openvpn-gui

Commit Graph

Author	SHA1	Message	Date
Selva Nair	9356ccb806	passphrase.c: on failure to decrypt private key, retry with legacy provider - Support legacy algorithms while decrypting keys by loading legacy provider unless default pros has fips enabled. - Use the recommended PKCS8 format and AES-256-CBC cipher when encrypting PEM keys. For PKCS12, OpenSSL's default is used which is PBKDF2 with AES-256-CBC in OpenSSL 3.0 Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	24b9d06957	Update OpenSSL initialization - Set env variables such as OPENSSL_CONF and OPENSSL_MODULES - Replace deprecated initialization (since OpenSSL 1.1.0) by OpenSSL_init_crypto() Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Lev Stipakov	d27fd21222	Add openssl3 support for msvc build - remove vcpkg manifest and use whatever openssl version is installed. To build with openssl3, one could use openssl3 port from openvpn/contrib/vcpkg-ports. - build with openssl1.1.1 and openssl3 in GitHub Actions Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	cd4748fb25	wcstok: use security-enhanced version Replace old wcstok signature with security-enhanced version, which stores position information between calls in "context" parameter instead of internal per-thread context. This allows to get rid of _CRT_NON_CONFORMING_WCSTOK define in CMakeLists.txt Reported-by: Kai Schtrom Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Samuli Seppänen	5c1cae2042	Bump version to 11.27.0.0 Signed-off-by: Samuli Seppänen <samuli.seppanen@gmail.com>	3 years ago
Lev Stipakov	f42b91dc2f	Github Actions: use Release build configuration Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Selva Nair	bb6b6e29fb	Provide more space for challenge dialog text (#469 ) * Provide more space for challenge dialog text We do use a re-sizeable dialog box for dynamic challenge-response to cater for potentially long lines of challenge text. But the space specified for the widget is enough for only a single short line (~60 characters) of text. Increase the horizontal and vertical space to allow for up to two lines of ~120 characters per line. The default size of the Window is not changed. But it is automatically resized if the space required for the text is longer than the window width minus some margin. The max horizontal size of the window is capped at 640 nominal pixels as longer text will be wrapped in to two lines. Github issue #468 Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	e8257d8672	Copy new string resource to all language files Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	9c82e666d8	Show a prompt during profile import using --import The user is prompted with a message showing the config name that will be imported. The user can accept or cancel the operation. If the user was already prompted for over-write permission because a config with the same name exists, no further dialog is shown. Import using the menu (Import File...) is not affected. Rationale: We want to set "Import" as the default verb for the context menu of .ovpn files. This will allow import of configs by double-click. Also when .ovpn file is downloaded using a browser, setting the default bowser action to "open" will result in an import. In such cases a silent import action could be surprising, and a prompt showing what is being imported could provide a better UX. On the flip-side, the prompt/dialog will also be shown when import is done from the context menu of .ovpn by "right click and choose import" or when "openvpn-gui.exe --import foo" or "openvpn-gui.exe --command import foo" is executed. As import is an action that does not result in an immediately visible result (unlike, say, edit or print), a prompt requiring user action is of some value even in these cases. At worst it's a minor annoyance. See also: https://github.com/OpenVPN/openvpn-build/pull/227 and discussions there-in Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Lev Stipakov	650663dd62	Fix broken "change password" functionality When we link with natively-built OpenSSL .DLLs (not cross compiled with MinGW), we are expected to include applink.c, which provides glue between OpenSSL BIO layer and compiler run-time. This doesn't apply to ARM64. Failure to do that results in "no OPENSSL_Applink" fatal error during password change. See the corresponding fix in openvpn2: https://sourceforge.net/p/openvpn/mailman/message/37361982/ Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	a9f176224f	Fix crash when clicking on tray icon after importing the first profile When clicking on tray icon, menu items are deleted and then recreated. Deletion uses o.num_config: for (i = 0; i < o.num_configs; i++) DestroyMenu(hMenuConn[i]); Commit `8e4183f9` ("Add '--command import' command line option") added BuildFileList() call which modifies o.num_configs but doesn't touch menus. When clicking on tray icon after import, abovementioned code attemps to access invalid item in hMenuConn array and crashes when this is the first imported profile and hMenuConn is NULL. In other DestryMenu is called with invalid argument. Fix by recreating popup menus instead of just rescan file list - this will first delete menus with correct o.num_config value. Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Selva Nair	77e32fa676	During import from url take filename from content-disposition If the http header "Content-Disposition:" is present take the filename specified in there as the name of the imported profile, falling back to scanning the file contents for metadata. If both filename= and filename*= attributes are present, the latter takes precedence provided the character set is utf-8. (Extended attributes as defined in RFC 5987). In case of import from AS, the behaviour is unchanaged. Issue: #450. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	859d0fbf2f	Show import success using balloon notification Less intrusive than a message box that user has to close. Also the imported filename stub is now included in the message. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	56ee704501	Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	489a219888	Bugfix for character remapping in filename - as.c: Use widechar string and comparison for reserved characters. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	ef14a62d34	Ensure dialogResult is initialized before use Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
PlayDay	b19965dd2b	Fix typo in openvpn-gui-res-ua.rc	3 years ago
Samuli Seppänen	6758dd0900	Bump version to 11.26.0.0 Signed-off-by: Samuli Seppänen <samuli@openvpn.net>	3 years ago
Selva Nair	5fd17835f5	Clear password used for profile import - HTTP auth password appears to be cached and reused unless replaced by a non-empty string. When user-supplied password is empty, use some arbitrary string "x" as the password. - Make username required for generic URL as well. - Also clear password buffers after use. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	69195ee6b1	Add a timeout for http download Download profile from AS or URL use blocking network calls in the main thread. Set reasonable timeouts for connect and receive. TODO: This is not perfect as the download can still stall in erratic links, and we have no way to abort. Ideally we should either use Async calls and/or threads. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	4e223916ae	Copy resource changes to all languages Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	90cc9e3cdb	Add content-type check for import from URL For Import from URL, require that response from server must have content-type: application/x-openvpn-profile This reduces chances of mistyped input causing import of random html pages as connection profile. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	e80a39c825	Implement importing profile from a generic URL ParseUrl extended to parse generic URLs and parse the path. DownloadProfile() function re-factored for reuse with generic URL. Also: - INTERNET_FLAG_RELOAD added to the request call to force reloading the data from server instead of using possibly cached data. - Input box for URL extended in length to about 50 characters wide. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	480d9e456b	Copy changes to all language resource files For openvpn-res-cs.rc, some missing help message entries are also copied. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	8e4183f9a9	Add '--command import' command line option Import a config file from command line as `openvpn-gui.exe --command import <file-path>` The command is send to a running instance if any. Otherwise the GUI extecutable is started and the import processed. `openvpn-gui --import <file-path>` is interpreted as the same command. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	e03ce9c5f1	During import check whether profile with same name exists Currently we construct the destination path and check whether it exists. This could miss a connection profile with same name in another directory. If a config with same name is found we set it as the destination, and ask the user for permission to overwrite. However, if the duplicate is in the global_config_dir, the behaviour is not changed -- that is, the config is imported with no further prompts. Also fix the use of same buffer as destination and source in swprintf(). It seems to work, but is not 'legal'. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Lev Stipakov	82d932a503	URL profile import: disable profile download in case of certificate errors Allow users to bypass HTTPS is not good, but may nevertheless be useful during development. DEBUG macro is widely used in openvpn-gui code but was missing from CMakeLists.txt, so add it there. Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	e3b06efcd2	URL profile import: support for 2FA When 2FA is enabled, server (such as AS) replies with HTTP 401 and issues a challenge. Use existing facilities to parse CRV message and prompt user for a response, then call REST method again with encoded response as HTTP auth password. See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	c7beb04ff5	URL profile import: download and import profile Use WinInet to download profile into memory buffer. If there are certain certificate errors (invalid CN, wrong date, unknown CA, revocation check failed), ask if user wants to continue. Extract profile name from content, sanitize name and save profile in temp directory. Then import profile using existing facilities. Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	d6a622a023	URL profile import: allow specifying owner window of message box This will be used later when parent window needs to be disabled when message box is displayed. Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	78ee9b981d	URL profile import: refactor ImportConfigFile Factor out importing part (everything except file open dialog) into separate function, which can be used when importing profile from URL. Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	9ded7996ab	URL profile import: add profile import dialog This is the first patch from series which implemets importing profile from URL, currently implemented by OpenVPN Access Server. Move "Import from file" menu item under new "Import" item. Add "Import from AS..." item under "Import", which opens new profile import dialog. Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	290906b8db	openvpn.c: add missing calling convention Commit `131c75e5` ("Notify dialog windows when OpenVPN state changes") added callback function, but forgot to specify __stdcall calling convention with CALLBACK keyword. This is not an issue for x64 builds, but x86 requires __stdcall calling convention for callbacks, otherwise compiler throws an error: Error: D:\a\openvpn-gui\openvpn-gui\openvpn.c(292): error C2440: 'function': cannot convert from 'BOOL (__cdecl *)(HWND,LPARAM)' to 'WNDENUMPROC' Reported-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Lev Stipakov	014dc1a6c2	GitHub Actions: add x86 build Signed-off-by: Lev Stipakov <lev@openvpn.net>	3 years ago
Selva Nair	e6e65a4883	Handle state change message when repsonse is not required Currently we show a messagebox with OK/CANCEL when response is not required but that cannot handle state change messages. Instead, show the "GenericPass" dialog with input disabled. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	131c75e560	Notify dialog windows when OpenVPN state changes Use a custom message to pass state change notification from OpenVPN to all top level windows in the thread. Currently only the pending auth dialog responds to this message by closing when the state changes. The state change could be due to timeout, errors or success via out-of-band authentication which makes the dialog no longer valid. The case of CR_TEXT messages that do not require a response is handled in the next commit. See also issue #440 https://github.com/OpenVPN/openvpn-gui/issues/440 Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	fcc964bf95	Bug fix for challenge string parsing Fix parsing of the challenge text that could contain the delimiter ':' Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Taro Yamazaki	04ce476a58	Change the font to Microsoft Sans Serif.	3 years ago
Taro Yamazaki	ae1ee2d7a4	Update translation	3 years ago
Taro Yamazaki	c6d5199c03	Fix translation	3 years ago
Taro Yamazaki	f5bf568d5b	Update Japanese translation	3 years ago
Taro Yamazaki	03d2f1c82d	Update Japanese translation	3 years ago
Selva Nair	41dd5ff7fb	Copy settings dialog changes to all language files Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	7faa16846d	Option to disable echo messages from settings menu - Also add an edit box for setting the mute interval for repeated echo messages. To be specified in hours >=0. A zero value disables muting. Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Selva Nair	6b4e6d301a	Delete old messages in the window when content grows beyond a limit	3 years ago
Selva Nair	8182a455bb	Document new registry keys for echo-msg Signed-off-by: Selva Nair <selva.nair@gmail.com>	3 years ago
Samuli Seppänen	e7dc61c7a1	Bump version to 11.25.0.0 Signed-off-by: Samuli Seppänen <samuli.seppanen@gmail.com>	3 years ago
Selva Nair	86b86e6f7e	Handling of CR_TEXT when no response is required As with CRV1, submit an empty string as the response. Our base64-encode functiton can handle empty input to generate an empty string as output. Also make ensure the message box is shown in foreground, and not dependent on the status window which may be hidden. Signed-off-by: Selva Nair <selva.nair@gmail.com>	4 years ago
Lev Stipakov	5dcc584a7a	Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>	4 years ago
Lev Stipakov	bb00d95f86	Web-based extra authentication This adds support for web-based extra authentication, which may be used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl, server pushes Info command OPEN_URL:<url>. The client opens that URL and user authenticates. Signed-off-by: Lev Stipakov <lev@openvpn.net>	4 years ago

... 3 4 5 6 7 ...

857 Commits (master) All Branches Search

857 Commits (master)

All Branches