSqZxMevIIH7O0t/pACv20f85unBzhc -+x+980RzufuHK17sG3Z+z+d6i9XDhaZvV/gm6bWTXft1ufRzI5R48xWVAfJd1X9Ln -+bZmqF9Ye1GHxka1Xna9nOCgAuYYoGxq2VkUSIjlRCMaLCHlsWEn0JbRnQXPfBts6 -+/yQBywcEekKRutCugn5bn625kAJHWGxcb0xIXj+Rqnp2++p33lbE4J09zfIkh5hV -+RvCSzaE0Z3Kly9237CV+DyAqzrBJq5HHN/AT6+xFd2yGPMPKH8hKbf3jIprexNEp -+oG1XC/dsPFkPLUyeD++kVjzsLiDmYAn2x3Dco6cWD7FfEljb1pHkAp5CctU9TjZH -+21xcAsPbfS0vrDmj8zG7eTU+BtleL4AfxEVsMBzrUB6jSdUMpJ/hRtni4RxOHLmU -+0DqtHIqrDrC5Gb2KunNUIYqPp+80LSD1/Edo5Vr+k5AiFYCzZFXSab+6e4hEsLEV -+nQNMmcPVWATQ2najGfNftmhwQx9hU4gJaCw/rfhEmwIif5BxgG5VPUzy97T+GmOZ -+InB0RDylv3Lq3Hs8mBF4nRt7 - -----END CERTIFICATE----- - - #key sample-keys/client.key - - -----BEGIN PRIVATE KEY----- --MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsZY/pEsIaW+ZW --KgipgjotRHijADuwn+cnEECT7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLw --SNr8FY3Exm0LmfErgwAK0yojC+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwd --VyBxF4/3KJ4+B87s1Q5CTx50R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rR --WNNE/loEAf8Gepf3/eNXSOHw30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhY --HJMiC3X6qNbgtS8tudT+uU+G4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83 --DG9b/WHxAgMBAAECggEBAIOdaCpUD02trOh8LqZxowJhBOl7z7/ex0uweMPk67LT --i5AdVHwOlzwZJ8oSIknoOBEMRBWcLQEojt1JMuL2/R95emzjIKshHHzqZKNulFvB --TIUpdnwChTKtH0mqUkLlPU3Ienty4IpNlpmfUKimfbkWHERdBJBHbtDsTABhdo3X --9pCF/yRKqJS2Fy/Mkl3gv1y/NB1OL4Jhl7vQbf+kmgfQN2qdOVe2BOKQ8NlPUDmE --/1XNIDaE3s6uvUaoFfwowzsCCwN2/8QrRMMKkjvV+lEVtNmQdYxj5Xj5IwS0vkK0 --6icsngW87cpZxxc1zsRWcSTloy5ohub4FgKhlolmigECgYEA+cBlxzLvaMzMlBQY --kCac9KQMvVL+DIFHlZA5i5L/9pRVp4JJwj3GUoehFJoFhsxnKr8HZyLwBKlCmUVm --VxnshRWiAU18emUmeAtSGawlAS3QXhikVZDdd/L20YusLT+DXV81wlKR97/r9+17 --klQOLkSdPm9wcMDOWMNHX8bUg8kCgYEA8k+hQv6+TR/+Beao2IIctFtw/EauaJiJ --wW5ql1cpCLPMAOQUvjs0Km3zqctfBF8mUjdkcyJ4uhL9FZtfywY22EtRIXOJ/8VR --we65mVo6RLR8YVM54sihanuFOnlyF9LIBWB+9pUfh1/Y7DSebh7W73uxhAxQhi3Y --QwfIQIFd8OkCgYBalH4VXhLYhpaYCiXSej6ot6rrK2N6c5Tb2MAWMA1nh+r84tMP --gMoh+pDgYPAqMI4mQbxUmqZEeoLuBe6VHpDav7rPECRaW781AJ4ZM4cEQ3Jz/inz --4qOAMn10CF081/Ez9ykPPlU0bsYNWHNd4eB2xWnmUBKOwk7UgJatVPaUiQKBgQCI --f18CVGpzG9CHFnaK8FCnMNOm6VIaTcNcGY0mD81nv5Dt943P054BQMsAHTY7SjZW --HioRyZtkhonXAB2oSqnekh7zzxgv4sG5k3ct8evdBCcE1FNJc2eqikZ0uDETRoOy --s7cRxNNr+QxDkyikM+80HOPU1PMPgwfOSrX90GJQ8QKBgEBKohGMV/sNa4t14Iau --qO8aagoqh/68K9GFXljsl3/iCSa964HIEREtW09Qz1w3dotEgp2w8bsDa+OwWrLy --0SY7T5jRViM3cDWRlUBLrGGiL0FiwsfqiRiji60y19erJgrgyGVIb1kIgIBRkgFM --2MMweASzTmZcri4PA/5C0HYb -+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDdrrIKQObP4cGi -+odKDLDGY4huyhUBnAPqrv8+dFNHGt2ODql+cFKDSTQQ6SpLmkkukhkAmQr2Dt/xJ -+t1bSyudwhRaPizvaR56LakrI5qjermstUiIMnc9nu30eZgVTi3yurdGmUl89nmso -+GFfZoUItwLBN2krwKaoCNIYCqq9nCQbtRSGOjPh1Vsfq6E+IjhyLW2gtsWal5MY2 -+4nCN/u8Q8FL4U5a/flFw8j+uWIc40aNr9jhRmxbOZzWObXZjTWubfXfaVW8gsWZP -+mi2kczpSIYY886ZaZ+V9EPU2ViF+AyK9mOkYtD+ztQ3t1e9Ulm+dRmxvDrpLGvfM -+1OUkutKlAgMBAAECggEANwi9ron6QzWaqtNdva7lCT1o/uLR4EB/+s99rVOT2K+C -+hxdu8QK2Aj+YgxgsbA15tfiWSGldPywX9/0KEv7IgkioFy7Lxx7sn1PeCQ4qck3+ -+0ZuIVHWBHhGPuFI/lEQWyg7g81eTyWpg0+1nMeI02cLyggFlhUXyrOV5N4REU2GW -+C0KBQFyVQJPrFszomK8qsHOu/gaGC1vOwgIID3cQ3iLKXkoHNmHO4hgbeSy+SfDP -+Q5C0xxKQa2RUz0nLbByuGtLYOsJmbjUMWjFXyjmwBsPCcvRmFRdnxFvlnzwGEH4M -+ZKsw+49p1iJFyuCv7KJ/ILLJmoEuryjrSmdj3esIqQKBgQDwC24VBQLNmlug8rkG -+YWaRePsWRJylDlWIeHnfmGe27p7ytxOvGe6hnPu6nfg8nXHtruZCIhGya6qbuVmL -+vGrg94ia4MSpDVUgGiElXXQ/Pl7O9/lnSlIlxcBAgd8uggxIAzCeYI6c3r7AQcmY -+jARMwYNCxJjz5nLctMe2MCs4LwKBgQDsatDXb3xr6jmflCUZa8Kx8SOgBWEZTEGz -+KEoCQWnF2fHUCy4Bwm8Imnws3iX0198TyxkVD2rP8oGwFj2SAVtI2L8Y/g5A05TA -+knfmVECvGp/MN266ZdCA8G/MKbk727TxyJs+4AseAi5p6cBULqZHsJaZE74qlcEl -+5gFQu35ZawKBgBBgRz9J2zoZmLyvMm48ANpVzZNkVOdxxeYMigv2AsVZHCDk2oPs -+mfoOkqHVmxTPjPExKGZEmr54V+hNyc0dqpD0ci5WvTPnQ/JvtektqfuSjrdB9ZLV -+YCtRhV8hPQ+YMaxMA2oankAXdh35nv44NybhYMoSTXj+NMHX13QXbytjAoGAdVKw -+3yixWzB6dinjm1Dx5rJfVos024QPWqRUzfe+UPROYUdHBpKB3YgktXNs7KuwRbdV -+dDEZdabIGyV+WpWXwnflpbZ2Rk95k3NcUw5ep0cUJBkiNxhNt58aK/xMs1rd2dsO -+x84RVkwI0oCw9FXOKOeGZOL6TVHR70fMQU86bY8CgYEAqg/1AD9lXzbR57zaR/br -+AIn0WWU2mnU7Dc4uhmQd9+JExqrplKKHrUp8eQEOW8nij6MbPYlpgkMdatvDOJqP -+WrYtwZsKXGhnalvbS3ye20HqpjYpBR7co3Q9KMaaDNoQe9HtjbT80GXpQEbJN2Iu -+ADo3hPoX0yENIbKFccMuptM= - -----END PRIVATE KEY----- - - #cert sample-keys/client.crt -@@ -96,104 +97,104 @@ Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) -- Signature Algorithm: sha256WithRSAEncryption -+ Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity -- Not Before: Oct 22 21:59:53 2014 GMT -- Not After : Oct 19 21:59:53 2024 GMT -+ Not Before: Nov 7 12:23:39 2023 GMT -+ Not After : Nov 4 12:23:39 2033 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: -- 00:ec:65:8f:e9:12:c2:1a:5b:e6:56:2a:08:a9:82: -- 3a:2d:44:78:a3:00:3b:b0:9f:e7:27:10:40:93:ef: -- f1:cc:3e:a0:aa:04:a2:80:1b:13:a9:e6:fe:81:d6: -- 70:90:a8:d8:d4:de:30:d8:35:00:d2:be:62:f0:48: -- da:fc:15:8d:c4:c6:6d:0b:99:f1:2b:83:00:0a:d3: -- 2a:23:0b:e5:cd:f9:35:df:43:61:15:72:ad:95:98: -- f6:73:21:41:5e:a0:dd:47:27:a0:d5:9a:d4:41:a8: -- 1c:1d:57:20:71:17:8f:f7:28:9e:3e:07:ce:ec:d5: -- 0e:42:4f:1e:74:47:8e:47:9d:d2:14:28:27:2c:14: -- 10:f5:d1:96:b5:93:74:84:ef:f9:04:de:8d:4a:6f: -- df:77:ab:ea:d1:58:d3:44:fe:5a:04:01:ff:06:7a: -- 97:f7:fd:e3:57:48:e1:f0:df:40:13:9f:66:23:5a: -- e3:55:54:3d:54:39:ee:00:f9:12:f1:d2:df:74:2e: -- ba:d7:f0:8d:c6:dd:18:58:1c:93:22:0b:75:fa:a8: -- d6:e0:b5:2f:2d:b9:d4:fe:b9:4f:86:e2:75:48:16: -- 60:fb:3f:c9:b4:30:42:29:fb:3b:b3:2b:b9:59:81: -- 6a:46:f3:45:83:bf:fd:d5:1a:ff:37:0c:6f:5b:fd: -- 61:f1 -+ 00:dd:ae:b2:0a:40:e6:cf:e1:c1:a2:a1:d2:83:2c: -+ 31:98:e2:1b:b2:85:40:67:00:fa:ab:bf:cf:9d:14: -+ d1:c6:b7:63:83:aa:5f:9c:14:a0:d2:4d:04:3a:4a: -+ 92:e6:92:4b:a4:86:40:26:42:bd:83:b7:fc:49:b7: -+ 56:d2:ca:e7:70:85:16:8f:8b:3b:da:47:9e:8b:6a: -+ 4a:c8:e6:a8:de:ae:6b:2d:52:22:0c:9d:cf:67:bb: -+ 7d:1e:66:05:53:8b:7c:ae:ad:d1:a6:52:5f:3d:9e: -+ 6b:28:18:57:d9:a1:42:2d:c0:b0:4d:da:4a:f0:29: -+ aa:02:34:86:02:aa:af:67:09:06:ed:45:21:8e:8c: -+ f8:75:56:c7:ea:e8:4f:88:8e:1c:8b:5b:68:2d:b1: -+ 66:a5:e4:c6:36:e2:70:8d:fe:ef:10:f0:52:f8:53: -+ 96:bf:7e:51:70:f2:3f:ae:58:87:38:d1:a3:6b:f6: -+ 38:51:9b:16:ce:67:35:8e:6d:76:63:4d:6b:9b:7d: -+ 77:da:55:6f:20:b1:66:4f:9a:2d:a4:73:3a:52:21: -+ 86:3c:f3:a6:5a:67:e5:7d:10:f5:36:56:21:7e:03: -+ 22:bd:98:e9:18:b4:3f:b3:b5:0d:ed:d5:ef:54:96: -+ 6f:9d:46:6c:6f:0e:ba:4b:1a:f7:cc:d4:e5:24:ba: -+ d2:a5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: -- D2:B4:36:0F:B1:FC:DD:A5:EA:2A:F7:C7:23:89:FA:E3:FA:7A:44:1D -+ 59:33:B9:2E:63:D1:17:A8:9F:BD:D8:CE:94:21:C5:41:C7:31:62:5D - X509v3 Authority Key Identifier: -- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B -+ keyid:73:B1:B8:D6:8A:95:6B:12:E0:74:7C:C5:57:55:98:94:5B:AC:78:5E - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -- serial:A1:4E:DE:FA:90:F2:AE:81 -- -+ serial:6F:50:B8:D3:46:6E:72:34:59:BC:00:33:DD:7C:AE:12:EB:27:46:06 - Signature Algorithm: sha256WithRSAEncryption -- 7f:e0:fe:84:a7:ec:df:62:a5:cd:3c:c1:e6:42:b1:31:12:f0: -- b9:da:a7:9e:3f:bd:96:52:b6:fc:55:74:64:3e:e4:ff:7e:aa: -- f7:3e:06:18:5f:73:85:f8:c8:e0:67:1b:4d:97:ca:05:d0:37: -- 07:33:64:9b:e6:78:77:14:9a:55:bb:2a:ac:c3:7f:c9:15:08: -- 83:5c:c8:c2:61:d3:71:4c:05:0b:2b:cb:a3:87:6d:a0:32:ed: -- b0:b3:27:97:4a:55:8d:01:2a:30:56:68:ab:f2:da:5c:10:73: -- c9:aa:0a:9c:4b:4c:a0:5b:51:6e:0a:7e:6c:53:80:b0:00:e1: -- 1e:9a:4c:0a:37:9e:20:89:bc:c5:e5:79:58:b7:45:ff:d3:c4: -- a1:fd:d9:78:3d:45:16:74:df:82:44:1d:1d:81:50:5a:b9:32: -- 4c:e2:4f:3f:0e:3a:65:5a:64:83:3b:29:31:c4:99:88:bc:c5: -- 84:39:f2:19:12:e1:66:d0:ea:fb:75:b1:d2:27:be:91:59:a3: -- 2b:09:d5:5c:bf:46:8e:d6:67:d6:0b:ec:da:ab:f0:80:19:87: -- 64:07:a9:77:b1:5e:0c:e2:c5:1d:6a:ac:5d:23:f3:30:75:36: -- 4e:ca:c3:4e:b0:4d:8c:2c:ce:52:61:63:de:d5:f5:ef:ef:0a: -- 6b:23:25:26:3c:3a:f2:c3:c2:16:19:3f:a9:32:ba:68:f9:c9: -- 12:3c:3e:c6:1f:ff:9b:4e:f4:90:b0:63:f5:d1:33:00:30:5a: -- e8:24:fa:35:44:9b:6a:80:f3:a6:cc:7b:3c:73:5f:50:c4:30: -- 71:d8:74:90:27:0a:01:4e:a5:5e:b1:f8:da:c2:61:81:11:ae: -- 29:a3:8f:fa:7e:4c:4e:62:b1:00:de:92:e3:8f:6a:2e:da:d9: -- 38:5d:6b:7c:0d:e4:01:aa:c8:c6:6d:8b:cd:c0:c8:6e:e4:57: -- 21:8a:f6:46:30:d9:ad:51:a1:87:96:a6:53:c9:1e:c6:bb:c3: -- eb:55:fe:8c:d6:5c:d5:c6:f3:ca:b0:60:d2:d4:2a:1f:88:94: -- d3:4c:1a:da:0c:94:fe:c1:5d:0d:2a:db:99:29:5d:f6:dd:16: -- c4:c8:4d:74:9e:80:d9:d0:aa:ed:7b:e3:30:e4:47:d8:f5:15: -- c1:71:b8:c6:fd:ee:fc:9e:b2:5f:b5:b7:92:ed:ff:ca:37:f6: -- c7:82:b4:54:13:9b:83:cd:87:8b:7e:64:f6:2e:54:3a:22:b1: -- c5:c1:f4:a5:25:53:9a:4d:a8:0f:e7:35:4b:89:df:19:83:66: -- 64:d9:db:d1:61:2b:24:1b:1d:44:44:fb:49:30:87:b7:49:23: -- 08:02:8a:e0:25:f3:f4:43 -+ Signature Value: -+ 2a:9e:02:65:f4:3c:c0:37:88:f0:21:f9:fd:2e:7c:f4:8b:bb: -+ 67:7d:f7:48:0c:98:f7:a1:46:4e:33:af:68:77:f4:53:03:09: -+ fd:4e:32:cb:0f:2c:f1:16:37:35:65:aa:68:79:16:a9:32:03: -+ d7:89:10:ef:ba:fd:e1:26:2c:60:7c:3b:42:60:68:47:cf:61: -+ 88:00:77:e7:71:76:49:78:35:52:45:a4:31:7e:2b:e1:0a:c8: -+ ed:e1:a7:28:2f:23:a3:ce:ce:b5:99:6b:54:4d:df:d2:64:0a: -+ b7:c5:25:1e:d4:f7:a1:fd:4f:f3:12:d3:26:5f:3b:b2:93:93: -+ d1:8b:4b:4e:dc:d0:15:63:d1:77:36:75:34:76:37:59:ff:a0: -+ 81:01:ec:b6:42:2f:bd:85:5d:d0:ef:ff:90:61:d6:91:b0:f5: -+ e6:94:66:7e:4c:20:06:c4:2e:0c:9b:9f:7f:89:f0:3e:8f:e5: -+ 06:6c:81:75:a2:0b:c5:ac:44:f1:32:cc:57:90:a0:19:47:8c: -+ 25:7a:d5:f1:61:1f:19:bf:4c:31:da:44:c1:30:91:e8:b5:cc: -+ e4:7e:20:55:0a:b9:dc:f3:5e:f5:7c:d1:0b:ee:71:c6:d6:38: -+ 7e:85:7b:6c:cb:10:85:1e:6a:50:ab:c3:ae:f9:ff:96:4f:a3: -+ 76:d6:fd:c0:f9:c7:9a:60:a8:8c:e5:9a:c5:a9:7b:63:11:ef: -+ 7b:b9:9b:1f:63:51:a8:6d:2b:d6:f7:ef:51:bd:a8:32:9e:92: -+ aa:24:01:c9:e3:6a:c8:94:2e:d2:66:b2:c7:17:e5:06:53:9a: -+ bd:8a:19:8f:3a:51:7a:25:11:e5:e8:59:f7:1b:df:95:98:35: -+ c1:a6:74:15:6b:b1:2c:97:9b:fe:76:7e:56:20:4d:ee:07:8a: -+ b9:8b:bc:92:a9:19:81:28:91:4e:d2:9f:51:99:72:c0:12:76: -+ 5b:c8:74:68:b5:9d:43:53:c1:af:39:b9:28:82:a0:0e:bb:ef: -+ 21:d8:71:dd:02:af:dc:df:48:7b:39:21:7d:83:76:ea:e2:c7: -+ 16:bb:d2:1a:1d:22:f6:4b:47:15:56:41:06:4d:39:1c:96:3f: -+ 25:2d:83:8f:a4:a2:86:fa:0e:e9:45:9c:bf:26:40:e6:3e:9e: -+ d5:00:9f:ce:76:6f:df:cb:b2:85:b8:83:f2:ed:8b:b6:5a:68: -+ b5:c7:1b:ab:19:75:60:f3:5b:e7:5c:70:27:d9:1c:d8:24:f0: -+ 2a:aa:2a:a6:98:77:d6:36:d9:02:35:a8:d3:2c:19:88:b8:0b: -+ d3:76:58:72:54:99:94:9a:ee:38:9b:8d:8e:10:48:cd:28:50: -+ 31:b2:4b:d3:69:7b:91:b4 - -----BEGIN CERTIFICATE----- --MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL --MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy --MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT --Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50 -+MIIFHzCCAwegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -+MAkGA1UECAwCTkExEDAOBgNVBAcMB0JJU0hLRUsxFTATBgNVBAoMDE9wZW5WUE4t -+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTIzMTEw -+NzEyMjMzOVoXDTMzMTEwNDEyMjMzOVowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgM -+Ak5BMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxFDASBgNVBAMMC1Rlc3QtQ2xpZW50 - MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 --DQEBAQUAA4IBDwAwggEKAoIBAQDsZY/pEsIaW+ZWKgipgjotRHijADuwn+cnEECT --7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLwSNr8FY3Exm0LmfErgwAK0yoj --C+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwdVyBxF4/3KJ4+B87s1Q5CTx50 --R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rRWNNE/loEAf8Gepf3/eNXSOHw --30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhYHJMiC3X6qNbgtS8tudT+uU+G --4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83DG9b/WHxAgMBAAGjgcgwgcUw --CQYDVR0TBAIwADAdBgNVHQ4EFgQU0rQ2D7H83aXqKvfHI4n64/p6RB0wgZgGA1Ud --IwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJBgNVBAYTAktH --MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ --Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQChTt76 --kPKugTANBgkqhkiG9w0BAQsFAAOCAgEAf+D+hKfs32KlzTzB5kKxMRLwudqnnj+9 --llK2/FV0ZD7k/36q9z4GGF9zhfjI4GcbTZfKBdA3BzNkm+Z4dxSaVbsqrMN/yRUI --g1zIwmHTcUwFCyvLo4dtoDLtsLMnl0pVjQEqMFZoq/LaXBBzyaoKnEtMoFtRbgp+ --bFOAsADhHppMCjeeIIm8xeV5WLdF/9PEof3ZeD1FFnTfgkQdHYFQWrkyTOJPPw46 --ZVpkgzspMcSZiLzFhDnyGRLhZtDq+3Wx0ie+kVmjKwnVXL9GjtZn1gvs2qvwgBmH --ZAepd7FeDOLFHWqsXSPzMHU2TsrDTrBNjCzOUmFj3tX17+8KayMlJjw68sPCFhk/ --qTK6aPnJEjw+xh//m070kLBj9dEzADBa6CT6NUSbaoDzpsx7PHNfUMQwcdh0kCcK --AU6lXrH42sJhgRGuKaOP+n5MTmKxAN6S449qLtrZOF1rfA3kAarIxm2LzcDIbuRX --IYr2RjDZrVGhh5amU8kexrvD61X+jNZc1cbzyrBg0tQqH4iU00wa2gyU/sFdDSrb --mSld9t0WxMhNdJ6A2dCq7XvjMORH2PUVwXG4xv3u/J6yX7W3ku3/yjf2x4K0VBOb --g82Hi35k9i5UOiKxxcH0pSVTmk2oD+c1S4nfGYNmZNnb0WErJBsdRET7STCHt0kj --CAKK4CXz9EM= -+DQEBAQUAA4IBDwAwggEKAoIBAQDdrrIKQObP4cGiodKDLDGY4huyhUBnAPqrv8+d -+FNHGt2ODql+cFKDSTQQ6SpLmkkukhkAmQr2Dt/xJt1bSyudwhRaPizvaR56LakrI -+5qjermstUiIMnc9nu30eZgVTi3yurdGmUl89nmsoGFfZoUItwLBN2krwKaoCNIYC -+qq9nCQbtRSGOjPh1Vsfq6E+IjhyLW2gtsWal5MY24nCN/u8Q8FL4U5a/flFw8j+u -+WIc40aNr9jhRmxbOZzWObXZjTWubfXfaVW8gsWZPmi2kczpSIYY886ZaZ+V9EPU2 -+ViF+AyK9mOkYtD+ztQ3t1e9Ulm+dRmxvDrpLGvfM1OUkutKlAgMBAAGjgdMwgdAw -+CQYDVR0TBAIwADAdBgNVHQ4EFgQUWTO5LmPRF6ifvdjOlCHFQccxYl0wgaMGA1Ud -+IwSBmzCBmIAUc7G41oqVaxLgdHzFV1WYlFuseF6haqRoMGYxCzAJBgNVBAYTAktH -+MQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEVMBMGA1UECgwMT3BlblZQ -+Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CFG9QuNNG -+bnI0WbwAM918rhLrJ0YGMA0GCSqGSIb3DQEBCwUAA4ICAQAqngJl9DzAN4jwIfn9 -+Lnz0i7tnffdIDJj3oUZOM69od/RTAwn9TjLLDyzxFjc1ZapoeRapMgPXiRDvuv3h -+JixgfDtCYGhHz2GIAHfncXZJeDVSRaQxfivhCsjt4acoLyOjzs61mWtUTd/SZAq3 -+xSUe1Peh/U/zEtMmXzuyk5PRi0tO3NAVY9F3NnU0djdZ/6CBAey2Qi+9hV3Q7/+Q -+YdaRsPXmlGZ+TCAGxC4Mm59/ifA+j+UGbIF1ogvFrETxMsxXkKAZR4wletXxYR8Z -+v0wx2kTBMJHotczkfiBVCrnc8171fNEL7nHG1jh+hXtsyxCFHmpQq8Ou+f+WT6N2 -+1v3A+ceaYKiM5ZrFqXtjEe97uZsfY1GobSvW9+9RvagynpKqJAHJ42rIlC7SZrLH -+F+UGU5q9ihmPOlF6JRHl6Fn3G9+VmDXBpnQVa7Esl5v+dn5WIE3uB4q5i7ySqRmB -+KJFO0p9RmXLAEnZbyHRotZ1DU8GvObkogqAOu+8h2HHdAq/c30h7OSF9g3bq4scW -+u9IaHSL2S0cVVkEGTTkclj8lLYOPpKKG+g7pRZy/JkDmPp7VAJ/Odm/fy7KFuIPy -+7Yu2Wmi1xxurGXVg81vnXHAn2RzYJPAqqiqmmHfWNtkCNajTLBmIuAvTdlhyVJmU -+mu44m42OEEjNKFAxskvTaXuRtA== - -----END CERTIFICATE----- - - #tls-auth sample-keys/ta.key 1 -@@ -203,22 +204,22 @@ key-direction 1 - # 2048 bit OpenVPN static key - # - -----BEGIN OpenVPN Static key V1----- --a863b1cbdb911ff4ef3360ce135157e7 --241a465f5045f51cf9a92ebc24da34fd --5fc48456778c977e374d55a8a7298aef --40d0ab0c60b5e09838510526b73473a0 --8da46a8c352572dd86d4a871700a915b --6aaa58a9dac560db2dfdd7ef15a202e1 --fca6913d7ee79c678c5798fbf7bd920c --caa7a64720908da7254598b052d07f55 --5e31dc5721932cffbdd8965d04107415 --46c86823da18b66aab347e4522cc05ff --634968889209c96b1024909cd4ce574c --f829aa9c17d5df4a66043182ee23635d --8cabf5a7ba02345ad94a3aa25a63d55c --e13f4ad235a0825e3fe17f9419baff1c --e73ad1dd652f1e48c7102fe8ee181e54 --10a160ae255f63fd01db1f29e6efcb8e -+21d94830510107f8753d3b6f3145e01d -+ed37075115afcb0538ecdd8503ee9663 -+7218c9ed38d908d594231d7d143c73da -+5055310f89d336da99c8b3dcb18909c7 -+9dd44f540670ebc0f120beb7211e9683 -+9cb542572c48bfa7ffaa9a22cb8304b7 -+869b92f4442918e598745bb78ac8877f -+02b00a7cdef3f2446c130d39a7c45126 -+9ef399fd6029cdfc80a7c604041312ab -+0a969bc906bdee6e6d707afdcbe8c7fb -+97beb66049c3d328340775025433ceba -+1e38008a826cf92443d903106199373b -+dadd9c2c735cf481e580db4e81b99f12 -+e3f46b6159c687cd1b9e689f7712573c -+0f02735a45573dfb5cd55cf464942389 -+2c7e91f439bdd7337a8ceebd302cfbfa - -----END OpenVPN Static key V1----- - - cipher AES-256-GCM -diff --git a/sample/sample-keys/ca.crt b/sample/sample-keys/ca.crt -index a11bafa..a088711 100644 ---- a/sample/sample-keys/ca.crt -+++ b/sample/sample-keys/ca.crt -@@ -1,35 +1,36 @@ - -----BEGIN CERTIFICATE----- --MIIGKDCCBBCgAwIBAgIJAKFO3vqQ8q6BMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV --BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM --T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w --HhcNMTQxMDIyMjE1OTUyWhcNMjQxMDE5MjE1OTUyWjBmMQswCQYDVQQGEwJLRzEL --MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq --hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsJVPCqt3vtoDW2U0DII1QIh2Qs0dqh88 --8nivxAIm2LTq93e9fJhsq3P/UVYAYSeCIrekXypR0EQgSgcNTvGBMe20BoHO5yvb --GjKPmjfLj6XRotCOGy8EDl/hLgRY9efiA8wsVfuvF2q/FblyJQPR/gPiDtTmUiqF --qXa7AJmMrqFsnWppOuGd7Qc6aTsae4TF1e/gUTCTraa7NeHowDaKhdyFmEEnCYR5 --CeUsx2JlFWAH8PCrxBpHYbmGyvS0kH3+rQkaSM/Pzc2bS4ayHaOYRK5XsGq8XiNG --KTTLnSaCdPeHsI+3xMHmEh+u5Og2DFGgvyD22gde6W2ezvEKCUDrzR7bsnYqqyUy --n7LxnkPXGyvR52T06G8KzLKQRmDlPIXhzKMO07qkHmIonXTdF7YI1azwHpAtN4dS --rUe1bvjiTSoEsQPfOAyvD0RMK/CBfgEZUzAB50e/IlbZ84c0DJfUMOm4xCyft1HF --YpYeyCf5dxoIjweCPOoP426+aTXM7kqq0ieIr6YxnKV6OGGLKEY+VNZh1DS7enqV --HP5i8eimyuUYPoQhbK9xtDGMgghnc6Hn8BldPMcvz98HdTEH4rBfA3yNuCxLSNow --4jJuLjNXh2QeiUtWtkXja7ec+P7VqKTduJoRaX7cs+8E3ImigiRnvmK+npk7Nt1y --YE9hBRhSoLsCAwEAAaOB2DCB1TAdBgNVHQ4EFgQUK0DlyX319JY46S/jL9lAZMmO --BZswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJ --BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE --ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h --aW6CCQChTt76kPKugTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG --9w0BAQsFAAOCAgEABc77f4C4P8fIS+V8qCJmVNSDU44UZBc+D+J6ZTgW8JeOHUIj --Bh++XDg3gwat7pIWQ8AU5R7h+fpBI9n3dadyIsMHGwSogHY9Gw7di2RVtSFajEth --rvrq0JbzpwoYedMh84sJ2qI/DGKW9/Is9+O52fR+3z3dY3gNRDPQ5675BQ5CQW9I --AJgLOqzD8Q0qrXYi7HaEqzNx6p7RDTuhFgvTd+vS5d5+28Z5fm2umnq+GKHF8W5P --ylp2Js119FTVO7brusAMKPe5emc7tC2ov8OFFemQvfHR41PLryap2VD81IOgmt/J --kX/j/y5KGux5HZ3lxXqdJbKcAq4NKYQT0mCkRD4l6szaCEJ+k0SiM9DdTcBDefhR --9q+pCOyMh7d8QjQ1075mF7T+PGkZQUW1DUjEfrZhICnKgq+iEoUmM0Ee5WtRqcnu --5BTGQ2mSfc6rV+Vr+eYXqcg7Nxb3vFXYSTod1UhefonVqwdmyJ2sC79zp36Tbo2+ --65NW2WJK7KzPUyOJU0U9bcu0utvDOvGWmG+aHbymJgcoFzvZmlXqMXn97pSFn4jV --y3SLRgJXOw1QLXL2Y5abcuoBVr4gCOxxk2vBeVxOMRXNqSWZOFIF1bu/PxuDA+Sa --hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw= -+MIIGPjCCBCagAwIBAgIUb1C400ZucjRZvAAz3XyuEusnRgYwDQYJKoZIhvcNAQEL -+BQAwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgMAk5BMRAwDgYDVQQHDAdCSVNIS0VL -+MRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEWEm1lQG15aG9z -+dC5teWRvbWFpbjAeFw0yMzExMDcxMjIzMzlaFw0zMzExMDQxMjIzMzlaMGYxCzAJ -+BgNVBAYTAktHMQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEVMBMGA1UE -+CgwMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h -+aW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCI+p/ZLGUHCANTTFaK -+nw+J3wi+ef2EKJ5WHt5PWMuBeaDpeU4Ghuaow8HlRPjG9lDRHtn+WQgZz9nUejYH -++wtmN2BHwJAM4OeUVoB95tBrxd/VDCrdIvypVKldHsU3VkEbvPAl1jq68WVk+DXM -+FZqTUoafDK+irOvL7Z5j2gA3FDzRUQs0L+jCvRTl4omFSjSQwoBCoVXxNEAg9jgy -+lNWUHx+JHDB8dk+gEmDai20ggBWeAeThUU9dVZvwjv4E7zMRMx1skCRdWcyALJQf -+fjc9q6gnB9X9nPxXdWb/lYKcivJBmBRHLeirnUFL2S2IYRc2H0ZbX1d+WzDJV37+ -+DKYy9ehltyHFiaXmZThJ2Kg/mAD55U3NCWNBXmQ0CvzhUh6QIQiOJNQHmK0qxgnc -+POJeE4X55dv1nAGD/0fGeHTcuShzUoipCKAd1CZdXK2Ge3gZRH2WUvlQGd5JARd4 -+3zbd2wXZX0h0e1/BWQVeXx/Cg6u31B5lll7B3rWeoZHvfV9DSC7e3IEOhgzG5cyA -+h+wrtlCszjiMreHSSYCQh9tlyK+ACOJUFtZFGdseBsMxRgXWtHr+ypW2iJI4KsEU -+/MNXr1Bqg7FGxIw0Oyc2zyzjgD9aq4CKEy64MYB1ZYf41Rbc2Z+pMx1MW9orsPp7 -+qSp6SmpTk0RTHpH0O2wNC9F26wIDAQABo4HjMIHgMB0GA1UdDgQWBBRzsbjWipVr -+EuB0fMVXVZiUW6x4XjCBowYDVR0jBIGbMIGYgBRzsbjWipVrEuB0fMVXVZiUW6x4 -+XqFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgMAk5BMRAwDgYDVQQHDAdCSVNI -+S0VLMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEWEm1lQG15 -+aG9zdC5teWRvbWFpboIUb1C400ZucjRZvAAz3XyuEusnRgYwDAYDVR0TBAUwAwEB -+/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBABqhFuSPgqplHQtFnWwQ -+TKfrElQJ07gF0eaBBijQVSm2MswB2xnWF/S2NRjIpw7k5ZlmZsAbCVcGMwqJOkfJ -+yX3Z7gK+yNrZehzNSOCkv+H79ExsS9/HETSqZxMevIIH7O0t/pACv20f85unBzhc -+x+980RzufuHK17sG3Z+z+d6i9XDhaZvV/gm6bWTXft1ufRzI5R48xWVAfJd1X9Ln -+bZmqF9Ye1GHxka1Xna9nOCgAuYYoGxq2VkUSIjlRCMaLCHlsWEn0JbRnQXPfBts6 -+/yQBywcEekKRutCugn5bn625kAJHWGxcb0xIXj+Rqnp2++p33lbE4J09zfIkh5hV -+RvCSzaE0Z3Kly9237CV+DyAqzrBJq5HHN/AT6+xFd2yGPMPKH8hKbf3jIprexNEp -+oG1XC/dsPFkPLUyeD++kVjzsLiDmYAn2x3Dco6cWD7FfEljb1pHkAp5CctU9TjZH -+21xcAsPbfS0vrDmj8zG7eTU+BtleL4AfxEVsMBzrUB6jSdUMpJ/hRtni4RxOHLmU -+0DqtHIqrDrC5Gb2KunNUIYqPp+80LSD1/Edo5Vr+k5AiFYCzZFXSab+6e4hEsLEV -+nQNMmcPVWATQ2najGfNftmhwQx9hU4gJaCw/rfhEmwIif5BxgG5VPUzy97T+GmOZ -+InB0RDylv3Lq3Hs8mBF4nRt7 - -----END CERTIFICATE----- -diff --git a/sample/sample-keys/ca.key b/sample/sample-keys/ca.key -index 8b11bc2..e923884 100644 ---- a/sample/sample-keys/ca.key -+++ b/sample/sample-keys/ca.key -@@ -1,52 +1,52 @@ - -----BEGIN PRIVATE KEY----- --MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCwlU8Kq3e+2gNb --ZTQMgjVAiHZCzR2qHzzyeK/EAibYtOr3d718mGyrc/9RVgBhJ4Iit6RfKlHQRCBK --Bw1O8YEx7bQGgc7nK9saMo+aN8uPpdGi0I4bLwQOX+EuBFj15+IDzCxV+68Xar8V --uXIlA9H+A+IO1OZSKoWpdrsAmYyuoWydamk64Z3tBzppOxp7hMXV7+BRMJOtprs1 --4ejANoqF3IWYQScJhHkJ5SzHYmUVYAfw8KvEGkdhuYbK9LSQff6tCRpIz8/NzZtL --hrIdo5hErlewarxeI0YpNMudJoJ094ewj7fEweYSH67k6DYMUaC/IPbaB17pbZ7O --8QoJQOvNHtuydiqrJTKfsvGeQ9cbK9HnZPTobwrMspBGYOU8heHMow7TuqQeYiid --dN0XtgjVrPAekC03h1KtR7Vu+OJNKgSxA984DK8PREwr8IF+ARlTMAHnR78iVtnz --hzQMl9Qw6bjELJ+3UcVilh7IJ/l3GgiPB4I86g/jbr5pNczuSqrSJ4ivpjGcpXo4 --YYsoRj5U1mHUNLt6epUc/mLx6KbK5Rg+hCFsr3G0MYyCCGdzoefwGV08xy/P3wd1 --MQfisF8DfI24LEtI2jDiMm4uM1eHZB6JS1a2ReNrt5z4/tWopN24mhFpftyz7wTc --iaKCJGe+Yr6emTs23XJgT2EFGFKguwIDAQABAoICAQCEYPqnihI0PqZjnwQdGIQp --g+P8gl7pyY9cS0OhUueicEbyDI8+V9qn0kcmx61zKDY0Jq4QNd6tnlUCijTc6Mot --DwF2G1xsC4GvKxZiy89MOkhloanXETEeQZzDbbjvaM4UgL0AHLWPfZQRCjxbKXkE --0A5phgvAr2YSvBLHCVXhGN0fScXnwXouVsvgVdGtpcTWdIUa+KrNdQBGDbz6VCkW --31I76SQFy40d8PPX6ZjUJHDvnM14LycySO6XOkofRIVnXTqaOUiVBb2VKj5fX+Ro --ILdWZz4d6J3RiGXYwyTr4SGVKLjgxWfgUGZB7x+NrqgugNzuaLYrkuWKSEN42nWq --yoP6x6xtbAsmB6Fvdqwm/d8BmLhUweaVc0L7AYzXNsOBuT3kubJHMmu3Jv4xgyWk --l/MAGJQc7i7QQweGgsYZgR8WlbkWkSFpUcgQBDzDibb6nsD2jnYijQrnrrmiEjEI --R7MO551V+nFw9utiM8U9WIWwqzY0d98ujWkGjVe7uz9ZBVyg0DEAEj/zRi9T54aG --1V6CB2Cjyw+HzzsDw7yWroWzo4U9YfjbPKCoBsXlqQFLFwY8oL6mEZ7UOobaV1Zl --WtuHyYw3UNFxuSGPPyxJkFePIQLLvfKvh2R+V0DrT3UJRoKKlt9RejRSN0tOh0Cm --2YD6d7T/DXnQHomIQKhKEQKCAQEA3sgsDg0eKDK8pUyVE+9wW5kql12nTzpBtnCM --eg5J9OJcXKhCD/NIyUTIMXoMvZQpLwGUAYLgu4gE04zKWHDouf7MRSFltD5LJ7F2 --7nuYKHZXk0BhgMhdnQot3FKcOMrKCnZcM+RWX9ZJa8wO6whCaYCw7DtS0SSVODQk --9EwAgX6/Hq60V7ujPZJCyNd3o0bIdAA/0AQRTZUADP3AHgUzh71aysYJt+UKt1v0 --Xc7l6hn7Dn7Ewzpf+WdZ2pV7d3JUSBVKiTDxLV904nDBNOxjMhz0rW01ojR6bzpn --XhkFPqnmh+yEYGRgfSAAzkvSsSJEAtBFSicupA/6n83Lo2YvswKCAQEAyumuxP4Z --a7s8x8DFba7vuQ+KVxpkKgEz1sxnGRNQJm18/ss/Y5JiaLFYT3E72VkQfBQ2ngu+ --GrJL3OhiNhzy1KLGS6mrwULtKiuud5MMQDL0Pvkncr9NTy4rBnWzhp2XyPeETu8n --JpL2i2OK6lY/lgpBckXuap9gAl0fXk+y+BkZ71OoYaGnKpPjs+Xcq/qgPgZ7O3NW --1g+Bd2AVPSxQpXjuy5rgtQURCN733vkNBzFedKREx7Z6l8UPlK/Exuc7BMIHfn5V --dd0R3Th+82fkMNVJz6MKmHJ6CJI53M7co/YdAvIkxOFRIPGbO3arL2R69nRgAZBE --zLawx1JJTRIG2QKCAQATtZXgMFzopYR3A011FAvWrrhL5+czZS4HG/Hxom38kkIl --mGUv0BAybjlf1zJlW0RBelxDvfZv4Nq8dIo6RNLyEY601v2OcqxneJXTB3AwtDeP --OXTm1dMiX5IrGcvkYlx5jHsfxCW4GNcqCEWRmYt2lgIRBDaRdjEVZdeXHVo2GqaB --6mbeFCWe/t+VsSpOcaauTI9YseNt/66fd5uVjFRAwAnWQqr9b/AAxMvbuMAyc9X4 --NFLoCrQO9ovGgM8JhD3cmrWbaY8MupM2rU8KhZdJCbLD3ROPpCDo0jvu4TvLjXBt --ugkEFh1LNJedqKudLDDkJtTaeJjxvtAnbyeC7zltAoIBAC9TIyzUqq8io0FfZ2x2 --cXiy9CvuftABKcr+L0l85KOhw5ZVZvpdKNCMFDGrEi9WA28886QWzwbA8Mqb9FP0 --mnoXYLJC50kSx+ee+nju9dt/RtHtIFM15N0DwosmJnHODZmUiOo0AuiPPCs0UzDm --Xrwqtirlvn5ln2nNuEQxyGbuy8qys0HaBvf6OBA8GySNNpRgxJsQAn+4bBSgdzOm --Q0TkmKUqASCXBusPvbXmVjCIRiRkL5p4p8z/6+tct0NAqNYqPr80zc/IeKMkyw8P --+vucszNXLmBxyp53JEGoiXNAMnH+ca7tchOB5hePTMun3rneWInk0PcB4OcL/QaZ --nrkCggEBAN67+SvcWtM1BoLXSz5/apFAE+DicCv94PrvMBOhfvu1oBrElR1rBjiN --2B83SktkF4WhCXr10GP+RUpjaqPBtT7NW4r3fL5B8EPsHeabL+pg9e6wG1rH8GqG --toWecmfC9uqK7l1A59h5Oveq5K19bZTRZRjQtv2e4KQknlJR6cwy+TGUU5kAUlMt --vcivyjzxc0UQwq7zKktJq+xW/TZiSLgd3B32p0sXX378qFUJ4SO2UZ1OCh8R7PY1 --Fx25K/89Q1yGdbYiXb/Dx0a2WB9rP+b6alMl/dxPdqDKj2QXXkdh8+yvhVpQTyZw --B1RaqQXwzqrCH0F/vw3lRceYhcQvzcQ= -+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCI+p/ZLGUHCANT -+TFaKnw+J3wi+ef2EKJ5WHt5PWMuBeaDpeU4Ghuaow8HlRPjG9lDRHtn+WQgZz9nU -+ejYH+wtmN2BHwJAM4OeUVoB95tBrxd/VDCrdIvypVKldHsU3VkEbvPAl1jq68WVk -++DXMFZqTUoafDK+irOvL7Z5j2gA3FDzRUQs0L+jCvRTl4omFSjSQwoBCoVXxNEAg -+9jgylNWUHx+JHDB8dk+gEmDai20ggBWeAeThUU9dVZvwjv4E7zMRMx1skCRdWcyA -+LJQffjc9q6gnB9X9nPxXdWb/lYKcivJBmBRHLeirnUFL2S2IYRc2H0ZbX1d+WzDJ -+V37+DKYy9ehltyHFiaXmZThJ2Kg/mAD55U3NCWNBXmQ0CvzhUh6QIQiOJNQHmK0q -+xgncPOJeE4X55dv1nAGD/0fGeHTcuShzUoipCKAd1CZdXK2Ge3gZRH2WUvlQGd5J -+ARd43zbd2wXZX0h0e1/BWQVeXx/Cg6u31B5lll7B3rWeoZHvfV9DSC7e3IEOhgzG -+5cyAh+wrtlCszjiMreHSSYCQh9tlyK+ACOJUFtZFGdseBsMxRgXWtHr+ypW2iJI4 -+KsEU/MNXr1Bqg7FGxIw0Oyc2zyzjgD9aq4CKEy64MYB1ZYf41Rbc2Z+pMx1MW9or -+sPp7qSp6SmpTk0RTHpH0O2wNC9F26wIDAQABAoIB/03LuNT2nmo+NwOYGuzjQUeM -+eKd/vDIWWORoKm69wvHaQ/wFCr37Fc+ovMDD616N8j10d1ql5T4HCwfesdEnXljD -+k+RU68wT1OvdJ5Yj84w0mQ0c1TtXFhsVsChiL8htEtC04vK1RphRt0s8GQDkANI/ -+STXwz2Pe32sG4Q/iTcO3EkzBwVEfDQxkf4CyPNRVIZMVu+sOSoSfFB2/TXxfTrgA -+iVsZGgS+i1+a2p0OuzXb2cl+mrv+8g2Czj0pSgDURU5QRwDGi+CuuorN7xx6i+Uw -+khNH7X3SbnE9lAU2PF0KchMSUy6gp6YTiExPBXj80+fib4Wd+CdY2S1K9rNgOGG7 -+4yOU9vbkgt4r+cXFu/NvG2GBMw5/Dqn7tFu+nLxC98/IrgFbsFPMwD/vS4IWYw+a -+CSy7Ed3FfPNlvE7Q2VoDOVpJoUAJZWrLFOisMSCSSq9Zfxc45Usz+hzg85nysywD -+5FS6LvGEdXJu0FTUHrBMBmcbYpdyVrY7qeQ2k4imC9+AKt+MuswJ+ofBLkxhgWlN -+NAaGOFdDKszDjYYgLEszL6M5Uwk+iBWfhPB0kuAqMCfljWwMVz6Apg6kjF4vk6rF -+ObvlXAcchk7SuxHJFgRLGWw5WzPXxmK7StrDLpWiiWqnqf7LKpnclKlan8ML5vo4 -+swwfDO6Q9Jw07fPoJfUCggEBALvAanX7Z8Dbc86uYh08myZPn4GHrz7qc1ouvV5T -+QsQ4iWEvVomPLtw57iSWX5x2hot7XyEZETOj+RHxmRsNHIewWk0+iAKAe9fw2FJD -+8DDki585G6HOsw/rN00xWymT47cLyESlYIq3eJYuZld8tCmg7Nfoe83CiRZXChlQ -+1TZWQlWxPR/Ykv6fitZrLfByl8JrVUNwr3rBMeegXF5d6tZ8FB89BiyOkdDrO8fz -+ZIACG60+6QN9pghcCz8tDJKqYyhcd/Z4LNmBqMeCyX1LJ8Ig0paXF1B/iV9Cxsti -+aV/m+nLea9HGy3RlFe5NgRqDaqctv/Aq4NkmGgvB5Bbx678CggEBALrFdzVKeOjl -+vlkA5f95eVWmpr0DK5/r2ZM+i8zTCBhzxlFDL3pC2hmVk41bE4O9RNrzCwgqO8Aa -+GtwA7iqT5B1dmYhypt62iK1ZZce+l93JLLInTP3UCCFVzwC/akrcRHQdyKh9MyP7 -+tAgdTaM49xlaakiems0KxpR2RQ2dzQMPUDxqiD20bcIErIVk1+1mk2l6MiqTAHHx -+fK/WtULQGSAPwHJmhrGKKwUPJIChcDGJxMtrnpD5tcZpjF3W6+xZbyqcgYMwbpOn -+cALvKzfA0Cg0/oAOdcrVJU+iQyXUDIN57ezwAU/oyGVOofIVQn4xVBaH3F/JtAAG -+TM+WygbP79UCggEBAKsWQ+0PExSi5XzJW47Y02it1ePrCL6EVmkvflCd/pFgE5AD -+2w+u8jysbV3ZyXaCa0hfO+ilNw+ftC+twJ7t67mZ8i/Bc58UBcZZKkaMsitbl/+X -+wp5IBNPUu6gT+caBhVgf3HbxXHALkE8KKSg/8sycYDa/G1H8m39IAWPgTOoe4IPF -+5rVGXWy5ZYLOWCZrxe7cb+3smXt64Ub40jML0htxJcTxjta7dBS0xt0F5ebgBOhy -+E1OjA9FKTtVa78IWkhUNbiOijvwFMw/bFlCeU7SKxFuFgzFPhpbP+ucK3osNp9tU -+41tdk7iVBM8KwUKvzlhZUDZCXHKETee432gpO3ECggEAJGJZcbE7UquG5FHPfHBO -+mcfoTYPzmKjabtvNYi5uMk1DggsjkZ66XCeOYggvCgfyBPE54fJQR4EOYHNx8itz -+UeEtCq7DITnP8G0s7beMYDFTmrUbQ4tttgjAVbX0X/b/AtvWfjQ9pTHghYAn4rcz -+M+YwNEtpfq4ttzg/BYMLMCBokgxy1Ap1I0nDzgyyH9ZOu0qJwU9307qmfp7GGujt -+LBjFdcPRU37GGKs1gjVw5MWg57vkXPu4VJm1NYar2RQnGtb4R/VEZVFF+dxbv/W4 -+10xTk+C9Q7E4HoZOrGzdrzMujWzH5KhFea7Sz5UiqfC0H9uBq8tgXGzdw8btPlx9 -+rQKCAQEApnc3/WwS4fsbbZKjycvZu102sZfDRx1lYPpylUyEKm9iSq97miuC5/bO -+J3HkK9e+uye3klB3lYnNHKjeFEDoq8DJJ33M/pyY9BuowOZtLJcGu5Krq42FFpaZ -+HIEcZWMwDPaNLunZAXkGpqdw7GPNivSrzy20iJgJLEVXwr0krT5UMVRKo5Xsq/P1 -+rxJ78psVCsbOHvVgUfN6fHPf1I+EyLB+Dipr3qPNU1Aty0OCdI+2BeT90ovZiKvu -+dBnuWQOR7HlBimgHsF4Gb9Akjoix6SJKbm/E9GvLfUYbiIkARc99QC3G6h17PGiF -+C2j6oHefg+K1iyTA4LCTAkHWax2ggg== - -----END PRIVATE KEY----- -diff --git a/sample/sample-keys/client-ec.crt b/sample/sample-keys/client-ec.crt -index 759daba..c948b11 100644 ---- a/sample/sample-keys/client-ec.crt -+++ b/sample/sample-keys/client-ec.crt -@@ -1,85 +1,86 @@ - Certificate: - Data: - Version: 3 (0x2) -- Serial Number: 4 (0x4) -- Signature Algorithm: sha256WithRSAEncryption -+ Serial Number: 7 (0x7) -+ Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity -- Not Before: Oct 22 21:59:53 2014 GMT -- Not After : Oct 19 21:59:53 2024 GMT -+ Not Before: Nov 7 12:23:40 2023 GMT -+ Not After : Nov 4 12:23:40 2033 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client-EC/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: -- 04:3b:ce:62:5d:6f:87:82:75:24:c2:58:f5:0e:88: -- 4d:57:0d:06:b2:71:88:87:58:19:bb:de:5f:7f:52: -- 62:51:a2:48:91:83:48:91:90:3e:87:02:0f:15:51: -- f9:68:97:12:0a:fd:d2:3c:87:83:4b:65:54:00:44: -- 8d:28:76:49:05 -+ 04:25:bd:3e:da:c5:cd:35:c0:44:d5:82:11:77:7a: -+ 24:12:1e:40:53:7a:ff:0d:0c:67:05:94:ce:5d:44: -+ 26:51:9b:0c:57:b1:38:30:9d:bd:13:03:59:12:0e: -+ c8:35:5c:ca:b6:d1:81:41:9d:ac:9f:ec:2b:58:07: -+ 29:6d:d3:5f:5c - ASN1 OID: secp256k1 - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: -- 64:F6:49:88:E7:74:C1:AB:A5:FA:4F:2B:71:3C:25:13:3D:C8:94:C5 -+ D4:76:DB:EC:D0:11:63:0E:FE:BA:4E:10:76:22:07:D7:99:02:DE:F6 - X509v3 Authority Key Identifier: -- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B -+ keyid:73:B1:B8:D6:8A:95:6B:12:E0:74:7C:C5:57:55:98:94:5B:AC:78:5E - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -- serial:A1:4E:DE:FA:90:F2:AE:81 -- -+ serial:6F:50:B8:D3:46:6E:72:34:59:BC:00:33:DD:7C:AE:12:EB:27:46:06 - Signature Algorithm: sha256WithRSAEncryption -- 32:3d:f0:08:67:dd:03:73:76:cc:76:52:0a:f6:97:d1:c6:fa: -- 5f:d3:e6:28:c9:75:a7:08:a8:34:49:69:cf:eb:ab:da:86:b3: -- 2e:65:17:ee:7e:b6:b5:6b:15:0b:dc:11:3a:b9:5a:b3:80:b8: -- bb:f4:6c:cf:88:3a:10:83:7e:10:a0:82:87:6e:06:ec:78:62: -- d4:d1:44:27:dd:2c:19:d8:1a:a1:ae:f4:a0:00:7f:53:5a:40: -- 8a:c2:83:77:4b:26:7d:53:b0:d3:0f:2f:7c:28:70:ef:74:58: -- 5b:de:81:94:4c:63:19:f0:79:cb:6c:b2:ec:32:1b:4b:e4:62: -- 22:4f:ad:ac:4a:6f:a9:6e:c4:2a:8d:8a:88:19:09:fd:88:93: -- 3c:27:4d:91:95:ff:57:84:13:fd:4a:68:db:20:df:10:e6:81: -- 1d:fd:e7:1d:35:fb:19:02:dd:b5:5f:a0:c1:07:ec:74:b4:ef: -- 8b:f9:33:9a:f2:a6:3b:6e:b6:4a:52:ab:5d:99:76:64:62:c4: -- d5:3a:c6:81:8d:eb:c8:4b:02:af:e1:ca:60:e9:8d:c7:a9:2b: -- ea:4f:56:31:d3:9a:11:c2:9c:83:5c:a2:8d:98:fe:cc:a5:ad: -- 1f:51:c4:6e:cf:ff:a0:51:64:c8:7f:7f:32:05:4c:8d:7f:bf: -- b8:ed:e5:81:5f:81:bd:1d:9b:3f:8a:83:27:26:b4:69:84:8b: -- e5:d9:ea:fd:08:a8:aa:e4:3a:dc:29:4d:80:6c:13:f7:45:ce: -- 92:f2:a9:f3:5f:90:83:d6:23:0f:50:e5:40:09:4c:6b:f2:73: -- aa:d8:49:a7:a9:81:6e:bb:f2:e4:a5:7f:19:39:1d:65:f3:11: -- 97:b1:2b:7c:2f:36:77:7f:75:fd:88:44:90:7c:f2:33:8d:cd: -- 2c:f6:76:60:33:d3:f4:b3:8c:81:d7:85:89:cc:d7:d5:2c:94: -- a9:31:3f:d3:63:a7:dc:82:3f:0a:d8:c5:71:97:69:3b:c1:69: -- cb:f0:1b:be:15:c0:be:aa:fd:e8:13:2c:0c:3f:72:7b:7d:9c: -- 3b:7f:b8:82:36:4b:ad:4d:16:19:b9:1c:b3:2d:d7:5f:8b:f8: -- 14:ce:d4:13:e5:82:7a:1d:40:28:08:65:4a:19:d7:7a:35:09: -- db:36:48:4b:96:44:bd:1f:12:b2:39:08:1e:5b:66:25:9b:e0: -- 16:d3:79:05:e3:f6:90:da:95:95:33:a1:53:a8:3c:a9:f0:b2: -- f5:d0:aa:80:a0:96:ca:8c:45:62:c2:74:04:91:68:27:fb:e9: -- 97:be:3a:87:8a:85:28:2d:6e:a9:60:9b:63:ba:65:98:5e:bb: -- 02:ee:ac:ba:be:f6:42:26 -+ Signature Value: -+ 72:fd:18:d4:c2:0f:ba:6f:94:f2:f9:26:8b:93:fb:d5:99:df: -+ f7:aa:e6:27:f2:89:86:ff:6d:0a:24:ea:ae:d4:68:7b:08:38: -+ 8a:7a:f9:a2:4d:e5:fe:2e:e1:bb:09:8c:2d:df:85:7b:01:dd: -+ 58:4b:15:2a:db:49:10:ab:f1:78:49:fb:94:b3:31:e3:09:e0: -+ 63:3c:d0:f2:34:18:de:37:0a:2d:d3:02:d5:ae:05:49:57:e7: -+ 47:d0:70:3f:f1:35:28:82:79:00:b3:c8:45:00:86:77:d7:68: -+ 63:d2:3d:8b:ef:a9:f8:99:97:fe:d0:0a:98:cb:7a:7b:73:28: -+ 77:f4:bb:cf:1c:63:7e:64:60:87:f7:51:68:e9:7a:90:70:d8: -+ a0:e2:c6:88:70:62:2c:49:ac:ba:8c:2e:c5:d7:c9:42:8b:44: -+ cc:ae:f3:40:79:1c:99:09:2c:4c:24:89:55:41:ce:c6:52:a9: -+ a3:b7:4c:e6:75:63:4f:b6:70:84:1b:3e:56:f5:42:5f:b1:50: -+ 46:eb:33:41:28:f8:30:f6:f9:f9:c0:5d:9b:a4:af:8e:03:c8: -+ 3e:88:66:04:2e:5b:ec:50:36:a8:d1:9f:8e:e0:59:40:bb:f8: -+ ff:45:7d:40:2e:6d:f0:e8:84:5b:db:7e:0d:88:b3:a2:f6:34: -+ 5b:b9:a1:1d:a0:fa:85:78:3b:9b:b3:0b:6c:f1:03:06:9c:f1: -+ e3:ba:64:a3:5c:d8:c8:d5:73:4a:3f:4d:83:aa:e8:c4:ce:dd: -+ 92:23:b2:c8:ab:e5:39:93:d9:d7:ca:70:c2:ff:8f:71:40:f6: -+ c4:89:4a:72:0b:2a:7a:20:15:5b:a4:e9:75:a0:df:93:2b:7d: -+ 1a:54:39:2c:80:4f:21:32:5f:9f:d8:96:08:2f:dc:e2:45:1f: -+ 96:e9:31:84:90:2e:1d:07:92:56:a8:22:49:25:1b:bf:47:d5: -+ fa:34:e9:cc:7c:b2:18:ca:5e:d6:76:5e:b6:19:72:c0:10:d6: -+ c2:c6:f1:03:d4:0e:62:28:d8:56:e1:08:3a:f4:54:8f:7b:0d: -+ a5:62:53:8a:72:7b:2f:fa:80:8a:3a:54:4d:11:5c:58:7e:fc: -+ 15:30:9b:fe:ef:35:a1:00:c0:15:0f:47:14:af:09:9f:1e:dd: -+ 7a:ed:ea:2b:c8:a1:51:26:a3:d1:25:8c:31:1b:41:30:27:ca: -+ e8:3f:00:2b:83:8f:b4:f8:11:30:71:b8:4c:d8:af:48:88:aa: -+ e5:96:3e:f8:01:a9:17:b6:f2:09:27:d0:e9:b3:b3:89:b2:0f: -+ f7:c5:78:b3:b2:e1:26:a2:78:2b:4c:9d:99:57:4f:7e:fa:fe: -+ 9b:ae:6f:c4:6a:b1:7c:d0 - -----BEGIN CERTIFICATE----- --MIIESTCCAjGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL --MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy --MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT --Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDlRlc3QtQ2xpZW50 -+MIIEVDCCAjygAwIBAgIBBzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -+MAkGA1UECAwCTkExEDAOBgNVBAcMB0JJU0hLRUsxFTATBgNVBAoMDE9wZW5WUE4t -+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTIzMTEw -+NzEyMjM0MFoXDTMzMTEwNDEyMjM0MFowbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgM -+Ak5BMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxFzAVBgNVBAMMDlRlc3QtQ2xpZW50 - LUVDMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wVjAQBgcqhkjO --PQIBBgUrgQQACgNCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm73l9/UmJRokiR --g0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkFo4HIMIHFMAkGA1UdEwQCMAAw --HQYDVR0OBBYEFGT2SYjndMGrpfpPK3E8JRM9yJTFMIGYBgNVHSMEgZAwgY2AFCtA --5cl99fSWOOkv4y/ZQGTJjgWboWqkaDBmMQswCQYDVQQGEwJLRzELMAkGA1UECBMC --TkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4tVEVTVDEhMB8G --CSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkAoU7e+pDyroEwDQYJKoZI --hvcNAQELBQADggIBADI98Ahn3QNzdsx2Ugr2l9HG+l/T5ijJdacIqDRJac/rq9qG --sy5lF+5+trVrFQvcETq5WrOAuLv0bM+IOhCDfhCggoduBux4YtTRRCfdLBnYGqGu --9KAAf1NaQIrCg3dLJn1TsNMPL3wocO90WFvegZRMYxnwectssuwyG0vkYiJPraxK --b6luxCqNiogZCf2IkzwnTZGV/1eEE/1KaNsg3xDmgR395x01+xkC3bVfoMEH7HS0 --74v5M5rypjtutkpSq12ZdmRixNU6xoGN68hLAq/hymDpjcepK+pPVjHTmhHCnINc --oo2Y/sylrR9RxG7P/6BRZMh/fzIFTI1/v7jt5YFfgb0dmz+KgycmtGmEi+XZ6v0I --qKrkOtwpTYBsE/dFzpLyqfNfkIPWIw9Q5UAJTGvyc6rYSaepgW678uSlfxk5HWXz --EZexK3wvNnd/df2IRJB88jONzSz2dmAz0/SzjIHXhYnM19UslKkxP9Njp9yCPwrY --xXGXaTvBacvwG74VwL6q/egTLAw/cnt9nDt/uII2S61NFhm5HLMt11+L+BTO1BPl --gnodQCgIZUoZ13o1Cds2SEuWRL0fErI5CB5bZiWb4BbTeQXj9pDalZUzoVOoPKnw --svXQqoCglsqMRWLCdASRaCf76Ze+OoeKhSgtbqlgm2O6ZZheuwLurLq+9kIm -+PQIBBgUrgQQACgNCAAQlvT7axc01wETVghF3eiQSHkBTev8NDGcFlM5dRCZRmwxX -+sTgwnb0TA1kSDsg1XMq20YFBnayf7CtYBylt019co4HTMIHQMAkGA1UdEwQCMAAw -+HQYDVR0OBBYEFNR22+zQEWMO/rpOEHYiB9eZAt72MIGjBgNVHSMEgZswgZiAFHOx -+uNaKlWsS4HR8xVdVmJRbrHheoWqkaDBmMQswCQYDVQQGEwJLRzELMAkGA1UECAwC -+TkExEDAOBgNVBAcMB0JJU0hLRUsxFTATBgNVBAoMDE9wZW5WUE4tVEVTVDEhMB8G -+CSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWlughRvULjTRm5yNFm8ADPdfK4S -+6ydGBjANBgkqhkiG9w0BAQsFAAOCAgEAcv0Y1MIPum+U8vkmi5P71Znf96rmJ/KJ -+hv9tCiTqrtRoewg4inr5ok3l/i7huwmMLd+FewHdWEsVKttJEKvxeEn7lLMx4wng -+YzzQ8jQY3jcKLdMC1a4FSVfnR9BwP/E1KIJ5ALPIRQCGd9doY9I9i++p+JmX/tAK -+mMt6e3Mod/S7zxxjfmRgh/dRaOl6kHDYoOLGiHBiLEmsuowuxdfJQotEzK7zQHkc -+mQksTCSJVUHOxlKpo7dM5nVjT7ZwhBs+VvVCX7FQRuszQSj4MPb5+cBdm6SvjgPI -+PohmBC5b7FA2qNGfjuBZQLv4/0V9QC5t8OiEW9t+DYizovY0W7mhHaD6hXg7m7ML -+bPEDBpzx47pko1zYyNVzSj9Ng6roxM7dkiOyyKvlOZPZ18pwwv+PcUD2xIlKcgsq -+eiAVW6TpdaDfkyt9GlQ5LIBPITJfn9iWCC/c4kUflukxhJAuHQeSVqgiSSUbv0fV -++jTpzHyyGMpe1nZethlywBDWwsbxA9QOYijYVuEIOvRUj3sNpWJTinJ7L/qAijpU -+TRFcWH78FTCb/u81oQDAFQ9HFK8Jnx7deu3qK8ihUSaj0SWMMRtBMCfK6D8AK4OP -+tPgRMHG4TNivSIiq5ZY++AGpF7byCSfQ6bOzibIP98V4s7LhJqJ4K0ydmVdPfvr+ -+m65vxGqxfNA= - -----END CERTIFICATE----- -diff --git a/sample/sample-keys/client-ec.key b/sample/sample-keys/client-ec.key -index 8131380..b0c81ff 100644 ---- a/sample/sample-keys/client-ec.key -+++ b/sample/sample-keys/client-ec.key -@@ -1,5 +1,5 @@ - -----BEGIN PRIVATE KEY----- --MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQg2RVk/d0yok086M9bLPIi --eu4DfcBUwphOnkje1/7VSY+hRANCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm7 --3l9/UmJRokiRg0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkF -+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQggBG28jKEqUG3n/wcnvcr -+h2VP5dXkRChxqLw3ydT+HpGhRANCAAQlvT7axc01wETVghF3eiQSHkBTev8NDGcF -+lM5dRCZRmwxXsTgwnb0TA1kSDsg1XMq20YFBnayf7CtYBylt019c - -----END PRIVATE KEY----- -diff --git a/sample/sample-keys/client-pass.key b/sample/sample-keys/client-pass.key -index 2bb8d4e..089f906 100644 ---- a/sample/sample-keys/client-pass.key -+++ b/sample/sample-keys/client-pass.key -@@ -1,30 +1,30 @@ -------BEGIN RSA PRIVATE KEY----- --Proc-Type: 4,ENCRYPTED --DEK-Info: AES-256-CBC,ECC1F209896FC2621233FFF6F1FFD045 -- --i6t7VKTyNNELTvrBO464e02nFg9rvYwumxd0sfqcPtaKmRK2mrZmEd/Xh0Nv1WyB --PyuJo78qQixAtxObRbkSNINzTr5C8IDrE6+wQYCJinvO54U0o+ksv0tsyLngz1cb --is8ZqHXrRgJ3qGFQWmFRtFKFQvSXOTDX3fLkEB53HfeblQCxBCnJ82Sp7ivnVR/j --Q8qQRy1RMbzIN0trEGf0Zi4tHEvXL1u7Y+olQzSlmWWaQt20hhXUOMLhMtlRsAo7 --AwjlE94JjAfJ1q1dwIcRN4c9Lk8GkiX6w7nDpRACDpk2S8ifCqi69eGe4+g7owhL --74bgs64PmM9a2sNXy1v6WE3c/t6sSrZiMvrGsqMo4sBlrQ9WXe0Naon7heBkPcdS --px0YJjnyBXHMIH+ASmALSJ5JXq9vt2xRFf0dOsGapxhP+7bZJ5Pwyk/yUu5uHFbM --/aBemlrZJzlKeYiiwpwx2whQAtDwN41zMG+r27EzSU/AaDV40NPiwwycpWt/Bp1e --z1ag0JuS0an+PK4jmREtzT5U5BeAVM91x8YttOPpmUIpahAa1zwdYPRAIkbmPJ4z --ZH+9YoPH4hoBQKdIhshYktjdI++xNiKXAUGUz5YoX8S68SsLdmKvhnQ7fu5VvOkA --2pb7taXGy7zfn+a/fWauhuceV9HPlAXMIu3GsssODoNly3vpcFeiMySKppygJ3Eg --A3o9n8UepD+jXflKG/R/t7U3hT6LqSIvQWqBqYMEVFMCNzSsJ/ce/4veFvx343zT --qdxuzYqyiXM74cynpfqHdVa9SFICTesNdVDI0FdOXhSQ4bHJc7Xp9FFJdS0lMRw4 --ACwKxvs8lo4Gx1WFyCqH5OxosKtDHQYzdUJfSWVJlhhOFR3GncR9qSe3O5fkhJfs --TALnC+xTJyCkSB2k0/bxVLIhlkPdCwzsrN/B6X2CDBdg0mQIo0LaPzGF8VneM20d --XebYn751XSiL3HKyq8G5AEFwj9AO3Q8gKuP2fPoWdngJ2GT+mt1m2fIw9Igu39J0 --ZMegyUN0wSIiA5AkgryK9U+PJEiJmLzOJ/NGr7E5tPF18eZWapK4KZ8TXC4RNiye --g+apGa+xZJz2VQp/Mrcdj9D4UDJFQjrvKaS0PXJDoYUXFBoMv3rxijzRVxlhhuJY --yZ0At+UqZD5wpuWW6DRrgJIpy0HNhbaLmgsU0Co0HKviB0x8hvMJbi/uCoPTOdPz --sPB7CN2i3oXe7xw1HfSTSFWb4leqjlKwNgfV42ox0QUjkkADeeuY+56g/B2+QmdE --vXrc6sDwfNUwRUzeMn8yfum/aW1y/wrqF/qPTBQqFd85vlzS+NfXIKDg04cAljTu --+2BLzvizh9Bb68iG4PykNXbjbAir1EbQG1tCzq1eKhERjgrxdv6+XqAmvchMCeL5 --L6hvfQFBPCo/4xnMpU5wooFarO/kGdKlGr5rXOydgfL618Td18BIX+FHQFb3zzVU --y2NR4++DslJAZgAU+512zzpW1m3JtaRoyqyoLE2YFPlW804Xc1PBB3Ix6Wyzcegy --D4qMk5qxjBkXEsBBSCYfVbWoMBeMhnvxkz0b9wkPtAW/jEJCB2Kkn/5yMC0DkePO -------END RSA PRIVATE KEY----- -+-----BEGIN ENCRYPTED PRIVATE KEY----- -+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIVDt6h9I/tNsCAggA -+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDK/DTdm5la+nBeb36XV2oxBIIE -+0Elt0ly1Cwc1o6EHRs3rFT3EYqm9DMVrcQgquI0qdbbUMtAsDmMFmW9TI7wedCDR -+Ey3olanxK2dwz9qupSmtH25j4dFtPVxfF0moND6I4cQTmzBzTOjkK4LzgMucWfFL -++J/GQxJsh0npaEu2t7HSpbKDR4uWcRiPkjxc7gFRPJH8NF51ySnF7htUODh/lmsM -+mRbdD5asKzIvrOJSVWBs7RLtj8GRCHttOLMq6ib3O0/8WvBDPEVXfPJMH8JRNxJc -+woz6CSOPoI7yd9tKnRf0YGOuPiFWc1J1LTqgvWxVuwaUGrlwRZQ3nMnKK9jfXIGr -+FmhkHYFqWX2tpYy1nI9i7qYqG0MdWTmf/Gng1/YA5jTDW3dpcCnm5bd2eyzgw0qG -+PFnjjdVlJnEKZe5phTzrffzKWW8oOBDRww63RtgnNykipPK2V+Wq3RHQ3Oach8ZB -+0RqyLCG1wFLN9qA3TmvmPDDLsksLj9LiCstqo6FyHrvy1NFsCVlVqeVcOay1VCT9 -+ApFHa5SRaW5PxTSUKfses1eIjB48Z+yplJ+6sIkv4jrTcXyjrJSmZA8GU1jVvO08 -+O2W4PGLX3C4B6iIel2eZMyG2EHM24kIAH4Dqx+GDZBhSuRBwhTN7+c9nX3fmVs3t -+cTe1uPOYu73W9zHLOSIRkO8WKcyoTzf5FQqfVhVRLmb1Z0pA+qVQps6g7DyL1/da -+zwHYgdAk0wSK20JYlXOz+7lYUsg/o4sFKTYseHVQIhXyEfUIE5gBxTEltCc+FBlI -+q0wLW5axVFJZx1uaEV0/mAOLSkL8QEKd5VOlV+mT7sDk38AdyoBbk2rmmn4SeYB5 -+tmAzNC1d8aTAANo51bvt9BL3gzzvAduwuzl/3kYGsd7ASnrYZYDMwxtObR3Ltj12 -+Jq+Uv9lknmsbuhNWY/rXE0eQT2sT7PIW4Y3HqxzVlA3TeWc6ug7GLbabQMfeFPct -+OouOgj74jIvqBRYzLvyAdLKBuDadSVvCpxJddgS9mc3Ne53YPKtT8tPSuPzDVLRp -+rMQyHKh+C9HCEozDGAjzLbr/icE1PfmxDfKbl99C5bRG2WlSL3VNxcuRr7o09LRK -+Y2k/zE0WzQtgiNaV9MOykcf3NBgRhIYwpH+O1oT2kxlorAWJbh3FyFZUxZlPr+we -+dZSBXtrZ/6aevm76f/qsHvjqC3MfHbQ5544Z5lEvPGke2w7du7Vcu7141Oghzl0a -+qw1gCok/CKy4iWoTS8sfnaKB5eXhk9KFHN/ALHztDQlq2qQ6O2KEIndHzd3IAspB -+NgEFW+UmSankwA5QnDCoyqgvnybaCJwRcsk189PJYOUQMKrvwzdYWQJIkA/XZDGq -+3TF9+bm7hJifD4nOMI0RYU5kROPLR4nKUTkRVOaMEdV8jTCWzjPaffiYKk8IDVhy -+zVnKpuuiPBU6mZKIlBwMAEwUdFSUZ8huRCoa8UGqyukJmYR5JSxJVwtqwtCqHsXd -+2nujp0MvGdJy7V/9TIocKCbJOgubuOYt3F+tp78fUYY0P0TAVIa94Be/P5B+tzKN -+/EjT+mv6RP6YnFSKSGC8CKTolPa2rKJBH+UpaHdFdbKifmY+snIMe2wzYlI62gFj -+uJc7ZHyi4MMbzdWSLblOP+KUhn0qKBJAS12cgOVWP5bb -+-----END ENCRYPTED PRIVATE KEY----- -diff --git a/sample/sample-keys/client.crt b/sample/sample-keys/client.crt -index 1744cb2..9718d34 100644 ---- a/sample/sample-keys/client.crt -+++ b/sample/sample-keys/client.crt -@@ -2,102 +2,102 @@ Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) -- Signature Algorithm: sha256WithRSAEncryption -+ Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity -- Not Before: Oct 22 21:59:53 2014 GMT -- Not After : Oct 19 21:59:53 2024 GMT -+ Not Before: Nov 7 12:23:39 2023 GMT -+ Not After : Nov 4 12:23:39 2033 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: -- 00:ec:65:8f:e9:12:c2:1a:5b:e6:56:2a:08:a9:82: -- 3a:2d:44:78:a3:00:3b:b0:9f:e7:27:10:40:93:ef: -- f1:cc:3e:a0:aa:04:a2:80:1b:13:a9:e6:fe:81:d6: -- 70:90:a8:d8:d4:de:30:d8:35:00:d2:be:62:f0:48: -- da:fc:15:8d:c4:c6:6d:0b:99:f1:2b:83:00:0a:d3: -- 2a:23:0b:e5:cd:f9:35:df:43:61:15:72:ad:95:98: -- f6:73:21:41:5e:a0:dd:47:27:a0:d5:9a:d4:41:a8: -- 1c:1d:57:20:71:17:8f:f7:28:9e:3e:07:ce:ec:d5: -- 0e:42:4f:1e:74:47:8e:47:9d:d2:14:28:27:2c:14: -- 10:f5:d1:96:b5:93:74:84:ef:f9:04:de:8d:4a:6f: -- df:77:ab:ea:d1:58:d3:44:fe:5a:04:01:ff:06:7a: -- 97:f7:fd:e3:57:48:e1:f0:df:40:13:9f:66:23:5a: -- e3:55:54:3d:54:39:ee:00:f9:12:f1:d2:df:74:2e: -- ba:d7:f0:8d:c6:dd:18:58:1c:93:22:0b:75:fa:a8: -- d6:e0:b5:2f:2d:b9:d4:fe:b9:4f:86:e2:75:48:16: -- 60:fb:3f:c9:b4:30:42:29:fb:3b:b3:2b:b9:59:81: -- 6a:46:f3:45:83:bf:fd:d5:1a:ff:37:0c:6f:5b:fd: -- 61:f1 -+ 00:dd:ae:b2:0a:40:e6:cf:e1:c1:a2:a1:d2:83:2c: -+ 31:98:e2:1b:b2:85:40:67:00:fa:ab:bf:cf:9d:14: -+ d1:c6:b7:63:83:aa:5f:9c:14:a0:d2:4d:04:3a:4a: -+ 92:e6:92:4b:a4:86:40:26:42:bd:83:b7:fc:49:b7: -+ 56:d2:ca:e7:70:85:16:8f:8b:3b:da:47:9e:8b:6a: -+ 4a:c8:e6:a8:de:ae:6b:2d:52:22:0c:9d:cf:67:bb: -+ 7d:1e:66:05:53:8b:7c:ae:ad:d1:a6:52:5f:3d:9e: -+ 6b:28:18:57:d9:a1:42:2d:c0:b0:4d:da:4a:f0:29: -+ aa:02:34:86:02:aa:af:67:09:06:ed:45:21:8e:8c: -+ f8:75:56:c7:ea:e8:4f:88:8e:1c:8b:5b:68:2d:b1: -+ 66:a5:e4:c6:36:e2:70:8d:fe:ef:10:f0:52:f8:53: -+ 96:bf:7e:51:70:f2:3f:ae:58:87:38:d1:a3:6b:f6: -+ 38:51:9b:16:ce:67:35:8e:6d:76:63:4d:6b:9b:7d: -+ 77:da:55:6f:20:b1:66:4f:9a:2d:a4:73:3a:52:21: -+ 86:3c:f3:a6:5a:67:e5:7d:10:f5:36:56:21:7e:03: -+ 22:bd:98:e9:18:b4:3f:b3:b5:0d:ed:d5:ef:54:96: -+ 6f:9d:46:6c:6f:0e:ba:4b:1a:f7:cc:d4:e5:24:ba: -+ d2:a5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: -- D2:B4:36:0F:B1:FC:DD:A5:EA:2A:F7:C7:23:89:FA:E3:FA:7A:44:1D -+ 59:33:B9:2E:63:D1:17:A8:9F:BD:D8:CE:94:21:C5:41:C7:31:62:5D - X509v3 Authority Key Identifier: -- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B -+ keyid:73:B1:B8:D6:8A:95:6B:12:E0:74:7C:C5:57:55:98:94:5B:AC:78:5E - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -- serial:A1:4E:DE:FA:90:F2:AE:81 -- -+ serial:6F:50:B8:D3:46:6E:72:34:59:BC:00:33:DD:7C:AE:12:EB:27:46:06 - Signature Algorithm: sha256WithRSAEncryption -- 7f:e0:fe:84:a7:ec:df:62:a5:cd:3c:c1:e6:42:b1:31:12:f0: -- b9:da:a7:9e:3f:bd:96:52:b6:fc:55:74:64:3e:e4:ff:7e:aa: -- f7:3e:06:18:5f:73:85:f8:c8:e0:67:1b:4d:97:ca:05:d0:37: -- 07:33:64:9b:e6:78:77:14:9a:55:bb:2a:ac:c3:7f:c9:15:08: -- 83:5c:c8:c2:61:d3:71:4c:05:0b:2b:cb:a3:87:6d:a0:32:ed: -- b0:b3:27:97:4a:55:8d:01:2a:30:56:68:ab:f2:da:5c:10:73: -- c9:aa:0a:9c:4b:4c:a0:5b:51:6e:0a:7e:6c:53:80:b0:00:e1: -- 1e:9a:4c:0a:37:9e:20:89:bc:c5:e5:79:58:b7:45:ff:d3:c4: -- a1:fd:d9:78:3d:45:16:74:df:82:44:1d:1d:81:50:5a:b9:32: -- 4c:e2:4f:3f:0e:3a:65:5a:64:83:3b:29:31:c4:99:88:bc:c5: -- 84:39:f2:19:12:e1:66:d0:ea:fb:75:b1:d2:27:be:91:59:a3: -- 2b:09:d5:5c:bf:46:8e:d6:67:d6:0b:ec:da:ab:f0:80:19:87: -- 64:07:a9:77:b1:5e:0c:e2:c5:1d:6a:ac:5d:23:f3:30:75:36: -- 4e:ca:c3:4e:b0:4d:8c:2c:ce:52:61:63:de:d5:f5:ef:ef:0a: -- 6b:23:25:26:3c:3a:f2:c3:c2:16:19:3f:a9:32:ba:68:f9:c9: -- 12:3c:3e:c6:1f:ff:9b:4e:f4:90:b0:63:f5:d1:33:00:30:5a: -- e8:24:fa:35:44:9b:6a:80:f3:a6:cc:7b:3c:73:5f:50:c4:30: -- 71:d8:74:90:27:0a:01:4e:a5:5e:b1:f8:da:c2:61:81:11:ae: -- 29:a3:8f:fa:7e:4c:4e:62:b1:00:de:92:e3:8f:6a:2e:da:d9: -- 38:5d:6b:7c:0d:e4:01:aa:c8:c6:6d:8b:cd:c0:c8:6e:e4:57: -- 21:8a:f6:46:30:d9:ad:51:a1:87:96:a6:53:c9:1e:c6:bb:c3: -- eb:55:fe:8c:d6:5c:d5:c6:f3:ca:b0:60:d2:d4:2a:1f:88:94: -- d3:4c:1a:da:0c:94:fe:c1:5d:0d:2a:db:99:29:5d:f6:dd:16: -- c4:c8:4d:74:9e:80:d9:d0:aa:ed:7b:e3:30:e4:47:d8:f5:15: -- c1:71:b8:c6:fd:ee:fc:9e:b2:5f:b5:b7:92:ed:ff:ca:37:f6: -- c7:82:b4:54:13:9b:83:cd:87:8b:7e:64:f6:2e:54:3a:22:b1: -- c5:c1:f4:a5:25:53:9a:4d:a8:0f:e7:35:4b:89:df:19:83:66: -- 64:d9:db:d1:61:2b:24:1b:1d:44:44:fb:49:30:87:b7:49:23: -- 08:02:8a:e0:25:f3:f4:43 -+ Signature Value: -+ 2a:9e:02:65:f4:3c:c0:37:88:f0:21:f9:fd:2e:7c:f4:8b:bb: -+ 67:7d:f7:48:0c:98:f7:a1:46:4e:33:af:68:77:f4:53:03:09: -+ fd:4e:32:cb:0f:2c:f1:16:37:35:65:aa:68:79:16:a9:32:03: -+ d7:89:10:ef:ba:fd:e1:26:2c:60:7c:3b:42:60:68:47:cf:61: -+ 88:00:77:e7:71:76:49:78:35:52:45:a4:31:7e:2b:e1:0a:c8: -+ ed:e1:a7:28:2f:23:a3:ce:ce:b5:99:6b:54:4d:df:d2:64:0a: -+ b7:c5:25:1e:d4:f7:a1:fd:4f:f3:12:d3:26:5f:3b:b2:93:93: -+ d1:8b:4b:4e:dc:d0:15:63:d1:77:36:75:34:76:37:59:ff:a0: -+ 81:01:ec:b6:42:2f:bd:85:5d:d0:ef:ff:90:61:d6:91:b0:f5: -+ e6:94:66:7e:4c:20:06:c4:2e:0c:9b:9f:7f:89:f0:3e:8f:e5: -+ 06:6c:81:75:a2:0b:c5:ac:44:f1:32:cc:57:90:a0:19:47:8c: -+ 25:7a:d5:f1:61:1f:19:bf:4c:31:da:44:c1:30:91:e8:b5:cc: -+ e4:7e:20:55:0a:b9:dc:f3:5e:f5:7c:d1:0b:ee:71:c6:d6:38: -+ 7e:85:7b:6c:cb:10:85:1e:6a:50:ab:c3:ae:f9:ff:96:4f:a3: -+ 76:d6:fd:c0:f9:c7:9a:60:a8:8c:e5:9a:c5:a9:7b:63:11:ef: -+ 7b:b9:9b:1f:63:51:a8:6d:2b:d6:f7:ef:51:bd:a8:32:9e:92: -+ aa:24:01:c9:e3:6a:c8:94:2e:d2:66:b2:c7:17:e5:06:53:9a: -+ bd:8a:19:8f:3a:51:7a:25:11:e5:e8:59:f7:1b:df:95:98:35: -+ c1:a6:74:15:6b:b1:2c:97:9b:fe:76:7e:56:20:4d:ee:07:8a: -+ b9:8b:bc:92:a9:19:81:28:91:4e:d2:9f:51:99:72:c0:12:76: -+ 5b:c8:74:68:b5:9d:43:53:c1:af:39:b9:28:82:a0:0e:bb:ef: -+ 21:d8:71:dd:02:af:dc:df:48:7b:39:21:7d:83:76:ea:e2:c7: -+ 16:bb:d2:1a:1d:22:f6:4b:47:15:56:41:06:4d:39:1c:96:3f: -+ 25:2d:83:8f:a4:a2:86:fa:0e:e9:45:9c:bf:26:40:e6:3e:9e: -+ d5:00:9f:ce:76:6f:df:cb:b2:85:b8:83:f2:ed:8b:b6:5a:68: -+ b5:c7:1b:ab:19:75:60:f3:5b:e7:5c:70:27:d9:1c:d8:24:f0: -+ 2a:aa:2a:a6:98:77:d6:36:d9:02:35:a8:d3:2c:19:88:b8:0b: -+ d3:76:58:72:54:99:94:9a:ee:38:9b:8d:8e:10:48:cd:28:50: -+ 31:b2:4b:d3:69:7b:91:b4 - -----BEGIN CERTIFICATE----- --MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL --MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy --MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT --Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50 -+MIIFHzCCAwegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -+MAkGA1UECAwCTkExEDAOBgNVBAcMB0JJU0hLRUsxFTATBgNVBAoMDE9wZW5WUE4t -+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTIzMTEw -+NzEyMjMzOVoXDTMzMTEwNDEyMjMzOVowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgM -+Ak5BMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxFDASBgNVBAMMC1Rlc3QtQ2xpZW50 - MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 --DQEBAQUAA4IBDwAwggEKAoIBAQDsZY/pEsIaW+ZWKgipgjotRHijADuwn+cnEECT --7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLwSNr8FY3Exm0LmfErgwAK0yoj --C+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwdVyBxF4/3KJ4+B87s1Q5CTx50 --R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rRWNNE/loEAf8Gepf3/eNXSOHw --30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhYHJMiC3X6qNbgtS8tudT+uU+G --4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83DG9b/WHxAgMBAAGjgcgwgcUw --CQYDVR0TBAIwADAdBgNVHQ4EFgQU0rQ2D7H83aXqKvfHI4n64/p6RB0wgZgGA1Ud --IwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJBgNVBAYTAktH --MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ --Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQChTt76 --kPKugTANBgkqhkiG9w0BAQsFAAOCAgEAf+D+hKfs32KlzTzB5kKxMRLwudqnnj+9 --llK2/FV0ZD7k/36q9z4GGF9zhfjI4GcbTZfKBdA3BzNkm+Z4dxSaVbsqrMN/yRUI --g1zIwmHTcUwFCyvLo4dtoDLtsLMnl0pVjQEqMFZoq/LaXBBzyaoKnEtMoFtRbgp+ --bFOAsADhHppMCjeeIIm8xeV5WLdF/9PEof3ZeD1FFnTfgkQdHYFQWrkyTOJPPw46 --ZVpkgzspMcSZiLzFhDnyGRLhZtDq+3Wx0ie+kVmjKwnVXL9GjtZn1gvs2qvwgBmH --ZAepd7FeDOLFHWqsXSPzMHU2TsrDTrBNjCzOUmFj3tX17+8KayMlJjw68sPCFhk/ --qTK6aPnJEjw+xh//m070kLBj9dEzADBa6CT6NUSbaoDzpsx7PHNfUMQwcdh0kCcK --AU6lXrH42sJhgRGuKaOP+n5MTmKxAN6S449qLtrZOF1rfA3kAarIxm2LzcDIbuRX --IYr2RjDZrVGhh5amU8kexrvD61X+jNZc1cbzyrBg0tQqH4iU00wa2gyU/sFdDSrb --mSld9t0WxMhNdJ6A2dCq7XvjMORH2PUVwXG4xv3u/J6yX7W3ku3/yjf2x4K0VBOb --g82Hi35k9i5UOiKxxcH0pSVTmk2oD+c1S4nfGYNmZNnb0WErJBsdRET7STCHt0kj --CAKK4CXz9EM= -+DQEBAQUAA4IBDwAwggEKAoIBAQDdrrIKQObP4cGiodKDLDGY4huyhUBnAPqrv8+d -+FNHGt2ODql+cFKDSTQQ6SpLmkkukhkAmQr2Dt/xJt1bSyudwhRaPizvaR56LakrI -+5qjermstUiIMnc9nu30eZgVTi3yurdGmUl89nmsoGFfZoUItwLBN2krwKaoCNIYC -+qq9nCQbtRSGOjPh1Vsfq6E+IjhyLW2gtsWal5MY24nCN/u8Q8FL4U5a/flFw8j+u -+WIc40aNr9jhRmxbOZzWObXZjTWubfXfaVW8gsWZPmi2kczpSIYY886ZaZ+V9EPU2 -+ViF+AyK9mOkYtD+ztQ3t1e9Ulm+dRmxvDrpLGvfM1OUkutKlAgMBAAGjgdMwgdAw -+CQYDVR0TBAIwADAdBgNVHQ4EFgQUWTO5LmPRF6ifvdjOlCHFQccxYl0wgaMGA1Ud -+IwSBmzCBmIAUc7G41oqVaxLgdHzFV1WYlFuseF6haqRoMGYxCzAJBgNVBAYTAktH -+MQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEVMBMGA1UECgwMT3BlblZQ -+Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CFG9QuNNG -+bnI0WbwAM918rhLrJ0YGMA0GCSqGSIb3DQEBCwUAA4ICAQAqngJl9DzAN4jwIfn9 -+Lnz0i7tnffdIDJj3oUZOM69od/RTAwn9TjLLDyzxFjc1ZapoeRapMgPXiRDvuv3h -+JixgfDtCYGhHz2GIAHfncXZJeDVSRaQxfivhCsjt4acoLyOjzs61mWtUTd/SZAq3 -+xSUe1Peh/U/zEtMmXzuyk5PRi0tO3NAVY9F3NnU0djdZ/6CBAey2Qi+9hV3Q7/+Q -+YdaRsPXmlGZ+TCAGxC4Mm59/ifA+j+UGbIF1ogvFrETxMsxXkKAZR4wletXxYR8Z -+v0wx2kTBMJHotczkfiBVCrnc8171fNEL7nHG1jh+hXtsyxCFHmpQq8Ou+f+WT6N2 -+1v3A+ceaYKiM5ZrFqXtjEe97uZsfY1GobSvW9+9RvagynpKqJAHJ42rIlC7SZrLH -+F+UGU5q9ihmPOlF6JRHl6Fn3G9+VmDXBpnQVa7Esl5v+dn5WIE3uB4q5i7ySqRmB -+KJFO0p9RmXLAEnZbyHRotZ1DU8GvObkogqAOu+8h2HHdAq/c30h7OSF9g3bq4scW -+u9IaHSL2S0cVVkEGTTkclj8lLYOPpKKG+g7pRZy/JkDmPp7VAJ/Odm/fy7KFuIPy -+7Yu2Wmi1xxurGXVg81vnXHAn2RzYJPAqqiqmmHfWNtkCNajTLBmIuAvTdlhyVJmU -+mu44m42OEEjNKFAxskvTaXuRtA== - -----END CERTIFICATE----- -diff --git a/sample/sample-keys/client.key b/sample/sample-keys/client.key -index 6d31489..4eb2768 100644 ---- a/sample/sample-keys/client.key -+++ b/sample/sample-keys/client.key -@@ -1,28 +1,28 @@ - -----BEGIN PRIVATE KEY----- --MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsZY/pEsIaW+ZW --KgipgjotRHijADuwn+cnEECT7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLw --SNr8FY3Exm0LmfErgwAK0yojC+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwd --VyBxF4/3KJ4+B87s1Q5CTx50R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rR --WNNE/loEAf8Gepf3/eNXSOHw30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhY --HJMiC3X6qNbgtS8tudT+uU+G4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83 --DG9b/WHxAgMBAAECggEBAIOdaCpUD02trOh8LqZxowJhBOl7z7/ex0uweMPk67LT --i5AdVHwOlzwZJ8oSIknoOBEMRBWcLQEojt1JMuL2/R95emzjIKshHHzqZKNulFvB --TIUpdnwChTKtH0mqUkLlPU3Ienty4IpNlpmfUKimfbkWHERdBJBHbtDsTABhdo3X --9pCF/yRKqJS2Fy/Mkl3gv1y/NB1OL4Jhl7vQbf+kmgfQN2qdOVe2BOKQ8NlPUDmE --/1XNIDaE3s6uvUaoFfwowzsCCwN2/8QrRMMKkjvV+lEVtNmQdYxj5Xj5IwS0vkK0 --6icsngW87cpZxxc1zsRWcSTloy5ohub4FgKhlolmigECgYEA+cBlxzLvaMzMlBQY --kCac9KQMvVL+DIFHlZA5i5L/9pRVp4JJwj3GUoehFJoFhsxnKr8HZyLwBKlCmUVm --VxnshRWiAU18emUmeAtSGawlAS3QXhikVZDdd/L20YusLT+DXV81wlKR97/r9+17 --klQOLkSdPm9wcMDOWMNHX8bUg8kCgYEA8k+hQv6+TR/+Beao2IIctFtw/EauaJiJ --wW5ql1cpCLPMAOQUvjs0Km3zqctfBF8mUjdkcyJ4uhL9FZtfywY22EtRIXOJ/8VR --we65mVo6RLR8YVM54sihanuFOnlyF9LIBWB+9pUfh1/Y7DSebh7W73uxhAxQhi3Y --QwfIQIFd8OkCgYBalH4VXhLYhpaYCiXSej6ot6rrK2N6c5Tb2MAWMA1nh+r84tMP --gMoh+pDgYPAqMI4mQbxUmqZEeoLuBe6VHpDav7rPECRaW781AJ4ZM4cEQ3Jz/inz --4qOAMn10CF081/Ez9ykPPlU0bsYNWHNd4eB2xWnmUBKOwk7UgJatVPaUiQKBgQCI --f18CVGpzG9CHFnaK8FCnMNOm6VIaTcNcGY0mD81nv5Dt943P054BQMsAHTY7SjZW --HioRyZtkhonXAB2oSqnekh7zzxgv4sG5k3ct8evdBCcE1FNJc2eqikZ0uDETRoOy --s7cRxNNr+QxDkyikM+80HOPU1PMPgwfOSrX90GJQ8QKBgEBKohGMV/sNa4t14Iau --qO8aagoqh/68K9GFXljsl3/iCSa964HIEREtW09Qz1w3dotEgp2w8bsDa+OwWrLy --0SY7T5jRViM3cDWRlUBLrGGiL0FiwsfqiRiji60y19erJgrgyGVIb1kIgIBRkgFM --2MMweASzTmZcri4PA/5C0HYb -+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDdrrIKQObP4cGi -+odKDLDGY4huyhUBnAPqrv8+dFNHGt2ODql+cFKDSTQQ6SpLmkkukhkAmQr2Dt/xJ -+t1bSyudwhRaPizvaR56LakrI5qjermstUiIMnc9nu30eZgVTi3yurdGmUl89nmso -+GFfZoUItwLBN2krwKaoCNIYCqq9nCQbtRSGOjPh1Vsfq6E+IjhyLW2gtsWal5MY2 -+4nCN/u8Q8FL4U5a/flFw8j+uWIc40aNr9jhRmxbOZzWObXZjTWubfXfaVW8gsWZP -+mi2kczpSIYY886ZaZ+V9EPU2ViF+AyK9mOkYtD+ztQ3t1e9Ulm+dRmxvDrpLGvfM -+1OUkutKlAgMBAAECggEANwi9ron6QzWaqtNdva7lCT1o/uLR4EB/+s99rVOT2K+C -+hxdu8QK2Aj+YgxgsbA15tfiWSGldPywX9/0KEv7IgkioFy7Lxx7sn1PeCQ4qck3+ -+0ZuIVHWBHhGPuFI/lEQWyg7g81eTyWpg0+1nMeI02cLyggFlhUXyrOV5N4REU2GW -+C0KBQFyVQJPrFszomK8qsHOu/gaGC1vOwgIID3cQ3iLKXkoHNmHO4hgbeSy+SfDP -+Q5C0xxKQa2RUz0nLbByuGtLYOsJmbjUMWjFXyjmwBsPCcvRmFRdnxFvlnzwGEH4M -+ZKsw+49p1iJFyuCv7KJ/ILLJmoEuryjrSmdj3esIqQKBgQDwC24VBQLNmlug8rkG -+YWaRePsWRJylDlWIeHnfmGe27p7ytxOvGe6hnPu6nfg8nXHtruZCIhGya6qbuVmL -+vGrg94ia4MSpDVUgGiElXXQ/Pl7O9/lnSlIlxcBAgd8uggxIAzCeYI6c3r7AQcmY -+jARMwYNCxJjz5nLctMe2MCs4LwKBgQDsatDXb3xr6jmflCUZa8Kx8SOgBWEZTEGz -+KEoCQWnF2fHUCy4Bwm8Imnws3iX0198TyxkVD2rP8oGwFj2SAVtI2L8Y/g5A05TA -+knfmVECvGp/MN266ZdCA8G/MKbk727TxyJs+4AseAi5p6cBULqZHsJaZE74qlcEl -+5gFQu35ZawKBgBBgRz9J2zoZmLyvMm48ANpVzZNkVOdxxeYMigv2AsVZHCDk2oPs -+mfoOkqHVmxTPjPExKGZEmr54V+hNyc0dqpD0ci5WvTPnQ/JvtektqfuSjrdB9ZLV -+YCtRhV8hPQ+YMaxMA2oankAXdh35nv44NybhYMoSTXj+NMHX13QXbytjAoGAdVKw -+3yixWzB6dinjm1Dx5rJfVos024QPWqRUzfe+UPROYUdHBpKB3YgktXNs7KuwRbdV -+dDEZdabIGyV+WpWXwnflpbZ2Rk95k3NcUw5ep0cUJBkiNxhNt58aK/xMs1rd2dsO -+x84RVkwI0oCw9FXOKOeGZOL6TVHR70fMQU86bY8CgYEAqg/1AD9lXzbR57zaR/br -+AIn0WWU2mnU7Dc4uhmQd9+JExqrplKKHrUp8eQEOW8nij6MbPYlpgkMdatvDOJqP -+WrYtwZsKXGhnalvbS3ye20HqpjYpBR7co3Q9KMaaDNoQe9HtjbT80GXpQEbJN2Iu -+ADo3hPoX0yENIbKFccMuptM= - -----END PRIVATE KEY----- -diff --git a/sample/sample-keys/client.p12 b/sample/sample-keys/client.p12 -index 8458c79..67335ac 100644 ---- a/sample/sample-keys/client.p12 -+++ b/sample/sample-keys/client.p12 -@@ -1,21 +1,23 @@ --0‚±0‚w *†H†÷  ‚h‚d0‚`0‚  *†H†÷  ‚ 0‚ 0‚ ý *†H†÷ 0 --*†H†÷  0žZe8ÅÛ€‚ ÐMîÃn’*GÇþu‰zÈɹ”Œ­ýBXªeÙpÓ8Áø·¾ñc4Üç}‰5\‰½(O¹¨W[û°2v vѳ@Wr¢ö¡Ï@&Óp&—'y‹ L¦äyÓcŒ#¸3VÑ †d9!e+'´€iâ0¿˜½d€”>tÝ\oÝ\ê†p`ÿd€?Í‘çï"ÎH;Á7g:›•ÞœúÏ… d‚6(Qõè{ðm´û´à¾rBcñô£±îtxÁ%—É,žÔr5†@ý€1‰¶ü:V™"¬å(ð0þœÝÈ¢£ñmXÔGAÀ$¢¬¾.±`?ÝóƒÅÿzî¯ÕpÎ&ˆÃaKMöðQ --%Fþ#…%·ÒìØõùõåðÌÜ ‰ƒVR<ÚN)†t~úîºðñ¾ûë‡ö@’gW žH![»FÞîÏvbfJæÎÀ¨ËH£Y“Ýðçq!CÓCµ„°{ w"®ob8ÎUdYÁ2âèñÒA@“ëœ÷Cò=È)Nþ2ð|¡ê0ÉF~ñ¯°³RoïúÚÕ]ÖswÃðb›m æ --Ø)-[ËË–›Œ(‘V --¨Ýs›$H–æ‹¥ÿA7â[:ƒi! ó.X‚ëÁ9Ÿ’eþÓMÔV>˜XÿI0©‹±¹ÅËœ)û€0éó—ÌŸI|æIúäZ²d0D·LêqÝVùZø´"åêÐ?‚eS…9_‰2%FªñŒïO,(· Æg Ëöû¬(%_“ªû¥{”œáßä]Bµj胙*{nWÂ2ì{H3ÖŒ$GÜÑÊ´=ŸËëØ;þ¦Nš‰R(ƒvï  ¿`316…Ý͉ÍM÷]ד‰ìàßÄèÎ@Ë&µýºy$'n --Çï¡H÷wX†õÀã]2H cÜþ—%•âXoþµvËQrÍÍÿ!‡¬öŽ;¯B3e©µGƒÜúX¸vŸ/­ô)®‡ppËâXBÀOå»-Öhí{„Š×GfH‡“+ %$µö¡£µ+H6T#0:‘§ÓRÅÏÕ’ÐÿHnÞ)ÚbÈËP¤Òr™ã:*&`fóE>ÄýÇ.¨ñêÆ“ÈX” ¯û¡ïmW0ºaâ:õ,¤’ ìÓT„<1ÔAæO˜ZƧ=Î|E-ýÐO¾§hy8}i¶¼c¼;vÖZJŽ=Ïj ÞBçÁˆe.žz´rÄêµ:½DlQ»À®=#Åë³-{´›‚eðÍ‹ÿ oȪ“ä|Ï>:´O^WkR`ê6{›fŸ(®I}éȇ´vÈ=Ã+¹ˇ¬[„Vâ”#"yù/æ<)ÏŠ¹„Û^@]N[“î{ÐÝ1£^Žo«û_Þze<뫹“³‡R<›ol¹¿¡Xv¹´bXŠ®à{âm„ådJ˜K§ÖøàjLs×ùÁÓ-‰J•uº4ñà?úæ† ÷¢?×Ó=†ž\Â$ë!;¾ä3´ÍÅ;›'=üžÇ,4<¡ÕŽBà]! 6è‘HŽ€ †ù³©lâîÝ•òº¥Ü±Üí¿í:óvB’¯DÞ»Ÿ³I2åZ¥"ùy¬«'O¢Þ”3Ï,Oì&ÑQ1ÌüÀ°—µ |yA[C ¬–•Q=íKë‰~¿l½øN©fáܦ7=(l‚7kÙƒàzŽF»%I¹ --[Ñx 6Hä {Ï‹ ÀŽ¢'LÈ%0L×j¢Û6€’ pw2çžIá,?œä±É.åöâBã7âÏfæ;ZÑ7Ô ÞrFW€¼Ùx²G$7˜H¹ ±M‹õÚv&¤@YŸJ’MXðx³·ø®ÝŠ¬±èõ¯>²µåi[T#7‘¡VZqX9ÊñšÊyhÈ öòñŠ°Â$÷ÚÞ„wª6‚cUþ‰Û,Eôt%² "m2$´“ Ì.ßÈ~N±»´¯éŒÁïáL{;¨óÑÆ–™;fÕÓ̽‡¿]H:Ó5Ϭ…‹ãñ¸)DUúö0/.¾ƒç‡dt‡ ꔇ»E{½èØ'5êvÛÆ'IÑoÃ>¶Ê=Oúº„¬m ù•F dÝ©¬¶·Ýca&²uèn®<³¸•†ÕWJÊ·ï£5aÀ¶¤â®'ȦœæqôÑï5e>¯É?¹4Zqž 8òª MÚÈ=ù¦á{OŸÙÙ–·Øá—³ rƒ±>ÿW ,ì0þ xF¹`ðA™j•Íæ64´ÙA --èÜ)üþ=9ÓÒg}ùZë¯+½$ Uª-]µ=;Ƕ¯µésÖ®Ù=$B"˜RÁvû¡ßGi’yßœ°³µôÀHÌeß×æ䶆B»ã8ãî#äØxqü‚¼‹}ý:)KÙ“ó©Æ3É@Yä$%ø”J¬uÊþª_xKß --èª^®ÄóyÚBÒ•¯’ôàÚ‚¶ùù°í&ô`ˆ<›Ê†Úr.¥.‘$SàÕ| Ùu ---óî¾GRÒY&˜q_Œø™krôyÌ ÀË9=ßâí7ë Ø Ý»¿åÂ…¤_ÛÈAuxÜæoñnrSÉc´D•JÙä_•ú¤¹ªÏÅÈÌZ%¬˜® f Bp,ri²¡ÜMe~.ÛpøH²ŒÑnî+&vOmàš1ºËfW{–Á©ù'ÝVŽt…!–(røgÕ!ˆ}îsñ¢¨$`Æ â/žÐ…l›’Ã9uKæXó"ÏþËóžX¸#&§qÛýàVäL¬tK ~Ò¼)å-Oqz jÏ^ÛWþ•.)ÏŽ uàµd+UéÐîCÔ_R™‰p ›àëìþî[?õ•—„ññ --¼æö[ L>Þ¬º±ƒïMÓ¤9ª}÷ß;JUÊ–jÈÖT8×3ãq_•bò²˜=!“–>éÆÇá˜`ô…<ÝÚ:¿y ©YÐùo…‹+XD…: ) ßØbí¡«_×ñçsaÅö|.áæøE*[ˆ†OדºYŠ×ª‰(´m¸”Ù+8šJ¼úuS,|Ǫ-µ%œý‘ñEýNcJ¥¯ÔÛ±B\Ô#cô"Ë¥©F§!2ÓxšWIózr­]oHÆ \&r¸Þ„ê¥(ª?úàÝÐòFÚk§-óM7¢%´_?šÚÁK𸠖ÊÅfγzkFÆA´’àBJ«¤.=“„¯¡x⪅ XŠâæ²ëŸ½|þEÞÇ#_5ø£·éW¿Vhèˆeòp1`‹žw÷6$ ‘ üøO§zÿvPàó›Ê(\‡…†2½Ü§F  4KÛ`¸k¼R«dFÿÄ®’†a¼,ÇØ5®´py9"çÆzDÑzgÿ½lFv\1Çp,EiAv[qN÷ݘC =Ó3¢Yÿµ¡ Lÿ‘-qM --(™~—Å'¼ôŒ„°‘y ‡]>ý ”CaXp°‰ëÁ¶}‹]•õä‰F.ÁÙd' --q.ÅtNô€M—)JÛã¿i–w™ŽÎ$úcýÉ©)àl‚…V\$ytʺ÷Ö¾¢YjÙƒP­:UŽ–ÇÕ Aà@#˜¢”N9(¸ñ ˜¿=ž[ƒjb'&3'mÔýF¯Ì¿ÇFñÇZÖ¡Ê`§H€¶è%Iøýî‘Õé̼½[—ZŸkØGaü²èl0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷  -- ‚î0‚ê0 --*†H†÷  0«ó>9*ÿ2‚Èš’bñ¹.dm4žþ³ïéO’†äJä %fŽï0ßóÁ\ R]Ž€#£óYÅÞ¥1dóŽQìÈðýÅŠNX"r“+\—½³%yF6òhRåe-Hf;å_=Û(Èš™YT¤Ê)ª*Ó”kgs§÷….£—¯ --Eæø-t¾#RÔ\”K oO—}™“æP‹[èƒÍž­Ë_E âMKÕm™ s—¾vÎå:.U˜ýËÁœÕ¢%®kuj÷jî®èYÏ(ˆó£«=þõ!Õ¨‰:*M€¼·ì\ã×>ZDDápœÌwøÄöe%ZÆþ EÑPa=´Ù´¤"xçcxtðÓR;îñø™Soh/ÃÃÖ‚3~¾ORânÜÜþ½#K¼h±úÆO£º‹#=Ò^æHK½6YnÝrJ°°Çe¤Ë,©‰ ;þ+–O‹ânÕ?`(˜’JR. --€µ$Ñ`†øº%ŽÃÚ…¹­¾µ‹ Ô-ByL‡³úҦׇÀ%öOh´æ©É¾÷–tˆ*–²+0åSj®×HV¤ƒŽbÄl\Ћ?Bh9:žÅé=‚˜TñGØn gb%E C1€¤¬ÐæsL²ÌÃðÀsª%› «Æñÿe!™|5UZÆ "9ÄÐó™Qºä¾ð¨Q/ÀúÛ«· Áèµ^Úöe²…5|dÌ ô --J;×½–Í÷”Ìð0Üu*é€å¡˜rÈ"^´¦»³Yóå¶Ní_À‚ÆBmˆ’Žµ¶ --ɪ•šãíÖ²]‹{U¿ý}ঃ¤ÑkUÒè¤N¸bxë³uÊÜS‚úç®3W¡räÒ |wÎcÚ¯Ýí@£°)³ÔB{^m=õyñÊKëŒ×ƒP‘7Ž&õvG›aùY>h@¯#´—ÂÂ…f;z’6åçÝ 9#·ì®Fj'è3]÷x~ËÛ5ÆŽ s’PνöUö"i™µÁéAÜõ³±^I„8Ót#ŸóÉ$íz°[‘Ó Ìdžòìdk‰jwÎ×¢Ù•€~'×¼1(=[ ö#Ê¥Û¦ä{¡¥ùÂ'bZò¡JWÜ ÞO§ða¸6 õ&t¸­=¹´y‹&Åe ž²Ñ8®Tg\½†Èl%¡#5hš{Ì‚ÎU9ŠIçÖ"ª¼‚2Mb\pÀÅñK rv–qDÌ _™Z† Óð™Øátÿ#½™ÃžÎK»õsõ‡ gíøUi½¨’~+V†ÄZÚV4µù;fnöÌ̲­ ¤%jÊN§®sÐÐqA,_'Ë@VÉO]5ã?úöÕÐò¯'Wt5° =€Ù©Û%ât#OAužuƒG --"ß°¯@åÔ ×â ¶@†ÁJSÞ­DZß—ý+DºÖ¢9h¸äB]…Ø+cgÿ zëƒ*6V Þ³!T¬cîà™£Ñº•s:Ë”òS©ë£{ÖD¢»q»Àƒ…Æ8Gzí)GÈ/íø‚ÁäN×n;×1¹ýÖUDKË I=X¾~â²&š‘*RuƒB€ëL;ó3ryúyz1¿Ò@ÖBÑ×Ö(Ïý1Äqúø6xÿà’þò*‹r íoˆ€ô€f=G{F™ôhî¡+˜f1%0# *†H†÷  1Và#y¿}À6´ÿ€2î5oøO"/Œ010!0 +,øÝ…h•†«¦Nˆß _ zíÂE,Ü__à¦þ -- -\ No newline at end of file -+0‚_0‚ *†H†÷  ‚‚0‚þ0‚ r *†H†÷  ‚ c0‚ _0‚ X *†H†÷ 0W *†H†÷  0J0) *†H†÷  0yUQYë›”Ä0 *†H†÷  0 `†He*Ìj,ù¼\÷{ëãÄN€‚ ðÝa:+°¤ ijÆÿ~ /(¹V¼1¥·º”cŽÖÍÿfR}Ý å l3Ъc -+©;€;6Ç"`xx²BœUVLh•fz%ŠùÈØQWeÿsªq­ì©}‹9ìYBç"ŒR|º.^ Ý2Ž4%pÉòZõP¬V°Öãd‹:zÁoÆë èÿ zoÑ“YGØÜV>«.huZ`Ÿó;Äõ{é2ÕÞöz‡œ:ã°õ‰2ÛŸL¶#¸ÏÁï µsk’¨@«¡ñ¥ÉdŸxÀŒsÓîŠ3µÈýçQû=7¸f+”:ŸV%X¥‚½{bàŒñ®zÀ÷GÁlNSRP5ðc´w1 YN3s ”ã0ÁI¾Iž‹GËóz‰hm]ß”“W™Š³¡Bcæ·Ý]ˆŠ 8×Bô•f¼h°ÛI–#XJbä¹P»5 ߃­Ì–Ã@ß—–ÔšŠk•ïÞ8q¦SاòC±Ê­Ød«¥ ä¿“W6¿Z' ö¸j¾ºø° -V×ôˆ¿®ôæ³–Ü@|m'Îk¬úEËPí¢i?çšd˜ Ùî¡~297]ì'¢ûá‰Lx³3ÒN°Ó -+w&tWÕEK$§¡²SÁù¬›ªô»¶w|,š`q i0i¯¹8ÿÙHÁ>¬¹šRw9¨p4*-ºP¹%c¾Í!P¡3¨eÅÌB„ŠÅ$ì÷“P¨ö+m©d½õèTÕZo‰¯zD7{¤Ûj {öãÙr¤éÊ'¹çR’$odÍMÅ=vî»ÿ Üã`Öš°I²Ùå'k\JÑÛ`Du+b§‚~¡ŠÀ¦¸Z!hF=IJÛm…ïŠæ?^± ÀÎ|aY®-Ó´)š$ÖO¤Èc}ç¼>B¥¹Wú˜cÕRãÑ#÷ƒŠ!ñ+ÙÖ!ý úµHËÃWäåܽ Ö_Ð0Îí Â`¢{×yhÿR¦Eà-jŽ‘{‘õãþ–Gîì­.OU’ÛcjÆ÷5&!ÓÓ¡i³-yíÅÌö¬¢rtk»uwgŠÚ 2îâíæ0ÿÓÉÔd³±Ì„„ÃÚ#%ɹt\ÏwÓ<ú„æü‹tŽ¸¶·\  qܤ{Štnû²ÊNO¶Ýni6YYk:’¿?sǵ…O -+•>žnH <Í”ïz%cG–+Õ^ä-µ/w³d¿ woDkM}´Ôni0’€«5Ë…ˆwâÙrVFêÑß3þwPåºB´äŽáLÇ™:R)('U´—Ç×j÷ÐÔñÄÔñÙ|`—éˆ&ˆ¨›1–CN G{lõœK¿ùg˜äw µ¡}îc0#SíËä-„€!s…O¸"wœ\Cvn¼ÿ1˜úTHÃô|çëü„º\uÏ–wԙˋ‹†¦wÝø.}X -+”Y-,Ýõûƒ€…²F¸lßG‰8–˜(']÷¿>Œó‡±[™jƈª;ȇ§`i§_ø:¢¹3€CIÿN¯Ü´=HŒm…¸ž¬Ÿ…äБáfð0Å”Dúê@¦ ‚(Œ(ŒÕI¢Íó11…4¢›‰È¡Î[GjLLt>‘‰í`tD™4cÖ@#1ï£HÜ6E—è\‚¨LE·$b¦i!„ö7ë_.ƒg˜§îÞhaUÚîÞ_HýŒe ”ÿŸk¾„²C8ëÌŽæ¯D­G«‰#ð^/MýWo,]ËOƒøYy*jØ9ÔþÅ @Š¾,Ç$üÔ(W“«)Ä.´רØxølª…Âv{·<4™:²¼¹`Ô!Ø⎮&ê]Ä];ù‘ôDf2sq•¯è'윿ò´‡àч§ -+®Ô%—5 ÷°†¹ -+8S6ÊG£)Ót½ŠÞÙMhÀR')ÙŸZb›c¹nèF›‹º†ÿ•Þ¥#¼dŒ)SWGëu©E‡K8 -+<”…¾uutóó\j™z¬n‡û¼&—$žkz›à–FÕmóø}¾ÝêÔn\5äaßß$)Ë®Q1I$óÈ|7]°Å$¹aOe¨Òü•#f™”o%òe>Ú³‰Œjë½€w}Aðc—ÙW9.&íÈqGEÓ0ñQ:q¬‡_YŸ9kVð¡S&LÙÙ›8‚Æ2ÑmÉ,nÖvªÏõ×îÎBq4fjCV0º3ª#‰ÿ5°æLèþá SÜûìÈ]qúh^¸S3슄Š3ObL¤”À••úŽT;¿ ?ú^5‡„ Q†G¸‰¸ šåTHÿ Ú(:áüy©®\¸}.)rŒU3‡9ø!ÿ%âŠzüöö—æ´Ö¼ÿÝâÑX,kÁHÎGWÑ2O±8ì&•3nŽü£H³IèÕ´I¡Jâß%ìd½‰õ”Ðæ„ü }ø½Z Ò#—ŽØC´¸{b›àf$`¼ôyîb«Êð”Âsüä™ðoŒl—ë Hýt¾t×µëòZ -+·¹W@iJÇÕJBL•/–Å IŒž¥ù’A”léÜxâÁb„Xª>O=O;h¦¾’Û¯±¢RªÙ’³&Ã\é°ló^#€Ð¥ËPߺ}QeøNî¦NQ戡ðÜ@Á­wÇ´]ìH9^G:¢k¸»"+•á¯ÑðœÏm%åí²¸'¢'YOg\5ô²=‹~¤5&ÝÆü(ãÆ° ù>²_‚Éðõ×âŽî7u‹R(ñ¡[o#I@ ¢ ÀÏ8¶DšŠÕ¬8X?§Ü¾ëÀÿ 6 ™ãé½{‚ ¦Ûåp #%‰A¥èÑ‚ã$äQK0˜mÀÓ‰“Í<ËÍ'D•Ëý “Õƒ¦í‚;[y9¤­´(*roRS*Ÿ VñŸ«p'úâœ)dé¶v¼cÅ1V~k•¿bó®‹ö~‚î§!¸3¾± úoMSí[üä£é «ÏÓÌ•Ƈ2  a,ìø=Ô=’É ó*³õøG£àæK_ACSÔæ²—ñeôÞ"GÉø•MkŽëþqØdèÂœ^·­a>Ïä-_ÒÇRŸ©Z^Šì¬/ -+=°ÄÙ} sO¹I0‚„ *†H†÷  ‚u‚q0‚m0‚i *†H†÷  -+ ‚10‚-0W *†H†÷  0J0) *†H†÷  0vÚÉàòä»0 *†H†÷  0 `†He*ˆo|»ÇjÑ%†ŸÂw‚sð‚Ц‚ªwJøbÓo¼u?âDþÞ8Û((†Î5&oX›…\æ "Šùqk2¦†e°C¢­¯u®Á6º¯¦H¢Á­Î#©§J#•éñ jÇ@ñeËd‰v&ÇîJmʱçྖƒOeƒR¦ÇÉ*1JèþÅúS†Qgo¿M· ;üR|ŒÑM?¿œ -+# I<(ì c;ÈΗDh…x:4L•ŠA–Ùƒ‰äR¾,FX° Æ k‡ü¯ÖU4ØÊ$2¹)”Cïtïn ÔB¤ÙyPÿ‡Ù1„†Ö~ü€Ãžª4÷í€k‡QÑ3záÕNryü+Šwà÷ -+u*CỺ|›à,ãø“aƒ}xŠM¡E¯F%Hƒ=ˆ_PÔ?‘t´3bï®ÈÓ”µ>ïïÇq3Gi”F7™¬ÒŒ8Ê]Íê¥Kh©±ÙŸCkMÌyð&Co0–]Êö€£—HË(¯ðñ·šUªø²ÕëÄÅo1n÷2µ;¢Ñ~Ð! -+Êô•6Y CrCšÄ{;O«»Ëý„„‚Ø_ÑÓòYÑÝ§Ñ #œ®¹BºÖû³ý&ÛQí _ÐRžÿã­ -+(S£Î¸ÆszÐÔP,l/Qø€DÏшQœ5ŒÇÏû‘Íq£Õæm I…hò™>~Œf¢¦hÂï@¼tšø2wO›="ýYí=÷o|H©¯¬È» 5Sù.ÕªöÜkæ GΗT1Ì·9Âh_¼Š"¦¬ -+µn±ÿÎØÛ !X.|˜OlEBQâá™OŒH×iM%k¦Üu„Ê›åmš¹1X˜uƒ6Uï¥yJ°7V6‚…ãó³Ë'Á0’("yÍ^Ø1¿3Tp%7×pHh¯ ‚˵Y˜×ïÛ ü“r>'ÞµÊc‹H•úÏ8·…Ÿþ1ëÙ>Bv²V -+dÝ«|¨©{p|ÔÏá{2 Δ¢1÷!`ÏnŒ_Ò̉éú ­Þ/Ý°¤åGhv+X—nô[<—,ãõ‚î¸äSÔa­›wÖÓô¬K" éWVêNTÜþ‘.[ -+ ¦¤ÄT%ž†+ãò­g5Wßd9Ø´7ž\ô,¨C¥| ]Ý÷Þ¥³¼Q -+„¬!V¡x¾ü"OÝc™U4nôœGüAtͲ]lq®*º¦6ž+‰³ÝV—å?t$®Å”ž…&J¾Œ¥oea0‹‘’U|„’+cÊOã™P­*µ+P_Zãe³ï q9=l`§§©º'èÍ1ðÏkÉ?GìÌhìÃC<ú×€¯þ­ÜûLÉMXÒ«ò…äòEï“I›xŒm´PÑÝ ºT|ŸT‡QLZþÍ*A…É<ß䯸;;þºƒ áú`ˆìÏ ÒŸŸ–ºu­\ÆìHléâœêfµ²T{I=[díë¤pyg;‹qöhQ³2vT)óÞ°Ú.Û·¶oJÍÙ˜^—}ª‘«¼‰4J”ÈAPÓã`À5(g+*.i²ñC„í¼iÚÖ¬jÑ¢D‹óAÏæéAB‰~Rüfùžä²^.¸;Û3i®Ãáž}‘TtúÅnE—Í s¼(0«µ(2Yìgõ ¯!7KnF1%0# *†H†÷  1æ,ù&±l›áº…8¤€‹I0A010  `†He f×#Á¹‡³ë©]i}H8M±§§dw{” îÁÑú@èÙ -+½Íc¤ë± -\ No newline at end of file -diff --git a/sample/sample-keys/dh2048.pem b/sample/sample-keys/dh2048.pem -index 8eda59a..d393581 100644 ---- a/sample/sample-keys/dh2048.pem -+++ b/sample/sample-keys/dh2048.pem -@@ -1,8 +1,8 @@ - -----BEGIN DH PARAMETERS----- --MIIBCAKCAQEArdnA32xujHPlPI+jPffHSoMUZ+b5gRz1H1Lw9//Gugm5TAsRiYrB --t2BDSsMKvAjyqN+i5SJv4TOk98kRRKB27iPvyXmiL945VaDQl/UehCySjYlGFUjW --9nuo+JwQxeSbw0TLiSYoYJZQ8X1CxPl9mgJl277O4cW1Gc8I/bWa+ipU/4K5wv3h --GI8nt+6A0jN3M/KebotMP101G4k0l0qsY4oRMTmP+z3oAP0qU9NZ1jiuMFVzRlNp --5FdYF7ctrH+tBF+QmyT4SRKSED4wE4oX6gp420NaBhIEQifIj75wlMDtxQlpkN+x --QkjsEbPlaPKHGQ4uupssChVUi8IM2yq5EwIBAg== -+MIIBCAKCAQEAgGOVdT2c3GUITi1pF9u+yo72PRBW7I7SnNIsHmXCRYibpyPMGxKM -+ROK6rduMllC0CjiXQZhMfqCg+GIca9xxBPKtTnwtKWD3eH5wgs24kw86mODITjJk -+6lTNM8it2HY4UuIQoFCqCdt5f5Gwgh2nwU5+dy731md6pmw9x9jUEXoyh67CeZfb -+C45x5ttzjpSBvYe5ZIiUypYKumYhdiZhk0RLefEtlUYF9oXrUExDqfYDpSO/1/X3 -+oHC0O0EV3Lh1boZTG7+FjcvMYLIKYUDTmxHpII6/OAHhprg7U9ui1i7GyQRv1lze -+QV3FGO4UwLntnv352iYy91b0ls2mwD+zTwIBAg== - -----END DH PARAMETERS----- -diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh -index fda4ffe..474eb61 100755 ---- a/sample/sample-keys/gen-sample-keys.sh -+++ b/sample/sample-keys/gen-sample-keys.sh -@@ -15,7 +15,8 @@ then - fi - - # Generate static key for tls-auth (or static key mode) --$(dirname ${0})/../../src/openvpn/openvpn --genkey tls-auth ta.key -+top_builddir="${top_builddir:-$(dirname ${0})/../..}" -+${top_builddir}/src/openvpn/openvpn --genkey tls-auth ta.key - - # Create required directories and files - mkdir -p sample-ca -diff --git a/sample/sample-keys/server-ec.crt b/sample/sample-keys/server-ec.crt -index 7c7645a..a1f9387 100644 ---- a/sample/sample-keys/server-ec.crt -+++ b/sample/sample-keys/server-ec.crt -@@ -1,22 +1,22 @@ - Certificate: - Data: - Version: 3 (0x2) -- Serial Number: 3 (0x3) -- Signature Algorithm: sha256WithRSAEncryption -+ Serial Number: 6 (0x6) -+ Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity -- Not Before: Oct 22 21:59:53 2014 GMT -- Not After : Oct 19 21:59:53 2024 GMT -+ Not Before: Nov 7 12:23:40 2023 GMT -+ Not After : Nov 4 12:23:40 2033 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server-EC/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: -- 04:21:09:ac:27:e6:00:3a:57:f4:f6:c7:78:a9:b1: -- f4:d7:d7:45:59:39:e4:a3:d3:2c:94:f9:61:4a:e6: -- b9:e9:87:57:c8:0f:88:03:a0:56:ee:34:e7:e4:4e: -- 20:63:6c:c1:6e:c1:04:ac:b9:2f:a9:76:69:d3:7d: -- 49:ff:f1:34:cb -+ 04:d6:37:3e:63:63:00:c8:48:ad:12:01:53:e8:72: -+ 4b:b5:50:66:fc:8f:9a:a5:ea:93:cf:94:7e:9d:75: -+ e7:9b:c5:7e:08:6f:7e:e5:b4:b6:e7:c4:f1:41:a8: -+ 49:0d:f1:e8:7c:11:40:ae:a0:f3:e0:e4:f4:8d:d4: -+ 15:47:38:55:fd - ASN1 OID: secp256k1 - X509v3 extensions: - X509v3 Basic Constraints: -@@ -26,71 +26,71 @@ Certificate: - Netscape Comment: - OpenSSL Generated Server Certificate - X509v3 Subject Key Identifier: -- 33:1A:42:61:9E:88:08:3F:6F:1F:98:88:3A:DD:2D:C7:07:3D:F6:9B -+ F8:8F:75:E8:88:59:99:F2:4B:B1:0E:FC:51:52:6E:DD:2E:C9:13:90 - X509v3 Authority Key Identifier: -- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B -+ keyid:73:B1:B8:D6:8A:95:6B:12:E0:74:7C:C5:57:55:98:94:5B:AC:78:5E - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -- serial:A1:4E:DE:FA:90:F2:AE:81 -- -+ serial:6F:50:B8:D3:46:6E:72:34:59:BC:00:33:DD:7C:AE:12:EB:27:46:06 - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Key Usage: - Digital Signature, Key Encipherment - Signature Algorithm: sha256WithRSAEncryption -- 9d:89:f6:7e:0b:43:05:22:63:e5:b3:45:a8:d9:ef:33:3c:b7: -- 19:37:28:87:27:43:43:86:a3:3f:b9:23:27:0f:96:4f:de:01: -- 80:38:6b:d9:c8:94:77:1f:06:08:34:65:77:ad:57:0c:23:99: -- f1:51:12:5f:32:d8:9c:7c:93:f1:f6:72:2a:05:61:ff:62:aa: -- 33:aa:ef:a3:4d:d6:93:56:40:ff:38:2e:73:1c:69:fb:71:a1: -- fa:64:19:6a:04:1c:8b:20:a8:ee:a5:18:63:f8:84:f4:ca:84: -- 8e:b6:05:48:c6:f3:f7:81:90:4d:9e:00:cd:4a:92:83:d4:93: -- 67:05:dc:16:8b:78:fa:b1:82:48:c6:86:74:44:b1:06:7e:8a: -- c8:64:0b:82:3a:e2:f5:56:60:ea:50:70:03:da:9f:fc:28:20: -- 6b:7d:04:e0:eb:8d:e2:f1:be:82:2f:ba:51:50:2b:6c:d2:fc: -- 11:cd:69:85:3b:9e:14:19:dd:bc:14:cf:61:b0:7a:07:cb:e8: -- e0:fc:c3:1f:a4:cb:cf:c1:e9:62:0f:d2:53:f8:ce:06:f4:f8: -- 2f:55:13:aa:67:44:b6:b8:e8:3e:82:af:66:f5:f0:7c:fe:41: -- e6:9d:c0:9f:78:fd:00:85:02:40:63:37:fa:00:e6:3c:a6:9f: -- 35:4f:1d:a6:f1:cb:8b:04:e0:67:98:56:d1:87:58:b6:39:f6: -- d3:fe:a8:40:50:80:7f:e6:4a:36:d0:c0:a5:61:64:1d:3a:87: -- ad:78:72:c9:3f:98:44:35:f9:cf:32:b2:18:4c:b0:72:fa:5e: -- 6c:62:1e:d4:31:0c:c8:9b:74:f0:00:9e:70:c3:1e:c7:a4:9d: -- 03:a4:ac:1a:09:1f:86:23:65:51:34:50:86:68:1e:68:4d:9a: -- 4b:78:10:1c:bd:51:09:bb:fe:16:a3:c7:19:b4:05:44:a1:e6: -- c6:23:76:d5:b8:3a:eb:a5:17:1d:2b:2e:fe:85:7c:88:4f:f1: -- e8:34:32:e0:c5:96:87:c3:e8:c9:5f:89:24:10:0e:1e:07:0b: -- 2c:f8:d0:49:1b:63:5e:63:44:e9:2a:43:e2:9c:d6:f2:43:99: -- 47:f8:9b:49:1a:a7:d1:e0:53:67:1d:cb:14:b6:b0:2c:4d:b3: -- f2:c5:62:c2:a6:09:7a:c0:6c:59:3e:73:83:0c:6c:de:30:77: -- 4d:1b:ed:b0:7f:77:87:8d:55:1d:d3:ed:f7:66:bd:06:2a:f8: -- fd:00:e7:c0:31:e2:ff:53:9e:25:97:c6:64:84:9d:8d:61:8e: -- c9:1f:6c:55:a1:7c:59:aa:eb:e8:2a:b2:2d:c7:09:cd:b5:3d: -- d8:74:4f:6e:9c:3b:d5:6d -+ Signature Value: -+ 72:9d:c1:ea:43:a5:fb:9f:5b:e0:35:98:c3:77:c2:84:9e:e9: -+ 2c:9d:ab:6b:eb:dc:de:b2:9c:fa:38:2a:95:95:ca:35:1b:e7: -+ b4:c2:ab:72:ea:f3:8e:6e:c4:3c:98:cd:88:3d:a4:7a:92:0c: -+ 83:25:e2:e0:46:c9:e8:ed:4f:35:21:0c:cd:f0:16:87:0c:cc: -+ a3:97:cf:5b:ef:1d:ce:59:78:2c:36:83:c3:59:60:79:f8:4f: -+ 19:7b:19:d8:c3:03:d6:bc:33:be:c2:72:d7:0f:f8:82:de:a3: -+ e6:03:87:5e:0d:e7:9d:87:38:15:77:65:97:2d:4e:7e:d0:47: -+ 99:44:f4:3a:6d:b0:f1:6d:93:2e:b4:8a:d2:38:a9:1e:00:ea: -+ 68:27:2d:d8:4a:99:f0:5f:a6:f5:7d:f0:57:60:5a:f7:5d:92: -+ a4:ab:30:86:a8:5d:ac:6a:dc:4a:73:6b:5e:77:a9:b9:39:cb: -+ 60:3c:b9:ff:d7:b3:81:5d:8e:6a:ef:c6:17:ea:0a:65:a3:9d: -+ 1b:ff:1c:73:5c:6a:bd:9c:bf:b8:81:bc:11:2f:8b:0d:0e:80: -+ 40:5c:e0:10:33:02:35:e7:8c:d8:73:38:03:b3:41:f3:45:95: -+ 57:35:5c:d5:6a:3f:c6:04:79:aa:4a:1c:6d:ab:a9:35:d6:fc: -+ 02:64:33:b4:d8:27:18:ff:8b:97:47:96:c9:ff:2f:93:50:26: -+ 7b:3c:84:03:6d:e1:56:44:49:12:45:50:16:de:23:b5:9e:07: -+ 22:2b:51:78:3c:c4:9d:64:20:7c:c3:eb:af:33:54:5f:f9:35: -+ bd:bc:91:39:cc:50:16:c2:8e:60:4e:46:9c:af:17:fb:a0:c8: -+ 6f:0a:e2:50:8b:a5:a9:f4:8f:f4:fa:d4:c9:a7:73:42:0c:00: -+ 6d:37:f6:3c:5d:36:8b:ef:a7:bc:d4:af:77:72:f8:c5:71:15: -+ 7d:de:74:0f:ec:4c:ce:d6:4d:70:b2:64:38:cb:96:41:c2:02: -+ 45:22:62:dd:9d:d2:1c:71:cd:4b:c5:92:34:8a:26:b9:b1:8f: -+ 50:85:0c:40:f1:61:68:dd:af:22:1b:d3:3a:78:fc:4f:9d:c0: -+ 05:ba:02:7c:15:5b:9c:4f:c8:b9:b9:14:24:fb:1c:2f:16:9f: -+ 24:e6:d0:f2:a5:6b:34:c5:69:84:0a:dc:ff:90:22:c6:45:d2: -+ 0b:bf:20:28:7c:52:ee:a1:00:78:e9:18:cc:11:44:06:bb:15: -+ 6d:8b:39:2c:37:69:ac:2d:86:4c:ef:8c:c7:00:0a:55:c3:5a: -+ 53:53:b8:46:56:3a:87:d1:93:33:20:9a:a6:75:5f:0d:23:f5: -+ 40:87:e8:cf:74:b1:2a:b4 - -----BEGIN CERTIFICATE----- --MIIEtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL --MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy --MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT --Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDlRlc3QtU2VydmVy -+MIIEwDCCAqigAwIBAgIBBjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -+MAkGA1UECAwCTkExEDAOBgNVBAcMB0JJU0hLRUsxFTATBgNVBAoMDE9wZW5WUE4t -+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTIzMTEw -+NzEyMjM0MFoXDTMzMTEwNDEyMjM0MFowbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgM -+Ak5BMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxFzAVBgNVBAMMDlRlc3QtU2VydmVy - LUVDMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wVjAQBgcqhkjO --PQIBBgUrgQQACgNCAAQhCawn5gA6V/T2x3ipsfTX10VZOeSj0yyU+WFK5rnph1fI --D4gDoFbuNOfkTiBjbMFuwQSsuS+pdmnTfUn/8TTLo4IBMzCCAS8wCQYDVR0TBAIw -+PQIBBgUrgQQACgNCAATWNz5jYwDISK0SAVPocku1UGb8j5ql6pPPlH6ddeebxX4I -+b37ltLbnxPFBqEkN8eh8EUCuoPPg5PSN1BVHOFX9o4IBPjCCATowCQYDVR0TBAIw - ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu --ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUMxpCYZ6ICD9vH5iI --Ot0txwc99pswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRo --MGYxCzAJBgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEV --MBMGA1UEChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3Qu --bXlkb21haW6CCQChTt76kPKugTATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E --BAMCBaAwDQYJKoZIhvcNAQELBQADggIBAJ2J9n4LQwUiY+WzRajZ7zM8txk3KIcn --Q0OGoz+5IycPlk/eAYA4a9nIlHcfBgg0ZXetVwwjmfFREl8y2Jx8k/H2cioFYf9i --qjOq76NN1pNWQP84LnMcaftxofpkGWoEHIsgqO6lGGP4hPTKhI62BUjG8/eBkE2e --AM1KkoPUk2cF3BaLePqxgkjGhnREsQZ+ishkC4I64vVWYOpQcAPan/woIGt9BODr --jeLxvoIvulFQK2zS/BHNaYU7nhQZ3bwUz2GwegfL6OD8wx+ky8/B6WIP0lP4zgb0 --+C9VE6pnRLa46D6Cr2b18Hz+QeadwJ94/QCFAkBjN/oA5jymnzVPHabxy4sE4GeY --VtGHWLY59tP+qEBQgH/mSjbQwKVhZB06h614csk/mEQ1+c8yshhMsHL6XmxiHtQx --DMibdPAAnnDDHseknQOkrBoJH4YjZVE0UIZoHmhNmkt4EBy9UQm7/hajxxm0BUSh --5sYjdtW4OuulFx0rLv6FfIhP8eg0MuDFlofD6MlfiSQQDh4HCyz40EkbY15jROkq --Q+Kc1vJDmUf4m0kap9HgU2cdyxS2sCxNs/LFYsKmCXrAbFk+c4MMbN4wd00b7bB/ --d4eNVR3T7fdmvQYq+P0A58Ax4v9TniWXxmSEnY1hjskfbFWhfFmq6+gqsi3HCc21 --Pdh0T26cO9Vt -+ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+I916IhZmfJLsQ78 -+UVJu3S7JE5AwgaMGA1UdIwSBmzCBmIAUc7G41oqVaxLgdHzFV1WYlFuseF6haqRo -+MGYxCzAJBgNVBAYTAktHMQswCQYDVQQIDAJOQTEQMA4GA1UEBwwHQklTSEtFSzEV -+MBMGA1UECgwMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3Qu -+bXlkb21haW6CFG9QuNNGbnI0WbwAM918rhLrJ0YGMBMGA1UdJQQMMAoGCCsGAQUF -+BwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAgEAcp3B6kOl+59b4DWY -+w3fChJ7pLJ2ra+vc3rKc+jgqlZXKNRvntMKrcurzjm7EPJjNiD2kepIMgyXi4EbJ -+6O1PNSEMzfAWhwzMo5fPW+8dzll4LDaDw1lgefhPGXsZ2MMD1rwzvsJy1w/4gt6j -+5gOHXg3nnYc4FXdlly1OftBHmUT0Om2w8W2TLrSK0jipHgDqaCct2EqZ8F+m9X3w -+V2Ba912SpKswhqhdrGrcSnNrXnepuTnLYDy5/9ezgV2Oau/GF+oKZaOdG/8cc1xq -+vZy/uIG8ES+LDQ6AQFzgEDMCNeeM2HM4A7NB80WVVzVc1Wo/xgR5qkocbaupNdb8 -+AmQztNgnGP+Ll0eWyf8vk1AmezyEA23hVkRJEkVQFt4jtZ4HIitReDzEnWQgfMPr -+rzNUX/k1vbyROcxQFsKOYE5GnK8X+6DIbwriUIulqfSP9PrUyadzQgwAbTf2PF02 -+i++nvNSvd3L4xXEVfd50D+xMztZNcLJkOMuWQcICRSJi3Z3SHHHNS8WSNIomubGP -+UIUMQPFhaN2vIhvTOnj8T53ABboCfBVbnE/IubkUJPscLxafJObQ8qVrNMVphArc -+/5AixkXSC78gKHxS7qEAeOkYzBFEBrsVbYs5LDdprC2GTO+MxwAKVcNaU1O4RlY6 -+h9GTMyCapnVfDSP1QIfoz3SxKrQ= - -----END CERTIFICATE----- -diff --git a/sample/sample-keys/server-ec.key b/sample/sample-keys/server-ec.key -index 8f2c914..27c8b60 100644 ---- a/sample/sample-keys/server-ec.key -+++ b/sample/sample-keys/server-ec.key -@@ -1,5 +1,5 @@ - -----BEGIN PRIVATE KEY----- --MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgLHGYqSlzoRaogmJfrC+E --ozTothB9bORaQ1C/3FmeQ6ehRANCAAQhCawn5gA6V/T2x3ipsfTX10VZOeSj0yyU --+WFK5rnph1fID4gDoFbuNOfkTiBjbMFuwQSsuS+pdmnTfUn/8TTL -+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQghKHFa1jQGnTwZbFNJoJv -+RABNN9RrBuBkrXPCwOdUnt6hRANCAATWNz5jYwDISK0SAVPocku1UGb8j5ql6pPP -+lH6ddeebxX4Ib37ltLbnxPFBqEkN8eh8EUCuoPPg5PSN1BVHOFX9 - -----END PRIVATE KEY----- -diff --git a/sample/sample-keys/server.crt b/sample/sample-keys/server.crt -index 76b4044..7f74cc7 100644 ---- a/sample/sample-keys/server.crt -+++ b/sample/sample-keys/server.crt -@@ -2,34 +2,34 @@ Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) -- Signature Algorithm: sha256WithRSAEncryption -+ Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity -- Not Before: Oct 22 21:59:52 2014 GMT -- Not After : Oct 19 21:59:52 2024 GMT -+ Not Before: Nov 7 12:23:39 2023 GMT -+ Not After : Nov 4 12:23:39 2033 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: -- 00:a5:b8:a2:ee:ce:b1:a6:0f:6a:b2:9f:d3:22:17: -- 79:de:09:98:71:78:fa:a7:ce:36:51:54:57:c7:31: -- 99:56:d1:8a:d6:c5:fd:52:e6:88:0e:7b:f9:ea:27: -- 7a:bf:3f:14:ec:aa:d2:ff:8b:56:58:ac:ca:51:77: -- c5:3c:b6:e4:83:6f:22:06:2d:5b:eb:e7:59:d4:ab: -- 42:c8:d5:a9:87:73:b3:73:36:51:2f:a5:d0:90:a2: -- 87:64:54:6c:12:d3:b8:76:47:69:af:ae:8f:00:b3: -- 70:b9:e7:67:3f:8c:6a:3d:79:5f:81:27:a3:0e:aa: -- a7:3d:81:48:10:b1:18:6c:38:2e:8f:7a:7b:c5:3d: -- 21:c8:f9:a0:7f:17:2b:88:4f:ba:f2:ec:6d:24:8e: -- 6c:f1:0a:5c:d9:5b:b1:b0:fc:49:cb:4a:d2:58:c6: -- 2a:25:b0:97:84:c3:9e:ff:34:8c:10:46:7f:0f:fb: -- 3c:59:7a:a6:29:0c:ae:8e:50:3a:f2:53:84:40:2d: -- d5:91:7b:0a:37:8e:82:77:ce:66:2f:34:77:5c:a5: -- 45:3b:00:19:a7:07:d1:92:e6:66:b9:3b:4e:e9:63: -- fc:33:98:1a:ae:7b:08:7d:0a:df:7a:ba:aa:59:6d: -- 86:82:0a:64:2b:da:59:a7:4c:4e:ef:3d:bd:04:a2: -- 4b:31 -+ 00:af:93:ce:9d:86:87:c4:8a:bb:38:6f:50:16:9b: -+ 29:70:da:5a:bd:b3:4c:5a:03:b8:e1:94:f5:3f:4b: -+ 3f:1b:05:ea:77:9e:34:59:01:99:de:81:e2:87:3a: -+ d4:05:18:40:26:7f:a3:e9:82:52:bc:32:84:32:b9: -+ 3c:61:1f:68:5a:89:01:17:21:ec:b9:33:5b:96:33: -+ 16:91:0f:36:af:c3:0f:68:10:44:ea:e6:f9:00:35: -+ 13:61:3d:e7:a0:b1:4b:91:31:b8:11:02:a0:98:cd: -+ fd:aa:e7:53:6c:31:05:87:36:56:c5:e4:8c:12:96: -+ d6:f0:c4:5a:a7:0d:96:5f:f6:7a:95:ad:58:e5:6d: -+ 86:54:75:ea:da:aa:fd:1d:0c:38:19:6a:a6:24:c6: -+ 25:60:73:c4:a9:86:51:af:f6:52:45:48:f1:96:16: -+ 8e:19:ff:3f:ce:7b:d1:96:f6:2c:75:12:16:90:27: -+ 78:27:09:0a:77:a0:d8:6e:64:b0:09:94:7c:95:81: -+ 76:a7:c3:be:7d:5a:0c:5a:e4:2d:d2:15:6d:00:bb: -+ 83:a6:ac:35:dc:1e:f7:f5:67:ac:2f:70:07:fd:94: -+ d9:b1:da:f4:8f:64:67:92:f1:f1:a8:72:27:dd:5c: -+ d4:f1:38:ab:76:b8:4e:38:26:d4:4c:d9:87:4c:42: -+ 63:d5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: -@@ -39,75 +39,75 @@ Certificate: - Netscape Comment: - OpenSSL Generated Server Certificate - X509v3 Subject Key Identifier: -- B3:9D:81:E6:16:92:64:C4:86:87:F5:29:10:1B:5E:2F:74:F7:ED:B1 -+ 18:B9:E7:B1:3E:D2:87:C4:78:2C:0D:D9:BB:7E:BE:68:B3:FC:6A:2B - X509v3 Authority Key Identifier: -- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B -+ keyid:73:B1:B8:D6:8A:95:6B:12:E0:74:7C:C5:57:55:98:94:5B:AC:78:5E - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -- serial:A1:4E:DE:FA:90:F2:AE:81 -- -+ serial:6F:50:B8:D3:46:6E:72:34:59:BC:00:33:DD:7C:AE:12:EB:27:46:06 - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Key Usage: - Digital Signature, Key Encipherment - Signature Algorithm: sha256WithRSAEncryption -- 4e:25:80:1b:cb:b0:42:ff:bb:3f:e8:0d:58:c1:80:db:cf:d0: -- 90:df:ca:c1:e6:41:e1:48:7f:a7:1e:c7:35:9f:9c:6d:7c:3e: -- 82:e8:de:7e:ae:82:16:00:33:0f:02:23:f1:9d:fe:2b:06:16: -- 05:55:16:89:dc:63:ac:5f:1a:31:13:79:21:a3:6e:60:28:e8: -- e7:6b:54:00:22:a1:b7:69:5a:17:31:ce:0f:c2:a6:dd:a3:6f: -- de:ea:19:6c:d2:d2:cb:35:9d:dd:87:51:33:68:cd:c3:9b:90: -- 55:f1:80:3d:5c:b8:09:b6:e1:3c:13:a4:5d:4a:ce:a5:11:9e: -- f9:08:ee:be:e3:54:1d:06:4c:bb:1b:72:13:ee:7d:a0:45:cc: -- fe:d1:3b:02:03:c1:d4:ea:45:2d:a8:c9:97:e7:f3:8a:7a:a0: -- 2f:dd:48:3a:75:c9:42:28:94:fc:af:44:52:16:68:98:d6:ad: -- a8:65:b1:cd:ac:60:41:70:e5:44:e8:5a:f2:e7:fc:3b:fe:45: -- 89:17:1d:6d:85:c6:f0:fc:69:87:d1:1d:07:f3:cb:7b:54:8d: -- aa:a3:cc:e3:c6:fc:d6:05:76:35:d0:26:63:8e:d1:a8:b7:ff: -- 61:42:8a:2c:63:1f:d4:ec:14:47:6b:1e:e3:81:61:12:3b:8c: -- 16:b5:cf:87:6a:2d:42:21:83:9c:0e:3a:90:3a:1e:c1:36:61: -- 41:f9:fb:4e:5d:ea:f4:df:23:92:33:2b:9b:14:9f:a0:f5:d3: -- c4:f8:1f:2f:9c:11:36:af:2a:22:61:95:32:0b:c4:1c:2d:b1: -- c1:0a:2a:97:c0:43:4a:6c:3e:db:00:cd:29:15:9e:7e:41:75: -- 36:a8:56:86:8c:82:9e:46:20:e5:06:1e:60:d2:03:5f:9f:9e: -- 69:bb:bf:c2:b4:43:e2:7d:85:17:83:18:41:b0:cb:a9:04:1b: -- 18:52:9f:89:8b:76:9f:94:59:81:4f:60:5b:33:18:fc:c7:52: -- d0:d2:69:fc:0b:a2:63:32:75:43:99:e9:d7:f8:6d:c7:55:31: -- 0c:f3:ef:1a:71:e1:0a:57:e1:9d:13:b2:1e:fe:1d:ef:e4:f1: -- 51:d9:95:b3:fd:28:28:93:91:4a:29:c5:37:0e:ab:d8:85:6a: -- fe:a8:83:1f:7b:80:5d:1f:04:79:b7:a9:08:6e:0d:d6:2e:aa: -- 7c:f6:63:7d:41:de:70:13:32:ce:dd:58:cc:a6:73:d4:72:7e: -- d7:ac:74:a8:35:ba:c3:1b:2a:64:d7:5a:37:97:56:94:34:2b: -- 2a:71:60:bc:69:ab:00:85:b9:4f:67:32:17:51:c3:da:57:3a: -- 37:89:66:c4:7a:51:da:5f -+ Signature Value: -+ 1d:e9:04:bc:77:22:d9:70:59:aa:d2:f4:4b:5b:8c:8c:6d:b8: -+ 7d:0d:aa:0f:db:75:11:23:72:3a:95:34:33:63:95:16:f1:04: -+ 61:95:8e:3f:36:4d:b7:28:a6:f2:ed:c8:89:8f:7f:05:65:83: -+ 13:5d:42:ea:2c:1d:a8:79:25:ec:7c:19:6f:51:f2:b0:d0:19: -+ 6a:db:14:ae:e4:69:91:d8:47:78:5a:d2:06:ce:fd:8f:d5:1d: -+ 78:ae:86:2e:5a:f4:ef:db:05:3d:fc:12:9f:fb:76:60:60:bc: -+ 2a:a0:89:50:ea:d8:1b:89:aa:5b:f5:3b:e7:af:3f:dc:ae:6e: -+ bd:5c:7e:63:52:2e:c9:6d:8f:e2:a0:fe:5d:ab:b1:dc:09:39: -+ 3b:14:a0:ee:8a:a1:7d:ce:00:a2:9f:8a:b9:f2:67:71:e1:40: -+ 9e:d7:c8:92:8f:a2:38:e5:8f:bc:5b:00:ab:92:2f:c5:21:83: -+ 05:c7:ff:7a:84:39:99:e7:00:cb:28:2e:51:b8:e8:3e:90:84: -+ f2:d3:6a:67:b3:74:fd:e6:3f:53:b5:4a:08:6f:ed:0f:c2:81: -+ 9a:eb:13:26:c1:15:1d:f3:21:51:39:56:76:55:8c:6d:79:6b: -+ 5e:19:46:f2:19:2c:47:4f:2d:53:39:45:b5:50:6e:c4:1a:b6: -+ 0e:9a:04:92:e9:7b:9d:d5:d7:2d:f3:30:5d:04:ce:24:93:75: -+ 5c:35:51:77:e7:74:dd:97:05:bd:06:8a:a2:b2:8e:6c:74:e5: -+ 9e:13:10:7e:37:b2:47:72:a0:be:b3:2f:ec:61:09:28:76:b8: -+ a1:85:28:ae:32:a7:b5:57:86:2c:d9:cd:26:f7:47:cc:92:48: -+ 7d:06:ce:30:db:bc:23:fe:88:9c:75:50:7c:c0:f1:96:53:54: -+ 34:b7:0c:a4:3a:66:12:ea:51:7f:ad:c7:4e:ed:98:8f:3d:c7: -+ ba:29:cd:4b:e9:e0:ce:54:a3:b0:51:d7:00:26:bb:b4:86:f6: -+ d0:76:51:9d:53:cb:52:94:e0:36:a6:9f:10:cb:79:92:4c:17: -+ cf:f2:9e:66:75:06:96:38:c1:f8:7c:22:1b:8e:53:01:bc:af: -+ 86:7f:e0:02:f1:14:e2:cb:4b:94:f5:a7:c4:e3:d5:39:83:18: -+ 2d:aa:ff:82:b4:da:0a:1b:5d:72:66:0d:c3:a6:7a:8a:2d:89: -+ db:e7:ea:2f:2a:ec:eb:4c:0a:2c:b1:41:1c:8d:7c:cb:78:6a: -+ a7:c5:e7:0b:7a:bf:44:de:24:02:72:da:88:77:40:5e:13:b0: -+ 55:28:b5:31:1a:f9:43:79:2c:a1:fa:7d:9a:c8:7a:fe:c2:27: -+ e4:47:02:40:b6:d2:3d:35 - -----BEGIN CERTIFICATE----- --MIIFgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL --MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy --MjIxNTk1MloXDTI0MTAxOTIxNTk1MlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT --Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy -+MIIFizCCA3OgAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -+MAkGA1UECAwCTkExEDAOBgNVBAcMB0JJU0hLRUsxFTATBgNVBAoMDE9wZW5WUE4t -+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTIzMTEw -+NzEyMjMzOVoXDTMzMTEwNDEyMjMzOVowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgM -+Ak5BMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxFDASBgNVBAMMC1Rlc3QtU2VydmVy - MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 --DQEBAQUAA4IBDwAwggEKAoIBAQCluKLuzrGmD2qyn9MiF3neCZhxePqnzjZRVFfH --MZlW0YrWxf1S5ogOe/nqJ3q/PxTsqtL/i1ZYrMpRd8U8tuSDbyIGLVvr51nUq0LI --1amHc7NzNlEvpdCQoodkVGwS07h2R2mvro8As3C552c/jGo9eV+BJ6MOqqc9gUgQ --sRhsOC6PenvFPSHI+aB/FyuIT7ry7G0kjmzxClzZW7Gw/EnLStJYxiolsJeEw57/ --NIwQRn8P+zxZeqYpDK6OUDryU4RALdWRewo3joJ3zmYvNHdcpUU7ABmnB9GS5ma5 --O07pY/wzmBquewh9Ct96uqpZbYaCCmQr2lmnTE7vPb0EoksxAgMBAAGjggEzMIIB --LzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk --T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBSz --nYHmFpJkxIaH9SkQG14vdPftsTCBmAYDVR0jBIGQMIGNgBQrQOXJffX0ljjpL+Mv --2UBkyY4Fm6FqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRAwDgYDVQQH --EwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEW --Em1lQG15aG9zdC5teWRvbWFpboIJAKFO3vqQ8q6BMBMGA1UdJQQMMAoGCCsGAQUF --BwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAgEATiWAG8uwQv+7P+gN --WMGA28/QkN/KweZB4Uh/px7HNZ+cbXw+gujefq6CFgAzDwIj8Z3+KwYWBVUWidxj --rF8aMRN5IaNuYCjo52tUACKht2laFzHOD8Km3aNv3uoZbNLSyzWd3YdRM2jNw5uQ --VfGAPVy4CbbhPBOkXUrOpRGe+QjuvuNUHQZMuxtyE+59oEXM/tE7AgPB1OpFLajJ --l+fzinqgL91IOnXJQiiU/K9EUhZomNatqGWxzaxgQXDlROha8uf8O/5FiRcdbYXG --8Pxph9EdB/PLe1SNqqPM48b81gV2NdAmY47RqLf/YUKKLGMf1OwUR2se44FhEjuM --FrXPh2otQiGDnA46kDoewTZhQfn7Tl3q9N8jkjMrmxSfoPXTxPgfL5wRNq8qImGV --MgvEHC2xwQoql8BDSmw+2wDNKRWefkF1NqhWhoyCnkYg5QYeYNIDX5+eabu/wrRD --4n2FF4MYQbDLqQQbGFKfiYt2n5RZgU9gWzMY/MdS0NJp/AuiYzJ1Q5np1/htx1Ux --DPPvGnHhClfhnROyHv4d7+TxUdmVs/0oKJORSinFNw6r2IVq/qiDH3uAXR8Eebep --CG4N1i6qfPZjfUHecBMyzt1YzKZz1HJ+16x0qDW6wxsqZNdaN5dWlDQrKnFgvGmr --AIW5T2cyF1HD2lc6N4lmxHpR2l8= -+DQEBAQUAA4IBDwAwggEKAoIBAQCvk86dhofEirs4b1AWmylw2lq9s0xaA7jhlPU/ -+Sz8bBep3njRZAZnegeKHOtQFGEAmf6PpglK8MoQyuTxhH2haiQEXIey5M1uWMxaR -+Dzavww9oEETq5vkANRNhPeegsUuRMbgRAqCYzf2q51NsMQWHNlbF5IwSltbwxFqn -+DZZf9nqVrVjlbYZUderaqv0dDDgZaqYkxiVgc8SphlGv9lJFSPGWFo4Z/z/Oe9GW -+9ix1EhaQJ3gnCQp3oNhuZLAJlHyVgXanw759Wgxa5C3SFW0Au4OmrDXcHvf1Z6wv -+cAf9lNmx2vSPZGeS8fGocifdXNTxOKt2uE44JtRM2YdMQmPVAgMBAAGjggE+MIIB -+OjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk -+T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBQY -+ueexPtKHxHgsDdm7fr5os/xqKzCBowYDVR0jBIGbMIGYgBRzsbjWipVrEuB0fMVX -+VZiUW6x4XqFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgMAk5BMRAwDgYDVQQH -+DAdCSVNIS0VLMRUwEwYDVQQKDAxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEW -+Em1lQG15aG9zdC5teWRvbWFpboIUb1C400ZucjRZvAAz3XyuEusnRgYwEwYDVR0l -+BAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQAd -+6QS8dyLZcFmq0vRLW4yMbbh9DaoP23URI3I6lTQzY5UW8QRhlY4/Nk23KKby7ciJ -+j38FZYMTXULqLB2oeSXsfBlvUfKw0Blq2xSu5GmR2Ed4WtIGzv2P1R14roYuWvTv -+2wU9/BKf+3ZgYLwqoIlQ6tgbiapb9Tvnrz/crm69XH5jUi7JbY/ioP5dq7HcCTk7 -+FKDuiqF9zgCin4q58mdx4UCe18iSj6I45Y+8WwCrki/FIYMFx/96hDmZ5wDLKC5R -+uOg+kITy02pns3T95j9TtUoIb+0PwoGa6xMmwRUd8yFROVZ2VYxteWteGUbyGSxH -+Ty1TOUW1UG7EGrYOmgSS6Xud1dct8zBdBM4kk3VcNVF353TdlwW9Boqiso5sdOWe -+ExB+N7JHcqC+sy/sYQkodrihhSiuMqe1V4Ys2c0m90fMkkh9Bs4w27wj/oicdVB8 -+wPGWU1Q0twykOmYS6lF/rcdO7ZiPPce6Kc1L6eDOVKOwUdcAJru0hvbQdlGdU8tS -+lOA2pp8Qy3mSTBfP8p5mdQaWOMH4fCIbjlMBvK+Gf+AC8RTiy0uU9afE49U5gxgt -+qv+CtNoKG11yZg3DpnqKLYnb5+ovKuzrTAossUEcjXzLeGqnxecLer9E3iQCctqI -+d0BeE7BVKLUxGvlDeSyh+n2ayHr+wifkRwJAttI9NQ== - -----END CERTIFICATE----- -diff --git a/sample/sample-keys/server.key b/sample/sample-keys/server.key -index 011df12..d4b770a 100644 ---- a/sample/sample-keys/server.key -+++ b/sample/sample-keys/server.key -@@ -1,28 +1,28 @@ - -----BEGIN PRIVATE KEY----- --MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCluKLuzrGmD2qy --n9MiF3neCZhxePqnzjZRVFfHMZlW0YrWxf1S5ogOe/nqJ3q/PxTsqtL/i1ZYrMpR --d8U8tuSDbyIGLVvr51nUq0LI1amHc7NzNlEvpdCQoodkVGwS07h2R2mvro8As3C5 --52c/jGo9eV+BJ6MOqqc9gUgQsRhsOC6PenvFPSHI+aB/FyuIT7ry7G0kjmzxClzZ --W7Gw/EnLStJYxiolsJeEw57/NIwQRn8P+zxZeqYpDK6OUDryU4RALdWRewo3joJ3 --zmYvNHdcpUU7ABmnB9GS5ma5O07pY/wzmBquewh9Ct96uqpZbYaCCmQr2lmnTE7v --Pb0EoksxAgMBAAECggEAPMOMin+jR75TYxeTNObiunVOPh0b2zeTVxLT9KfND7ZZ --cBK8pg79SEJRCnhbW5BnvbeNEkIm8PC6ZlDCM1bkRwUStq0fDUqQ95esLzOYq5/S --5qW98viblszhU/pYfja/Zi8dI1uf96PT63Zbt0NnGQ9N42+DLDeKhtTGdchZqiQA --LeSR0bQanY4tUUtCNYvBT8E3pzhoIsUzVwzIK53oovRpcOX3pMXVYZsmNhXdFFRy --YkjMXpj7fGyaAJK0QsC+PsgrKuhXDzDttsG2lI/mq9+7RXB3d/pzhmBVWynVH2lw --iQ7ONkSz7akDz/4I4WmxJep+FfQJYgK6rnLAlQqauQKBgQDammSAprnvDvNhSEp8 --W+xt7jQnFqaENbGgP0/D/OZMXc4khgexqlKFmSnBCRDmQ6JvLTWqDXC4+aqAbFQz --zAIjiKaT+so8xvFRob+rBMJY5JLYKNa+zUUanfORUNYLFJPvFqnrWGaJ9uufdaM7 --0a5bu95PN74NXee3DBbpBv8HLwKBgQDCEk+IjNbjMT+Neq0ywUeM5rFrUKi92abe --AgsVpjbighRV+6jA2lZFJcize+xYJ9wiOR1/TEI9PZ2OtBkqpwVdvTEHTagRLcvd --NfGcptREDnNLoNWA22buQpztiEduutACWQsrd+JQmqbUicUdW4zw86/oCMbYCW3V --QmYOLns7nwKBgHHUX20WZE91S4pmqFKlUzHTDdkk1ESX6Qx2q0R01j8BwawHFs6O --0DW9EZ7w55nfsh+OPRl1sjK/3ubMgfQO0TZLm+IGf3Sya0qEnVeiPMkpDMX+TgRA --wzEe+ou6uho+9uFSvdxMxeglaYA5M2ycvNwLsbEyZ4ZyVYxdgTiKahYFAoGAcIfP --iD0qKQiYcj/tB94cz+3AeJqHjbYT1O1YYhBECOkmQ4kuG80+cs/q5W/45lEOiuWV --Xgfo7Lu6jVGOujWoneci87oqtvNYH4e09oGh2WiLoBG9Wv9dWtBTUERSLzmxfXsG --SAk2uEhEbj8IhfJc8iZLHH9iVUh6YEslBBodqL8CgYEAlAhvcqAvw5SzsfBR5Mcu --4Nql6mXEVhHCvS4hdFCGaNF0z9A6eBORKJpdLWnqhpquDQDsghWE+Ga4QKSNFIi1 --fnAaykmZuY3ToqNOIaVlYM6HpMEz0wHQbTWfDLGcTFcElLZgMAk7VlDyiYVOco+E --QX9lXOO1PGpLzXhlDxSe63Y= -+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCvk86dhofEirs4 -+b1AWmylw2lq9s0xaA7jhlPU/Sz8bBep3njRZAZnegeKHOtQFGEAmf6PpglK8MoQy -+uTxhH2haiQEXIey5M1uWMxaRDzavww9oEETq5vkANRNhPeegsUuRMbgRAqCYzf2q -+51NsMQWHNlbF5IwSltbwxFqnDZZf9nqVrVjlbYZUderaqv0dDDgZaqYkxiVgc8Sp -+hlGv9lJFSPGWFo4Z/z/Oe9GW9ix1EhaQJ3gnCQp3oNhuZLAJlHyVgXanw759Wgxa -+5C3SFW0Au4OmrDXcHvf1Z6wvcAf9lNmx2vSPZGeS8fGocifdXNTxOKt2uE44JtRM -+2YdMQmPVAgMBAAECggEAGe0W0rv4IFWRVRawGiZ0oBgeKL+TxAGjXewZABekYeEl -+wN647CEIZOAuYGRCGoknhTJ5NGnsvaLX/TAiclT+RnV5673ersTz/oyHWzQxPGhD -+8MyLi1mVOyqbNKi8zfBgMDh0mE5trc1SaoIYwh5wVTROQTqA/zMML3v5xuEta03u -+BMsNWMzm/fFXRvO6ydxdpFZkQJUeNvsGizrAhtFqsm8Cba9f/yEduyAdj2DpkG8A -+H8KmBQcAFstWX1hcC92V8qlf8RwA1o5TN82Nu2dwa+xkCTsOFK8uVE8lBkjB3C0O -+H4fGlwJ4BLUZPxIYaefn38LIQr8hZ9ITstmM2+EFoQKBgQDGD1CTdbAfGv9vBSle -+cinxflcgXOpr6XdGWZZz5VPvdE91fMgnwHOnGVZI0pI5xxO3FvrujjZ2yzTu+yme -+MG5YWjMraqdWZ0speJK7/nxIPNK+frCvVzY2sA/STgUEni2XnNkiC7w0VXWnT/xP -+rmCuJeJ211eF2bd4rrldeg9ApwKBgQDi8MiBDJFRxlP9xCTPVdTixN88Fy7JBFJE -+uZNtKeLkg2ce7bvNc9QOePXCM9Fn0NOuBTLf4SMkfFybyDKn7BTznwA0Yz2muyaK -+rzmGeGP+gzw5MQk6nzk8NIzdMYr3G9ockrMTYBNPVoiwhbshlVWNg3Qvic7cXDoB -+Q1bXfrurIwKBgQDFUDiLz3E4a+MRrWi7SKz0g1M1UJvSCfLjyRiUOWFXat5GQ5v7 -+zkTpsdo+DlnS6buAaYpv4onr6yG++8VIbSNhLetQU56F+73rgM1eMHeMV9v0H67R -+3+aIsPnyH/vrz9HH+2BuBJbo5EKj/pF0qFp05BUrI/lzxaR8vES7FYDgfQKBgQDF -++zWQj7w/UPx5SKKsVr7wTrxJmhfwulpjJlqdQ4tzu8c8zj2m0UPQlGoiUD6BiUcC -+a/qkIa8c53mLVi4LHQRyPOZazbE9Qcwv9QoEbAcgRLFHW6YnhDzUbyvs1IndZmjz -+wG+Fma1+64k4JpLIi5UlbebwihLzX2ojK/IY8bEbbQKBgQC81tY7mRPAYnl5QmIQ -+YLqvQyHf/a2bVY+3XNyLF6tWngCOyt8z4Dy3pTRVI2KMVXL9+zPWuJdabwwVlWJs -+9CzR9SqYkaPP3mlbZXWt5X10OiyNU+kcCvTRNZ10OUr8XJ0tHRIuJxgBGoXdWxSF -+6uIa5Vvw9DOMFGnbugLbWuMYjQ== - -----END PRIVATE KEY----- -diff --git a/sample/sample-keys/ta.key b/sample/sample-keys/ta.key -index 1669036..770e60d 100644 ---- a/sample/sample-keys/ta.key -+++ b/sample/sample-keys/ta.key -@@ -2,20 +2,20 @@ - # 2048 bit OpenVPN static key - # - -----BEGIN OpenVPN Static key V1----- --a863b1cbdb911ff4ef3360ce135157e7 --241a465f5045f51cf9a92ebc24da34fd --5fc48456778c977e374d55a8a7298aef --40d0ab0c60b5e09838510526b73473a0 --8da46a8c352572dd86d4a871700a915b --6aaa58a9dac560db2dfdd7ef15a202e1 --fca6913d7ee79c678c5798fbf7bd920c --caa7a64720908da7254598b052d07f55 --5e31dc5721932cffbdd8965d04107415 --46c86823da18b66aab347e4522cc05ff --634968889209c96b1024909cd4ce574c --f829aa9c17d5df4a66043182ee23635d --8cabf5a7ba02345ad94a3aa25a63d55c --e13f4ad235a0825e3fe17f9419baff1c --e73ad1dd652f1e48c7102fe8ee181e54 --10a160ae255f63fd01db1f29e6efcb8e -+21d94830510107f8753d3b6f3145e01d -+ed37075115afcb0538ecdd8503ee9663 -+7218c9ed38d908d594231d7d143c73da -+5055310f89d336da99c8b3dcb18909c7 -+9dd44f540670ebc0f120beb7211e9683 -+9cb542572c48bfa7ffaa9a22cb8304b7 -+869b92f4442918e598745bb78ac8877f -+02b00a7cdef3f2446c130d39a7c45126 -+9ef399fd6029cdfc80a7c604041312ab -+0a969bc906bdee6e6d707afdcbe8c7fb -+97beb66049c3d328340775025433ceba -+1e38008a826cf92443d903106199373b -+dadd9c2c735cf481e580db4e81b99f12 -+e3f46b6159c687cd1b9e689f7712573c -+0f02735a45573dfb5cd55cf464942389 -+2c7e91f439bdd7337a8ceebd302cfbfa - -----END OpenVPN Static key V1----- diff -Nru openvpn-2.6.3/debian/patches/series openvpn-2.6.14/debian/patches/series --- openvpn-2.6.3/debian/patches/series 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/series 2026-05-05 20:20:39.000000000 +0000 @@ -1,15 +1,7 @@ move_log_dir.patch auth-pam_libpam_so_filename.patch openvpn-pkcs11warn.patch -systemd.patch -fix-dangling-pointer-in-pkcs11.patch -fix-memleak-in-dco_get_peer_stats_multi.patch -CVE-2023-46849.patch -CVE-2023-46850.patch -CVE-2024-28882.patch -CVE-2024-5594.patch -sample-keys-renew-10-years.patch -CVE-2025-2704.patch -CVE-2024-5594-regression-fix.patch check-message-id.patch CVE-2025-13086.patch +CVE-2026-35058.patch +CVE-2026-40215.patch diff -Nru openvpn-2.6.3/debian/patches/systemd.patch openvpn-2.6.14/debian/patches/systemd.patch --- openvpn-2.6.3/debian/patches/systemd.patch 2025-11-26 21:54:51.000000000 +0000 +++ openvpn-2.6.14/debian/patches/systemd.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -Description: remove syslog.target -Author: Jörg Frings-Fürst -Last-Update: 2018-07-29 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/distro/systemd/openvpn-client@.service.in -=================================================================== ---- trunk.orig/distro/systemd/openvpn-client@.service.in -+++ trunk/distro/systemd/openvpn-client@.service.in -@@ -1,6 +1,6 @@ - [Unit] - Description=OpenVPN tunnel for %I --After=syslog.target network-online.target -+After=network-online.target - Wants=network-online.target - Documentation=man:openvpn(8) - Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage -Index: trunk/distro/systemd/openvpn-server@.service.in -=================================================================== ---- trunk.orig/distro/systemd/openvpn-server@.service.in -+++ trunk/distro/systemd/openvpn-server@.service.in -@@ -1,6 +1,6 @@ - [Unit] - Description=OpenVPN service for %I --After=syslog.target network-online.target -+After=network-online.target - Wants=network-online.target - Documentation=man:openvpn(8) - Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage diff -Nru openvpn-2.6.3/debian/po/ro.po openvpn-2.6.14/debian/po/ro.po --- openvpn-2.6.3/debian/po/ro.po 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/debian/po/ro.po 2026-05-05 20:20:39.000000000 +0000 @@ -0,0 +1,49 @@ +# Mesajele în limba română pentru pachetul openvpn. +# Romanian translation of openvpn. +# Copyright © 2023 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openvpn package. +# +# Remus-Gabriel Chelu , 2023. +# +# Cronologia traducerii fiÈ™ierului „openvpnâ€: +# Traducerea iniÈ›ială, făcută de R-GC, pentru versiunea openvpn 2.6.0-1(2011-05-10). +# Actualizare a traducerii pentru versiunea Y, făcută de X, Y(anul). +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.6.0-1\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2023-03-11 11:46+0100\n" +"Last-Translator: Remus-Gabriel Chelu \n" +"Language-Team: Romanian \n" +"Language: ro\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n==0 || (n!=1 && n%100>=1 && " +"n%100<=19) ? 1 : 2);\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 3.2.2\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "DoriÈ›i să fie creat dispozitivul TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Dacă alegeÈ›i această opÈ›iune, va fi creat dispozitivul „/dev/net/tun†necesar " +"pentru OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Nu ar trebui să alegeÈ›i această opÈ›iune dacă utilizaÈ›i «devfs»." diff -Nru openvpn-2.6.3/distro/Makefile.am openvpn-2.6.14/distro/Makefile.am --- openvpn-2.6.3/distro/Makefile.am 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/distro/Makefile.am 2025-04-02 06:53:10.000000000 +0000 @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2023 OpenVPN Inc +# Copyright (C) 2002-2024 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # diff -Nru openvpn-2.6.3/distro/Makefile.in openvpn-2.6.14/distro/Makefile.in --- openvpn-2.6.3/distro/Makefile.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/distro/Makefile.in 2025-04-02 06:53:10.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2023 OpenVPN Inc +# Copyright (C) 2002-2024 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # VPATH = @srcdir@ @@ -80,6 +80,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -227,6 +229,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GIT = @GIT@ GREP = @GREP@ IFCONFIG = @IFCONFIG@ @@ -337,8 +340,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -614,13 +619,13 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) + -$(am__rm_f) $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am @@ -708,3 +713,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru openvpn-2.6.3/distro/systemd/Makefile.am openvpn-2.6.14/distro/systemd/Makefile.am --- openvpn-2.6.3/distro/systemd/Makefile.am 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/distro/systemd/Makefile.am 2025-04-02 06:53:10.000000000 +0000 @@ -5,11 +5,14 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2017-2023 OpenVPN Inc +# Copyright (C) 2017-2024 OpenVPN Inc # %.service: %.service.in Makefile - $(AM_V_GEN)sed -e 's|\@sbindir\@|$(sbindir)|' \ + $(AM_V_GEN)sed \ + -e 's|\@OPENVPN_VERSION_MAJOR\@|$(OPENVPN_VERSION_MAJOR)|g' \ + -e 's|\@OPENVPN_VERSION_MINOR\@|$(OPENVPN_VERSION_MINOR)|g' \ + -e 's|\@sbindir\@|$(sbindir)|g' \ $< > $@.tmp && mv $@.tmp $@ EXTRA_DIST = \ diff -Nru openvpn-2.6.3/distro/systemd/Makefile.in openvpn-2.6.14/distro/systemd/Makefile.in --- openvpn-2.6.3/distro/systemd/Makefile.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/distro/systemd/Makefile.in 2025-04-02 06:53:10.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2017-2023 OpenVPN Inc +# Copyright (C) 2017-2024 OpenVPN Inc # VPATH = @srcdir@ @@ -80,6 +80,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -157,10 +159,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(docdir)" "$(DESTDIR)$(systemdunitdir)" \ "$(DESTDIR)$(tmpfilesdir)" @@ -201,6 +202,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GIT = @GIT@ GREP = @GREP@ IFCONFIG = @IFCONFIG@ @@ -311,8 +313,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -548,16 +552,16 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + -$(am__rm_f) $(CLEANFILES) distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) + -$(am__rm_f) $(MAINTAINERCLEANFILES) @ENABLE_SYSTEMD_FALSE@install-data-hook: clean: clean-am @@ -649,7 +653,10 @@ %.service: %.service.in Makefile - $(AM_V_GEN)sed -e 's|\@sbindir\@|$(sbindir)|' \ + $(AM_V_GEN)sed \ + -e 's|\@OPENVPN_VERSION_MAJOR\@|$(OPENVPN_VERSION_MAJOR)|g' \ + -e 's|\@OPENVPN_VERSION_MINOR\@|$(OPENVPN_VERSION_MINOR)|g' \ + -e 's|\@sbindir\@|$(sbindir)|g' \ $< > $@.tmp && mv $@.tmp $@ @ENABLE_SYSTEMD_TRUE@install-data-hook: @@ -658,3 +665,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru openvpn-2.6.3/distro/systemd/openvpn-client@.service.in openvpn-2.6.14/distro/systemd/openvpn-client@.service.in --- openvpn-2.6.3/distro/systemd/openvpn-client@.service.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/distro/systemd/openvpn-client@.service.in 2025-04-02 06:53:10.000000000 +0000 @@ -1,9 +1,9 @@ [Unit] Description=OpenVPN tunnel for %I -After=syslog.target network-online.target +After=network-online.target Wants=network-online.target Documentation=man:openvpn(8) -Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage +Documentation=https://openvpn.net/community-resources/reference-manual-for-openvpn-@OPENVPN_VERSION_MAJOR@-@OPENVPN_VERSION_MINOR@/ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] diff -Nru openvpn-2.6.3/distro/systemd/openvpn-server@.service.in openvpn-2.6.14/distro/systemd/openvpn-server@.service.in --- openvpn-2.6.3/distro/systemd/openvpn-server@.service.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/distro/systemd/openvpn-server@.service.in 2025-04-02 06:53:10.000000000 +0000 @@ -1,9 +1,9 @@ [Unit] Description=OpenVPN service for %I -After=syslog.target network-online.target +After=network-online.target Wants=network-online.target Documentation=man:openvpn(8) -Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage +Documentation=https://openvpn.net/community-resources/reference-manual-for-openvpn-@OPENVPN_VERSION_MAJOR@-@OPENVPN_VERSION_MINOR@/ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] diff -Nru openvpn-2.6.3/doc/CMakeLists.txt openvpn-2.6.14/doc/CMakeLists.txt --- openvpn-2.6.3/doc/CMakeLists.txt 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/CMakeLists.txt 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,113 @@ +set(_GENERATE_HTML_DOC YES) +set(_GENERATE_MAN_DOC YES) +set(_MAYBE_PYTHON "") +find_program(RST2HTML NAMES rst2html rst2html.py) +find_program(RST2MAN NAMES rst2man rst2man.py) + +if (RST2HTML STREQUAL "RST2HTML-NOTFOUND") + message(STATUS "rst2html not found, not generating HTML documentation") + set(_GENERATE_HTML_DOC NO) +else () + # We only run this for RST2HTML and assume the result would be the same + # for RST2MAN + if (DEFINED CACHE{DOCUTILS_NEED_PYTHON}) + if ($CACHE{DOCUTILS_NEED_PYTHON}) + set(_MAYBE_PYTHON ${PYTHON}) + endif () + else () + execute_process( + COMMAND ${RST2HTML} --version + OUTPUT_VARIABLE RST2HTML_VERSION_EXE + ) + execute_process( + COMMAND ${PYTHON} ${RST2HTML} --version + OUTPUT_VARIABLE RST2HTML_VERSION_PY + ) + set(_DOCUTILS_NEED_PYTHON OFF) + if(RST2HTML_VERSION_EXE STREQUAL "") + if(RST2HTML_VERSION_PY STREQUAL "") + message(STATUS "${RST2HTML} found but not working, not generating documentation") + set(_GENERATE_HTML_DOC NO) + set(_GENERATE_MAN_DOC NO) + else () + message(STATUS "${RST2HTML} needs to be executed by ${PYTHON} to work") + set(_MAYBE_PYTHON ${PYTHON}) + set(_DOCUTILS_NEED_PYTHON ON) + endif () + endif () + set(DOCUTILS_NEED_PYTHON ${_DOCUTILS_NEED_PYTHON} CACHE BOOL + "Whether we need to call python instead of rst2*.py directly") + endif (DEFINED CACHE{DOCUTILS_NEED_PYTHON}) +endif () +if (RST2MAN STREQUAL "RST2MAN-NOTFOUND") + message(STATUS "rst2man not found, not generating man pages") + set(_GENERATE_MAN_DOC NO) +endif () + +set(OPENVPN_SECTIONS + man-sections/advanced-options.rst + man-sections/cipher-negotiation.rst + man-sections/client-options.rst + man-sections/connection-profiles.rst + man-sections/encryption-options.rst + man-sections/generic-options.rst + man-sections/inline-files.rst + man-sections/link-options.rst + man-sections/log-options.rst + man-sections/management-options.rst + man-sections/network-config.rst + man-sections/pkcs11-options.rst + man-sections/plugin-options.rst + man-sections/protocol-options.rst + man-sections/proxy-options.rst + man-sections/renegotiation.rst + man-sections/signals.rst + man-sections/script-options.rst + man-sections/server-options.rst + man-sections/tls-options.rst + man-sections/unsupported-options.rst + man-sections/virtual-routing-and-forwarding.rst + man-sections/vpn-network-options.rst + man-sections/windows-options.rst + ) + +set(OPENVPN_EXAMPLES_SECTIONS + man-sections/example-fingerprint.rst + man-sections/examples.rst + ) + +set(RST_FLAGS --strict) + +if (_GENERATE_HTML_DOC) + list(APPEND ALL_DOCS openvpn.8.html openvpn-examples.5.html) + add_custom_command( + OUTPUT openvpn.8.html + COMMAND ${_MAYBE_PYTHON} ${RST2HTML} ${RST_FLAGS} ${CMAKE_CURRENT_SOURCE_DIR}/openvpn.8.rst ${CMAKE_CURRENT_BINARY_DIR}/openvpn.8.html + MAIN_DEPENDENCY openvpn.8.rst + DEPENDS ${OPENVPN_SECTIONS} + ) + add_custom_command( + OUTPUT openvpn-examples.5.html + COMMAND ${_MAYBE_PYTHON} ${RST2HTML} ${RST_FLAGS} ${CMAKE_CURRENT_SOURCE_DIR}/openvpn-examples.5.rst ${CMAKE_CURRENT_BINARY_DIR}/openvpn-examples.5.html + MAIN_DEPENDENCY openvpn-examples.5.rst + DEPENDS ${OPENVPN_EXAMPLES_SECTIONS} + ) +endif () +if (_GENERATE_MAN_DOC) + list(APPEND ALL_DOCS openvpn.8 openvpn-examples.5) + add_custom_command( + OUTPUT openvpn.8 + COMMAND ${_MAYBE_PYTHON} ${RST2MAN} ${RST_FLAGS} ${CMAKE_CURRENT_SOURCE_DIR}/openvpn.8.rst ${CMAKE_CURRENT_BINARY_DIR}/openvpn.8 + MAIN_DEPENDENCY openvpn.8.rst + DEPENDS ${OPENVPN_SECTIONS} + ) + add_custom_command( + OUTPUT openvpn-examples.5 + COMMAND ${_MAYBE_PYTHON} ${RST2MAN} ${RST_FLAGS} ${CMAKE_CURRENT_SOURCE_DIR}/openvpn-examples.5.rst ${CMAKE_CURRENT_BINARY_DIR}/openvpn-examples.5 + MAIN_DEPENDENCY openvpn-examples.5.rst + DEPENDS ${OPENVPN_EXAMPLES_SECTIONS} + ) +endif () + +add_custom_target(documentation ALL DEPENDS ${ALL_DOCS}) + diff -Nru openvpn-2.6.3/doc/Makefile.am openvpn-2.6.14/doc/Makefile.am --- openvpn-2.6.3/doc/Makefile.am 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/Makefile.am 2025-04-02 06:53:10.000000000 +0000 @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2023 OpenVPN Inc +# Copyright (C) 2002-2024 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # @@ -54,11 +54,19 @@ man-sections/examples.rst dist_noinst_DATA = \ - README.plugins interactive-service-notes.rst \ + android.txt \ + interactive-service-notes.rst \ + keying-material-exporter.txt \ openvpn.8.rst \ openvpn-examples.5.rst \ + README.man \ + README.plugins \ + tls-crypt-v2.txt \ $(openvpn_sections) \ - $(openvpn_examples_sections) + $(openvpn_examples_sections) \ + CMakeLists.txt + +EXTRA_DIST = tests # dependencies openvpn.8 openvpn.8.html: $(openvpn_sections) diff -Nru openvpn-2.6.3/doc/Makefile.in openvpn-2.6.14/doc/Makefile.in --- openvpn-2.6.3/doc/Makefile.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/Makefile.in 2025-04-02 06:53:10.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2023 OpenVPN Inc +# Copyright (C) 2002-2024 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # @@ -81,6 +81,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -167,10 +169,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } man5dir = $(mandir)/man5 am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" \ @@ -179,9 +180,10 @@ NROFF = nroff MANS = $(dist_man_MANS) am__dist_html_DATA_DIST = openvpn.8.html openvpn-examples.5.html -am__dist_noinst_DATA_DIST = README.plugins \ - interactive-service-notes.rst openvpn.8.rst \ - openvpn-examples.5.rst man-sections/advanced-options.rst \ +am__dist_noinst_DATA_DIST = android.txt interactive-service-notes.rst \ + keying-material-exporter.txt openvpn.8.rst \ + openvpn-examples.5.rst README.man README.plugins \ + tls-crypt-v2.txt man-sections/advanced-options.rst \ man-sections/cipher-negotiation.rst \ man-sections/client-options.rst \ man-sections/connection-profiles.rst \ @@ -201,7 +203,7 @@ man-sections/vpn-network-options.rst \ man-sections/windows-options.rst \ man-sections/example-fingerprint.rst man-sections/examples.rst \ - openvpn.8 openvpn-examples.5 + CMakeLists.txt openvpn.8 openvpn-examples.5 DATA = $(dist_doc_DATA) $(dist_html_DATA) $(dist_noinst_DATA) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive @@ -289,6 +291,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GIT = @GIT@ GREP = @GREP@ IFCONFIG = @IFCONFIG@ @@ -399,8 +402,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -491,9 +496,12 @@ man-sections/example-fingerprint.rst \ man-sections/examples.rst -dist_noinst_DATA = README.plugins interactive-service-notes.rst \ - openvpn.8.rst openvpn-examples.5.rst $(openvpn_sections) \ - $(openvpn_examples_sections) $(am__append_1) +dist_noinst_DATA = android.txt interactive-service-notes.rst \ + keying-material-exporter.txt openvpn.8.rst \ + openvpn-examples.5.rst README.man README.plugins \ + tls-crypt-v2.txt $(openvpn_sections) \ + $(openvpn_examples_sections) CMakeLists.txt $(am__append_1) +EXTRA_DIST = tests ###### GENERIC RULES ########## SUFFIXES = .8.rst .8 .8.html .5.rst .5 .5.html @@ -863,16 +871,16 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + -$(am__rm_f) $(CLEANFILES) distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) + -$(am__rm_f) $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am @@ -982,3 +990,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru openvpn-2.6.3/doc/README.man openvpn-2.6.14/doc/README.man --- openvpn-2.6.3/doc/README.man 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/README.man 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,22 @@ + +man page documentation +====================== + +The man page content maintained in the openvpn.8.rst file and proper man and +the html version of the man page are generated using python-docutils. Both +the man page and html file are generated during 'make dist' or 'make distcheck' +and should be distributed inside the tarball by default. + +Users compiling OpenVPN from the tarball should not need to regenerate the +man/html files unless the source file needs to be modified. + +Further information: + +* Python docutils project: + https://docutils.sourceforge.io/ + +* Quickstart on .rst + https://docutils.sourceforge.io/docs/user/rst/quickstart.html + +* reStructuredText Markup Specifictaion (.rst) + https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html diff -Nru openvpn-2.6.3/doc/android.txt openvpn-2.6.14/doc/android.txt --- openvpn-2.6.3/doc/android.txt 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/android.txt 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,101 @@ +This file documents the support in OpenVPN for Android using the +VPNService API (https://developer.android.com/reference/android/net/VpnService) +that has been introduced in Android 4.0 (API 14). + +This support is primarily used in the "OpenVPN for Android" app +(https://github.com/schwabe/ics-openvpn). For building see the developer +README: https://github.com/schwabe/ics-openvpn/blob/master/doc/README.txt + +Android provides the VPNService API +(http://developer.android.com/reference/android/net/VpnService.html) +which allows establishing VPN connections without rooting the device. + +Unlike on other platforms, the tun device is openend by UI instead of +OpenVPN itself. The VpnService API needs the following parameters: + +- IP and netmask of tun interface +- Networks that should be routed to the tun interface +- DNS Servers and DNS Domain +- MTU + +All IPs/Routes are in CIDR style. Non-CIDR routes are not supported. +Notable is the lack of support for setting routes to other interfaces +usually used to avoid the server connection going over the tun +interface. However, Android 13 adds support for exclusion routes that +serve the same purpose. The Android VPNService API has the concept +of protecting a socket from being routed over an interface. Calling +protect (fd) will internally bind the socket to the interface used for the +external connection (usually WiFi or mobile data). + +To use OpenVPN with the VPNService API OpenVPN must be built with +the TARGET_ANDROID compile option. Also the UI must use a UNIX +domain socket to connect to OpenVPN. When compiled as TARGET_ANDROID +OpenVPN will use management callbacks instead of executing traditional +ifconfig/route commands use the need-ok callback mechanism which +will ask + +> NEED-OK command + +where command can be: + +IFCONFIG6 IPv6/netmask +IFCONFIG local remoteOrNetmask MTU topology + +To tell the UI which IPs addresses OpenVPN expects on the interface. +Topology is one of "net30","p2p","subnet" or "undef". + +ROUTE6 network/netmask +ROUTE network netmask + +To tell the UI which routes should be set on the tun interface. + +DNSSERVER IP server address +DNS6SERVER IPv6 server address +DNSDOMAIN searchdomain + +To set the DNS server and search domain. + +The GUI will then respond with a "needok 'command' ok' or "needok +'command' cancel', e.g. "needok 'IFCONFIG' ok". + +PERSIST_TUN_ACTION + +When OpenVPN wants to open an fd it will do this query via management. +The UI should compare the last configuration of the tun device with the current +tun configuration and reply with either NOACTION (or always respond with +OPEN_BEFORE_CLOSE). + +- NOACTION: Keep using the old fd +- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed + +For example the UI could respond with +needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE + +To protect a socket the OpenVPN will send a PROTECTFD to the UI. +When sending the PROTECTFD command command to the UI it will send +the fd of the socket as ancillary message over the UNIX socket. +The UI will then call protect(fd) on the received socket protecting +it from being routed over the VPN. + +When opening a tun device the OpenVPN process will first send all +route, ifconfig and DNS related configuration to the UI and after +that calls the OPENTUN command to receive a tun fd with the requested +configuration. The UI will then use the collected information to +call the VPNService's establish() method to receive a fd which in +turn is send to the OpenVPN process as ancillary message to the +"needok 'OPENTUN' ok' response. + +The OpenVPN for Android UI extensively uses other features that +are not specific to Android but are rarely used on other platform. +For example using SIGUSR1 and management-hold to restart, pause, +continue the VPN on network changes or the external key management +--management-external-key option and inline files. + +To better support handover between networks, a the management command + +network-change [samenetwork] + +is used on the Android platform. It tells OpenVPN to do the necessary +action when the network changes. Currently this is just calling +the protect callback when using peer-id regardless of the samenetwork. +Without peer-id OpenVPN will generate USR1 when samenetwork is not set. diff -Nru openvpn-2.6.3/doc/doxygen/Makefile.am openvpn-2.6.14/doc/doxygen/Makefile.am --- openvpn-2.6.3/doc/doxygen/Makefile.am 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/Makefile.am 2025-04-02 06:53:10.000000000 +0000 @@ -13,8 +13,27 @@ DISTCLEANFILES = openvpn.doxyfile +DOXYGEN_EXTRA_FILES = \ + doc_compression.h \ + doc_control_processor.h \ + doc_control_tls.h \ + doc_data_control.h \ + doc_data_crypto.h \ + doc_eventloop.h \ + doc_external_multiplexer.h \ + doc_fragmentation.h \ + doc_internal_multiplexer.h \ + doc_key_generation.h \ + doc_mainpage.h \ + doc_memory_management.h \ + doc_protocol_overview.h \ + doc_reliable.h \ + doc_tunnel_state.h + +EXTRA_DIST = $(DOXYGEN_EXTRA_FILES) + .PHONY: doxygen -doxygen: openvpn.doxyfile +doxygen: openvpn.doxyfile $(DOXYGEN_EXTRA_FILES) doxygen openvpn.doxyfile clean-local: diff -Nru openvpn-2.6.3/doc/doxygen/Makefile.in openvpn-2.6.14/doc/doxygen/Makefile.in --- openvpn-2.6.3/doc/doxygen/Makefile.in 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/Makefile.in 2025-04-02 06:53:10.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -79,6 +79,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -168,6 +170,7 @@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ GIT = @GIT@ GREP = @GREP@ IFCONFIG = @IFCONFIG@ @@ -278,8 +281,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -331,6 +336,24 @@ $(srcdir)/Makefile.in DISTCLEANFILES = openvpn.doxyfile +DOXYGEN_EXTRA_FILES = \ + doc_compression.h \ + doc_control_processor.h \ + doc_control_tls.h \ + doc_data_control.h \ + doc_data_crypto.h \ + doc_eventloop.h \ + doc_external_multiplexer.h \ + doc_fragmentation.h \ + doc_internal_multiplexer.h \ + doc_key_generation.h \ + doc_mainpage.h \ + doc_memory_management.h \ + doc_protocol_overview.h \ + doc_reliable.h \ + doc_tunnel_state.h + +EXTRA_DIST = $(DOXYGEN_EXTRA_FILES) all: all-am .SUFFIXES: @@ -438,14 +461,14 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) + -$(am__rm_f) $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am @@ -530,7 +553,7 @@ .PHONY: doxygen -doxygen: openvpn.doxyfile +doxygen: openvpn.doxyfile $(DOXYGEN_EXTRA_FILES) doxygen openvpn.doxyfile clean-local: @@ -539,3 +562,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru openvpn-2.6.3/doc/doxygen/doc_compression.h openvpn-2.6.14/doc/doxygen/doc_compression.h --- openvpn-2.6.3/doc/doxygen/doc_compression.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_compression.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,91 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file Data Channel Compression module documentation file. + */ + +/** + * @defgroup compression Data Channel Compression module + * + * This module offers compression of data channel packets. + * + * @par State structures + * The Data Channel Compression module stores its internal state in a \c + * lzo_compress_workspace structure. This state includes flags which + * control the module's behavior and preallocated working memory. One + * such structure is present for each VPN tunnel, and is stored in the \c + * context.c2.lzo_compwork of the \c context associated with that VPN + * tunnel. + * + * @par Initialization and cleanup + * Every time a new \c lzo_compress_workspace is needed, it must be + * initialized using the \c lzo_compress_init() function. Similarly, + * every time a \c lzo_compress_workspace is no longer needed, it must be + * cleaned up using the \c lzo_compress_uninit() function. These + * functions take care of the allocation and freeing of internal working + * memory, but not of the \c lzo_compress_workspace structures themselves. + * + * @par + * Because of the one-to-one relationship between \c + * lzo_compress_workspace structures and VPN tunnels, the above-mentioned + * initialization and cleanup functions are called directly from the \c + * init_instance() and \c close_instance() functions, which control the + * initialization and cleanup of VPN tunnel instances and their associated + * \c context structures. + * + * @par Packet processing functions + * This module receives data channel packets from the \link data_control + * Data Channel Control module\endlink and processes them according to the + * settings of the packet's VPN tunnel. The \link data_control Data + * Channel Control module\endlink uses the following interface functions: + * - For packets which will be sent to a remote OpenVPN peer: \c + * lzo_compress() + * - For packets which have been received from a remote OpenVPN peer: \c + * lzo_decompress() + * + * @par Settings that control this module's activity + * Whether or not the Data Channel Compression module is active depends on + * the compile-time \c ENABLE_LZO preprocessor macro and the runtime flags + * stored in \c lzo_compress_workspace.flags of the associated VPN tunnel. + * The latter are initialized from \c options.lzo, which gets its value + * from the process's configuration sources, such as its configuration + * file or command line %options. + * + * @par Adaptive compression + * The compression module supports adaptive compression. If this feature + * is enabled, the compression routines monitor their own performance and + * turn compression on or off depending on whether it is leading to + * significantly reduced payload size. + * + * @par Compression algorithms + * This module uses the Lempel-Ziv-Oberhumer (LZO) compression algorithms. + * These offer lossless compression and are designed for high-performance + * decompression. This module uses the external \c lzo library's + * implementation of the algorithms. + * + * @par + * For more information on the LZO library, see:\n + * http://www.oberhumer.com/opensource/lzo/ + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_control_processor.h openvpn-2.6.14/doc/doxygen/doc_control_processor.h --- openvpn-2.6.3/doc/doxygen/doc_control_processor.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_control_processor.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,184 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Control Channel Processor module documentation file. + */ + +/** + * @defgroup control_processor Control Channel Processor module + * + * This module controls the setup and maintenance of VPN tunnels and the + * associated security parameters. + * + * @par This module's role + * The Control Channel Processor module lies at the core of OpenVPN's + * activities. It handles the setup of new VPN tunnels, the negotiation + * of data channel security parameters, the managing of active VPN + * tunnels, and finally the cleanup of expired VPN tunnels. + * + * @par State structures + * A large amount of VPN tunnel state information must be stored within an + * OpenVPN process. A wide variety of container structures are used by + * this module for that purpose. Several of these structures are listed + * below, and the function of the first three VPN tunnel state containers + * is described in more detail later. + * - VPN tunnel state containers: + * - \c tls_multi, security parameter state for a single VPN tunnel. + * Contains three instances of the \c tls_session structure. + * - \c tls_session, security parameter state of a single session + * within a VPN tunnel. Contains two instances of the \c key_state + * structure. + * - \c key_state, security parameter state of one TLS and data + * channel %key set. + * - Data channel security parameter containers: + * - \c key_ctx_bi, container for two sets of OpenSSL cipher and/or + * HMAC context (both directions). Contains two instances of the \c + * key_ctx structure. + * - \c key_ctx, container for one set of OpenSSL cipher and/or HMAC + * context (one directions. + * - Key material containers: + * - \c key2, container for two sets of cipher and/or HMAC %key + * material (both directions). Contains two instances of the \c key + * structure. + * - \c key, container for one set of cipher and/or HMAC %key material + * (one direction). + * - \c key_direction_state, ordering of %key material within the \c + * key2.key array. + * - Key method 2 random material containers: + * - \c key_source2, container for both halves of random material used + * for %key method 2. Contains two instances of the \c key_source + * structure. + * - \c key_source, container for one half of random material used for + * %key method 2. + * + * @par The life of a \c tls_multi object + * A \c tls_multi structure contains all the security parameter state + * information related to the control and data channels of one VPN tunnel. + * Its life cycle can be summarized as follows: + * -# Initialization: \c tls_multi_init() and \c + * tls_multi_init_finalize(), which are called (indirectly) from \c + * init_instance() when initializing a new \c context structure. + * - Initializes a \c tls_multi structure. + * - Allocates the three \c tls_session objects contained by the \c + * tls_multi structure, and initializes as appropriate. + * -# Management: \c tls_multi_process() and \c tls_pre_decrypt() + * - If a new session is initiated by the remote peer, then \c + * tls_pre_decrypt() starts the new session negotiation in the + * un-trusted \c tls_session. + * - If the, as yet, un-trusted \c tls_session authenticates + * successfully, then \c tls_multi_process() moves it so as to be + * the active \c tls_session. + * - If an error occurs during processing of a \c key_state object, + * then \c tls_multi_process() cleans up and initializes the + * associated \c tls_session object. If the error occurred in the + * active \c key_state of the active \c tls_session and the + * lame-duck \c key_state of that \c tls_session has not yet + * expired, it is preserved as fallback. + * -# Cleanup: \c tls_multi_free(), which is called (indirectly) from \c + * close_instance() when cleaning up a \c context structure. + * - Cleans up a \c tls_multi structure. + * - Cleans up the three \c tls_session objects contained by the \c + * tls_multi structure. + * + * @par The life of a \c tls_session object + * A \c tls_session structure contains the state information related to an + * active and a lame-duck \c key_state. Its life cycle can be summarized + * as follows: + * -# Initialization: \c tls_session_init() + * - Initializes a \c tls_session structure. + * - Initializes the primary \c key_state by calling \c + * key_state_init(). + * -# Renegotiation: \c key_state_soft_reset() + * - Cleans up the old lame-duck \c key_state by calling \c + * key_state_free(). + * - Moves the old primary \c key_state to be the new lame-duck \c + * key_state. + * - Initializes a new primary \c key_state by calling \c + * key_state_init(). + * -# Cleanup: \c tls_session_free() + * - Cleans up a \c tls_session structure. + * - Cleans up all \c key_state objects associated with the session by + * calling \c key_state_free() for each. + * + * @par The life of a \c key_state object + * A \c key_state structure represents one control and data channel %key + * set. It contains an OpenSSL TLS object that encapsulates the control + * channel, and the data channel security parameters needed by the \link + * data_crypto Data Channel Crypto module\endlink to perform cryptographic + * operations on data channel packets. Its life cycle can be summarized + * as follows: + * -# Initialization: \c key_state_init() + * - Initializes a \c key_state structure. + * - Creates a new OpenSSL TLS object to encapsulate this new control + * channel session. + * - Sets \c key_state.state to \c S_INITIAL. + * - Allocates several internal buffers. + * - Initializes new reliability layer structures for this key set. + * -# Negotiation: \c tls_process() + * - The OpenSSL TLS object negotiates a TLS session between itself + * and the remote peer's TLS object. + * - Key material is generated and exchanged through the TLS session + * between OpenVPN peers. + * - Both peers initialize their data channel cipher and HMAC key + * contexts. + * - On successful negotiation, the \c key_state.state will progress + * from \c S_INITIAL to \c S_ACTIVE and \c S_NORMAL. + * -# Active tunneling: \link data_crypto Data Channel Crypto + * module\endlink + * - Data channel packet to be sent to a remote OpenVPN peer: + * - \c tls_pre_encrypt() loads the security parameters from the \c + * key_state into a \c crypto_options structure. + * - \c openvpn_encrypt() uses the \c crypto_options to an encrypt + * and HMAC sign the data channel packet. + * - Data channel packet received from a remote OpenVPN peer: + * - \c tls_pre_decrypt() loads the security parameters from the \c + * key_state into a \c crypto_options structure. + * - \c openvpn_encrypt() uses the \c crypto_options to + * authenticate and decrypt the data channel packet. + * -# Cleanup: \c key_state_free() + * - Cleans up a \c key_state structure together with its OpenSSL TLS + * object, key material, internal buffers, and reliability layer + * structures. + * + * @par Control functions + * The following two functions drive the Control Channel Processor's + * activities. + * - \c tls_multi_process(), iterates through the \c tls_session objects + * within a given \c tls_multi of a VPN tunnel, and calls \c + * tls_process() for each \c tls_session which is being set up, is + * already active, or is busy expiring. + * - \c tls_process(), performs the Control Channel Processor module's + * core handling of received control channel messages, and generates + * appropriate messages to be sent. + * + * @par Functions which control data channel key generation + * - Key method 1 key exchange functions were removed from OpenVPN 2.5 + * - Key method 2 key exchange functions: + * - \c key_method_2_write(), generates and processes key material to + * be sent to the remote OpenVPN peer. + * - \c key_method_2_read(), processes key material received from the + * remote OpenVPN peer. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_control_tls.h openvpn-2.6.14/doc/doxygen/doc_control_tls.h --- openvpn-2.6.3/doc/doxygen/doc_control_tls.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_control_tls.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,104 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Control Channel TLS module documentation file. + */ + +/** + * @defgroup control_tls Control Channel TLS module + * + * This module provides secure encapsulation of control channel messages + * exchanged between OpenVPN peers. + * + * The Control Channel TLS module uses the Transport Layer Security (TLS) + * protocol to provide an encrypted communication channel between the + * local OpenVPN process and a remote peer. This protocol simultaneously + * offers certificate-based authentication of the communicating parties. + * + * @par This module's roles + * The Control Channel TLS module is essential for the security of any + * OpenVPN-based system. On the one hand, it performs the security + * operations necessary to protect control channel messages exchanged + * between OpenVPN peers. On the other hand, before the control and data + * channels are even setup, it controls the exchange of certificates and + * verification of the remote's identity during negotiation of VPN + * tunnels. + * + * @par + * The former role is described below. The latter is described in the + * documentation for the \c verify_callback() function. + * + * @par + * In other words, this module takes care of the confidentiality and + * integrity of data channel communications, and the authentication of + * both the communicating parties and the control channel messages + * exchanged. + * + * @par Initialization and cleanup + * Because of the one-to-one relationship between control channel TLS + * state and \c key_state structures, the initialization and cleanup of an + * instance of the Control Channel TLS module's state happens within the + * \c key_state_init() and \c key_state_free() functions. In other words, + * each \c key_state object contains exactly one OpenSSL SSL-BIO object, + * which is initialized and cleaned up together with the rest of the \c + * key_state object. + * + * @par Packet processing functions + * This object behaves somewhat like a black box with a ciphertext and a + * plaintext I/O port. Its interaction with OpenVPN's control channel + * during operation takes place within the \c tls_process() function of + * the \link control_processor Control Channel Processor\endlink. The + * following functions are available for processing packets: + * - If ciphertext received from the remote peer is available in the \link + * reliable Reliability Layer\endlink: + * - Insert it into the ciphertext-side of the SSL-BIO. + * - Use function: \c key_state_write_ciphertext() + * - If ciphertext can be extracted from the ciphertext-side of the + * SSL-BIO: + * - Pass it to the \link reliable Reliability Layer\endlink for sending + * to the remote peer. + * - Use function: \c key_state_read_ciphertext() + * - If plaintext can be extracted from the plaintext-side of the SSL-BIO: + * - Pass it on to the \link control_processor Control Channel + * Processor\endlink for local processing. + * - Use function: \c key_state_read_plaintext() + * - If plaintext from the \link control_processor Control Channel + * Processor\endlink is available to be sent to the remote peer: + * - Insert it into the plaintext-side of the SSL-BIO. + * - Use function: \c key_state_write_plaintext() or \c + * key_state_write_plaintext_const() + * + * @par Transport Layer Security protocol implementation + * This module uses the OpenSSL library's implementation of the TLS + * protocol in the form of an OpenSSL SSL-BIO object. + * + * @par + * For more information on the OpenSSL library's BIO objects, please see: + * - OpenSSL's generic BIO objects: + * http://www.openssl.org/docs/crypto/bio.html + * - OpenSSL's SSL-BIO object: + * http://www.openssl.org/docs/crypto/BIO_f_ssl.html + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_data_control.h openvpn-2.6.14/doc/doxygen/doc_data_control.h --- openvpn-2.6.3/doc/doxygen/doc_data_control.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_data_control.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,102 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Data Channel Control module documentation file. + */ + +/** + * @defgroup data_control Data Channel Control module + * + * This module controls the processing of packets as they pass through the + * data channel. + * + * The Data Channel Control module controls the processing of packets as + * they pass through the data channel. The processing includes packet + * compression, fragmentation, and the performing of security operations + * on the packets. This module does not do the processing itself, but + * passes the packet to other data channel modules to perform the + * appropriate actions. + * + * Packets can travel in two directions through the data channel. They + * can be going to a remote destination which is reachable through a VPN + * tunnel, in which case this module prepares them to be sent out through + * a VPN tunnel. On the other hand, they can have been received through a + * VPN tunnel from a remote OpenVPN peer, in which case this module + * retrieves the packet in its original form as it was before entering the + * VPN tunnel on the remote OpenVPN peer. How this module processes + * packets traveling in the two directions is discussed in more detail + * below. + * + * @par Packets to be sent to a remote OpenVPN peer + * This module's main function for processing packets traveling in this + * direction is \c encrypt_sign(), which performs the following processing + * steps: + * - Call the \link compression Data Channel Compression module\endlink to + * perform packet compression if necessary. + * - Call the \link fragmentation Data Channel Fragmentation + * module\endlink to perform packet fragmentation if necessary. + * - Call the \link data_crypto Data Channel Crypto module\endlink to + * perform the required security operations. + * + * @par + * See the \c encrypt_sign() documentation for details of these + * interactions. + * + * @par + * After the above processing is complete, the packet is ready to be sent + * to a remote OpenVPN peer as a VPN tunnel packet. The actual sending of + * the packet is handled by the \link external_multiplexer External + * Multiplexer\endlink. + * + * @par Packets received from a remote OpenVPN peer + * The function that controls how packets traveling in this direction are + * processed is \c process_incoming_link(). That function, however, also + * performs some of the tasks required for the \link external_multiplexer + * External Multiplexer\endlink and is therefore listed as part of that + * module, instead of here. + * + * @par + * After the \c process_incoming_link() function has determined that a + * received packet is a data channel packet, it performs the following + * processing steps: + * - Call the \link data_crypto Data Channel Crypto module\endlink to + * perform the required security operations. + * - Call the \link fragmentation Data Channel Fragmentation + * module\endlink to perform packet reassembly if necessary. + * - Call the \link compression Data Channel Compression module\endlink to + * perform packet decompression if necessary. + * + * @par + * See the \c process_incoming_link() documentation for details of these + * interactions. + * + * @par + * After the above processing is complete, the packet is in its original + * form again as it was received by the remote OpenVPN peer. It can now + * be routed further to its final destination. If that destination is a + * locally reachable host, then the \link internal_multiplexer Internal + * Multiplexer\endlink will send it there. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_data_crypto.h openvpn-2.6.14/doc/doxygen/doc_data_crypto.h --- openvpn-2.6.3/doc/doxygen/doc_data_crypto.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_data_crypto.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,70 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Data Channel Crypto module documentation file. + */ + +/** + * @addtogroup data_crypto Data Channel Crypto module + * + * The Data Channel Crypto Module performs cryptographic operations on + * data channel packets. + * + * @par Security parameters + * This module is merely the user of a VPN tunnel's security parameters. + * It does not perform the negotiation and setup of the security + * parameters, nor the %key generation involved. These actions are done + * by the \link control_processor Control Channel Processor\endlink. This + * module receives the appropriate security parameters from that module in + * the form of a \c crypto_options structure when they are necessary for + * processing a packet. + * + * @par Packet processing functions + * This module receives data channel packets from the \link data_control + * Data Channel Control module\endlink and processes them according to the + * security parameters of the packet's VPN tunnel. The \link data_control + * Data Channel Control module\endlink uses the following interface + * functions: + * - For packets which will be sent to a remote OpenVPN peer: + * - \c tls_pre_encrypt() + * - \c openvpn_encrypt() + * - \c tls_post_encrypt() + * - For packets which have been received from a remote OpenVPN peer: + * - \c tls_pre_decrypt() (documented as part of the \link + * external_multiplexer External Multiplexer\endlink) + * - \c openvpn_decrypt() + * + * @par Settings that control this module's activity + * How the data channel processes packets received from the \link data_control + * Data Channel Control module\endlink at runtime depends on the associated + * \c crypto_options structure. To perform cryptographic operations, the + * \c crypto_options.key_ctx_bi must contain the correct cipher and HMAC + * security parameters for the direction the packet is traveling in. + * + * @par Crypto algorithms + * This module uses the crypto algorithm implementations of the external + * crypto library (currently either OpenSSL (default), or mbed TLS). + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_eventloop.h openvpn-2.6.14/doc/doxygen/doc_eventloop.h --- openvpn-2.6.3/doc/doxygen/doc_eventloop.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_eventloop.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,66 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Main Event Loop module documentation file. + */ + +/** + * @defgroup eventloop Main Event Loop module + * + * This main event loop module drives the packet processing of OpenVPN. + * + * OpenVPN is an event driven system. Its activities are driven by a main + * event loop, which repeatedly waits for one of several predefined events + * to occur, and then calls the appropriate module to handle the event. + * The major types of network events that OpenVPN processes are: + * - A packet can be read from the external network interface. + * - The main event loop activates the \link external_multiplexer + * External Multiplexer\endlink to read and process the packet. + * - A packet can be read from the virtual tun/tap network interface. + * - The main event loop activates the \link internal_multiplexer + * Internal Multiplexer\endlink to read and process the packet. + * - If a packet is ready to be sent out as a VPN tunnel packet: the + * external network interface can be written to. + * - The main event loop activates the \link external_multiplexer + * External Multiplexer\endlink to send the packet. + * - If a packet is ready to be sent to a locally reachable destination: + * the virtual tun/tap network interface can be written to. + * - The main event loop activates the \link internal_multiplexer + * Internal Multiplexer\endlink to send the packet. + * + * Beside these external events, OpenVPN also processes other types of + * internal events. These include scheduled events, such as resending of + * non-acknowledged control channel messages. + * + * @par Main event loop implementations + * + * Depending on the mode in which OpenVPN is running, a different main + * event loop function is called to drive the event processing. The + * following implementations are available: + * - Client mode using UDP or TCP: \c tunnel_point_to_point() + * - Server mode using UDP: \c tunnel_server_udp() + * - Server mode using TCP: \c tunnel_server_tcp() + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_external_multiplexer.h openvpn-2.6.14/doc/doxygen/doc_external_multiplexer.h --- openvpn-2.6.3/doc/doxygen/doc_external_multiplexer.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_external_multiplexer.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,45 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * External Multiplexer module documentation file. + */ + +/** + * @addtogroup external_multiplexer External Multiplexer module + * + * The External Multiplexer is the link between the external network + * interface and the other OpenVPN modules. It reads packets from the + * external network interface, determines which remote OpenVPN peer and + * VPN tunnel they are associated with, and whether they are data channel + * or control channel packets. It then passes the packets on to the + * appropriate processing module. + * + * This module also handles packets traveling in the reverse direction, + * which have been generated by the local control channel or which have + * already been processed by the \link data_control Data Channel Control + * module\endlink and are destined for a remote host reachable through a + * VPN tunnel. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_fragmentation.h openvpn-2.6.14/doc/doxygen/doc_fragmentation.h --- openvpn-2.6.3/doc/doxygen/doc_fragmentation.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_fragmentation.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,95 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Data Channel Fragmentation module documentation file. + */ + +/** + * @defgroup fragmentation Data Channel Fragmentation module + * + * The Data Channel Fragmentation module offers fragmentation of data + * channel packets. + * + * @par State structures + * The Data Channel Fragmentation module stores its internal state in a \c + * fragment_master structure. One such structure is present for each VPN + * tunnel, and is stored in \c context.c2.fragment of the \c context + * associated with that VPN tunnel. + * + * @par + * The \c fragment_master structure contains one \c fragment_list + * structure \c fragment_master.incoming. This is a list of \c fragment + * structures, each of which can store the parts of one fragmented packet + * while it is being reassembled. The \c fragment_master structure also + * contains one \c buffer called \c fragment_master.outgoing, in which a + * data channel large packet to be sent to a remote OpenVPN peer can be + * broken up into parts to be sent one by one. + * + * @par Initialization and cleanup + * Every time a new \c fragment_master is needed, it must be allocated and + * initialized by the \c fragment_init() function. Similarly, every time + * a \c fragment_master is no longer needed, it must be cleaned up using + * the \c fragment_free() function. These functions take care of the + * allocation and freeing of the \c fragment_master structure itself and + * all internal memory required for the use of that structure. Note that + * this behavior is different from that displayed by the \link compression + * Data Channel Compression module\endlink. + * + * @par + * Because of the one-to-one relationship between \c fragment_master + * structures and VPN tunnels, the above-mentioned initialization and + * cleanup functions are called directly from the \c init_instance() and + * \c close_instance() functions, which control the initialization and + * cleanup of VPN tunnel instances and their associated \c context + * structures. + * + * @par Packet processing functions + * This module receives data channel packets from the \link data_control + * Data Channel Control module\endlink and processes them according to the + * settings of the packet's VPN tunnel. The \link data_control Data + * Channel Control module\endlink uses the following interface functions: + * - For packets which will be sent to a remote OpenVPN peer: \c + * fragment_outgoing() \n This function inspects data channel packets as + * they are being made ready to be sent as VPN tunnel packets to a + * remote OpenVPN peer. If a packet's size is larger than its + * destination VPN tunnel's maximum transmission unit (MTU), then this + * module breaks that packet up into smaller parts, each of which is + * smaller than or equal to the VPN tunnel's MTU. See \c + * fragment_outgoing() for details. + * - For packets which have been received from a remote OpenVPN peer: \c + * fragment_incoming() \n This function inspects data channel packets + * that have been received from a remote OpenVPN peer through a VPN + * tunnel. It reads the fragmentation header of the packet, and + * depending on its value performs the appropriate action. See \c + * fragment_incoming() for details. + * + * @par Settings that control this module's activity + * Whether the Data Channel Fragmentation module is active or not depends + * on the compile-time \c ENABLE_FRAGMENT preprocessor macro and the + * runtime flag \c options.fragment, which gets its value from the + * process's configuration sources, such as the configuration file and + * commandline %options. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_internal_multiplexer.h openvpn-2.6.14/doc/doxygen/doc_internal_multiplexer.h --- openvpn-2.6.3/doc/doxygen/doc_internal_multiplexer.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_internal_multiplexer.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,43 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Internal Multiplexer module documentation file. + */ + +/** + * @addtogroup internal_multiplexer Internal Multiplexer module + * + * The Internal Multiplexer is the link between the virtual tun/tap + * network interface and the \link data_control Data Channel Control + * module\endlink. It reads packets from the virtual network interface, + * determines for which remote OpenVPN peer they are destined, and then + * passes the packets on to the Data Channel Control module together with + * information about their destination VPN tunnel instance. + * + * This module also handles packets traveling in the reverse direction, + * which have already been processed by the Data Channel Control module + * and are destined for a locally reachable host. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_key_generation.h openvpn-2.6.14/doc/doxygen/doc_key_generation.h --- openvpn-2.6.3/doc/doxygen/doc_key_generation.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_key_generation.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,158 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Key generation documentation file. + */ + +/** + * @page key_generation Data channel %key generation + * + * This section describes how OpenVPN peers generate and exchange %key + * material necessary for the security operations performed on data + * channel packets. + * + * The %key generation and exchange process between OpenVPN client and + * server occurs every time data channel security parameters are + * negotiated, for example during the initial setup of a VPN tunnel or + * when the active security parameters expire. In source code terms, this + * is when a new key_state structure is initialized. + * + * @section key_generation_method Key methods + * + * OpenVPN supports two different ways of generating and exchanging %key + * material between client and server. These are known as %key method 1 + * and %key method 2. %Key method 2 is the recommended method. Both are + * explained below. + * + * @subsection key_generation_method_1 Key method 1 + * + * -# Each host generates its own random material. + * -# Each host uses its locally generated random material as %key data + * for encrypting and signing packets sent to the remote peer. + * -# Each host then sends its random material to the remote peer, so that + * the remote peer can use that %key data for authenticating and + * decrypting received packets. + * + * @subsection key_generation_method_2 Key method 2 + * + * There are two methods for generating key data when using key method 2 + * the first is OpenVPN's traditional approach that exchanges random + * data and uses a PRF and the other is using the RFC5705 keying material + * exporter to generate the key material. For both methods the random + * data is exchange but only used in the traditional method. + * + * -# The client generates random material in the following amounts: + * - Pre-master secret: 48 bytes + * - Client's PRF seed for master secret: 32 bytes + * - Client's PRF seed for %key expansion: 32 bytes + * -# The client sends its share of random material to the server. + * -# The server generates random material in the following amounts: + * - Server's PRF seed for master secret: 32 bytes + * - Server's PRF seed for %key expansion: 32 bytes + * -# The server computes the %key expansion using its own and the + * client's random material. + * -# The server sends its share of random material to the client. + * -# The client computes the %key expansion using its own and the + * server's random material. + * + * %Key method 2 %key expansion is performed by the \c + * generate_key_expansion_openvpn_prf() function. Please refer to its source + * code for details of the %key expansion process. + * + * When the client sends the IV_PROTO_TLS_KEY_EXPORT flag and the server replies + * with `key-derivation tls-ekm` the RFC5705 key material exporter with the + * label EXPORTER-OpenVPN-datakeys is used for the key data. + * + * @subsection key_generation_random Source of random material + * + * OpenVPN uses the either the OpenSSL library or the mbed TLS library as its + * source of random material. + * + * In OpenSSL, the \c RAND_bytes() function is called + * to supply cryptographically strong pseudo-random data. The following links + * contain more information on this subject: + * - For OpenSSL's \c RAND_bytes() function: + * http://www.openssl.org/docs/crypto/RAND_bytes.html + * - For OpenSSL's pseudo-random number generating system: + * http://www.openssl.org/docs/crypto/rand.html + * - For OpenSSL's support for external crypto modules: + * http://www.openssl.org/docs/crypto/engine.html + * + * In mbed TLS, the Havege random number generator is used. For details, see + * the mbed TLS documentation. + * + * @section key_generation_exchange Key exchange: + * + * The %key exchange process is initiated by the OpenVPN process running + * in client mode. After the initial three-way handshake has successfully + * completed, the client sends its share of random material to the server, + * after which the server responds with its part. This process is + * depicted below: + * +@verbatim + Client Client Server Server + State Action Action State +---------- -------------------- -------------------- ---------- + + ... waiting until three-way handshake complete ... +S_START S_START + key_method_?_write() + send to server --> --> --> --> receive from client +S_SENT_KEY key_method_?_read() + S_GOT_KEY + key_method_?_write() + receive from server <-- <-- <-- <-- send to client + key_method_?_read() S_SENT_KEY +S_GOT_KEY + ... waiting until control channel fully synchronized ... +S_ACTIVE S_ACTIVE +@endverbatim + * + * For more information about the client and server state values, see the + * \link control_processor Control Channel Processor module\endlink. + * + * Depending on which %key method is used, the \c ? in the function names + * of the diagram above is a \c 1 or a \c 2. For example, if %key method + * 2 is used, that %key exchange would be started by the client calling \c + * key_method_2_write(). These functions are called from the \link + * control_processor Control Channel Processor module's\endlink \c + * tls_process() function and control the %key generation and exchange + * process as follows: + * - %Key method 1 has been removed in OpenVPN 2.5 + * - %Key method 2: + * - \c key_method_2_write(): generate random material locally, and if + * in server mode generate %key expansion. + * - \c key_method_2_read(): read random material received from remote + * peer, and if in client mode generate %key expansion. + * + * @subsection key_generation_encapsulation Transmission of key material + * + * The OpenVPN client and server communicate with each other through their + * control channel. This means that all of the data transmitted over the + * network, such as random material for %key generation, is encapsulated + * in a TLS layer. For more details, see the \link control_tls Control + * Channel TLS module\endlink documentation. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_mainpage.h openvpn-2.6.14/doc/doxygen/doc_mainpage.h --- openvpn-2.6.3/doc/doxygen/doc_mainpage.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_mainpage.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,161 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Main page documentation file. + */ + +/** + * @mainpage OpenVPN source code documentation + * + * This documentation describes the internal structure of OpenVPN. It was + * automatically generated from specially formatted comment blocks in + * OpenVPN's source code using Doxygen. (See + * http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen) + * + * The \ref mainpage_modules "Modules section" below gives an introduction + * into the high-level module concepts used throughout this documentation. + * The \ref mainpage_relatedpages "Related Pages section" below describes + * various special subjects related to OpenVPN's implementation which are + * discussed in the related pages section. + * + * @section mainpage_modules Modules + * + * For the purpose of describing the internal structure of OpenVPN, this + * documentation and the underlying source code has been broken up into a + * number of conceptually well-defined parts, known as modules. Each + * module plays a specific role within the OpenVPN process, and in most + * cases each module has a clear interfacing strategy for interacting with + * other modules. + * + * The following modules have been defined: + * - Driver module: + * - The \link eventloop Main Event Loop\endlink: this module drives the + * event handling of OpenVPN. It implements various types of + * select-loop which wait until an event happens, and then delegate + * the handling of that event to the appropriate module. + * - Network interface modules: + * - The \link external_multiplexer External Multiplexer\endlink: this + * module sends and receives packets to and from remote OpenVPN peers + * over the external network interface. It also takes care of + * demultiplexing received packets to their appropriate VPN tunnel and + * splitting control channel and data channel packets. + * - The \link internal_multiplexer Internal Multiplexer\endlink: this + * module sends and receives packets to and from locally reachable + * posts over the virtual tun/tap network interface. It also takes + * care of determining through which VPN tunnel a received packet must + * be sent to reach its destination. + * - Control channel modules: + * - The \link reliable Reliability Layer\endlink: this module offers a + * %reliable and sequential transport layer for control channel + * messages. + * - The \link control_tls Control Channel TLS module\endlink: this + * module offers a secure encapsulation of control channel messages + * using the TLS protocol. + * - The \link control_processor Control Channel Processor\endlink: his + * module manages the setup, maintenance, and shut down of VPN + * tunnels. + * - Data channel modules: + * - The \link data_control Data Channel Control module\endlink: this + * module controls the processing of data channel packets and, + * depending on the settings of the packet's VPN tunnel, passes the + * packet to the three modules below for handling. + * - The \link data_crypto Data Channel Crypto module\endlink: this + * module performs security operations on data channel packets. + * - The \link fragmentation Data Channel Fragmentation module\endlink: + * this module offers fragmentation of data channel packets larger + * than the VPN tunnel's MTU. + * - The \link compression Data Channel Compression module\endlink: this + * module offers compression of data channel packets. + * + * @subsection mainpage_modules_example Example event: receiving a packet + * + * OpenVPN handles many types of events during operation. These include + * external events, such as network traffic being received, and internal + * events, such as a %key session timing out causing renegotiation. An + * example event, receiving a packet over the network, is described here + * together with which modules play what roles: + * -# The \link eventloop Main Event Loop\endlink detects that a packet + * can be read from the external or the virtual tun/tap network + * interface. + * -# The \link eventloop Main Event Loop\endlink calls the \link + * external_multiplexer External Multiplexer\endlink or \link + * internal_multiplexer Internal Multiplexer\endlink to read and + * process the packet. + * -# The multiplexer module determines the type of packet and its + * destination, and passes the packet on to the appropriate handling + * module: + * - A control channel packet received by the \link + * external_multiplexer External Multiplexer\endlink is passed on + * through the \link reliable Reliability Layer\endlink and the \link + * control_tls Control Channel TLS module\endlink to the \link + * control_processor Control Channel Processor\endlink. + * - A data channel packet received by either multiplexer module is + * passed on to the \link data_control Data Channel Control + * module\endlink. + * -# The packet is processed by the appropriate control channel or data + * channel modules. + * -# If, after processing the packet, a resulting packet is generated + * that needs to be sent to a local or remote destination, it is given + * to the \link external_multiplexer External Multiplexer\endlink or + * \link internal_multiplexer Internal Multiplexer\endlink for sending. + * -# If a packet is waiting to be sent by either multiplexer module and + * the \link eventloop Main Event Loop\endlink detects that data can be + * written to the associated network interface, it calls the + * multiplexer module to send the packet. + * + * @section mainpage_relatedpages Related pages + * + * This documentation includes a number of descriptions of various aspects + * of OpenVPN and its implementation. These are not directly related to + * one module, function, or data structure, and are therefore listed + * separately under "Related Pages". + * + * @subsection mainpage_relatedpages_key_generation Data channel key generation + * + * The @ref key_generation "Data channel key generation" related page + * describes how, during VPN tunnel setup and renegotiation, OpenVPN peers + * generate and exchange the %key material required for the symmetric + * encryption/decryption and HMAC signing/verifying security operations + * performed on data channel packets. + * + * @subsection mainpage_relatedpages_tunnel_state VPN tunnel state + * + * The @ref tunnel_state "Structure of VPN tunnel state storage" related + * page describes how an OpenVPN process manages the state information + * associated with its active VPN tunnels. + * + * @subsection mainpage_relatedpages_network_protocol Network protocol + * + * The @ref network_protocol "Network protocol" related page describes the + * format and content of VPN tunnel packets exchanged between OpenVPN + * peers. + * + * @subsection mainpage_relatedpages_memory_management Memory management + * + * The @ref memory_management "Memory management strategies" related page + * gives a brief introduction into OpenVPN's memory %buffer library and + * garbage collection facilities. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_memory_management.h openvpn-2.6.14/doc/doxygen/doc_memory_management.h --- openvpn-2.6.3/doc/doxygen/doc_memory_management.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_memory_management.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,98 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Memory management strategies documentation file. + */ + +/** + * @page memory_management OpenVPN's memory management strategies + * + * This section describes several implementation details relating to + * OpenVPN's memory management strategies. + * + * During operation, the OpenVPN process performs all kinds of operations + * on blocks of data. Receiving packets, encrypting content, prepending + * headers, etc. To make the programmer's job easier and to decrease the + * likelihood of memory-related bugs, OpenVPN uses its own memory %buffer + * library and garbage collection facilities. These are described in + * brief here. + * + * @section memory_management_buffer The buffer structure + * + * The \c buffer structure is a wrapper around a block of dynamically + * allocated memory which keeps track of the block's capacity \c + * buffer.capacity and location in memory \c buffer.data. This structure + * supports efficient prepending and appending within the allocated memory + * through the use of offset \c buffer.offset and length \c buffer.len + * fields. See the \c buffer documentation for more details on the + * structure itself. + * + * OpenVPN's %buffer library, implemented in the \c buffer.h and \c + * buffer.c files, contains many utility functions for working with \c + * buffer structures. These functions facilitate common operations, such + * as allocating, freeing, reading and writing to \c buffer structures, + * and even offer several more advanced operations, such as string + * matching and creating sub-buffers. + * + * Not only do these utility functions make working with \c buffer + * structures easy, they also perform extensive error checking. Each + * function, where necessary, checks whether enough space is available + * before performing its actions. This minimizes the chance of bugs + * leading to %buffer overflows and other vulnerabilities. + * + * @section memory_management_frame The frame structure + * + * The \c frame structure keeps track of the maximum allowed packet + * geometries of a network connection. + * + * It is used, for example, to determine the size of \c buffer structures + * in which to store data channel packets. This is done by having each + * data channel processing module register the maximum amount of extra + * space it will need for header prepending and content expansion in the + * \c frame structure. Once these parameters are known, \c buffer + * structures can be allocated, based on the \c frame parameters, so that + * they are large enough to allow efficient prepending of headers and + * processing of content. + * + * @section memory_management_garbage Garbage collection + * + * OpenVPN has many sizable functions which perform various actions + * depending on their %context. This makes it difficult to know in advance + * exactly how much memory must be allocated. The garbage collection + * facilities are used to keep track of dynamic allocations, thereby + * allowing easy collective freeing of the allocated memory. + * + * The garbage collection system is implemented by the \c gc_arena and \c + * gc_entry structures. The arena represents a garbage collecting unit, + * and contains a linked list of entries. Each entry represents one block + * of dynamically allocated memory. + * + * The garbage collection system also contains various utility functions + * for working with the garbage collection structures. These include + * functions for initializing new arenas, allocating memory of a given + * size and registering the allocation in an arena, and freeing all the + * allocated memory associated with an arena. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_protocol_overview.h openvpn-2.6.14/doc/doxygen/doc_protocol_overview.h --- openvpn-2.6.3/doc/doxygen/doc_protocol_overview.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_protocol_overview.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,197 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file Network protocol overview documentation file. + */ + +/** + * @page network_protocol OpenVPN's network protocol + * + * Description of packet structure in OpenVPN's network protocol. + * + * This document describes the structure of packets exchanged between + * OpenVPN peers. It is based on the protocol description in the \c ssl.h + * file. + * + * @section network_protocol_external Outer structure of packets exchanged between OpenVPN peers + * + * VPN tunnel packets are transported between OpenVPN peers using the UDP + * or TCP protocols. Their structure is described below. + * + * @subsection network_protocol_external_structure External packet structure + * + * - packet length (16 bits, unsigned) [TCP-mode only]: always sent as + * plain text. Since TCP is a stream protocol, this packet length + * defines the packetization of the stream. + * - packet opcode and key_id (8 bits) [TLS-mode only]: + * - package message type (high 5 bits) + * - key_id (low 3 bits): the key_id refers to an already negotiated + * TLS session. OpenVPN seamlessly renegotiates the TLS session by + * using a new key_id for the new session. Overlap (controlled by + * user definable parameters) between old and new TLS sessions is + * allowed, providing a seamless transition during tunnel operation. + * - payload (n bytes) + * + * @subsection network_protocol_external_types Message types + * + * The type of a VPN tunnel packet is indicated by its opcode. The + * following describes the various opcodes available. + * + * - Control channel messages: + * - \ref P_CONTROL_HARD_RESET_CLIENT_V1 -- %Key method 1, initial %key + * from client, forget previous state. + * - \ref P_CONTROL_HARD_RESET_SERVER_V1 -- %Key method 1, initial %key + * from server, forget previous state. + * - \ref P_CONTROL_HARD_RESET_CLIENT_V2 -- %Key method 2, initial %key + * from client, forget previous state. + * - \ref P_CONTROL_HARD_RESET_SERVER_V2 -- %Key method 2, initial %key + * from server, forget previous state. + * - \ref P_CONTROL_SOFT_RESET_V1 -- New %key, with a graceful + * transition from old to new %key in the sense that a transition + * window exists where both the old or new key_id can be used. + * - \ref P_CONTROL_V1 -- Control channel packet (usually TLS + * ciphertext). + * - \ref P_ACK_V1 -- Acknowledgement for control channel packets + * received. + * - Data channel messages: + * - \ref P_DATA_V1 -- Data channel packet containing data channel + * ciphertext. + * - \ref P_DATA_V2 -- Data channel packet containing peer-id and data + * channel ciphertext. + * + * @subsection network_protocol_external_key_id Session IDs and Key IDs + * + * OpenVPN uses two different forms of packet identifiers: + * - The first form is 64 bits and is used for all control channel + * messages. This form is referred to as a \c session_id. + * - Data channel messages on the other hand use a shortened form of 3 + * bits for efficiency reasons since the vast majority of OpenVPN + * packets in an active tunnel will be data channel messages. This + * form is referred to as a \c key_id. + * + * The control and data channels use independent packet-id sequences, + * because the data channel is an unreliable channel while the control + * channel is a %reliable channel. Each use their own independent HMAC + * keys. + * + * @subsection network_protocol_external_reliable Control channel reliability layer + * + * Control channel messages (\c P_CONTROL_* and \c P_ACK_* message types) + * are TLS ciphertext packets which have been encapsulated inside of a + * reliability layer. The reliability layer is implemented as a + * straightforward acknowledge and retransmit model. + * + * Acknowledgments of received messages can be encoded in either the + * dedicated \c P_ACK_* record or they can be prepended to a \c + * P_CONTROL_* message. + * + * See the \link reliable Reliability Layer\endlink module for a detailed + * description. + * + * @section network_protocol_control Structure of control channel messages + * + * @subsection network_protocol_control_ciphertext Structure of ciphertext control channel messages + * + * Control channel packets in ciphertext form consist of the following + * parts: + * + * - local \c session_id (random 64 bit value to identify TLS session). + * (the tls-server side uses a HMAC of the client to create a pseudo + * random number for a SYN Cookie like approach) + * - HMAC signature of entire encapsulation header for HMAC firewall + * [only if \c --tls-auth is specified] (usually 16 or 20 bytes). + * - packet-id for replay protection (4 or 8 bytes, includes sequence + * number and optional \c time_t timestamp). + * - acknowledgment packet-id array length (1 byte). + * - acknowledgment packet-id array (if length > 0). + * - acknowledgment remote session-id (if length > 0). + * - packet-id of this message (4 bytes). + * - TLS payload ciphertext (n bytes) (only for \c P_CONTROL_V1). + * + * Note that when \c --tls-auth is used, all message types are protected + * with an HMAC signature, even the initial packets of the TLS handshake. + * This makes it easy for OpenVPN to throw away bogus packets quickly, + * without wasting resources on attempting a TLS handshake which will + * ultimately fail. + * + * @subsection network_protocol_control_key_methods Control channel key methods + * + * Once the TLS session has been initialized and authenticated, the TLS + * channel is used to exchange random %key material for bidirectional + * cipher and HMAC keys which will be used to secure data channel packets. + * OpenVPN currently implements two %key methods. %Key method 1 directly + * derives keys using random bits obtained from the \c rand_bytes() function. + * %Key method 2 mixes random %key material from both sides of the connection + * using the TLS PRF mixing function. %Key method 2 is the preferred method and + * is the default for OpenVPN 2.0+. + * + * The @ref key_generation "Data channel key generation" related page + * describes the %key methods in more detail. + * + * @subsection network_protocol_control_plaintext Structure of plaintext control channel messages + * + * - %Key method 1 (support removed in OpenVPN 2.5): + * - Cipher %key length in bytes (1 byte). + * - Cipher %key (n bytes). + * - HMAC %key length in bytes (1 byte). + * - HMAC %key (n bytes). + * - %Options string (n bytes, null terminated, client/server %options + * string should match). + * - %Key method 2: + * - Literal 0 (4 bytes). + * - %Key method (1 byte). + * - \c key_source structure (\c key_source.pre_master only defined + * for client -> server). + * - %Options string length, including null (2 bytes). + * - %Options string (n bytes, null terminated, client/server %options + * string must match). + * - [The username/password data below is optional, record can end at + * this point.] + * - Username string length, including null (2 bytes). + * - Username string (n bytes, null terminated). + * - Password string length, including null (2 bytes). + * - Password string (n bytes, null terminated). + * + * @section network_protocol_data Structure of data channel messages + * + * The P_DATA_* payload represents encapsulated tunnel packets which tend to be + * either IP packets or Ethernet frames. This is essentially the "payload" of + * the VPN. Data channel packets consist of a data channel header, and a + * payload. There are two possible formats: + * + * @par P_DATA_V1 + * P_DATA_V1 packets have a 1-byte header, carrying the \ref P_DATA_V1 \c opcode + * and \c key_id, followed by the payload:\n + * [ 5-bit opcode | 3-bit key_id ] [ payload ] + * + * @par P_DATA_V2 + * P_DATA_V2 packets have the same 1-byte opcode/key_id, but carrying the \ref + * P_DATA_V2 opcode, followed by a 3-byte peer-id, which uniquely identifies + * the peer:\n + * [ 5-bit opcode | 3-bit key_id ] [ 24-bit peer-id ] [ payload ] + * + * See @ref data_crypto for details on the data channel payload format. + * + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_reliable.h openvpn-2.6.14/doc/doxygen/doc_reliable.h --- openvpn-2.6.3/doc/doxygen/doc_reliable.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_reliable.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,48 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * Reliability Layer module documentation file. + */ + +/** + * @defgroup reliable Reliability Layer module + * + * The Reliability Layer is part of OpenVPN's control channel. It + * provides a reliable and sequential transport mechanism for control + * channel messages between OpenVPN peers. This module forms the + * interface between the \link external_multiplexer External + * Multiplexer\endlink and the \link control_tls Control Channel TLS + * module\endlink. + * + * @par UDP or TCP as VPN tunnel transport + * + * This is especially important when OpenVPN is configured to communicate + * over UDP, because UDP does not offer a reliable and sequential + * transport. OpenVPN endpoints can also communicate over TCP which does + * provide a reliable and sequential transport. In both cases, using UDP + * or TCP as an external transport, the internal Reliability Layer is + * active. + */ diff -Nru openvpn-2.6.3/doc/doxygen/doc_tunnel_state.h openvpn-2.6.14/doc/doxygen/doc_tunnel_state.h --- openvpn-2.6.3/doc/doxygen/doc_tunnel_state.h 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/doxygen/doc_tunnel_state.h 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,154 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2010-2021 Fox Crypto B.V. + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * @file + * VPN tunnel state documentation file. + */ + +/** + * @page tunnel_state Structure of the VPN tunnel state storage + * + * This section describes how OpenVPN stores its VPN tunnel state during + * operation. + * + * OpenVPN uses several data structures as storage containers for state + * information of active VPN tunnels. These are described in this + * section, together with a little bit of history to help understand the + * origin of the current architecture. + * + * Whether an OpenVPN process is running in client-mode or server-mode + * determines whether it can support only one or multiple simultaneously + * active VPN tunnels. This consequently also determines how the + * associated state information is wrapped up internally. This section + * gives an overview of the differences. + * + * @section tunnel_state_history Historic developments + * + * In the old v1.x series, an OpenVPN process managed only one single VPN + * tunnel. This allowed the VPN tunnel state to be stored together with + * process-global information in one single \c context structure. + * + * This changed, however, in the v2.x series, as new OpenVPN versions + * running in server-mode can support multiple simultaneously active VPN + * tunnels. This necessitated a redesign of the VPN tunnel state + * container structures, and modification of the \link + * external_multiplexer External Multiplexer\endlink and \link + * internal_multiplexer Internal Multiplexer\endlink systems. The + * majority of these changes are only relevant for OpenVPN processes + * running in server-mode, and the client-mode structure has remained very + * similar to the v1.x single-tunnel form. + * + * @section tunnel_state_client Client-mode state + * + * An OpenVPN process running in client-mode can manage at most one single + * VPN tunnel at any one time. The state information for a client's VPN + * tunnel is stored in a \c context structure. + * + * The \c context structure is created in the \c main() function. That is + * also where process-wide initialization takes place, such as parsing + * command line %options and reading configuration files. The \c context + * is then passed to \c tunnel_point_to_point() which drives OpenVPN's + * main event processing loop. These functions are both part of the \link + * eventloop Main Event Loop\endlink module. + * + * @subsection tunnel_state_client_init Initialization and cleanup + * + * Because there is only one \c context structure present, it can be + * initialized and cleaned up from the client's main event processing + * function. Before the \c tunnel_point_to_point() function enters its + * event loop, it calls \c init_instance_handle_signals() which calls \c + * init_instance() to initialize the single \c context structure. After + * the event loop stops, it calls \c close_instance() to clean up the \c + * context. + * + * @subsection tunnel_state_client_event Event processing + * + * When the main event processing loop activates the external or internal + * multiplexer to handle a network event, it is not necessary to determine + * which VPN tunnel the event is associated with, because there is only + * one VPN tunnel active. + * + * @section tunnel_state_server Server-mode state + * + * An OpenVPN process running in server-mode can manage multiple + * simultaneously active VPN tunnels. For every VPN tunnel active, in + * other words for every OpenVPN client which is connected to a server, + * the OpenVPN server has one \c context structure in which it stores that + * particular VPN tunnel's state information. + * + * @subsection tunnel_state_server_multi Multi_context and multi_instance structures + * + * To support multiple \c context structures, each is wrapped in a \c + * multi_instance structure, and all the \c multi_instance structures are + * registered in one single \c multi_context structure. The \link + * external_multiplexer External Multiplexer\endlink and \link + * internal_multiplexer Internal Multiplexer\endlink then use the \c + * multi_context to retrieve the correct \c multi_instance and \c context + * associated with a given network address. + * + * @subsection tunnel_state_server_init Startup and initialization + * + * An OpenVPN process running in server-mode starts in the same \c main() + * function as it would in client-mode. The same process-wide + * initialization is performed, and the resulting state and configuration + * is stored in a \c context structure. The server-mode and client-mode + * processes diverge when the \c main() function calls one of \c + * tunnel_point_to_point() or \c tunnel_server(). + * + * In server-mode, \c main() calls the \c tunnel_server() function, which + * transfers control to \c tunnel_server_udp() or \c + * tunnel_server_tcp() depending on the external transport protocol. + * + * These functions receive the \c context created in \c main(). This + * object has a special status in server-mode, as it does not represent an + * active VPN tunnel, but does contain process-wide configuration + * parameters. In the source code, it is often stored in "top" variables. + * To distinguish this object from other instances of the same type, its + * \c context.mode value is set to \c CM_TOP. Other \c context objects, + * which do represent active VPN tunnels, have a \c context.mode set to \c + * CM_CHILD_UDP or \c CM_CHILD_TCP, depending on the external transport + * protocol. + * + * Both \c tunnel_server_udp_single_threaded() and \c tunnel_server_tcp() + * perform similar initialization. In either case, a \c multi_context + * structure is created, and it is initialized according to the + * configuration stored in the top \c context by the \c multi_init() and + * \c multi_top_init() functions. + * + * @subsection tunnel_state_server_tunnels Creating and destroying VPN tunnels + * + * When an OpenVPN client makes a new connection to a server, the server + * creates a new \c context and \c multi_instance. The latter is + * registered in the \c multi_context, which makes it possible for the + * external and internal multiplexers to retrieve the correct \c + * multi_instance and \c context when a network event occurs. + * + * @subsection tunnel_state_server_cleanup Final cleanup + * + * After the main event loop exits, both \c + * tunnel_server_udp_single_threaded() and \c tunnel_server_tcp() perform + * similar cleanup. They call \c multi_uninit() followed by \c + * multi_top_free() to clean up the \c multi_context structure. + */ diff -Nru openvpn-2.6.3/doc/keying-material-exporter.txt openvpn-2.6.14/doc/keying-material-exporter.txt --- openvpn-2.6.3/doc/keying-material-exporter.txt 1970-01-01 00:00:00.000000000 +0000 +++ openvpn-2.6.14/doc/keying-material-exporter.txt 2025-04-02 06:53:10.000000000 +0000 @@ -0,0 +1,137 @@ +OpenVPN Daniel Kubec +RFC-5705 February 2015 + + + Added support for TLS Keying Material Exporters + +Keying Material Exporter [RFC-5705] allow additional keying material to be +derived from existing TLS channel. This exported keying material can then be +used for a variety of purposes. TLS allows client and server to establish +keying material for use in the upper layers between the TLS end-points and +channel bindings is straightforward and well-defined mechanism how to +authenticate other layers. + + +OpenVPN Configuration + +--keying-material-exporter label len + +Export Keying Material [RFC-5705] of len bytes (min. 16 bytes) using label in +environment (exported_keying_material) for use by plugins in +OPENVPN_PLUGIN_TLS_FINAL callback. + +Note that exporter labels have the potential to collide with existing PRF +labels. In order to prevent this, labels MUST begin with "EXPORTER". +(This option requires OpenSSL 1.0.1 or newer.) + + +Use Cases: + +Secure bindings of AAA information to application layer + + OpenVPN Client <------> OpenVPN Server + [KeyAgreement] [KeyAgreement] + + [TLSExportedKeyingMaterial] [TLSExportedKeyingMaterial] + [AAASessionKey] [AAASessionKey] + Client <------> Server + [Authenticated layer on top of (D)TLS] + + +TLS side channel authentication and straightforward bindings of AAA information +to application layer using well-defined mechanism. + + OpenVPN Client <------> OpenVPN Server + [KeyAgreement] [KeyAgreement] + + [TLSExportedKeyingMaterial] [TLSExportedKeyingMaterial] + [DerivedAAABindingKey] [DerivedAAABindingKey] + [AuthenticateBindingKeys] + Client -------> Server + [Confidential channel] + + +TLS Message flow for a full handshake + + ClientHello --------> + ServerHello + Certificate* + ServerKeyExchange* + CertificateRequest* + <-------- ServerHelloDone + Certificate* + ClientKeyExchange + CertificateVerify* + [ChangeCipherSpec] + Finished --------> + [ChangeCipherSpec] + <-------- Finished + + GenerateTLSBindingKey GenerateTLSBindingKey + + Application Data <-------> Application Data + + +Terminology + + AAA Authentication, Authorization, and Accounting: + functions that are generally required to control + access to a service and support auditing. + + Secure channel a packet, datagram, octet stream connection, or + sequence of connections between two end-points that + affords cryptographic integrity and confidentiality + to data exchanged over it. + + Channel binding the process of establishing that no man-in-the-middle + exists between two end-points that have been + authenticated using secure channel. + + TLS Binding Key Exported Keying Material [RFC5705] + + If no context is provided, it then computes: + PRF(SecurityParameters.master_secret, label, + SecurityParameters.client_random + + SecurityParameters.server_random + )[length] + + If context is provided, it computes: + PRF(SecurityParameters.master_secret, label, + SecurityParameters.client_random + + SecurityParameters.server_random + + context_value_length + context_value + )[length] + + AAA Binding Key TLS side channel authentication based on secure + channel bindings requires one more key derivation. + + SHA1(TLSExportedKeyingMaterial + ServerPublicKey) + +Reference + + [OPENAAA] "TLS side channel authentication and straightforward + bindings of AAA information to application + layer using well-defined mechanism." + Daniel Kubec March 2013 + https://github.com/n13l/openaaa + + [RFC5705] "Keying Material Exporters for TLS" + E. Rescorla, RFC 5705 March 2010 + http://tools.ietf.org/html/rfc5705 + + [RFC5929] "Channel Bindings for TLS" + J. Altman, N. Williams, L. Zhu, RFC 5929, July 2010 + http://tools.ietf.org/html/rfc5929 + + [RFC4680] "TLS Handshake Message for Supplemental Data" + S. Santesson, RFC 4680, September 2006 + http://tools.ietf.org/html/rfc4680 + + [RFC5878] "TLS Authorization Extension" + M. Brown, R. Housley, RFC 5878, May 2010 + http://tools.ietf.org/html/rfc5878 + + [RFC5746] "TLS Renegotiation Indication Extension" + E. Rescorla, M. Raym, S. Dispensa, N. Oskov + RFC 5746, February 2010 + http://tools.ietf.org/html/rfc5746 diff -Nru openvpn-2.6.3/doc/man-sections/cipher-negotiation.rst openvpn-2.6.14/doc/man-sections/cipher-negotiation.rst --- openvpn-2.6.3/doc/man-sections/cipher-negotiation.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/cipher-negotiation.rst 2025-04-02 06:53:10.000000000 +0000 @@ -1,14 +1,14 @@ Data channel cipher negotiation -=============================== +------------------------------- OpenVPN 2.4 and higher have the capability to negotiate the data cipher that is used to encrypt data packets. This section describes the mechanism in more detail and the different backwards compatibility mechanism with older server and clients. OpenVPN 2.5 and later behaviour --------------------------------- +``````````````````````````````` When both client and server are at least running OpenVPN 2.5, that the order of -the ciphers of the server's ``--data-ciphers`` is used to pick the the data cipher. +the ciphers of the server's ``--data-ciphers`` is used to pick the data cipher. That means that the first cipher in that list that is also in the client's ``--data-ciphers`` list is chosen. If no common cipher is found the client is rejected with a AUTH_FAILED message (as seen in client log): @@ -25,7 +25,7 @@ ``--cipher`` option to this list. OpenVPN 2.4 clients -------------------- +``````````````````` The negotiation support in OpenVPN 2.4 was the first iteration of the implementation and still had some quirks. Its main goal was "upgrade to AES-256-GCM when possible". An OpenVPN 2.4 client that is built against a crypto library that supports AES in GCM @@ -40,7 +40,7 @@ options to avoid this behaviour. OpenVPN 3 clients ------------------ +````````````````` Clients based on the OpenVPN 3.x library (https://github.com/openvpn/openvpn3/) do not have a configurable ``--ncp-ciphers`` or ``--data-ciphers`` option. Newer versions by default disable legacy AES-CBC, BF-CBC, and DES-CBC ciphers. @@ -52,7 +52,7 @@ OpenVPN 2.3 and older clients (and clients with ``--ncp-disable``) ------------------------------------------------------------------- +`````````````````````````````````````````````````````````````````` When a client without cipher negotiation support connects to a server the cipher specified with the ``--cipher`` option in the client configuration must be included in the ``--data-ciphers`` option of the server to allow @@ -65,7 +65,7 @@ cipher used by the client is necessary. OpenVPN 2.4 server ------------------- +`````````````````` When a client indicates support for `AES-128-GCM` and `AES-256-GCM` (with ``IV_NCP=2``) an OpenVPN 2.4 server will send the first cipher of the ``--ncp-ciphers`` to the OpenVPN client regardless of what @@ -76,7 +76,7 @@ those ciphers are present. OpenVPN 2.3 and older servers (and servers with ``--ncp-disable``) ------------------------------------------------------------------- +`````````````````````````````````````````````````````````````````` The cipher used by the server must be included in ``--data-ciphers`` to allow the client connecting to a server without cipher negotiation support. @@ -89,7 +89,7 @@ cipher used by the server is necessary. Blowfish in CBC mode (BF-CBC) deprecation ------------------------------------------- +````````````````````````````````````````` The ``--cipher`` option defaulted to `BF-CBC` in OpenVPN 2.4 and older version. The default was never changed to ensure backwards compatibility. In OpenVPN 2.5 this behaviour has now been changed so that if the ``--cipher`` diff -Nru openvpn-2.6.3/doc/man-sections/client-options.rst openvpn-2.6.14/doc/man-sections/client-options.rst --- openvpn-2.6.3/doc/man-sections/client-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/client-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -51,9 +51,9 @@ react according to ``--auth-retry`` --auth-token-user base64username - Companion option to ``--auth-token``. This options allows to override + Companion option to ``--auth-token``. This options allows one to override the username used by the client when reauthenticating with the ``auth-token``. - It also allows to use ``--auth-token`` in setups that normally do not use + It also allows one to use ``--auth-token`` in setups that normally do not use username and password. The username has to be base64 encoded. @@ -73,6 +73,17 @@ If ``up`` is omitted, username/password will be prompted from the console. + This option can also be inlined + :: + + + username + [password] + + + where password is optional, and will be prompted from the console if + missing. + The server configuration must specify an ``--auth-user-pass-verify`` script to verify the username/password provided by the client. @@ -169,7 +180,7 @@ dns search-domains domain [domain ...] dns server n address addr[:port] [addr[:port] ...] - dns server n resolve-domains|exclude-domains domain [domain ...] + dns server n resolve-domains domain [domain ...] dns server n dnssec yes|optional|no dns server n transport DoH|DoT|plain dns server n sni server-name @@ -191,14 +202,10 @@ Optionally a port can be appended after a colon. IPv6 addresses need to be enclosed in brackets if a port is appended. - The ``resolve-domains`` and ``exclude-domains`` options take one or - more DNS domains which are explicitly resolved or explicitly not resolved - by a server. Only one of the options can be configured for a server. - ``resolve-domains`` is used to define a split-dns setup, where only - given domains are resolved by a server. ``exclude-domains`` is used to - define domains which will never be resolved by a server (e.g. domains - which can only be resolved locally). Systems which do not support fine - grained DNS domain configuration, will ignore these settings. + The ``resolve-domains`` option takes one or more DNS domains used to define + a split-dns or dns-routing setup, where only the given domains are resolved + by the server. Systems which do not support fine grained DNS domain + configuration will ignore this setting. The ``dnssec`` option is used to configure validation of DNSSEC records. While the exact semantics may differ for resolvers on different systems, @@ -343,31 +350,31 @@ :code:`IV_PLAT=[linux|solaris|openbsd|mac|netbsd|freebsd|win]` The client OS platform - :code:`IV_LZO_STUB=1` - If client was built with LZO stub capability - - :code:`IV_LZ4=1` - If the client supports LZ4 compressions. - :code:`IV_PROTO` Details about protocol extensions that the peer supports. The - variable is a bitfield and the bits are defined as follows - (starting a bit 0 for the first (unused) bit: + variable is a bitfield and the bits are defined as follows: + - bit 0: Reserved, should always be zero - bit 1: The peer supports peer-id floating mechanism - bit 2: The client expects a push-reply and the server may send this reply without waiting for a push-request first. - bit 3: The client is capable of doing key derivation using RFC5705 key material exporter. - bit 4: The client is capable of accepting additional arguments - to the `AUTH_PENDING` message. + to the ``AUTH_PENDING`` message. + - bit 5: The client supports doing feature negotiation in P2P mode + - bit 6: The client is capable of parsing and receiving the ``--dns`` pushed option + - bit 7: The client is capable of sending exit notification via control channel using ``EXIT`` message. Also, the client is accepting the protocol-flags pushed option for the EKM capability + - bit 8: The client is capable of accepting ``AUTH_FAILED,TEMP`` messages + - bit 9: The client is capable of dynamic tls-crypt :code:`IV_NCP=2` Negotiable ciphers, client supports ``--cipher`` pushed by the server, a value of 2 or greater indicates client supports - *AES-GCM-128* and *AES-GCM-256*. + *AES-GCM-128* and *AES-GCM-256*. IV_NCP is *deprecated* in + favor of ``IV_CIPHERS``. - :code:`IV_CIPHERS=` + :code:`IV_CIPHERS=` The client announces the list of supported ciphers configured with the ``--data-ciphers`` option to the server. @@ -378,10 +385,30 @@ :code:`IV_GUI_VER= ` The UI version of a UI if one is running, for example :code:`de.blinkt.openvpn 0.5.47` for the Android app. + This may be set by the client UI/GUI using ``--setenv``. :code:`IV_SSO=[crtext,][openurl,][proxy_url]` Additional authentication methods supported by the client. - This may be set by the client UI/GUI using ``--setenv`` + This may be set by the client UI/GUI using ``--setenv``. + + The following flags depend on which compression formats are compiled in + and whether compression is allowed by options. See `Protocol options`_ + for more details. + + :code:`IV_LZO=1` + If client supports LZO compression. + + :code:`IV_LZO_STUB=1` + If client was built with LZO stub capability. This is only sent if + ``IV_LZO=1`` is not sent. This means the client can talk to a server + configured with ``--comp-lzo no``. + + :code:`IV_LZ4=1` and :code:`IV_LZ4v2=1` + If the client supports LZ4 compression. + + :code:`IV_COMP_STUB=1` and :code:`IV_COMP_STUBv2=1` + If the client supports stub compression. This means the client can talk + to a server configured with ``--compress``. When ``--push-peer-info`` is enabled the additional information consists of the following data: @@ -392,15 +419,21 @@ OpenVPN 2.x and some other implementations use the MAC address of the client's interface used to reach the default gateway. If this string is generated by the client, it should be consistent and - preserved across independent session and preferably + preserved across independent sessions and preferably re-installations and upgrades. :code:`IV_SSL=` - The ssl version used by the client, e.g. + The ssl library version used by the client, e.g. :code:`OpenSSL 1.0.2f 28 Jan 2016`. :code:`IV_PLAT_VER=x.y` The version of the operating system, e.g. 6.1 for Windows 7. + This may be set by the client UI/GUI using ``--setenv``. + On Windows systems it is automatically determined by openvpn + itself. On other platforms OpenVPN will default to sending + the information returned by the `uname()` system call in + the `release` field, which is usually the currently running + kernel version. This is highly system specific, though. :code:`UV_=` Client environment variables whose names start with diff -Nru openvpn-2.6.3/doc/man-sections/connection-profiles.rst openvpn-2.6.14/doc/man-sections/connection-profiles.rst --- openvpn-2.6.3/doc/man-sections/connection-profiles.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/connection-profiles.rst 2025-04-02 06:53:10.000000000 +0000 @@ -6,7 +6,7 @@ options which are related to specific ``--remote`` options. For these use cases, connection profiles are the solution. -By enacpulating the ``--remote`` option and related options within +By encapsulating the ``--remote`` option and related options within ```` and ````, these options are handled as a group. diff -Nru openvpn-2.6.3/doc/man-sections/encryption-options.rst openvpn-2.6.14/doc/man-sections/encryption-options.rst --- openvpn-2.6.3/doc/man-sections/encryption-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/encryption-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -1,8 +1,8 @@ Encryption Options -================== +------------------ SSL Library information ------------------------ +``````````````````````` --show-ciphers (Standalone) Show all cipher algorithms to use with the ``--cipher`` @@ -32,7 +32,7 @@ ``--ecdh-curve`` and ``tls-groups`` options. Generating key material ------------------------ +``````````````````````` --genkey args (Standalone) Generate a key to be used of the type keytype. if keyfile diff -Nru openvpn-2.6.3/doc/man-sections/example-fingerprint.rst openvpn-2.6.14/doc/man-sections/example-fingerprint.rst --- openvpn-2.6.3/doc/man-sections/example-fingerprint.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/example-fingerprint.rst 2025-04-02 06:53:10.000000000 +0000 @@ -18,7 +18,7 @@ 2. Generate a self-signed certificate for the server: :: - openssl req -x509 -newkey ec:<(openssl ecparam -name secp384r1) -keyout server.key -out server.crt -nodes -sha256 -days 3650 -subj '/CN=server' + openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -keyout server.key -out server.crt -nodes -sha256 -days 3650 -subj '/CN=server' 3. Generate SHA256 fingerprint of the server certificate @@ -28,7 +28,7 @@ openssl x509 -fingerprint -sha256 -in server.crt -noout - This output something similar to: + This outputs something similar to: :: SHA256 Fingerprint=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff @@ -64,6 +64,12 @@ # Ping every 60s, restart if no data received for 5 minutes keepalive 60 300 + # Uncomment the line below if you want to have persistent IP addresses + # ifconfig-pool-persist /etc/openvpn/server/ipp.txt + + # Uncomment the line below to push a DNS server to clients + # push "dhcp-option DNS 1.1.1.1" + 5. Add at least one client as described in the client section. 6. Start the server. @@ -85,7 +91,7 @@ different name for each client. :: - openssl req -x509 -newkey ec:<(openssl ecparam -name secp384r1) -nodes -sha256 -days 3650 -subj '/CN=alice' + openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -keyout - -nodes -sha256 -days 3650 -subj '/CN=alice' This generate a certificate and a key for the client. The output of the command will look something like this: @@ -162,7 +168,7 @@ ff:ee:dd:cc:bb:aa:99:88:77:66:55:44:33:22:11:00:ff:ee:dd:cc:bb:aa:99:88:77:66:55:44:33:22:11:00 99:88:77:66:55:44:33:22:11:00:ff:ee:dd:cc:bb:aa:99:88:77:66:55:44:33:22:11:00:88:77:66:55:44:33 - + 6. (optional) if the client is an older client that does not support the :code:`peer-fingerprint` (e.g. OpenVPN 2.5 and older, OpenVPN Connect 3.3 diff -Nru openvpn-2.6.3/doc/man-sections/generic-options.rst openvpn-2.6.14/doc/man-sections/generic-options.rst --- openvpn-2.6.3/doc/man-sections/generic-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/generic-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -19,9 +19,6 @@ When using ``--auth-nocache`` in combination with a user/password file and ``--chroot`` or ``--daemon``, make sure to use an absolute path. - This directive does not affect the ``--http-proxy`` username/password. - It is always cached. - --cd dir Change directory to ``dir`` prior to reading any files such as configuration files, key files, scripts, etc. ``dir`` should be an @@ -75,7 +72,7 @@ to the configuration if no other compression options are present. - 2.4.x or lower: The cipher in ``--cipher`` is appended to ``--data-ciphers``. - - 2.3.x or lower: ``--data-cipher-fallback`` is automatically added with + - 2.3.x or lower: ``--data-ciphers-fallback`` is automatically added with the same cipher as ``--cipher``. - 2.3.6 or lower: ``--tls-version-min 1.0`` is added to the configuration when ``--tls-version-min`` is not explicitly set. @@ -215,7 +212,7 @@ are supported by OpenSSL. --fast-io - (Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to + Optimize TUN/TAP/UDP I/O writes by avoiding a call to poll/epoll/select prior to the write operation. The purpose of such a call would normally be to block until the device or socket is ready to accept the write. Such blocking is unnecessary on some platforms which @@ -483,7 +480,7 @@ * :code:`OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY` plug-in hooks returns success/failure via :code:`auth_control_file` when using deferred auth - method and pending authentification via :code:`pending_auth_file`. + method and pending authentication via :code:`pending_auth_file`. --use-prediction-resistance Enable prediction resistance on mbed TLS's RNG. diff -Nru openvpn-2.6.3/doc/man-sections/inline-files.rst openvpn-2.6.14/doc/man-sections/inline-files.rst --- openvpn-2.6.3/doc/man-sections/inline-files.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/inline-files.rst 2025-04-02 06:53:10.000000000 +0000 @@ -5,7 +5,7 @@ ``--cert``, ``--dh``, ``--extra-certs``, ``--key``, ``--pkcs12``, ``--secret``, ``--crl-verify``, ``--http-proxy-user-pass``, ``--tls-auth``, ``--auth-gen-token-secret``, ``--peer-fingerprint``, ``--tls-crypt``, -``--tls-crypt-v2`` and ``--verify-hash`` options. +``--tls-crypt-v2``, ``--verify-hash`` and ``--auth-user-pass`` options. Each inline file started by the line ```` diff -Nru openvpn-2.6.3/doc/man-sections/pkcs11-options.rst openvpn-2.6.14/doc/man-sections/pkcs11-options.rst --- openvpn-2.6.3/doc/man-sections/pkcs11-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/pkcs11-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -1,5 +1,5 @@ PKCS#11 / SmartCard options ---------------------------- +``````````````````````````` --pkcs11-cert-private args Set if access to certificate object should be performed after login. diff -Nru openvpn-2.6.3/doc/man-sections/protocol-options.rst openvpn-2.6.14/doc/man-sections/protocol-options.rst --- openvpn-2.6.3/doc/man-sections/protocol-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/protocol-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -288,3 +288,11 @@ a key renegotiation begins (default :code:`3600` seconds). This feature allows for a graceful transition from old to new key, and removes the key renegotiation sequence from the critical path of tunnel data forwarding. + +--force-tls-key-material-export + This option is only available in --mode server and forces to use + Keying Material Exporters (RFC 5705) for clients. This can be used to + simulate an environment where the cryptographic library does not support + the older method to generate data channel keys anymore. This option is + intended to be a test option and might be removed in a future OpenVPN + version without notice. diff -Nru openvpn-2.6.3/doc/man-sections/proxy-options.rst openvpn-2.6.14/doc/man-sections/proxy-options.rst --- openvpn-2.6.3/doc/man-sections/proxy-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/proxy-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -1,14 +1,10 @@ ---show-proxy-settings - Show sensed HTTP or SOCKS proxy settings. Currently, only Windows - clients support this option. - --http-proxy args Connect to remote host through an HTTP proxy. This requires at least an address ``server`` and ``port`` argument. If HTTP Proxy-Authenticate is required, a file name to an ``authfile`` file containing a username and password on 2 lines can be given, or :code:`stdin` to prompt from console. Its content can also be specified in the config file with the - ``--http-proxy-user-pass`` option. (See section on inline files) + ``--http-proxy-user-pass`` option (See `INLINE FILE SUPPORT`_). The last optional argument is an ``auth-method`` which should be one of :code:`none`, :code:`basic`, or :code:`ntlm`. @@ -29,11 +25,40 @@ Examples: :: + # no authentication http-proxy proxy.example.net 3128 + # basic authentication, load credentials from file http-proxy proxy.example.net 3128 authfile.txt + # basic authentication, ask user for credentials http-proxy proxy.example.net 3128 stdin - http-proxy proxy.example.net 3128 auto basic - http-proxy proxy.example.net 3128 auto-nct ntlm + # NTLM authentication, load credentials from file + http-proxy proxy.example.net 3128 authfile.txt ntlm2 + # determine which authentication is required, ask user for credentials + http-proxy proxy.example.net 3128 auto + # determine which authentication is required, but reject basic + http-proxy proxy.example.net 3128 auto-nct + # determine which authentication is required, but set credentials + http-proxy proxy.example.net 3128 auto + http-proxy-user-pass authfile.txt + # basic authentication, specify credentials inline + http-proxy proxy.example.net 3128 "" basic + + username + password + + +--http-proxy-user-pass userpass + Overwrite the username/password information for ``--http-proxy``. If specified + as an inline option (see `INLINE FILE SUPPORT`_), it will be interpreted as + username/password separated by a newline. When specified on the command line + it is interpreted as a filename same as the third argument to ``--http-proxy``. + + Example:: + + + username + password + --http-proxy-option args Set extended HTTP proxy options. Requires an option ``type`` as argument diff -Nru openvpn-2.6.3/doc/man-sections/renegotiation.rst openvpn-2.6.14/doc/man-sections/renegotiation.rst --- openvpn-2.6.3/doc/man-sections/renegotiation.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/renegotiation.rst 2025-04-02 06:53:10.000000000 +0000 @@ -1,5 +1,5 @@ Data Channel Renegotiation --------------------------- +`````````````````````````` When running OpenVPN in client/server mode, the data channel will use a separate ephemeral encryption key which is rotated at regular intervals. diff -Nru openvpn-2.6.3/doc/man-sections/script-options.rst openvpn-2.6.14/doc/man-sections/script-options.rst --- openvpn-2.6.3/doc/man-sections/script-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/script-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -423,6 +423,14 @@ See the `Environmental Variables`_ section below for additional parameters passed as environmental variables. +--tls-export-cert dir + Adds an environment variable ``peer_cert`` when calling the + ``--tls-verify`` script or executing the OPENVPN_PLUGIN_TLS_VERIFY plugin + hook to verify the certificate. + + The environment variable contains the path to a PEM encoded certificate + of the current peer certificate in the directory ``dir``. + --up cmd Run command ``cmd`` after successful TUN/TAP device open (pre ``--user`` UID change). @@ -633,6 +641,7 @@ Name of first ``--config`` file. Set on program initiation and reset on SIGHUP. + :code:`daemon` Set to "1" if the ``--daemon`` directive is specified, or "0" otherwise. Set on program initiation and reset on SIGHUP. @@ -663,7 +672,6 @@ dns_server_{n}_address_{m} dns_server_{n}_port_{m} dns_server_{n}_resolve_domain_{m} - dns_server_{n}_exclude_domain_{m} dns_server_{n}_dnssec dns_server_{n}_transport dns_server_{n}_sni @@ -674,13 +682,6 @@ recorded to this environmental variable sequence prior to ``--up`` script execution. -:code:`ifconfig_broadcast` - The broadcast address for the virtual ethernet segment which is derived - from the ``--ifconfig`` option when ``--dev tap`` is used. Set prior to - OpenVPN calling the :code:`ifconfig` or :code:`netsh` (windows version - of ifconfig) commands which normally occurs prior to ``--up`` script - execution. - :code:`ifconfig_ipv6_local` The local VPN endpoint IPv6 address specified in the ``--ifconfig-ipv6`` option (first parameter). Set prior to OpenVPN @@ -723,30 +724,53 @@ occurs prior to ``--up`` script execution. :code:`ifconfig_pool_local_ip` - The local virtual IP address for the TUN/TAP tunnel taken from an + The local virtual IPv4 address for the TUN/TAP tunnel taken from an ``--ifconfig-push`` directive if specified, or otherwise from the ifconfig pool (controlled by the ``--ifconfig-pool`` config file directive). Only set for ``--dev tun`` tunnels. This option is set on the server prior to execution of the ``--client-connect`` and ``--client-disconnect`` scripts. +:code:`ifconfig_pool_local_ip6` + The local virtual IPv6 address for the TUN/TAP tunnel taken from an + ``--ifconfig-ipv6-push`` directive if specified, or otherwise from the + ifconfig pool (controlled by the ``--ifconfig-ipv6-pool`` config file + directive). Only set for ``--dev tun`` tunnels. This option is set on + the server prior to execution of the ``--client-connect`` and + ``--client-disconnect`` scripts. + :code:`ifconfig_pool_netmask` - The virtual IP netmask for the TUN/TAP tunnel taken from an + The virtual IPv4 netmask for the TUN/TAP tunnel taken from an ``--ifconfig-push`` directive if specified, or otherwise from the ifconfig pool (controlled by the ``--ifconfig-pool`` config file directive). Only set for ``--dev tap`` tunnels. This option is set on the server prior to execution of the ``--client-connect`` and ``--client-disconnect`` scripts. +:code:`ifconfig_pool_ip6_netbits` + The virtual IPv6 prefix length for the TUN/TAP tunnel taken from an + ``--ifconfig-ipv6-push`` directive if specified, or otherwise from the + ifconfig pool (controlled by the ``--ifconfig-ipv6-pool`` config file + directive). Only set for ``--dev tap`` tunnels. This option is set on + the server prior to execution of the ``--client-connect`` and + ``--client-disconnect`` scripts. + :code:`ifconfig_pool_remote_ip` - The remote virtual IP address for the TUN/TAP tunnel taken from an + The remote virtual IPv4 address for the TUN/TAP tunnel taken from an ``--ifconfig-push`` directive if specified, or otherwise from the ifconfig pool (controlled by the ``--ifconfig-pool`` config file directive). This option is set on the server prior to execution of the ``--client-connect`` and ``--client-disconnect`` scripts. +:code:`ifconfig_pool_remote_ip6` + The remote virtual IPv6 address for the TUN/TAP tunnel taken from an + ``--ifconfig-ipv6-push`` directive if specified, or otherwise from the + ifconfig pool (controlled by the ``--ifconfig-ipv6-pool`` config file + directive). This option is set on the server prior to execution of the + ``--client-connect`` and ``--client-disconnect`` scripts. + :code:`link_mtu` - No longer passed to scripts since OpenVPN 2.6.0. Used to be the + *REMOVED* No longer passed to scripts since OpenVPN 2.6.0. Used to be the maximum packet size (not including the IP header) of tunnel data in UDP tunnel transport mode. @@ -764,6 +788,11 @@ modifier is specified, and deleted from the environment after the script returns. +:code:`peer_cert` + If the option ``--tls-export-cert`` is enabled, this option contains + the path to the current peer certificate to be verified in PEM format. + See also the argument certificate_depth to the ``--tls-verify`` command. + :code:`proto` The ``--proto`` parameter. Set on program initiation and reset on SIGHUP. @@ -814,10 +843,6 @@ translations will be recorded rather than their names as denoted on the command line or configuration file. -:code:`peer_cert` - Temporary file name containing the client certificate upon connection. - Useful in conjunction with ``--tls-verify``. - :code:`script_context` Set to "init" or "restart" prior to up/down script execution. For more information, see documentation for ``--up``. @@ -921,6 +946,9 @@ verification level is 0 for the client certificate and 1 for the CA certificate. + You can use the ``--x509-track`` option to export more or less information + from the certificates. + :: X509_0_emailAddress=me@myhost.mydomain diff -Nru openvpn-2.6.3/doc/man-sections/server-options.rst openvpn-2.6.14/doc/man-sections/server-options.rst --- openvpn-2.6.3/doc/man-sections/server-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/server-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -429,7 +429,7 @@ ``dir`` specifies an optional directory where a temporary file with name N containing content C will be dynamically generated for each proxy - connection, where N is the source IP:port of the client connection and C + connection, where C is the source IP:port of the client connection and N is the source IP:port of the connection to the proxy receiver. This directory can be used as a dictionary by the proxy receiver to determine the origin of the connection. Each generated file will be automatically @@ -739,7 +739,7 @@ --vlan-pvid v Specifies which VLAN identifier a "port" is associated with. Only valid - when ``--vlan-tagging`` is speficied. + when ``--vlan-tagging`` is specified. In the client context, the setting specifies which VLAN ID a client is associated with. In the global context, the VLAN ID of the server TAP diff -Nru openvpn-2.6.3/doc/man-sections/tls-options.rst openvpn-2.6.14/doc/man-sections/tls-options.rst --- openvpn-2.6.3/doc/man-sections/tls-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/tls-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -1,5 +1,5 @@ TLS Mode Options ----------------- +```````````````` TLS mode is the most powerful crypto mode of OpenVPN in both security and flexibility. TLS mode works by establishing control and data @@ -522,7 +522,9 @@ stack (including the notoriously dangerous X.509 and ASN.1 stacks) to the connecting client. - OpenVPN supplies the following environment variables to the command: + OpenVPN supplies the following environment variables to the command (and + only these variables. The normal environment variables available for + other scripts are NOT present): * :code:`script_type` is set to :code:`tls-crypt-v2-verify` @@ -537,14 +539,9 @@ code. --tls-exit - Exit on TLS negotiation failure. - ---tls-export-cert directory - Store the certificates the clients use upon connection to this - directory. This will be done before ``--tls-verify`` is called. The - certificates will use a temporary name and will be deleted when the - tls-verify script returns. The file name used for the certificate is - available via the ``peer_cert`` environment variable. + Exit on TLS negotiation failure. This option can be useful when you only + want to make one attempt at connecting, e.g. in a test or monitoring script. + (OpenVPN's own test suite uses it this way.) --tls-server Enable TLS and assume server role during TLS handshake. Note that @@ -684,10 +681,29 @@ --x509-track attribute Save peer X509 **attribute** value in environment for use by plugins and management interface. Prepend a :code:`+` to ``attribute`` to save values - from full cert chain. Values will be encoded as - :code:`X509__=`. Multiple ``--x509-track`` + from full cert chain. Otherwise the attribute will only be exported for + the leaf cert (i.e. depth :code:`0` of the cert chain). Values will be + encoded as :code:`X509__=`. Multiple ``--x509-track`` options can be defined to track multiple attributes. + ``attribute`` can be any part of the X509 Subject field or any X509v3 + extension (RFC 3280). X509v3 extensions might not be supported when + not using the default TLS backend library (OpenSSL). You can also + request the ``SHA1`` and ``SHA256`` fingerprints of the cert, + but that is always exported as :code:`tls_digest_{n}` and + :code:`tls_digest_sha256_{n}` anyway. + + Note that by default **all** parts of the X509 Subject field are exported in + the environment for the whole cert chain. If you use ``--x509-track`` at least + once **only** the attributes specified by these options are exported. + + Examples:: + + x509-track CN # exports only X509_0_CN + x509-track +CN # exports X509_{n}_CN for chain + x509-track basicConstraints # exports value of "X509v3 Basic Constraints" + x509-track SHA256 # exports SHA256 fingerprint + --x509-username-field args Fields in the X.509 certificate subject to be used as the username (default :code:`CN`). If multiple fields are specified their values diff -Nru openvpn-2.6.3/doc/man-sections/vpn-network-options.rst openvpn-2.6.14/doc/man-sections/vpn-network-options.rst --- openvpn-2.6.3/doc/man-sections/vpn-network-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/vpn-network-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -140,7 +140,7 @@ Valid syntax: :: - dhcp-options type [parm] + dhcp-option type [parm] :code:`DOMAIN` ``name`` Set Connection-specific DNS Suffix to :code:`name`. @@ -235,7 +235,7 @@ address and subnet mask just as a physical ethernet adapter would be similarly configured. If you are attempting to connect to a remote ethernet bridge, the IP address and subnet should be set to values which - would be valid on the the bridged ethernet segment (note also that DHCP + would be valid on the bridged ethernet segment (note also that DHCP can be used for the same purpose). This option, while primarily a proxy for the ``ifconfig``\(8) command, @@ -420,7 +420,7 @@ route-delay route-delay n - route-delay n m + route-delay n w Delay ``n`` seconds (default :code:`0`) after connection establishment, before adding routes. If ``n`` is :code:`0`, routes will be added @@ -434,7 +434,7 @@ to complete before routes are added. On Windows, ``--route-delay`` tries to be more intelligent by waiting - ``w`` seconds (default :code:`30` by default) for the TAP-Win32 adapter + ``w`` seconds (default :code:`30`) for the TAP-Win32 adapter to come up before adding routes. --route-ipv6 args @@ -499,7 +499,7 @@ Use a point-to-point topology, by allocating one /30 subnet per client. This is designed to allow point-to-point semantics when some or all of the connecting clients might be Windows systems. This is the - default on OpenVPN 2.0. + default. :code:`p2p` Use a point-to-point topology where the remote endpoint of @@ -513,12 +513,7 @@ configuring the tun interface with a local IP address and subnet mask, similar to the topology used in ``--dev tap`` and ethernet bridging mode. This mode allocates a single IP address per connecting client and - works on Windows as well. Only available when server and clients are - OpenVPN 2.1 or higher, or OpenVPN 2.0.x which has been manually patched - with the ``--topology`` directive code. When used on Windows, requires - version 8.2 or higher of the TAP-Win32 driver. When used on \*nix, - requires that the tun driver supports an ``ifconfig``\(8) command which - sets a subnet instead of a remote endpoint IP address. + works on Windows as well. *Note:* Using ``--topology subnet`` changes the interpretation of the arguments of ``--ifconfig`` to mean "address netmask", no longer "local @@ -553,7 +548,7 @@ It's best to use the ``--fragment`` and/or ``--mssfix`` options to deal with MTU sizing issues. - Note: Depending on the platform, the operating system allows to receive + Note: Depending on the platform, the operating system allows one to receive packets larger than ``tun-mtu`` (e.g. Linux and FreeBSD) but other platforms (like macOS) limit received packets to the same size as the MTU. @@ -589,7 +584,7 @@ One of the advantages of persistent tunnels is that they eliminate the need for separate ``--up`` and ``--down`` scripts to run the appropriate ``ifconfig``\(8) and ``route``\(8) commands. These commands can be - placed in the the same shell script which starts or terminates an + placed in the same shell script which starts or terminates an OpenVPN session. Another advantage is that open connections through the TUN/TAP-based diff -Nru openvpn-2.6.3/doc/man-sections/windows-options.rst openvpn-2.6.14/doc/man-sections/windows-options.rst --- openvpn-2.6.3/doc/man-sections/windows-options.rst 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/man-sections/windows-options.rst 2025-04-02 06:53:10.000000000 +0000 @@ -55,6 +55,13 @@ cryptoapicert "ISSUER:Sample CA" + To select a certificate based on a certificate's template name or + OID of the template: + :: + + cryptoapicert "TMPL:Name of Template" + cryptoapicert "TMPL:1.3.6.1.4..." + The first non-expired certificate found in the user's store or the machine store that matches the select-string is used. diff -Nru openvpn-2.6.3/doc/openvpn-examples.5 openvpn-2.6.14/doc/openvpn-examples.5 --- openvpn-2.6.3/doc/openvpn-examples.5 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/openvpn-examples.5 2025-04-02 06:53:10.000000000 +0000 @@ -1,8 +1,5 @@ .\" Man page generated from reStructuredText. . -.TH OPENVPN EXAMPLES 5 "" "" "Configuration files" -.SH NAME -openvpn examples \- Secure IP tunnel daemon . .nr rst2man-indent-level 0 . @@ -30,6 +27,9 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. +.TH "OPENVPN EXAMPLES" 5 "" "" "Configuration files" +.SH NAME +openvpn examples \- Secure IP tunnel daemon .SH INTRODUCTION .sp This man page gives a few simple examples to create OpenVPN setups and configuration files. @@ -464,7 +464,7 @@ .ft C openvpn \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-tls\-server \-\-dev tun \-\-dh none \e \-\-cert bob.pem \-\-key bob.pem \-\-cipher AES\-256\-GCM \e - \-\-peer\-fingerprint "$fingerprint_of_alices_cert" + \-\-peer\-fingerprint \(dq$fingerprint_of_alices_cert\(dq .ft P .fi .UNINDENT @@ -479,7 +479,7 @@ openvpn \-\-remote bob.example.com \-\-tls\-client \-\-dev tun1 \e \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-cipher AES\-256\-GCM \e \-\-cert alice.pem \-\-key alice.pem \e - \-\-peer\-fingerprint "$fingerprint_of_bobs_cert" + \-\-peer\-fingerprint \(dq$fingerprint_of_bobs_cert\(dq .ft P .fi .UNINDENT diff -Nru openvpn-2.6.3/doc/openvpn-examples.5.html openvpn-2.6.14/doc/openvpn-examples.5.html --- openvpn-2.6.3/doc/openvpn-examples.5.html 2023-04-13 05:57:29.000000000 +0000 +++ openvpn-2.6.14/doc/openvpn-examples.5.html 2025-04-02 06:53:10.000000000 +0000 @@ -1,20 +1,20 @@ - + - + openvpn examples