Re: [Openvpn-devel] compiling with visual studio

[Athanasios Douitsis]

17 Ιαν 2013, 4:01 μ.μ., ο/η Samuli Seppänen  έγραψε:

> Hi Athanasios,
> 
>> Right, so this is because c99 and VS don't mix. Thanks very much Gert.
>> 
>> To explain why I'm trying to do this: Our institution uses OpenVPN to
>> provide remote access (e.g. access to electronic libraries, etc) to
>> its users. So we used to build openvpn and package it very very
>> similarly to the official release (we were using msys and nsis) along
>> with a couple of our conf files. However, domake-win has been removed
>> in 2.3 so I am trying to figure out the best way to do it. What would
>> be ideal would be the thing that tunnelblick does with deployed mode
>> (http://code.google.com/p/tunnelblick/wiki/cCusDeployed). The admin
>> does not have to build anything, just open the package and drop a
>> deploy folder to the appropriate location. Sadly the windows package
>> does not include something similar, so lots of work need to be done to
>> build a customized package.
>> 
> I'll look into current status of openvpn-build/msvc and setup a Windows
> buildslave to ensure it stays in working order. I really haven't touched
> that buildsystem after doing the initial testing way back when.
> 
> The official Windows packages have been cross-compiled on Ubuntu 12.04
> 64-bit. As you used "domake-win" earlier, I'd suggest you set up a
> cross-compilation box, too:
> 
> 
> 
> 
> After the build environment has been setup, you will need to customize
> two files:
> 
> - openvpn-build/windows-nsis/build-complete.vars
> - openvpn-build/generic/build.vars
> 
> Alternatively, you can override the values in them using environment
> variables. Most of the dependencies for openvpn-build are available here:
> 
> 
> 
> You can modify openvpn-build/windows-nsis/openvpn.nsi to install custom
> files/directories using "File /r":
> 
> 
> 
> If you have any issues setting up a cross-compilation box, just let me know.
> 
>> BTW, if you are referring to
>> 
>> https://community.openvpn.net/openvpn/wiki/BuildingUsingGenericBuildsystem#BuildingnativelyonWindowsusingtheMSVCtoolchainmsvcsubdir
>> 
>> I am sorry to say that the info on this page outdated, one has to do
>> quite a few things differently to proceed. The biggest gripe is that
>> the scripts that are mentioned try to download stuff directly from
>> github but github has changed the way it exposes its files. In
>> addition, it tries to download some files from Alon's repo and not
>> from the official openvpn repo. And now that I mention it, I think
>> that the github repo is not synced to the official git so 2.3 is not
>> really available there.
> 
> The build configuration can and should be changed. That said, I think
> openvpn-build default values should make sense, i.e. work out of the
> box. I'll send a patch that fixes this.

Hi,

First of thanks for taking the time to write a very comprehensive response, 
much appreciated. 

Although I have already succeeded with the msvc build, the idea of having a 
dedicated vm doing building and packaging seems very agreeable. I'll be sure to 
get back to you if there are any questions. 

Best regards and thanks,
Athanasios 




> 
> Best regards,
> 
> -- 
> Samuli Seppänen
> Community Manager
> OpenVPN Technologies, Inc
> 
> irc freenode net: mattock
> 

Re: [Openvpn-devel] [PATCH] Fix --show-pkcs11-ids

[Gert Doering]

Hi,

On Wed, Jan 16, 2013 at 05:11:08PM -0500, Mike Tancsa wrote:
>   I have been following the steps to build OpenVPN from the sources and
> was scratching my head as to why the prebuilt binary would work, but my
> build from the sources would bork on --show-pkcs11-ids ?!?!   Searching
> through the mailling list archives shows the patch below, which fixes my
> problem.  It seems that this patch is not in the generic sources?

Reading through the git log for 2.3.0, it most certainly is
(5fd3e56430678bee).

> I was following the directions at
> https://community.openvpn.net/openvpn/wiki/BuildingUsingGenericBuildsystem#Checkingoutopenvpn-buildrepository

On what platform did you build, and for which target?  Which git repository
was checked out, and which branch?

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgp4CqfFznqAx.pgp
Description: PGP signature

[Openvpn-devel] path name checking in 2.3.0 and chroot...

[Gert Doering]

Hi,

seems we have the first bug in 2.3.0 - or better "unintended side effects".

From a G+ thread today:

"Felix J. Ogris

Did you change the logic behind chroot and client-config-dir?
client-config-dir used to be a relative path inside chroot. With
2.3, openvpn seems to check whether ccd exists outside chroot, and
tries to access ccd after it's chroot'ed. That fails unless you
have a symlink inside your chroot, eg.
/etc/openvpn/chroot/etc/openvpn/chroot -> /#"

... I haven't checked the code yet, but that sounds very much plausible...

(not working on a patch yet, just relaying information)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpj3C2AxyHSs.pgp
Description: PGP signature

Re: [Openvpn-devel] compiling with visual studio

[Samuli Seppänen]

Hi Athanasios,

> Right, so this is because c99 and VS don't mix. Thanks very much Gert.
>
> To explain why I'm trying to do this: Our institution uses OpenVPN to
> provide remote access (e.g. access to electronic libraries, etc) to
> its users. So we used to build openvpn and package it very very
> similarly to the official release (we were using msys and nsis) along
> with a couple of our conf files. However, domake-win has been removed
> in 2.3 so I am trying to figure out the best way to do it. What would
> be ideal would be the thing that tunnelblick does with deployed mode
> (http://code.google.com/p/tunnelblick/wiki/cCusDeployed). The admin
> does not have to build anything, just open the package and drop a
> deploy folder to the appropriate location. Sadly the windows package
> does not include something similar, so lots of work need to be done to
> build a customized package.
>
I'll look into current status of openvpn-build/msvc and setup a Windows
buildslave to ensure it stays in working order. I really haven't touched
that buildsystem after doing the initial testing way back when.

The official Windows packages have been cross-compiled on Ubuntu 12.04
64-bit. As you used "domake-win" earlier, I'd suggest you set up a
cross-compilation box, too:




After the build environment has been setup, you will need to customize
two files:

- openvpn-build/windows-nsis/build-complete.vars
- openvpn-build/generic/build.vars

Alternatively, you can override the values in them using environment
variables. Most of the dependencies for openvpn-build are available here:



You can modify openvpn-build/windows-nsis/openvpn.nsi to install custom
files/directories using "File /r":



If you have any issues setting up a cross-compilation box, just let me know.

> BTW, if you are referring to
>
> https://community.openvpn.net/openvpn/wiki/BuildingUsingGenericBuildsystem#BuildingnativelyonWindowsusingtheMSVCtoolchainmsvcsubdir
>
> I am sorry to say that the info on this page outdated, one has to do
> quite a few things differently to proceed. The biggest gripe is that
> the scripts that are mentioned try to download stuff directly from
> github but github has changed the way it exposes its files. In
> addition, it tries to download some files from Alon's repo and not
> from the official openvpn repo. And now that I mention it, I think
> that the github repo is not synced to the official git so 2.3 is not
> really available there.

The build configuration can and should be changed. That said, I think
openvpn-build default values should make sense, i.e. work out of the
box. I'll send a patch that fixes this.

Best regards,

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] nsi file for 2.3

[Samuli Seppänen]

> Hi,
>
> Is https://github.com/OpenVPN/openvpn-build/tree/master/windows-nsis
> the correct and up-to-date nsis configuration that was used to
> assemble the "official" 2.3 windows install package ? If not, could
> someone please point me to the right repo?
>
> Best regards,
> -- 
> Athanasios Douitsis
>
>
Hi,

Yes, that's the correct NSI file.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Re: [Openvpn-devel] compiling with visual studio

[Athanasios Douitsis]

On Thu, Jan 17, 2013 at 2:19 AM, Matthias Andree wrote:

> Am 16.01.2013 11:11, schrieb Gert Doering:
> > Hi,
> >
> > On Tue, Jan 15, 2013 at 09:03:07PM +0200, Athanasios Douitsis wrote:
> >> Trying to compile 2.3 with visual studio 2010. I am getting the
> following
> >> error:
> >>
> >> init.c(186): error C2143: syntax error : missing ';' before 'type'
> >>
> [C:\openvpn4\openvpn-build\msvc\build.tmp\openvpn-2.3_master\src\openvpn\openvpn.vcxproj]
> >>
> >> (after that there are many many more errors, but you get the idea)
> >
> > Oh well, we've done it again...
>
> User reply follows, Developer reply after next quote:
>
> Arguably, Visual Studio is broken if it does not accept the then-current
> version of ISO 9899, which would have been C99 for anything except
> VS2012 that should support C11, but reality differs, and
> <
> http://stackoverflow.com/questions/146381/visual-studio-support-for-new-c-c-standards
> >
> contains a few links to official info.
>
> If something has really failed to catch on with many commercial
> compilers, then I fear C99 is to carry this red light. :-(
>
> If the code is really type-safe and -clean in C++ terms, you may have
> some success with convincing VS to compile in C++ mode - but this needs
> typecasts for virtually everything that deals with void * - but there
> are some things in C99 that are incompatible with (at least the most
> widely implemented pre-C++11 variants of) C++, such as variable-length C
> arrays.
>
> >   if (management)
> > {
> >   gc = gc_new ();
> >   struct buffer out = alloc_buf_gc (256, );
> >
> > ... this is not allowed in visual studio (having a variable declaration
> > after "non-declaration" code), but gcc doesn't complain, so we usually
> > don't notice.
>
>
>
> You can make gcc complain, -pedantic -std=c89 should do it, or if you
> are not enabling additional compiler warnings, -pedantic-errors.
>   And it possibly causes tons of other warnings because it nukes system
> extensions from the compilation environment.
>
> What I personally usually do is to test with various different compilers
> and configurations:
>
> 1. do not configure the source directory (or call "make distclean")
>
> 2. mkdir _build _build-c89 _build-clang _build-icc
>
> 3. for each $DIR of these new directories, do:
>
> 3a. cd $DIR
>
> 3b. ../configure CC="gcc"
> (or CC="gcc -std=c89 -pedantic" or "clang" or "icc" or... you name it) -
> you can also add CFLAGS, LDFLAGS, CPPFLAGS as you see fit, stuff -m32 to
> compile 32-bit code on 64-bit systems that support it (some Linux
> distributions would work - if they offer you i686 packages to install on
> your x86_64, they are usually ready; such as: Debian if you stay away
> from aptitude, and Fedora, for instance).
>
> 3c. make -sj4 check (use higher numbers for machines with more than
> 4 CPU cores)
>
> where
>  - icc is Intel's compiler package that keeps changing names more often
> than I chase new versions
>  - clang is Apple's LLVM-based free-and-open-source compiler which gives
> decent and useful hints, but defaults to C99 mode
>
> Best regards,
> Matthias
>
>
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>

For anyone interested, the offending lines are init.c:186 and
socket.c:1264. I've been able to successfully compile the project with VS10
after trivial changes to these two spots.

Also, please anyone interested take a look at my reply yesterday about the
problems with the build instructions.
--
Athanasios Douitsis

[Openvpn-devel] PolarSSL 1.2 support for OpenVPN 2.3

[steffan.karger]

Hi,

>From PolarSSL 1.1 to 1.2 the cipher names have changed and the API changed a 
>bit. This causes the 2.3 release of OpenVPN to be in- compatible with PolarSSL 
>1.2.

We've prepared three patches to add support for PolarSSL 1.2 to OpenVPN 2.3. 
The first two patches just improve error reporting, the third patch adds the 
actual PolarSSL 1.2 support.

Version 1.2.0 to 1.2.2 of PolarSSL contained several issues that caused it to 
be unfit for use with OpenVPN. I added checks in the configure file to report 
an error when someone is trying to build OpenVPN against one of these PolarSSL 
versions.

This should also close ticket #250.

Kind regards,
Steffan Karger
Fox-IT

[Openvpn-devel] [PATCH 1/3] Improve PolarSSL key_state_read_{cipher, plain}text messages

[steffan.karger]

From: Steffan Karger 

Instead of logging the fact that an error occured, log the error string or (if
the PolarSSL build does not include this feature) the error code.

Signed-off-by: Joachim Schipper 
---
 src/openvpn/ssl_polarssl.c |   20 ++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
index 12318b3..210bbab 100644
--- a/src/openvpn/ssl_polarssl.c
+++ b/src/openvpn/ssl_polarssl.c
@@ -666,6 +666,9 @@ key_state_read_ciphertext (struct key_state_ssl *ks, struct 
buffer *buf,
 {
   int retval = 0;
   int len = 0;
+#ifdef POLARSSL_ERROR_C
+  char error_message[1024];
+#endif

   perf_push (PERF_BIO_READ_CIPHERTEXT);

@@ -691,7 +694,12 @@ key_state_read_ciphertext (struct key_state_ssl *ks, 
struct buffer *buf,
   perf_pop ();
   if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ 
== retval)
return 0;
-  msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_plaintext error");
+#ifdef POLARSSL_ERROR_C
+  error_strerror(retval, error_message, sizeof(error_message));
+  msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_ciphertext error: %s", 
error_message);
+#else
+  msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_ciphertext error: %d", 
retval);
+#endif
   buf->len = 0;
   return -1;
 }
@@ -763,6 +771,9 @@ key_state_read_plaintext (struct key_state_ssl *ks, struct 
buffer *buf,
 {
   int retval = 0;
   int len = 0;
+#ifdef POLARSSL_ERROR_C
+  char error_message[1024];
+#endif

   perf_push (PERF_BIO_READ_PLAINTEXT);

@@ -787,7 +798,12 @@ key_state_read_plaintext (struct key_state_ssl *ks, struct 
buffer *buf,
 {
   if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ 
== retval)
return 0;
-  msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_plaintext error");
+#ifdef POLARSSL_ERROR_C
+  error_strerror(retval, error_message, sizeof(error_message));
+  msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_plaintext error: %s", 
error_message);
+#else
+  msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_plaintext error: %d", 
retval);
+#endif
   buf->len = 0;
   perf_pop ();
   return -1;
-- 
1.7.9.5

[Openvpn-devel] [PATCH 2/3] Improve verify_callback messages

[steffan.karger]

From: Steffan Karger 

Print the *flags argument, which - for PolarSSL-1.2 - contains the reasons that
the certificate failed (pre-)verification.

Signed-off-by: Joachim Schipper 
---
 src/openvpn/ssl_verify_polarssl.c |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/ssl_verify_polarssl.c 
b/src/openvpn/ssl_verify_polarssl.c
index a32db8d..79255cb 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -64,10 +64,10 @@ verify_callback (void *session_obj, x509_cert *cert, int 
cert_depth,
   char *subject = x509_get_subject(cert, );

   if (subject)
-   msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, %s", cert_depth, subject);
+   msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%0x, %s", cert_depth, 
*flags, subject);
   else
-   msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 "
- "subject string from certificate", cert_depth);
+   msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, flags=%0x, could not 
extract X509 "
+ "subject string from certificate", *flags, cert_depth);

   goto cleanup;
 }
-- 
1.7.9.5

[Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

[steffan.karger]

From: Steffan Karger 

Add support for PolarSSL-1.2, which has changed the API in several places. This
is a minimal port: PolarSSL-1.2 works as well as PolarSSL-1.1, but the new
features have not been enabled.

Blacklist PolarSSL-1.[0-2] for bugs when verifying certificate chains

Signed-off-by: Joachim Schipper 
---
 configure.ac  |2 ++
 src/openvpn/crypto_polarssl.h |4 +++
 src/openvpn/options.c |4 +++
 src/openvpn/ssl_polarssl.c|   29 --
 src/openvpn/ssl_polarssl.h|4 +++
 src/openvpn/ssl_verify_polarssl.c |   49 -
 src/openvpn/ssl_verify_polarssl.h |   45 --
 7 files changed, 115 insertions(+), 22 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2f780b7..97e5d09 100644
--- a/configure.ac
+++ b/configure.ac
@@ -807,6 +807,8 @@ if test "${with_crypto_library}" = "polarssl" ; then
[[
 #if POLARSSL_VERSION_NUMBER < 0x0101
 #error invalid version
+#elif POLARSSL_VERSION_NUMBER >= 0x0102 && POLARSSL_VERSION_NUMBER < 
0x01020300
+#error PolarSSL-1.2.x before 1.2.3 is incompatible with OpenVPN
 #endif
]]
)],
diff --git a/src/openvpn/crypto_polarssl.h b/src/openvpn/crypto_polarssl.h
index bfabb91..e3dee5c 100644
--- a/src/openvpn/crypto_polarssl.h
+++ b/src/openvpn/crypto_polarssl.h
@@ -60,7 +60,11 @@ typedef md_context_t hmac_ctx_t;
 #define OPENVPN_MODE_OFB   POLARSSL_MODE_OFB

 /** Cipher is in CFB mode */
+#if POLARSSL_VERSION_NUMBER < 0x0102
 #define OPENVPN_MODE_CFB   POLARSSL_MODE_CFB128
+#else
+#define OPENVPN_MODE_CFB   POLARSSL_MODE_CFB
+#endif

 /** Cipher should encrypt */
 #define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 8ca41a3..429f864 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -827,7 +827,11 @@ init_options (struct options *o, const bool init_gc)
   o->server_poll_timeout = 0;
 #endif
 #ifdef ENABLE_CRYPTO
+#ifdef ENABLE_CRYPTO_POLARSSL
+  o->ciphername = "BLOWFISH-CBC";
+#else
   o->ciphername = "BF-CBC";
+#endif
   o->ciphername_defined = true;
   o->authname = "SHA1";
   o->authname_defined = true;
diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
index 210bbab..9e99675 100644
--- a/src/openvpn/ssl_polarssl.c
+++ b/src/openvpn/ssl_polarssl.c
@@ -44,6 +44,7 @@
 #include "manage.h"
 #include "ssl_common.h"

+#include 
 #include 
 #include 

@@ -65,6 +66,8 @@ tls_clear_error()
 {
 }

+#if POLARSSL_VERSION_NUMBER < 0x0102
+/* The default list of ciphers is already initialized in PolarSSL-1.2.0+ */
 static int default_ciphersuites[] =
 {
 SSL_EDH_RSA_AES_256_SHA,
@@ -81,6 +84,7 @@ static int default_ciphersuites[] =
 SSL_RSA_RC4_128_MD5,
 0
 };
+#endif

 void
 tls_ctx_server_new(struct tls_root_ctx *ctx)
@@ -514,27 +518,43 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl,

   ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get());

+#if POLARSSL_VERSION_NUMBER < 0x0102
+  /* Handled implicitly in PolarSSL-1.2.0+ */
   ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
   ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
+#endif
   if (ssl_ctx->allowed_ciphers)
ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
+#if POLARSSL_VERSION_NUMBER < 0x0102
   else
+/* Handled implicitly in PolarSSL-1.2.0+ */
ssl_set_ciphersuites (ks_ssl->ctx, default_ciphersuites);
+#endif

   /* Initialise authentication information */
   if (is_server)
ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx );
 #if defined(ENABLE_PKCS11)
   if (ssl_ctx->priv_key_pkcs11 != NULL)
+#if POLARSSL_VERSION_NUMBER < 0x0102
ssl_set_own_cert_pkcs11( ks_ssl->ctx, ssl_ctx->crt_chain,
ssl_ctx->priv_key_pkcs11 );
+#else
+   ssl_set_own_cert_alt( ks_ssl->ctx, ssl_ctx->crt_chain,
+   ssl_ctx->priv_key_pkcs11, ssl_pkcs11_decrypt, ssl_pkcs11_sign,
+   ssl_pkcs11_key_len );
+#endif
   else
 #endif
ssl_set_own_cert( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key );

   /* Initialise SSL verification */
   ssl_set_authmode (ks_ssl->ctx, SSL_VERIFY_REQUIRED);
+#if POLARSSL_VERSION_NUMBER < 0x0102
+  ssl_set_verify (ks_ssl->ctx, verify_callback_1_1, session);
+#else
   ssl_set_verify (ks_ssl->ctx, verify_callback, session);
+#endif
   /* TODO: PolarSSL does not currently support sending the CA chain to the 
client */
   ssl_set_ca_chain (ks_ssl->ctx, ssl_ctx->ca_chain, NULL, NULL );

@@ -543,7 +563,6 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl,
   ALLOC_OBJ_CLEAR (ks_ssl->ct_out, endless_buffer);
   ssl_set_bio (ks_ssl->ctx, endless_buf_read, ks_ssl->ct_in,
  endless_buf_write, ks_ssl->ct_out);
-
 }
 }

@@ -556,8 

[Openvpn-devel] OpenVPN client released for iOS

[James Yonan]

Just wanted to let everyone know that the OpenVPN Connect client for iOS 
has just been released and is now available in the app store.


This is an official Apple-sanctioned OpenVPN client developed by OpenVPN 
Technologies in collaboration with Apple.


The client is based on the new C++ OpenVPN core that is also used in the 
OpenVPN Connect client for Android.  The C++ core is a portable, 
lightweight class library for building OpenVPN clients and is 100% 
protocol-compatible with the 2.x branch.


The current plan is to open-source the C++ core within the coming weeks. 
 We won't be able to open source the full iOS client because portions 
of it use Apple-proprietary APIs to integrate with the iOS VPN 
framework.  But we will be open-sourcing the core itself, which contains 
all of the code for building an OpenVPN client on Linux or Mac.


BTW, I'm going to be at FOSDEM in early February, so I look forward to 
meeting some of you there.


Enjoy,

James

Re: [Openvpn-devel] compiling with visual studio

[Matthias Andree]

Am 16.01.2013 11:11, schrieb Gert Doering:
> Hi,
> 
> On Tue, Jan 15, 2013 at 09:03:07PM +0200, Athanasios Douitsis wrote:
>> Trying to compile 2.3 with visual studio 2010. I am getting the following
>> error:
>>
>> init.c(186): error C2143: syntax error : missing ';' before 'type'
>> [C:\openvpn4\openvpn-build\msvc\build.tmp\openvpn-2.3_master\src\openvpn\openvpn.vcxproj]
>>
>> (after that there are many many more errors, but you get the idea)
> 
> Oh well, we've done it again...

User reply follows, Developer reply after next quote:

Arguably, Visual Studio is broken if it does not accept the then-current
version of ISO 9899, which would have been C99 for anything except
VS2012 that should support C11, but reality differs, and

contains a few links to official info.

If something has really failed to catch on with many commercial
compilers, then I fear C99 is to carry this red light. :-(

If the code is really type-safe and -clean in C++ terms, you may have
some success with convincing VS to compile in C++ mode - but this needs
typecasts for virtually everything that deals with void * - but there
are some things in C99 that are incompatible with (at least the most
widely implemented pre-C++11 variants of) C++, such as variable-length C
arrays.

>   if (management)
> {
>   gc = gc_new ();
>   struct buffer out = alloc_buf_gc (256, );
> 
> ... this is not allowed in visual studio (having a variable declaration
> after "non-declaration" code), but gcc doesn't complain, so we usually
> don't notice.



You can make gcc complain, -pedantic -std=c89 should do it, or if you
are not enabling additional compiler warnings, -pedantic-errors.
  And it possibly causes tons of other warnings because it nukes system
extensions from the compilation environment.

What I personally usually do is to test with various different compilers
and configurations:

1. do not configure the source directory (or call "make distclean")

2. mkdir _build _build-c89 _build-clang _build-icc

3. for each $DIR of these new directories, do:

3a. cd $DIR

3b. ../configure CC="gcc"
(or CC="gcc -std=c89 -pedantic" or "clang" or "icc" or... you name it) -
you can also add CFLAGS, LDFLAGS, CPPFLAGS as you see fit, stuff -m32 to
compile 32-bit code on 64-bit systems that support it (some Linux
distributions would work - if they offer you i686 packages to install on
your x86_64, they are usually ready; such as: Debian if you stay away
from aptitude, and Fedora, for instance).

3c. make -sj4 check (use higher numbers for machines with more than
4 CPU cores)

where
 - icc is Intel's compiler package that keeps changing names more often
than I chase new versions
 - clang is Apple's LLVM-based free-and-open-source compiler which gives
decent and useful hints, but defaults to C99 mode

Best regards,
Matthias