New patch, omitted changes to copyrights/licenses & changelog.
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20190123201717.15048-1-jonathan@reliablehosting.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18177.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -26,7 +26,7 @@ Seamless client IP/port floating |
26 | 26 |
the new format. When a data packet arrives, the server identifies peer |
27 | 27 |
by peer-id. If peer's ip/port has changed, server assumes that |
28 | 28 |
client has floated, verifies HMAC and updates ip/port in internal structs. |
29 |
- This allows the connection to be immediatly restored, instead of requiring |
|
29 |
+ This allows the connection to be immediately restored, instead of requiring |
|
30 | 30 |
a TLS handshake before the server accepts packets from the new client |
31 | 31 |
ip/port. |
32 | 32 |
|
... | ... |
@@ -223,7 +223,7 @@ User-visible Changes |
223 | 223 |
of a field get _$N appended to it's field name, starting at N=1. For the |
224 | 224 |
example above, that would result in e.g. X509_0_OU=one, X509_0_OU_1=two. |
225 | 225 |
Note that this breaks setups that rely on the fact that OpenVPN would |
226 |
- previously (incorrectly) only export the last occurence of a field. |
|
226 |
+ previously (incorrectly) only export the last occurrence of a field. |
|
227 | 227 |
|
228 | 228 |
- ``proto udp`` and ``proto tcp`` now use both IPv4 and IPv6. The new |
229 | 229 |
options ``proto udp4`` and ``proto tcp4`` use IPv4 only. |
... | ... |
@@ -371,7 +371,7 @@ Security |
371 | 371 |
|
372 | 372 |
- CVE-2017-7521: Fix post-authentication remote-triggerable memory leaks |
373 | 373 |
A client could cause a server to leak a few bytes each time it connects to the |
374 |
- server. That can eventuall cause the server to run out of memory, and thereby |
|
374 |
+ server. That can eventually cause the server to run out of memory, and thereby |
|
375 | 375 |
causing the server process to terminate. Discovered and reported to the |
376 | 376 |
OpenVPN security team by Guido Vranken. (OpenSSL builds only.) |
377 | 377 |
|
... | ... |
@@ -200,7 +200,7 @@ OPTIONS for ./configure: |
200 | 200 |
--enable-strict-options enable strict options check between peers (debugging |
201 | 201 |
option) [default=no] |
202 | 202 |
--enable-selinux enable SELinux support [default=no] |
203 |
- --enable-systemd enable systemd suppport [default=no] |
|
203 |
+ --enable-systemd enable systemd support [default=no] |
|
204 | 204 |
|
205 | 205 |
ENVIRONMENT for ./configure: |
206 | 206 |
|
... | ... |
@@ -21,7 +21,7 @@ TODO for IPv6 payload support |
21 | 21 |
|
22 | 22 |
4.) do "ifconfig tun0 inet6 unplumb" or "ifconfig tun0 destroy" for |
23 | 23 |
Solaris, *BSD, ... at program termination time, to clean up leftovers |
24 |
- (unless tunnel persistance is desired). |
|
24 |
+ (unless tunnel persistence is desired). |
|
25 | 25 |
|
26 | 26 |
For Solaris, only the "ipv6 tun0" is affected, for the *BSDs all tun0 |
27 | 27 |
stay around. |
... | ... |
@@ -47,7 +47,7 @@ tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 |
47 | 47 |
4b.) verify this - on FreeBSD, tun0 is auto-destroyed if created by |
48 | 48 |
opening /dev/tun (and lingers if created by "ifconfig tun0 create") |
49 | 49 |
|
50 |
- -> use for persistant tunnels on not-linux? |
|
50 |
+ -> use for persistent tunnels on not-linux? |
|
51 | 51 |
|
52 | 52 |
* 2012-06-10 tun interface behaviour is documented in "man tun(4)" |
53 | 53 |
|
... | ... |
@@ -201,7 +201,7 @@ TODO for IPv6 transport support |
201 | 201 |
downstream. |
202 | 202 |
- Still done by flags, seems clean enough. |
203 | 203 |
|
204 |
- o implement comparison for mapped addesses: server in dual stack |
|
204 |
+ o implement comparison for mapped addresses: server in dual stack |
|
205 | 205 |
listening IPv6 must permit incoming streams from allowed IPv4 peer, |
206 | 206 |
currently you need to pass eg: --remote ffff::1.2.3.4 |
207 | 207 |
- OpenVPN will compare all address of a remote |
... | ... |
@@ -244,7 +244,7 @@ AC_ARG_ENABLE( |
244 | 244 |
|
245 | 245 |
AC_ARG_ENABLE( |
246 | 246 |
[systemd], |
247 |
- [AS_HELP_STRING([--enable-systemd], [enable systemd suppport @<:@default=no@:>@])], |
|
247 |
+ [AS_HELP_STRING([--enable-systemd], [enable systemd support @<:@default=no@:>@])], |
|
248 | 248 |
, |
249 | 249 |
[enable_systemd="no"] |
250 | 250 |
) |
... | ... |
@@ -113,7 +113,7 @@ case "$1" in |
113 | 113 |
|
114 | 114 |
# From a security perspective, I think it makes |
115 | 115 |
# sense to remove this, and have users who need |
116 |
- # it explictly enable in their --up scripts or |
|
116 |
+ # it explicitly enable in their --up scripts or |
|
117 | 117 |
# firewall setups. |
118 | 118 |
|
119 | 119 |
#echo 1 > /proc/sys/net/ipv4/ip_forward |
... | ... |
@@ -72,7 +72,7 @@ |
72 | 72 |
# - removed sourcing "network" |
73 | 73 |
# - removed network checking. it seemed not to work with SuSE. |
74 | 74 |
# - added sourcing "rc.status", comments and "rc_reset" command |
75 |
-# - removed "succes; echo" and "failure; echo" lines |
|
75 |
+# - removed "success; echo" and "failure; echo" lines |
|
76 | 76 |
# - added "rc_status" lines at the end of each section |
77 | 77 |
# - changed "service" to "/etc/init.d/" in "In addition to start/stop" |
78 | 78 |
# section above. |
... | ... |
@@ -126,7 +126,7 @@ case "$1" in |
126 | 126 |
|
127 | 127 |
# From a security perspective, I think it makes |
128 | 128 |
# sense to remove this, and have users who need |
129 |
- # it explictly enable in their --up scripts or |
|
129 |
+ # it explicitly enable in their --up scripts or |
|
130 | 130 |
# firewall setups. |
131 | 131 |
|
132 | 132 |
#echo 1 > /proc/sys/net/ipv4/ip_forward |
... | ... |
@@ -48,7 +48,7 @@ to application layer using well-defined mechanism. |
48 | 48 |
[DerivedAAABindingKey] [DerivedAAABindingKey] |
49 | 49 |
[AuthenticateBindingKeys] |
50 | 50 |
Client -------> Server |
51 |
- [Confidental channel] |
|
51 |
+ [Confidential channel] |
|
52 | 52 |
|
53 | 53 |
|
54 | 54 |
TLS Message flow for a full handshake |
... | ... |
@@ -696,7 +696,7 @@ are used. |
696 | 696 |
|
697 | 697 |
If the |
698 | 698 |
.B ipv6only |
699 |
-keyword is present OpenVPN will bind only to IPv6 (as oposed |
|
699 |
+keyword is present OpenVPN will bind only to IPv6 (as opposed |
|
700 | 700 |
to IPv6 and IPv4) when a IPv6 socket is opened. |
701 | 701 |
|
702 | 702 |
.\"********************************************************* |
... | ... |
@@ -2221,7 +2221,7 @@ that |
2221 | 2221 |
is parsed on the command line even though |
2222 | 2222 |
the daemonization point occurs later. If one of the |
2223 | 2223 |
.B \-\-log |
2224 |
-options is present, it will supercede syslog |
|
2224 |
+options is present, it will supersede syslog |
|
2225 | 2225 |
redirection. |
2226 | 2226 |
|
2227 | 2227 |
The optional |
... | ... |
@@ -2332,7 +2332,7 @@ If |
2332 | 2332 |
already exists it will be truncated. |
2333 | 2333 |
This option takes effect |
2334 | 2334 |
immediately when it is parsed in the command line |
2335 |
-and will supercede syslog output if |
|
2335 |
+and will supersede syslog output if |
|
2336 | 2336 |
.B \-\-daemon |
2337 | 2337 |
or |
2338 | 2338 |
.B \-\-inetd |
... | ... |
@@ -2817,7 +2817,7 @@ or outside this directory. |
2817 | 2817 |
DEFAULT_DIR is replaced by the default plug\-in directory, |
2818 | 2818 |
which is configured at the build time of OpenVPN. CWD is the |
2819 | 2819 |
current directory where OpenVPN was started or the directory |
2820 |
-OpenVPN have swithed into via the |
|
2820 |
+OpenVPN have switched into via the |
|
2821 | 2821 |
.B \-\-cd |
2822 | 2822 |
option before the |
2823 | 2823 |
.B \-\-plugin |
... | ... |
@@ -3104,7 +3104,7 @@ IV_LZO_STUB=1 \-\- if client was built with LZO stub capability |
3104 | 3104 |
|
3105 | 3105 |
IV_LZ4=1 \-\- if the client supports LZ4 compressions. |
3106 | 3106 |
|
3107 |
-IV_PROTO=2 \-\- if the client supports peer\-id floating mechansim |
|
3107 |
+IV_PROTO=2 \-\- if the client supports peer\-id floating mechanism |
|
3108 | 3108 |
|
3109 | 3109 |
IV_NCP=2 \-\- negotiable ciphers, client supports |
3110 | 3110 |
.B \-\-cipher |
... | ... |
@@ -4934,7 +4934,7 @@ Warning! |
4934 | 4934 |
.B \-\-tls\-cipher |
4935 | 4935 |
and |
4936 | 4936 |
.B \-\-tls\-ciphersuites |
4937 |
-are expert features, which \- if used correcly \- can improve the security of |
|
4937 |
+are expert features, which \- if used correctly \- can improve the security of |
|
4938 | 4938 |
your VPN connection. But it is also easy to unwittingly use them to carefully |
4939 | 4939 |
align a gun with your foot, or just break your connection. Use with care! |
4940 | 4940 |
|
... | ... |
@@ -5415,7 +5415,7 @@ UNIQUE_TOKEN_VALUE. |
5415 | 5415 |
|
5416 | 5416 |
Newer clients (2.4.7+) will fall back to the original password method |
5417 | 5417 |
after a failed auth. Older clients will keep using the token value |
5418 |
-and react acording to |
|
5418 |
+and react according to |
|
5419 | 5419 |
.B \-\-auth-retry |
5420 | 5420 |
. |
5421 | 5421 |
.\"********************************************************* |
... | ... |
@@ -53,7 +53,7 @@ fi[]dnl |
53 | 53 |
# to PKG_CHECK_MODULES(), but does not set variables or print errors. |
54 | 54 |
# |
55 | 55 |
# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) |
56 |
-# only at the first occurence in configure.ac, so if the first place |
|
56 |
+# only at the first occurrence in configure.ac, so if the first place |
|
57 | 57 |
# it's called might be skipped (such as if it is within an "if", you |
58 | 58 |
# have to call PKG_CHECK_EXISTS manually |
59 | 59 |
# -------------------------------------------------------------- |
... | ... |
@@ -90,7 +90,7 @@ cert client.crt |
90 | 90 |
key client.key |
91 | 91 |
|
92 | 92 |
# Verify server certificate by checking that the |
93 |
-# certicate has the correct key usage set. |
|
93 |
+# certificate has the correct key usage set. |
|
94 | 94 |
# This is an important precaution to protect against |
95 | 95 |
# a potential attack discussed here: |
96 | 96 |
# http://openvpn.net/howto.html#mitm |
... | ... |
@@ -19,7 +19,7 @@ crl = $dir/crl.pem # The current CRL |
19 | 19 |
private_key = $dir/ca.key # The private key |
20 | 20 |
RANDFILE = $dir/.rand # private random number file |
21 | 21 |
|
22 |
-x509_extensions = basic_exts # The extentions to add to the cert |
|
22 |
+x509_extensions = basic_exts # The extensions to add to the cert |
|
23 | 23 |
|
24 | 24 |
# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA |
25 | 25 |
# is designed for will. In return, we get the Issuer attached to CRLs. |
... | ... |
@@ -54,7 +54,7 @@ default_bits = 2048 |
54 | 54 |
default_keyfile = privkey.pem |
55 | 55 |
default_md = sha256 |
56 | 56 |
distinguished_name = cn_only |
57 |
-x509_extensions = easyrsa_ca # The extentions to add to the self signed cert |
|
57 |
+x509_extensions = easyrsa_ca # The extensions to add to the self signed cert |
|
58 | 58 |
|
59 | 59 |
# A placeholder to handle the $EXTRA_EXTS feature: |
60 | 60 |
#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it |
... | ... |
@@ -46,7 +46,7 @@ array_mult_safe(const size_t m1, const size_t m2, const size_t extra) |
46 | 46 |
unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra; |
47 | 47 |
if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit)) |
48 | 48 |
{ |
49 |
- msg(M_FATAL, "attemped allocation of excessively large array"); |
|
49 |
+ msg(M_FATAL, "attempted allocation of excessively large array"); |
|
50 | 50 |
} |
51 | 51 |
return (size_t) res; |
52 | 52 |
} |
... | ... |
@@ -33,9 +33,9 @@ |
33 | 33 |
*/ |
34 | 34 |
struct _query_user { |
35 | 35 |
char *prompt; /**< Prompt to present to the user */ |
36 |
- size_t prompt_len; /**< Lenght of the prompt string */ |
|
36 |
+ size_t prompt_len; /**< Length of the prompt string */ |
|
37 | 37 |
char *response; /**< The user's response */ |
38 |
- size_t response_len; /**< Lenght the of the user reposone */ |
|
38 |
+ size_t response_len; /**< Length the of the user response */ |
|
39 | 39 |
bool echo; /**< True: The user should see what is being typed, otherwise mask it */ |
40 | 40 |
}; |
41 | 41 |
|
... | ... |
@@ -55,7 +55,7 @@ void query_user_clear(void); |
55 | 55 |
* @param prompt Prompt to display to the user |
56 | 56 |
* @param prompt_len Length of the prompt string |
57 | 57 |
* @param resp String containing the user response |
58 |
- * @param resp_len Lenght of the response string |
|
58 |
+ * @param resp_len Length of the response string |
|
59 | 59 |
* @param echo Should the user input be echoed to the user? If False, input will be masked |
60 | 60 |
* |
61 | 61 |
*/ |
... | ... |
@@ -299,7 +299,7 @@ int read_key(struct key *key, const struct key_type *kt, struct buffer *buf); |
299 | 299 |
* @param authname The name of the HMAC digest to use |
300 | 300 |
* @param keysize The length of the cipher key to use, in bytes. Only valid |
301 | 301 |
* for ciphers that support variable length keys. |
302 |
- * @param tls_mode Specifies wether we are running in TLS mode, which allows |
|
302 |
+ * @param tls_mode Specifies whether we are running in TLS mode, which allows |
|
303 | 303 |
* more ciphers than static key mode. |
304 | 304 |
* @param warn Print warnings when null cipher / auth is used. |
305 | 305 |
*/ |
... | ... |
@@ -634,7 +634,7 @@ void hmac_ctx_free(hmac_ctx_t *ctx); |
634 | 634 |
* Initialises the given HMAC context, using the given digest |
635 | 635 |
* and key. |
636 | 636 |
* |
637 |
- * @param ctx HMAC context to intialise |
|
637 |
+ * @param ctx HMAC context to initialise |
|
638 | 638 |
* @param key The key to use for the HMAC |
639 | 639 |
* @param key_len The key length to use |
640 | 640 |
* @param kt Static message digest parameters |
... | ... |
@@ -178,7 +178,7 @@ fragment_incoming(struct fragment_master *f, struct buffer *buf, |
178 | 178 |
|
179 | 179 |
if (flags & (FRAG_SEQ_ID_MASK | FRAG_ID_MASK)) |
180 | 180 |
{ |
181 |
- FRAG_ERR("spurrious FRAG_WHOLE flags"); |
|
181 |
+ FRAG_ERR("spurious FRAG_WHOLE flags"); |
|
182 | 182 |
} |
183 | 183 |
} |
184 | 184 |
else if (frag_type == FRAG_YES_NOTLAST || frag_type == FRAG_YES_LAST) |
... | ... |
@@ -1005,7 +1005,7 @@ init_options_dev(struct options *options) |
1005 | 1005 |
{ |
1006 | 1006 |
if (!options->dev && options->dev_node) |
1007 | 1007 |
{ |
1008 |
- char *dev_node = string_alloc(options->dev_node, NULL); /* POSIX basename() implementaions may modify its arguments */ |
|
1008 |
+ char *dev_node = string_alloc(options->dev_node, NULL); /* POSIX basename() implementations may modify its arguments */ |
|
1009 | 1009 |
options->dev = basename(dev_node); |
1010 | 1010 |
} |
1011 | 1011 |
} |
... | ... |
@@ -1134,7 +1134,7 @@ do_persist_tuntap(const struct options *options) |
1134 | 1134 |
"options --mktun and --rmtun are not available on your operating " |
1135 | 1135 |
"system. Please check 'man tun' (or 'tap'), whether your system " |
1136 | 1136 |
"supports using 'ifconfig %s create' / 'destroy' to create/remove " |
1137 |
- "persistant tunnel interfaces.", options->dev ); |
|
1137 |
+ "persistent tunnel interfaces.", options->dev ); |
|
1138 | 1138 |
#endif |
1139 | 1139 |
} |
1140 | 1140 |
return false; |
... | ... |
@@ -2391,7 +2391,7 @@ socket_restart_pause(struct context *c) |
2391 | 2391 |
} |
2392 | 2392 |
c->persist.restart_sleep_seconds = 0; |
2393 | 2393 |
|
2394 |
- /* do managment hold on context restart, i.e. second, third, fourth, etc. initialization */ |
|
2394 |
+ /* do management hold on context restart, i.e. second, third, fourth, etc. initialization */ |
|
2395 | 2395 |
if (do_hold(sec)) |
2396 | 2396 |
{ |
2397 | 2397 |
sec = 0; |
... | ... |
@@ -3066,7 +3066,7 @@ do_init_frame(struct context *c) |
3066 | 3066 |
/* packets with peer-id (P_DATA_V2) need 3 extra bytes in frame (on client) |
3067 | 3067 |
* and need link_mtu+3 bytes on socket reception (on server). |
3068 | 3068 |
* |
3069 |
- * accomodate receive path in f->extra_link, which has the side effect of |
|
3069 |
+ * accommodate receive path in f->extra_link, which has the side effect of |
|
3070 | 3070 |
* also increasing send buffers (BUF_SIZE() macro), which need to be |
3071 | 3071 |
* allocated big enough before receiving peer-id option from server. |
3072 | 3072 |
* |
... | ... |
@@ -3193,7 +3193,7 @@ do_option_warnings(struct context *c) |
3193 | 3193 |
msg(M_WARN, "WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead."); |
3194 | 3194 |
} |
3195 | 3195 |
|
3196 |
- /* If a script is used, print appropiate warnings */ |
|
3196 |
+ /* If a script is used, print appropriate warnings */ |
|
3197 | 3197 |
if (o->user_script_used) |
3198 | 3198 |
{ |
3199 | 3199 |
if (script_security() >= SSEC_SCRIPTS) |
... | ... |
@@ -3562,7 +3562,7 @@ do_close_link_socket(struct context *c) |
3562 | 3562 |
} |
3563 | 3563 |
|
3564 | 3564 |
/* |
3565 |
- * Close packet-id persistance file |
|
3565 |
+ * Close packet-id persistence file |
|
3566 | 3566 |
*/ |
3567 | 3567 |
static void |
3568 | 3568 |
do_close_packet_id(struct context *c) |
... | ... |
@@ -3657,7 +3657,7 @@ do_close_status_output(struct context *c) |
3657 | 3657 |
} |
3658 | 3658 |
|
3659 | 3659 |
/* |
3660 |
- * Handle ifconfig-pool persistance object. |
|
3660 |
+ * Handle ifconfig-pool persistence object. |
|
3661 | 3661 |
*/ |
3662 | 3662 |
static void |
3663 | 3663 |
do_open_ifconfig_pool_persist(struct context *c) |
... | ... |
@@ -4269,7 +4269,7 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f |
4269 | 4269 |
do_init_traffic_shaper(c); |
4270 | 4270 |
} |
4271 | 4271 |
|
4272 |
- /* do one-time inits, and possibily become a daemon here */ |
|
4272 |
+ /* do one-time inits, and possibly become a daemon here */ |
|
4273 | 4273 |
do_init_first_time(c); |
4274 | 4274 |
|
4275 | 4275 |
#ifdef ENABLE_PLUGIN |
... | ... |
@@ -4399,7 +4399,7 @@ close_instance(struct context *c) |
4399 | 4399 |
do_close_plugins(c); |
4400 | 4400 |
#endif |
4401 | 4401 |
|
4402 |
- /* close packet-id persistance file */ |
|
4402 |
+ /* close packet-id persistence file */ |
|
4403 | 4403 |
do_close_packet_id(c); |
4404 | 4404 |
|
4405 | 4405 |
/* close --status file */ |
... | ... |
@@ -110,7 +110,7 @@ mss_fixup_ipv6(struct buffer *buf, int maxmss) |
110 | 110 |
* before the final header (TCP, UDP, ...), so we'd need to walk that |
111 | 111 |
* chain (see RFC 2460 and RFC 6564 for details). |
112 | 112 |
* |
113 |
- * In practice, "most typically used" extention headers (AH, routing, |
|
113 |
+ * In practice, "most typically used" extension headers (AH, routing, |
|
114 | 114 |
* fragment, mobility) are very unlikely to be seen inside an OpenVPN |
115 | 115 |
* tun, so for now, we only handle the case of "single next header = TCP" |
116 | 116 |
*/ |
... | ... |
@@ -451,7 +451,7 @@ static const char usage_message[] = |
451 | 451 |
" user/pass via environment, if method='via-file', pass\n" |
452 | 452 |
" user/pass via temporary file.\n" |
453 | 453 |
"--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n" |
454 |
- " to each client, replacing the password. Usefull when\n" |
|
454 |
+ " to each client, replacing the password. Useful when\n" |
|
455 | 455 |
" OTP based two-factor auth mechanisms are in use and\n" |
456 | 456 |
" --reneg-* options are enabled. Optionally a lifetime in seconds\n" |
457 | 457 |
" for generated tokens can be set.\n" |
... | ... |
@@ -675,7 +675,7 @@ static const char usage_message[] = |
675 | 675 |
"--pkcs11-protected-authentication [0|1] ... : Use PKCS#11 protected authentication\n" |
676 | 676 |
" path. Set for each provider.\n" |
677 | 677 |
"--pkcs11-private-mode hex ... : PKCS#11 private key mode mask.\n" |
678 |
- " 0 : Try to determind automatically (default).\n" |
|
678 |
+ " 0 : Try to determine automatically (default).\n" |
|
679 | 679 |
" 1 : Use Sign.\n" |
680 | 680 |
" 2 : Use SignRecover.\n" |
681 | 681 |
" 4 : Use Decrypt.\n" |
... | ... |
@@ -898,7 +898,7 @@ init_options(struct options *o, const bool init_gc) |
898 | 898 |
|
899 | 899 |
/* Set default --tmp-dir */ |
900 | 900 |
#ifdef _WIN32 |
901 |
- /* On Windows, find temp dir via enviroment variables */ |
|
901 |
+ /* On Windows, find temp dir via environment variables */ |
|
902 | 902 |
o->tmp_dir = win_get_tempdir(); |
903 | 903 |
#else |
904 | 904 |
/* Non-windows platforms use $TMPDIR, and if not set, default to '/tmp' */ |
... | ... |
@@ -3084,8 +3084,8 @@ options_postprocess_mutate(struct options *o) |
3084 | 3084 |
*/ |
3085 | 3085 |
#ifndef ENABLE_SMALL /** Expect people using the stripped down version to know what they do */ |
3086 | 3086 |
|
3087 |
-#define CHKACC_FILE (1<<0) /** Check for a file/directory precense */ |
|
3088 |
-#define CHKACC_DIRPATH (1<<1) /** Check for directory precense where a file should reside */ |
|
3087 |
+#define CHKACC_FILE (1<<0) /** Check for a file/directory presence */ |
|
3088 |
+#define CHKACC_DIRPATH (1<<1) /** Check for directory presence where a file should reside */ |
|
3089 | 3089 |
#define CHKACC_FILEXSTWR (1<<2) /** If file exists, is it writable? */ |
3090 | 3090 |
#define CHKACC_INLINE (1<<3) /** File is present if it's an inline file */ |
3091 | 3091 |
#define CHKACC_ACPTSTDIN (1<<4) /** If filename is stdin, it's allowed and "exists" */ |
... | ... |
@@ -3119,7 +3119,7 @@ check_file_access(const int type, const char *file, const int mode, const char * |
3119 | 3119 |
/* Is the directory path leading to the given file accessible? */ |
3120 | 3120 |
if (type & CHKACC_DIRPATH) |
3121 | 3121 |
{ |
3122 |
- char *fullpath = string_alloc(file, NULL); /* POSIX dirname() implementaion may modify its arguments */ |
|
3122 |
+ char *fullpath = string_alloc(file, NULL); /* POSIX dirname() implementation may modify its arguments */ |
|
3123 | 3123 |
char *dirpath = dirname(fullpath); |
3124 | 3124 |
|
3125 | 3125 |
if (platform_access(dirpath, mode|X_OK) != 0) |
... | ... |
@@ -3169,7 +3169,7 @@ check_file_access(const int type, const char *file, const int mode, const char * |
3169 | 3169 |
msg(M_NOPREFIX | M_OPTERR | M_ERRNO, "%s fails with '%s'", opt, file); |
3170 | 3170 |
} |
3171 | 3171 |
|
3172 |
- /* Return true if an error occured */ |
|
3172 |
+ /* Return true if an error occurred */ |
|
3173 | 3173 |
return (errcode != 0 ? true : false); |
3174 | 3174 |
} |
3175 | 3175 |
|
... | ... |
@@ -258,7 +258,7 @@ bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_for |
258 | 258 |
* @param p Packet ID state. |
259 | 259 |
* @param buf Buffer to write the packet ID too |
260 | 260 |
* @param long_form If true, also update and write time_t to buf |
261 |
- * @param prepend If true, prepend to buffer, otherwise apppend. |
|
261 |
+ * @param prepend If true, prepend to buffer, otherwise append. |
|
262 | 262 |
* |
263 | 263 |
* @return true if successful, false otherwise. |
264 | 264 |
*/ |
... | ... |
@@ -1820,7 +1820,7 @@ route_ipv6_clear_host_bits( struct route_ipv6 *r6 ) |
1820 | 1820 |
{ |
1821 | 1821 |
/* clear host bit parts of route |
1822 | 1822 |
* (needed if routes are specified improperly, or if we need to |
1823 |
- * explicitely setup/clear the "connected" network routes on some OSes) |
|
1823 |
+ * explicitly setup/clear the "connected" network routes on some OSes) |
|
1824 | 1824 |
*/ |
1825 | 1825 |
int byte = 15; |
1826 | 1826 |
int bits_to_clear = 128 - r6->netbits; |
... | ... |
@@ -113,7 +113,7 @@ openvpn_execve_allowed(const unsigned int flags) |
113 | 113 |
/* |
114 | 114 |
* Run execve() inside a fork(). Designed to replicate the semantics of system() but |
115 | 115 |
* in a safer way that doesn't require the invocation of a shell or the risks |
116 |
- * assocated with formatting and parsing a command line. |
|
116 |
+ * associated with formatting and parsing a command line. |
|
117 | 117 |
*/ |
118 | 118 |
int |
119 | 119 |
openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags) |
... | ... |
@@ -199,7 +199,7 @@ openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsig |
199 | 199 |
/* |
200 | 200 |
* Run execve() inside a fork(), duping stdout. Designed to replicate the semantics of popen() but |
201 | 201 |
* in a safer way that doesn't require the invocation of a shell or the risks |
202 |
- * assocated with formatting and parsing a command line. |
|
202 |
+ * associated with formatting and parsing a command line. |
|
203 | 203 |
*/ |
204 | 204 |
int |
205 | 205 |
openvpn_popen(const struct argv *a, const struct env_set *es) |
... | ... |
@@ -992,7 +992,7 @@ link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf) |
992 | 992 |
} |
993 | 993 |
|
994 | 994 |
/* |
995 |
- * SOCKET INITALIZATION CODE. |
|
995 |
+ * SOCKET INITIALIZATION CODE. |
|
996 | 996 |
* Create a TCP/UDP socket |
997 | 997 |
*/ |
998 | 998 |
|
... | ... |
@@ -2535,7 +2535,7 @@ link_socket_current_remote(const struct link_socket_info *info) |
2535 | 2535 |
* by now just ignore it |
2536 | 2536 |
* |
2537 | 2537 |
* For --remote entries with multiple addresses this |
2538 |
- * only return the actual endpoint we have sucessfully connected to |
|
2538 |
+ * only return the actual endpoint we have successfully connected to |
|
2539 | 2539 |
*/ |
2540 | 2540 |
if (lsa->actual.dest.addr.sa.sa_family != AF_INET) |
2541 | 2541 |
{ |
... | ... |
@@ -2566,7 +2566,7 @@ link_socket_current_remote_ipv6(const struct link_socket_info *info) |
2566 | 2566 |
* for PF_INET6 routes over PF_INET6 endpoints |
2567 | 2567 |
* |
2568 | 2568 |
* For --remote entries with multiple addresses this |
2569 |
- * only return the actual endpoint we have sucessfully connected to |
|
2569 |
+ * only return the actual endpoint we have successfully connected to |
|
2570 | 2570 |
*/ |
2571 | 2571 |
if (lsa->actual.dest.addr.sa.sa_family != AF_INET6) |
2572 | 2572 |
{ |
... | ... |
@@ -3279,7 +3279,7 @@ addr_family_name(int af) |
3279 | 3279 |
* |
3280 | 3280 |
* IPv6 and IPv4 protocols are comptabile but OpenVPN |
3281 | 3281 |
* has always sent UDPv4, TCPv4 over the wire. Keep these |
3282 |
- * strings for backward compatbility |
|
3282 |
+ * strings for backward compatibility |
|
3283 | 3283 |
*/ |
3284 | 3284 |
const char * |
3285 | 3285 |
proto_remote(int proto, bool remote) |
... | ... |
@@ -3364,7 +3364,7 @@ link_socket_read_tcp(struct link_socket *sock, |
3364 | 3364 |
|
3365 | 3365 |
#if ENABLE_IP_PKTINFO |
3366 | 3366 |
|
3367 |
-/* make the buffer large enough to handle ancilliary socket data for |
|
3367 |
+/* make the buffer large enough to handle ancillary socket data for |
|
3368 | 3368 |
* both IPv4 and IPv6 destination addresses, plus padding (see RFC 2292) |
3369 | 3369 |
*/ |
3370 | 3370 |
#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) |
... | ... |
@@ -3879,7 +3879,7 @@ socket_finalize(SOCKET s, |
3879 | 3879 |
if (ret >= 0 && io->addr_defined) |
3880 | 3880 |
{ |
3881 | 3881 |
/* TODO(jjo): streamline this mess */ |
3882 |
- /* in this func we dont have relevant info about the PF_ of this |
|
3882 |
+ /* in this func we don't have relevant info about the PF_ of this |
|
3883 | 3883 |
* endpoint, as link_socket_actual will be zero for the 1st received packet |
3884 | 3884 |
* |
3885 | 3885 |
* Test for inets PF_ possible sizes |
... | ... |
@@ -2308,7 +2308,7 @@ push_peer_info(struct buffer *buf, struct tls_session *session) |
2308 | 2308 |
/* support for P_DATA_V2 */ |
2309 | 2309 |
buf_printf(&out, "IV_PROTO=2\n"); |
2310 | 2310 |
|
2311 |
- /* support for Negotiable Crypto Paramters */ |
|
2311 |
+ /* support for Negotiable Crypto Parameters */ |
|
2312 | 2312 |
if (session->opt->ncp_enabled |
2313 | 2313 |
&& (session->opt->mode == MODE_SERVER || session->opt->pull)) |
2314 | 2314 |
{ |
... | ... |
@@ -176,7 +176,7 @@ void x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *cert); |
176 | 176 |
* |
177 | 177 |
* The tracked attributes are stored in ll_head. |
178 | 178 |
* |
179 |
- * @param ll_head The x509_track to store tracked atttributes in |
|
179 |
+ * @param ll_head The x509_track to store tracked attributes in |
|
180 | 180 |
* @param name Name of the attribute to track |
181 | 181 |
* @param msglevel Message level for errors |
182 | 182 |
* @param gc Garbage collection arena for temp data |
... | ... |
@@ -958,7 +958,7 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, |
958 | 958 |
|
959 | 959 |
#if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ |
960 | 960 |
|| defined(TARGET_DARWIN) |
961 |
- /* and, hooray, we explicitely need to add a route... */ |
|
961 |
+ /* and, hooray, we explicitly need to add a route... */ |
|
962 | 962 |
add_route_connected_v6_net(tt, es); |
963 | 963 |
#endif |
964 | 964 |
#elif defined(TARGET_AIX) |
... | ... |
@@ -1894,7 +1894,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun |
1894 | 1894 |
ASSERT(0); |
1895 | 1895 |
} |
1896 | 1896 |
|
1897 |
-#endif /* !PENDANTIC */ |
|
1897 |
+#endif /* !PEDANTIC */ |
|
1898 | 1898 |
|
1899 | 1899 |
#ifdef ENABLE_FEATURE_TUN_PERSIST |
1900 | 1900 |
|
... | ... |
@@ -2510,7 +2510,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun |
2510 | 2510 |
|
2511 | 2511 |
/* the current way OpenVPN handles tun devices on NetBSD leads to |
2512 | 2512 |
* lingering tunX interfaces after close -> for a full cleanup, they |
2513 |
- * need to be explicitely destroyed |
|
2513 |
+ * need to be explicitly destroyed |
|
2514 | 2514 |
*/ |
2515 | 2515 |
void |
2516 | 2516 |
close_tun(struct tuntap *tt) |
... | ... |
@@ -2937,7 +2937,7 @@ open_darwin_utun(const char *dev, const char *dev_type, const char *dev_node, st |
2937 | 2937 |
{ |
2938 | 2938 |
fd = utun_open_helper(ctlInfo, utunnum); |
2939 | 2939 |
/* Break if the fd is valid, |
2940 |
- * or if early initalization failed (-2) */ |
|
2940 |
+ * or if early initialization failed (-2) */ |
|
2941 | 2941 |
if (fd !=-1) |
2942 | 2942 |
{ |
2943 | 2943 |
break; |
... | ... |
@@ -390,7 +390,7 @@ struct msica_session |
390 | 390 |
/** |
391 | 391 |
* Initializes execution session |
392 | 392 |
* |
393 |
- * @param session Pointer to an unitialized execution session |
|
393 |
+ * @param session Pointer to an uninitialized execution session |
|
394 | 394 |
* |
395 | 395 |
* @param hInstall Installer handle |
396 | 396 |
* |
... | ... |
@@ -7,7 +7,7 @@ authentication via PAM, and essentially allows any authentication |
7 | 7 |
method supported by PAM (such as LDAP, RADIUS, or Linux Shadow |
8 | 8 |
passwords) to be used with OpenVPN. While PAM supports |
9 | 9 |
username/password authentication, this can be combined with X509 |
10 |
-certificates to provide two indepedent levels of authentication. |
|
10 |
+certificates to provide two independent levels of authentication. |
|
11 | 11 |
|
12 | 12 |
This module uses a split privilege execution model which will |
13 | 13 |
function even if you drop openvpn daemon privileges using the user, |
... | ... |
@@ -65,7 +65,7 @@ the operation of this plugin: |
65 | 65 |
static-challenge |
66 | 66 |
|
67 | 67 |
Use of --static challenege is required to pass a pin (represented by "OTP" in |
68 |
-parameter substituion) or a second password. |
|
68 |
+parameter substitution) or a second password. |
|
69 | 69 |
|
70 | 70 |
Run OpenVPN with --verb 7 or higher to get debugging output from |
71 | 71 |
this plugin, including the list of queries presented by the |
... | ... |
@@ -25,7 +25,7 @@ |
25 | 25 |
#define _PLUGIN_AUTH_PAM_UTILS__H |
26 | 26 |
|
27 | 27 |
/** |
28 |
- * Read 'tosearch', replace all occurences of 'searchfor' with 'replacewith' and return |
|
28 |
+ * Read 'tosearch', replace all occurrences of 'searchfor' with 'replacewith' and return |
|
29 | 29 |
* a pointer to the NEW string. Does not modify the input strings. Will not enter an |
30 | 30 |
* infinite loop with clever 'searchfor' and 'replacewith' strings. |
31 | 31 |
* |
... | ... |
@@ -35,7 +35,7 @@ |
35 | 35 |
* @param searchfor needle to search for in the haystack |
36 | 36 |
* @param replacewith when a match is found, replace needle with this string |
37 | 37 |
* |
38 |
- * @return Retuns NULL when any parameter is NULL or the worst-case result is to large ( >= SIZE_MAX). |
|
38 |
+ * @return Returns NULL when any parameter is NULL or the worst-case result is to large ( >= SIZE_MAX). |
|
39 | 39 |
* Otherwise it returns a pointer to a new buffer containing the modified input |
40 | 40 |
*/ |
41 | 41 |
char * |
... | ... |
@@ -48,7 +48,7 @@ searchandreplace(const char *tosearch, const char *searchfor, const char *replac |
48 | 48 |
* @param name Environment variable to look up |
49 | 49 |
* @param envp Environment variable table with all key/value pairs |
50 | 50 |
* |
51 |
- * @return Returns a pointer to the value of the enviroment variable if found, otherwise NULL is returned. |
|
51 |
+ * @return Returns a pointer to the value of the environment variable if found, otherwise NULL is returned. |
|
52 | 52 |
*/ |
53 | 53 |
const char * |
54 | 54 |
get_env(const char *name, const char *envp[]); |
... | ... |
@@ -322,7 +322,7 @@ get_net_interface_guid( |
322 | 322 |
* property that is being retrieved. This is one of the standard |
323 | 323 |
* registry data types. This parameter is optional and can be NULL. |
324 | 324 |
* |
325 |
- * @param ppData A pointer to pointer to data that receives the device propery. The |
|
325 |
+ * @param ppData A pointer to pointer to data that receives the device property. The |
|
326 | 326 |
* data must be released with free() after use. |
327 | 327 |
* |
328 | 328 |
* @return ERROR_SUCCESS on success; Win32 error code otherwise |
... | ... |
@@ -417,7 +417,7 @@ done |
417 | 417 |
|
418 | 418 |
if [ -z "$SUMMARY_OK" ] ; then SUMMARY_OK=" none"; fi |
419 | 419 |
if [ -z "$SUMMARY_FAIL" ] ; then SUMMARY_FAIL=" none"; fi |
420 |
-echo "Test sets succeded:$SUMMARY_OK." |
|
420 |
+echo "Test sets succeeded:$SUMMARY_OK." |
|
421 | 421 |
echo "Test sets failed:$SUMMARY_FAIL." |
422 | 422 |
|
423 | 423 |
# remove trap handler |
... | ... |
@@ -328,7 +328,7 @@ test_tls_crypt_v2_setup(void **state) { |
328 | 328 |
|
329 | 329 |
ctx->gc = gc_new(); |
330 | 330 |
|
331 |
- /* Sligthly longer buffers to be able to test too-long data */ |
|
331 |
+ /* Slightly longer buffers to be able to test too-long data */ |
|
332 | 332 |
ctx->metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN+16, &ctx->gc); |
333 | 333 |
ctx->unwrapped_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN+16, |
334 | 334 |
&ctx->gc); |