SOURCES: openvpn-2.0_rc16MH.patch - for 2.0.6
zawadaa
zawadaa at pld-linux.org
Thu Apr 6 23:58:27 CEST 2006
Author: zawadaa Date: Thu Apr 6 21:58:27 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- for 2.0.6
---- Files affected:
SOURCES:
openvpn-2.0_rc16MH.patch (1.1 -> 1.2)
---- Diffs:
================================================================
Index: SOURCES/openvpn-2.0_rc16MH.patch
diff -u SOURCES/openvpn-2.0_rc16MH.patch:1.1 SOURCES/openvpn-2.0_rc16MH.patch:1.2
--- SOURCES/openvpn-2.0_rc16MH.patch:1.1 Mon Aug 29 22:48:16 2005
+++ SOURCES/openvpn-2.0_rc16MH.patch Thu Apr 6 23:58:22 2006
@@ -528,15 +528,16 @@
if (!socket_defined (new_sd))
msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed");
-@@ -523,14 +532,14 @@
+@@ -522,7 +531,7 @@
#endif
else
{
- new_sd = accept (sd, (struct sockaddr *) remote, &remote_len);
+ new_sd = accept (sd, (struct sockaddr *) &act->dest.sa, &remote_len);
}
-
- if (!socket_defined (new_sd))
+
+ #if 0 /* For debugging only, test the effect of accept() failures */
+@@ -538,7 +547,7 @@
{
msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd);
}
@@ -1719,9 +1720,9 @@
#endif
#endif
diff -ur openvpn-2.0_rc16/ssl.c openvpn-2.0_rc16MH/ssl.c
---- openvpn-2.0_rc16/ssl.c 2005-02-15 21:12:55.000000000 -0700
-+++ openvpn-2.0_rc16MH/ssl.c 2005-02-25 14:47:45.000000000 -0700
-@@ -362,7 +362,7 @@
+--- openvpn-2.0_rc16/ssl.c.orig 2005-12-13 17:10:01.000000000 +0000
++++ openvpn-2.0_rc16MH/ssl.c 2006-04-06 20:23:48.000000000 +0000
+@@ -373,7 +373,7 @@
static void
setenv_untrusted (struct tls_session *session)
{
@@ -1730,7 +1731,7 @@
}
static void
-@@ -1784,7 +1784,7 @@
+@@ -1814,7 +1814,7 @@
write_control_auth (struct tls_session *session,
struct key_state *ks,
struct buffer *buf,
@@ -1739,7 +1740,7 @@
int opcode,
int max_ack,
bool prepend_ack)
-@@ -1792,7 +1792,7 @@
+@@ -1822,7 +1822,7 @@
uint8_t *header;
struct buffer null = clear_buf ();
@@ -1748,7 +1749,7 @@
ASSERT (reliable_ack_write
(ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack));
ASSERT (session_id_write_prepend (&session->session_id, buf));
-@@ -1804,7 +1804,7 @@
+@@ -1834,7 +1834,7 @@
openvpn_encrypt (buf, null, &session->tls_auth, NULL);
ASSERT (swap_hmac (buf, &session->tls_auth, false));
}
@@ -1757,7 +1758,7 @@
}
/*
-@@ -1813,7 +1813,7 @@
+@@ -1843,7 +1843,7 @@
static bool
read_control_auth (struct buffer *buf,
const struct crypto_options *co,
@@ -1766,7 +1767,7 @@
{
struct gc_arena gc = gc_new ();
-@@ -1826,7 +1826,7 @@
+@@ -1856,7 +1856,7 @@
{
msg (D_TLS_ERRORS,
"TLS Error: cannot locate HMAC in incoming packet from %s",
@@ -1775,7 +1776,7 @@
gc_free (&gc);
return false;
}
-@@ -1838,7 +1838,7 @@
+@@ -1868,7 +1868,7 @@
{
msg (D_TLS_ERRORS,
"TLS Error: incoming packet authentication failed from %s",
@@ -1784,7 +1785,7 @@
gc_free (&gc);
return false;
}
-@@ -2720,7 +2720,7 @@
+@@ -2757,7 +2757,7 @@
tls_process (struct tls_multi *multi,
struct tls_session *session,
struct buffer *to_link,
@@ -1793,7 +1794,7 @@
struct link_socket_info *to_link_socket_info,
interval_t *wakeup)
{
-@@ -3113,7 +3113,7 @@
+@@ -3151,7 +3151,7 @@
bool
tls_multi_process (struct tls_multi *multi,
struct buffer *to_link,
@@ -1802,7 +1803,7 @@
struct link_socket_info *to_link_socket_info,
interval_t *wakeup)
{
-@@ -3137,7 +3137,7 @@
+@@ -3177,7 +3177,7 @@
/* set initial remote address */
if (i == TM_ACTIVE && ks->state == S_INITIAL &&
@@ -1811,7 +1812,7 @@
ks->remote_addr = to_link_socket_info->lsa->actual;
dmsg (D_TLS_DEBUG,
-@@ -3146,17 +3146,30 @@
+@@ -3186,17 +3186,30 @@
state_name (ks->state),
session_id_print (&session->session_id, &gc),
session_id_print (&ks->session_id_remote, &gc),
@@ -1845,7 +1846,7 @@
* If tls_process hits an error:
* (1) If the session has an unexpired lame duck key, preserve it.
* (2) Reinitialize the session.
-@@ -3275,7 +3288,7 @@
+@@ -3315,7 +3328,7 @@
bool
tls_pre_decrypt (struct tls_multi *multi,
@@ -1854,7 +1855,7 @@
struct buffer *buf,
struct crypto_options *opt)
{
-@@ -3317,7 +3330,7 @@
+@@ -3357,7 +3370,7 @@
if (DECRYPT_KEY_ENABLED (multi, ks)
&& key_id == ks->key_id
&& ks->authenticated
@@ -1863,7 +1864,7 @@
{
/* return appropriate data channel decrypt key in opt */
opt->key_ctx_bi = &ks->key;
-@@ -3330,7 +3343,7 @@
+@@ -3370,7 +3383,7 @@
ks->n_bytes += buf->len;
dmsg (D_TLS_DEBUG,
"TLS: data channel, key_id=%d, IP=%s",
@@ -1872,7 +1873,7 @@
gc_free (&gc);
return ret;
}
-@@ -3343,14 +3356,14 @@
+@@ -3383,14 +3396,14 @@
key_id,
ks->key_id,
ks->authenticated,
@@ -1889,7 +1890,7 @@
goto error;
}
else /* control channel packet */
-@@ -3364,7 +3377,7 @@
+@@ -3404,7 +3417,7 @@
{
msg (D_TLS_ERRORS,
"TLS Error: unknown opcode received from %s op=%d",
@@ -1898,7 +1899,7 @@
goto error;
}
-@@ -3379,7 +3392,7 @@
+@@ -3419,7 +3432,7 @@
{
msg (D_TLS_ERRORS,
"TLS Error: client->client or server->server connection attempted from %s",
@@ -1907,7 +1908,7 @@
goto error;
}
}
-@@ -3388,7 +3401,7 @@
+@@ -3428,7 +3441,7 @@
* Authenticate Packet
*/
dmsg (D_TLS_DEBUG, "TLS: control channel, op=%s, IP=%s",
@@ -1916,7 +1917,7 @@
/* get remote session-id */
{
-@@ -3398,7 +3411,7 @@
+@@ -3438,7 +3451,7 @@
{
msg (D_TLS_ERRORS,
"TLS Error: session-id not found in packet from %s",
@@ -1925,7 +1926,7 @@
goto error;
}
}
-@@ -3415,9 +3428,9 @@
+@@ -3455,9 +3468,9 @@
state_name (ks->state),
session_id_print (&session->session_id, &gc),
session_id_print (&sid, &gc),
@@ -1937,16 +1938,16 @@
if (session_id_equal (&ks->session_id_remote, &sid))
/* found a match */
-@@ -3462,7 +3475,7 @@
+@@ -3502,7 +3515,7 @@
{
msg (D_TLS_ERRORS,
- "TLS Error: Cannot accept new session request from %s due to --single-session [1]",
+ "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [1]",
- print_sockaddr (from, &gc));
+ print_link_socket_actual (from, &gc));
goto error;
}
-@@ -3478,13 +3491,13 @@
+@@ -3518,13 +3531,13 @@
msg (D_TLS_DEBUG_LOW,
"TLS: Initial packet from %s, sid=%s",
@@ -1962,16 +1963,16 @@
}
}
-@@ -3504,7 +3517,7 @@
+@@ -3544,7 +3557,7 @@
{
msg (D_TLS_ERRORS,
- "TLS Error: Cannot accept new session request from %s due to --single-session [2]",
+ "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [2]",
- print_sockaddr (from, &gc));
+ print_link_socket_actual (from, &gc));
goto error;
}
-@@ -3527,11 +3540,11 @@
+@@ -3567,11 +3580,11 @@
*/
msg (D_TLS_DEBUG_LOW,
"TLS: new session incoming connection from %s",
@@ -1985,7 +1986,7 @@
}
else
{
-@@ -3545,7 +3558,7 @@
+@@ -3585,7 +3598,7 @@
{
msg (D_TLS_ERRORS,
"TLS Error: Unroutable control packet received from %s (si=%d op=%s)",
@@ -1994,7 +1995,7 @@
i,
packet_opcode_name (op));
goto error;
-@@ -3554,10 +3567,10 @@
+@@ -3594,10 +3607,10 @@
/*
* Verify remote IP address
*/
@@ -2007,7 +2008,7 @@
goto error;
}
-@@ -3619,11 +3632,11 @@
+@@ -3659,11 +3672,11 @@
ks->remote_addr = *from;
++multi->n_sessions;
}
@@ -2021,7 +2022,7 @@
goto error;
}
-@@ -3720,8 +3733,9 @@
+@@ -3761,8 +3774,9 @@
*/
bool
tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
@@ -2032,7 +2033,7 @@
{
struct gc_arena gc = gc_new ();
bool ret = false;
-@@ -3748,7 +3762,7 @@
+@@ -3789,7 +3803,7 @@
*/
dmsg (D_TLS_STATE_ERRORS,
"TLS State Error: No TLS state for client %s, opcode=%d",
@@ -2041,7 +2042,7 @@
op);
goto error;
}
-@@ -3758,7 +3772,7 @@
+@@ -3799,7 +3813,7 @@
dmsg (D_TLS_STATE_ERRORS,
"TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected",
key_id,
@@ -2050,7 +2051,7 @@
goto error;
}
-@@ -3767,7 +3781,7 @@
+@@ -3808,7 +3822,7 @@
dmsg (D_TLS_STATE_ERRORS,
"TLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expected",
buf->len,
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/openvpn-2.0_rc16MH.patch?r1=1.1&r2=1.2&f=u
More information about the pld-cvs-commit
mailing list