From 4833dd29088c0268faae46fc6720aa8b28c229ce Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 19 Mar 2014 22:46:30 +0100 Subject: Update openvpn to icsopenvpn_612 branch Fixes triple handshakes if OpenVPN is even affected. --HG-- extra : rebase_source : 76e5c54a92631a51ae35d023b684b0f7e7b9a3f5 --- main/openvpn/src/openvpn/manage.c | 2 ++ main/openvpn/src/openvpn/options.c | 8 ++++++-- main/openvpn/src/openvpn/ssl_openssl.c | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/main/openvpn/src/openvpn/manage.c b/main/openvpn/src/openvpn/manage.c index 855ed042..a6433178 100644 --- a/main/openvpn/src/openvpn/manage.c +++ b/main/openvpn/src/openvpn/manage.c @@ -1161,10 +1161,12 @@ man_dispatch_command (struct management *man, struct status_output *so, const ch if (man_need (man, p, 1, 0)) man_signal (man, p[1]); } +#ifdef TARGET_ANDROID else if (streq (p[0], "network-change")) { man_network_change(man); } +#endif else if (streq (p[0], "load-stats")) { man_load_stats (man); diff --git a/main/openvpn/src/openvpn/options.c b/main/openvpn/src/openvpn/options.c index e278e2b9..eea906b3 100644 --- a/main/openvpn/src/openvpn/options.c +++ b/main/openvpn/src/openvpn/options.c @@ -1994,6 +1994,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne #ifdef ENABLE_HTTP_PROXY if ((ce->http_proxy_options) && ce->proto != PROTO_TCP_CLIENT) msg (M_USAGE, "--http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)"); + if ((ce->http_proxy_options) && !ce->http_proxy_options->server) + msg (M_USAGE, "--http-proxy not specified but other http proxy options present"); #endif #if defined(ENABLE_HTTP_PROXY) && defined(ENABLE_SOCKS) @@ -5252,8 +5254,10 @@ add_option (struct options *options, } else if (streq (p[0], "max-routes")) { - msg (msglevel, "--max-routes option ignored. The number of routes is unlimited as of version 2.4. " - "This option will be removed in a future version, please remove it from your configuration."); + msg (M_WARN, "DEPRECATED OPTION: --max-routes option ignored." + "The number of routes is unlimited as of version 2.4. " + "This option will be removed in a future version, " + "please remove it from your configuration."); } else if (streq (p[0], "route-gateway") && p[1]) { diff --git a/main/openvpn/src/openvpn/ssl_openssl.c b/main/openvpn/src/openvpn/ssl_openssl.c index f0796526..68a1d591 100644 --- a/main/openvpn/src/openvpn/ssl_openssl.c +++ b/main/openvpn/src/openvpn/ssl_openssl.c @@ -180,7 +180,7 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags) /* process SSL options including minimum TLS version we will accept from peer */ { - long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK; if (tls_version_min > TLS_VER_1_0) sslopt |= SSL_OP_NO_TLSv1; -- cgit v1.2.3