@@ -39,230 +39,95 @@ jobs:

     strategy:

       fail-fast: false

       matrix:

-        osslver: [1.1.1q, 3.0.5]

-        target: [mingw64, mingw]

-        include:

-          - target: mingw64

-            chost: x86_64-w64-mingw32

-          - target: mingw

-            chost: i686-w64-mingw32

+        arch: [x86, x64]

-    name: "gcc-mingw - ${{matrix.target}} - OSSL ${{ matrix.osslver }}"

+    name: "gcc-mingw - ${{ matrix.arch }} - OSSL"

     runs-on: ubuntu-22.04

     env:

-      MAKEFLAGS: -j3

-      LZO_VERSION: "2.10"

-      PKCS11_HELPER_VERSION: "1.29.0"

-      OPENSSL_VERSION: "${{ matrix.osslver }}"

-      TAP_WINDOWS_VERSION: "9.23.3"

-      CMOCKA_VERSION: "1.1.5"

+      VCPKG_ROOT: ${{ github.workspace }}/vcpkg

     steps:

       - name: Install dependencies

-        run: sudo apt update && sudo apt install -y mingw-w64 libtool automake autoconf man2html unzip cmake ninja-build build-essential wget

+        run: sudo apt update && sudo apt install -y mingw-w64 unzip cmake ninja-build build-essential wget python3-docutils man2html-base

       - name: Checkout OpenVPN

         uses: actions/checkout@v3

-        with:

-          path: openvpn

-      - name: autoconf

-        run: autoreconf -fvi

-        working-directory: openvpn

-

-      - name: Cache dependencies

-        id: cache

-        uses: actions/cache@v3

+      - name: Restore from cache and install vcpkg

+        uses: lukka/run-vcpkg@v10

         with:

-          path: '~/mingw/'

-          key: ${{ matrix.target }}-mingw-${{ matrix.osslver }}-${{ env.LZO_VERSION }}-${{ env.PKCS11_HELPER_VERSION }}-${{ env.TAP_WINDOWS_VERSION }}--${{ env.CMOCKA_VERSION }}

-

-      # Repeating  if: steps.cache.outputs.cache-hit != 'true'

-      # on every step for building dependencies is ugly but

-      # I haven't found a better solution so far.

-

-      - name: Download mingw dependencies

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: |

-          wget -c -P download-cache/ "https://build.openvpn.net/downloads/releases/tap-windows-${TAP_WINDOWS_VERSION}.zip"

-          wget -c -P download-cache/ "https://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz"

-          wget -c -P download-cache/ "https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2"

-          wget -c -P download-cache/ "https://github.com/coreboot/cmocka/archive/refs/tags/cmocka-${CMOCKA_VERSION}.tar.gz"

-          tar jxf "download-cache/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2"

-          wget -c -P download-cache/ "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz" || wget -c -P download-cache/ "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz"

-          tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz"

-          tar zxf "download-cache/lzo-${LZO_VERSION}.tar.gz"

-          tar zxf "download-cache/cmocka-${CMOCKA_VERSION}.tar.gz"

-          unzip download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip

-

-      - name: create cmocka build directory

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: mkdir cmocka-build

-

-      - name: configure cmocka

-        if: steps.cache.outputs.cache-hit != 'true'

-        working-directory: "./cmocka-build"

-        run: cmake -GNinja -DCMAKE_C_COMPILER=${{ matrix.chost }}-gcc -DCMAKE_CXX_COMPILER=${{ matrix.chost }}-g++ -DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SHARED_LINKER_FLAGS=-static-libgcc -DCMAKE_PREFIX_PATH=${HOME}/mingw/opt/lib/pkgconfig/ -DCMAKE_INCLUDE_PATH=${HOME}/mingw/opt/lib/include -DCMAKE_LIBRARY_PATH=${HOME}/mingw/opt/lib -DCMAKE_INSTALL_PREFIX=${HOME}/mingw/opt/ ../cmocka-cmocka-${{ env.CMOCKA_VERSION }}

-

-      - name: build cmocka

-        if: steps.cache.outputs.cache-hit != 'true'

-        working-directory: "./cmocka-build"

-        run: ninja

-

-      - name: install cmocka

-        if: steps.cache.outputs.cache-hit != 'true'

-        working-directory: "./cmocka-build"

-        run: ninja install

-

-      - name: Configure OpenSSL

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: ./Configure --cross-compile-prefix=${{ matrix.chost }}- shared ${{ matrix.target }} no-capieng --prefix="${HOME}/mingw/opt" --openssldir="${HOME}/mingw/opt" -static-libgcc

-        working-directory: "./openssl-${{ env.OPENSSL_VERSION }}"

-

-      - name: Build OpenSSL

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: make

-        working-directory: "./openssl-${{ env.OPENSSL_VERSION }}"

-

-      # OpenSSL 3.0.5 installs itself into mingw/opt/lib64 instead of

-      # mingw/opt/lib, so we include both dirs in the following steps

-      # (pkcs11-helper and OpenVPN) so the libraries will be found

-      - name: Install OpenSSL

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: make install

-        working-directory: "./openssl-${{ env.OPENSSL_VERSION }}"

-

-      - name: autoreconf pkcs11-helper

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: autoreconf -iv

-        working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}"

-

-      - name: configure pkcs11-helper

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: OPENSSL_LIBS="-L${HOME}/mingw/opt/lib -L${HOME}/mingw/opt/lib64 -lssl -lcrypto" OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PKG_CONFIG_PATH=${HOME}/mingw/opt/lib/pkgconfig ./configure --host=${{ matrix.chost }} --program-prefix='' --libdir=${HOME}/mingw/opt/lib --prefix=${HOME}/mingw/opt --build=x86_64-pc-linux-gnu --disable-crypto-engine-gnutls --disable-crypto-engine-nss --disable-crypto-engine-polarssl --disable-crypto-engine-mbedtls

-        working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}"

-

-      - name: build pkcs11-helper

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: make all

-        working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}"

-

-      - name: install pkcs11-helper

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: make install

-        working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}"

-

-      - name: Configure lzo

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: ./configure --host=${{ matrix.chost }} --program-prefix='' --libdir=${HOME}/mingw/opt/lib --prefix=${HOME}/mingw/opt --build=x86_64-pc-linux-gnu

-        working-directory: "./lzo-${{ env.LZO_VERSION }}"

-

-      - name: build lzo

-        if: steps.cache.outputs.cache-hit != 'true'

-        working-directory: "./lzo-${{ env.LZO_VERSION }}"

-        run: make

-

-      - name: install lzo

-        if: steps.cache.outputs.cache-hit != 'true'

-        working-directory: "./lzo-${{ env.LZO_VERSION }}"

-        run: make install

-

-      - name: copy tap-windows.h header

-        if: steps.cache.outputs.cache-hit != 'true'

-        run: cp ./tap-windows-${TAP_WINDOWS_VERSION}/include/tap-windows.h ${HOME}/mingw/opt/include/

-

-      - name: configure OpenVPN

-        run: PKG_CONFIG_PATH=${HOME}/mingw/opt/lib/pkgconfig LDFLAGS=-L$HOME/mingw/opt/lib CFLAGS=-I$HOME/mingw/opt/include OPENSSL_LIBS="-L${HOME}/opt/lib -L$HOME/mingw/opt/lib64 -lssl -lcrypto" OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PREFIX=$HOME/mingw/opt LZO_CFLAGS=-I$HOME/mingw/opt/include LZO_LIBS="-L${HOME}/mingw/opt/lib -llzo2" ./configure  --host=${{ matrix.chost }} --disable-lz4

-        working-directory: openvpn

-

-      - name: build OpenVPN

-        run: make -j3

-        working-directory: openvpn

-      - name: build OpenVPN unittests

-        run: make -j3 check

-        working-directory: openvpn

+          vcpkgGitCommitId: 'd10d511f25620ca0f315cd83dcef6485efc63010'

+          vcpkgJsonGlob: '**/mingw/vcpkg.json'

+          appendedCacheKey: mingw_${{ matrix.arch }}

-      # We use multiple upload-artifact here, so it becomes a flat folder

-      # structure since we need the dlls on the same level as the binaries

-      - name: Archive cmocka/openssl/lzo dlls

-        uses: actions/upload-artifact@v3

+      - name: Run CMake with vcpkg.json manifest

+        uses: lukka/run-cmake@v10

         with:

-          retention-days: 1

-          name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-dlls

-          path: '~/mingw/opt/bin/*.dll'

-

-      # libtool puts some wrapper binaries in openvpn/tests/unit_tests/openvpn/

-      # and the real binaries in openvpn/tests/unit_tests/openvpn/.libs/

-      - name: Archive unittest artifacts

-        uses: actions/upload-artifact@v3

+          configurePreset: mingw-${{ matrix.arch }}

+          buildPreset: mingw-${{ matrix.arch }}

+          buildPresetAdditionalArgs: "['--config Debug']"

+

+      - uses: actions/upload-artifact@v3

         with:

-          retention-days: 1

-          name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-tests

-          path: openvpn/tests/unit_tests/openvpn/.libs/*.exe

-

-      # Currently not used by the unit test but might in the future and also

-      # helpful if manually downloading and running openvpn.exe from a mingw

-      # build

-      - name: Archive openvpn binary

-        uses: actions/upload-artifact@v3

+          name: openvpn-mingw-${{ matrix.arch }}

+          path: |

+            ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.exe

+            ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll

+            !${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe

+

+      - uses: actions/upload-artifact@v3

         with:

-          retention-days: 1

-          name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-tests

-          path: openvpn/src/openvpn/.libs/*.exe

+          name: openvpn-mingw-${{ matrix.arch }}-tests

+          path: |

+            ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe

+            ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll

   mingw-unittest:

     needs: [ mingw ]

     strategy:

       fail-fast: false

       matrix:

-        osslver: [ 1.1.1q, 3.0.5 ]

-        target: [ mingw64, mingw ]

+        arch: [x86, x64]

     runs-on: windows-latest

-    name: "mingw unittests - ${{matrix.target}} - OSSL ${{ matrix.osslver }}"

+    name: "mingw unittests - ${{ matrix.arch }} - OSSL"

     steps:

-      - name: Retrieve mingw unittest dlls

-        uses: actions/download-artifact@v3

-        with:

-          name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-dlls

-          path: unittests

-

       - name: Retrieve mingw unittest

         uses: actions/download-artifact@v3

         with:

-          name: mingw-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-tests

+          name: openvpn-mingw-${{ matrix.arch }}-tests

           path: unittests

       - name: List unittests directory

         run: "dir unittests"

-      - name: Run argvunit test

-        run: ./unittests/argv_testdriver.exe

+      - name: Run argv unit test

+        run: ./unittests/test_argv.exe

-      - name: Run auth_tokenunit test

-        run: ./unittests/auth_token_testdriver.exe

+      - name: Run auth_token unit test

+        run: ./unittests/test_auth_token.exe

-      - name: Run bufferunit test

-        run: ./unittests/buffer_testdriver.exe

+      - name: Run buffer unit test

+        run: ./unittests/test_buffer.exe

       - name: Run cryptoapi unit test

-        run: ./unittests/cryptoapi_testdriver.exe

+        run: ./unittests/test_cryptoapi.exe

-      - name: Run cryptounit test

-        run: ./unittests/crypto_testdriver.exe

+      - name: Run crypto unit test

+        run: ./unittests/test_crypto.exe

-      - name: Run miscunit test

-        run: ./unittests/misc_testdriver.exe

+      - name: Run misc unit test

+        run: ./unittests/test_misc.exe

-      - name: Run ncpunit test

-        run: ./unittests/ncp_testdriver.exe

+      - name: Run ncp unit test

+        run: ./unittests/test_ncp.exe

-      - name: Run packet idunit test

-        run: ./unittests/packet_id_testdriver.exe

+      - name: Run packet id unit test

+        run: ./unittests/test_packet_id.exe

-      - name: Run pktunit test

-        run: ./unittests/pkt_testdriver.exe

+      - name: Run pkt unit test

+        run: ./unittests/test_pkt.exe

-      - name: Run providerunit test

-        run: ./unittests/provider_testdriver.exe

+      - name: Run provider unit test

+        run: ./unittests/test_provider.exe

   ubuntu:

     strategy:

@@ -411,60 +276,51 @@ jobs:

       strategy:

         fail-fast: false

         matrix:

-          plat: [ARM64, Win32, x64]

-          include:

-            - plat: ARM64

-              triplet: arm64

-            - plat: Win32

-              triplet: x86

-            - plat: x64

-              triplet: x64

-

-      name: "msbuild - ${{matrix.triplet}} - openssl"

+          arch: [amd64, x86, arm64]

+

+      name: "msbuild - ${{ matrix.arch }} - openssl"

       env:

         BUILD_CONFIGURATION: Release

-        VCPKG_OVERLAY_PORTS: ${{ github.workspace }}/contrib/vcpkg-ports

-        VCPKG_OVERLAY_TRIPLETS: ${{ github.workspace }}/contrib/vcpkg-triplets

       runs-on: windows-latest

       steps:

       - uses: actions/checkout@v3

-

-      - name: Add MSBuild to PATH

-        uses: microsoft/setup-msbuild@v1.1

-

-      - name: Set up Python

-        uses: actions/setup-python@v4

-        with:

-          python-version: '3.x'

+      - uses: lukka/get-cmake@latest

       - name: Install rst2html

-        run: python -m pip install --upgrade pip rst2html

+        run: python -m pip install --upgrade pip docutils

       - name: Restore artifacts, or setup vcpkg (do not install any package)

         uses: lukka/run-vcpkg@v10

         with:

           vcpkgGitCommitId: 'd10d511f25620ca0f315cd83dcef6485efc63010'

-          vcpkgJsonGlob: '**/openvpn/vcpkg.json'

-          appendedCacheKey: '${{matrix.triplet}}'

+          vcpkgJsonGlob: '**/windows/vcpkg.json'

+          appendedCacheKey: msvc_${{ matrix.arch }}

-      - name: Run MSBuild consuming vcpkg.json

-        working-directory: ${{env.GITHUB_WORKSPACE}}

-        run: |

-            # workaround for GHA runner bug where vcpkg installation is detected at c:\vcpkg

-            # see https://github.com/lukka/run-vcpkg/issues/170

-            ${{ github.workspace }}/vcpkg/vcpkg.exe integrate install

-            msbuild /m /p:Configuration=${{env.BUILD_CONFIGURATION}} /p:Platform="${{ matrix.plat }}" .

+      - name: Run CMake with vcpkg.json manifest (NO TESTS)

+        uses: lukka/run-cmake@v10

+        if: ${{ matrix.arch == 'arm64' }}

+        with:

+          configurePreset: win-${{ matrix.arch }}-release

+          buildPreset: win-${{ matrix.arch }}-release

+

+      - name: Run CMake with vcpkg.json manifest

+        uses: lukka/run-cmake@v10

+        if: ${{ matrix.arch != 'arm64' }}

+        with:

+          configurePreset: win-${{ matrix.arch }}-release

+          buildPreset: win-${{ matrix.arch }}-release

+          testPreset: win-${{ matrix.arch }}-release

-      - name: Archive artifacts

-        uses: actions/upload-artifact@v3

+      - uses: actions/upload-artifact@v3

         with:

-          name: artifacts-${{ matrix.plat }}

+          name: openvpn-msvc-${{ matrix.arch }}

           path: |

-            ${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.exe

-            ${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.dll

-            ${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.pdb

-            doc/openvpn.8.html

+            ${{ github.workspace }}/out/**/*.exe

+            ${{ github.workspace }}/out/**/*.dll

+            !${{ github.workspace }}/out/**/test_*.exe

+            !${{ github.workspace }}/out/**/CMakeFiles/**

+            !${{ github.workspace }}/out/**/vcpkg_installed/**

   trigger_openvpn_build:

     runs-on: windows-latest

@@ -17,6 +17,7 @@

 Release

 Debug

 Win32-Output

+out

 .vs

 .deps

 .libs

@@ -1,4 +1,5 @@

-  cmake_minimum_required(VERSION 3.3)

+cmake_minimum_required(VERSION 3.12)

+set(CMAKE_CONFIGURATION_TYPES "Release;Debug;ASAN")

 project(openvpn)

 # This CMake file implements building OpenVPN with CMAKE

@@ -11,10 +12,6 @@ project(openvpn)

 # and OpenSSL having version 1.1.1+ and generally does not offer the same

 # configurability like autoconf

-# -DCMAKE_TOOLCHAIN_FILE=C:/Users/User/source/repos/vcpkg/scripts/buildsystems/vcpkg.cmake

-#-DVCPKG_OVERLAY_PORTS=C:/Users/User/source/repos/openvpn/contrib/vcpkg-ports

-#-GNinja

-

 option(UNSUPPORTED_BUILDS "Allow unsupported builds" OFF)

 if (NOT WIN32 AND NOT ${UNSUPPORTED_BUILDS})

@@ -23,48 +20,83 @@ endif()

 option(MBED "BUILD with mbed" OFF)

 option(WOLFSSL "BUILD with wolfSSL" OFF)

-if (MSVC)

-    option(USE_WERROR "Treat compiler warnings as errors (-Werror)" OFF)

-else ()

-    option(USE_WERROR "Treat compiler warnings as errors (-Werror)" ON)

-endif ()

-option(PLUGIN_DIR "Location of the plugin directory" /usr/local/lib/openvpn/plugins)

+option(ENABLE_LZ4 "BUILD with lz4" ON)

+option(ENABLE_LZO "BUILD with lzo" ON)

+option(ENABLE_PKCS11 "BUILD with pkcs11-helper" ON)

+option(USE_WERROR "Treat compiler warnings as errors (-Werror)" ON)

+

+set(PLUGIN_DIR /usr/local/lib/openvpn/plugins CACHE FILEPATH "Location of the plugin directory")

 # AddressSanitize - use CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan to build with ASAN

 set(CMAKE_C_FLAGS_ASAN

-        "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"

-        CACHE STRING "Flags used by the C compiler during AddressSanitizer builds."

-        FORCE)

+    "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"

+    CACHE STRING "Flags used by the C compiler during AddressSanitizer builds."

+    FORCE)

 set(CMAKE_CXX_FLAGS_ASAN

-        "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"

-        CACHE STRING "Flags used by the C++ compiler during AddressSanitizer builds."

-        FORCE)

+    "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"

+    CACHE STRING "Flags used by the C++ compiler during AddressSanitizer builds."

+    FORCE)

 if (MSVC)

-    target_compile_options(${target} PRIVATE /W3)

+    add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS)

+    if (USE_WERROR)

+        add_compile_options(/WX)

+    endif ()

+    add_compile_options(

+        /MP

+        /W2

+        /sdl

+        /Qspectre

+        /guard:cf

+        /FC

+        /ZH:SHA_256

+        "$<$<CONFIG:Release>:/GL>"

+        "$<$<CONFIG:Release>:/Oi>"

+        "$<$<CONFIG:Release>:/Gy>"

+        "$<$<CONFIG:Release>:/Zi>"

+        )

+    add_link_options(

+        "$<$<CONFIG:Release>:/LTCG:incremental>"

+        "$<$<CONFIG:Release>:/DEBUG:FULL>"

+        "$<$<CONFIG:Release>:/OPT:REF>"

+        "$<$<CONFIG:Release>:/OPT:ICF>"

+        )

+    if (${CMAKE_GENERATOR_PLATFORM} STREQUAL "x64" OR ${CMAKE_GENERATOR_PLATFORM} STREQUAL "x86")

+        add_link_options("$<$<CONFIG:Release>:/CETCOMPAT>")

+    endif()

 else ()

-    add_compile_options(-Wall -Wuninitialized)

+    set(CMAKE_C_FLAGS_RELEASE "-O2")

+    set(CMAKE_CXX_FLAGS_RELEASE "-O2")

+    set(CMAKE_C_FLAGS_DEBUG "-g -O1")

+    set(CMAKE_CXX_FLAGS_DEBUG "-g -O1")

+    add_compile_options(-Wall -Wuninitialized -Wno-stringop-truncation)

     # We are not ready for this

-    #add_compile_options(-Wsign-compare)

+    #add_compile_options(-Wconversion -Wno-sign-conversion -Wsign-compare)

+    if (USE_WERROR)

+        add_compile_options(-Werror)

+    endif ()

 endif ()

-find_package(PkgConfig)

-INCLUDE(CheckSymbolExists)

-INCLUDE(CheckIncludeFiles)

-INCLUDE(CheckTypeSize)

-INCLUDE(CheckStructHasMember)

+find_package(PkgConfig REQUIRED)

+include(CheckSymbolExists)

+include(CheckIncludeFiles)

+include(CheckTypeSize)

+include(CheckStructHasMember)

+include(CTest)

-set(OPENVPN_VERSION_MAJOR 2)

-set(OPENVPN_VERSION_MINOR 6)

-set(OPENVPN_VERSION_PATCH _git)

+find_program(PYTHON NAMES python3 python)

+execute_process(

+    COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/contrib/cmake/parse-version.m4.py ${CMAKE_CURRENT_SOURCE_DIR}/version.m4

+    WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}

+    )

+include(${CMAKE_CURRENT_BINARY_DIR}/version.cmake)

-if (NOT WIN32)

-    add_definitions(-DPLUGIN_LIBDIR=\"${PLUGIN_DIR}\")

-endif ()

-

-# TODO remove later when msvc-config.h is removed and we can always include config.h

-add_definitions(-DHAVE_CONFIG_H)

+set(OPENVPN_VERSION_MAJOR ${PRODUCT_VERSION_MAJOR})

+set(OPENVPN_VERSION_MINOR ${PRODUCT_VERSION_MINOR})

+set(OPENVPN_VERSION_PATCH ${PRODUCT_VERSION_PATCH})

+set(OPENVPN_VERSION_RESOURCE ${PRODUCT_VERSION_RESOURCE})

+set(CMAKE_C_STANDARD 99)

 # Set the various defines for config.h.cmake.in

 if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")

@@ -97,139 +129,133 @@ elseif (WIN32)

     set(TARGET_WIN32 YES)

 endif ()

-CHECK_SYMBOL_EXISTS(chroot unistd.h HAVE_CHROOT)

-CHECK_SYMBOL_EXISTS(chdir unistd.h HAVE_CHDIR)

-CHECK_SYMBOL_EXISTS(dup unistd.h HAVE_DUP)

-CHECK_SYMBOL_EXISTS(dup2 unistd.h HAVE_DUP2)

-CHECK_SYMBOL_EXISTS(fork unistd.h HAVE_FORK)

-CHECK_SYMBOL_EXISTS(execve unistd.h HAVE_EXECVE)

-CHECK_SYMBOL_EXISTS(ftruncate unistd.h HAVE_FTRUNCATE)

-CHECK_SYMBOL_EXISTS(setgid unistd.h HAVE_SETGID)

-CHECK_SYMBOL_EXISTS(setuid unistd.h HAVE_SETUID)

-CHECK_SYMBOL_EXISTS(getpeereid unistd.h HAVE_GETPEEREID)

-

-CHECK_SYMBOL_EXISTS(epoll_create sys/epoll.h HAVE_EPOLL_CREATE)

-

-CHECK_SYMBOL_EXISTS(gettimeofday sys/time.h HAVE_GETTIMEOFDAY)

-CHECK_SYMBOL_EXISTS(basename libgen.h HAVE_BASENAME)

-CHECK_SYMBOL_EXISTS(chsize io.h HAVE_CHSIZE)

-CHECK_SYMBOL_EXISTS(daemon stdlib.h HAVE_DAEMON)

-CHECK_SYMBOL_EXISTS(dirname libgen.h HAVE_DIRNAME)

-CHECK_SYMBOL_EXISTS(getrlimit sys/resource.h HAVE_GETRLIMIT)

-CHECK_SYMBOL_EXISTS(mlockall sys/mman.h HAVE_MLOCKALL)

-

-CHECK_SYMBOL_EXISTS(sendmsg sys/socket.h HAVE_SENDMSG)

-CHECK_SYMBOL_EXISTS(recvmsg sys/socket.h HAVE_RECVMSG)

-CHECK_SYMBOL_EXISTS(cmsghdr sys/socket.h HAVE_CMSGHDR)

-CHECK_SYMBOL_EXISTS(openlog syslog.h HAVE_OPENLOG)

-CHECK_SYMBOL_EXISTS(syslog syslog.h HAVE_SYSLOG)

-CHECK_SYMBOL_EXISTS(getgrnam grp.h HAVE_GETGRNAM)

-CHECK_SYMBOL_EXISTS(getpwnam pwd.h HAVE_GETPWNAM)

-CHECK_SYMBOL_EXISTS(getsockname sys/socket.h HAVE_GETSOCKNAME)

+check_symbol_exists(chroot unistd.h HAVE_CHROOT)

+check_symbol_exists(chdir unistd.h HAVE_CHDIR)

+check_symbol_exists(dup unistd.h HAVE_DUP)

+check_symbol_exists(dup2 unistd.h HAVE_DUP2)

+check_symbol_exists(fork unistd.h HAVE_FORK)

+check_symbol_exists(execve unistd.h HAVE_EXECVE)

+check_symbol_exists(ftruncate unistd.h HAVE_FTRUNCATE)

+check_symbol_exists(setgid unistd.h HAVE_SETGID)

+check_symbol_exists(setuid unistd.h HAVE_SETUID)

+check_symbol_exists(getpeereid unistd.h HAVE_GETPEEREID)

+

+check_symbol_exists(epoll_create sys/epoll.h HAVE_EPOLL_CREATE)

+

+check_symbol_exists(gettimeofday sys/time.h HAVE_GETTIMEOFDAY)

+check_symbol_exists(basename libgen.h HAVE_BASENAME)

+check_symbol_exists(chsize io.h HAVE_CHSIZE)

+check_symbol_exists(daemon stdlib.h HAVE_DAEMON)

+check_symbol_exists(dirname libgen.h HAVE_DIRNAME)

+check_symbol_exists(getrlimit sys/resource.h HAVE_GETRLIMIT)

+check_symbol_exists(mlockall sys/mman.h HAVE_MLOCKALL)

+

+check_symbol_exists(sendmsg sys/socket.h HAVE_SENDMSG)

+check_symbol_exists(recvmsg sys/socket.h HAVE_RECVMSG)

+check_symbol_exists(cmsghdr sys/socket.h HAVE_CMSGHDR)

+check_symbol_exists(openlog syslog.h HAVE_OPENLOG)

+check_symbol_exists(syslog syslog.h HAVE_SYSLOG)

+check_symbol_exists(getgrnam grp.h HAVE_GETGRNAM)

+check_symbol_exists(getpwnam pwd.h HAVE_GETPWNAM)

+check_symbol_exists(getsockname sys/socket.h HAVE_GETSOCKNAME)

 # Some OS (e.g. FreeBSD) need some basic headers to allow

 # including network headers

-SET(NETEXTRA sys/types.h)

-CHECK_INCLUDE_FILES("${NETEXTRA};netinet/in.h" HAVE_NETINET_IN_H)

+set(NETEXTRA sys/types.h)

+check_include_files("${NETEXTRA};netinet/in.h" HAVE_NETINET_IN_H)

 if (HAVE_NETINET_IN_H)

-    LIST(APPEND NETEXTRA netinet/in.h)

+    list(APPEND NETEXTRA netinet/in.h)

 endif ()

-CHECK_INCLUDE_FILES("${NETEXTRA};netinet/in6.h" HAVE_NETINET_IN_H)

-CHECK_INCLUDE_FILES(linux/if_tun.h HAVE_LINUX_IF_TUN_H)

-CHECK_INCLUDE_FILES(linux/sockios.h HAVE_LINUX_SOCKIOS_H)

-CHECK_INCLUDE_FILES(dlfcn.h HAVE_DLFCN_H)

-CHECK_INCLUDE_FILES(fcntl.h HAVE_FCNTL_H)

-CHECK_INCLUDE_FILES(dmalloc.h HAVE_DMALLOC_H)

-CHECK_INCLUDE_FILES(err.h HAVE_ERR_H)

-CHECK_INCLUDE_FILES(sys/epoll.h HAVE_SYS_EPOLL_H)

-CHECK_INCLUDE_FILES(poll.h HAVE_POLL_H)

-CHECK_INCLUDE_FILES(sys/socket.h HAVE_SYS_SOCKET_H)

-CHECK_INCLUDE_FILES(sys/time.h HAVE_SYS_TIME_H)

-CHECK_INCLUDE_FILES(netdb.h HAVE_NETDB_H)

-CHECK_INCLUDE_FILES(unistd.h HAVE_UNISTD_H)

-CHECK_INCLUDE_FILES(sys/un.h HAVE_SYS_UN_H)

-CHECK_INCLUDE_FILES(libgen.h HAVE_LIBGEN_H)

-CHECK_INCLUDE_FILES(net/if.h HAVE_NET_IF_H)

-CHECK_INCLUDE_FILES("${NETEXTRA};netinet/ip.h" HAVE_NETINET_IP_H)

-CHECK_INCLUDE_FILES(arpa/inet.h HAVE_ARPA_INET_H)

-CHECK_INCLUDE_FILES(net/if_utun.h HAVE_NET_UTUN_H)

-CHECK_INCLUDE_FILES(sys/ioctl.h HAVE_SYS_IOCTL_H)

-CHECK_INCLUDE_FILES(sys/inotify.h HAVE_SYS_INOTIFY_H)

-CHECK_INCLUDE_FILES("${NETEXTRA};sys/uio.h" HAVE_SYS_UIO_H)

-CHECK_INCLUDE_FILES(syslog.h HAVE_SYSLOG_H)

-CHECK_INCLUDE_FILES(sys/wait.h HAVE_SYS_WAIT_H)

-CHECK_INCLUDE_FILES(grp.h HAVE_GRP_H)

-CHECK_INCLUDE_FILES(pwd.h HAVE_PWD_H)

-CHECK_INCLUDE_FILES(sys/mman.h HAVE_SYS_MMAN_H)

-

-

-CHECK_INCLUDE_FILES("${NETEXTRA};resolv.h" HAVE_RESOLV_H)

-CHECK_INCLUDE_FILES("${NETEXTRA};net/if_tun.h" HAVE_NET_IF_TUN_H)

-

-# Is this obscure header needed anywhere?!

-CHECK_INCLUDE_FILES(netinet/in_systm.h HAVE_NETINET_IN_SYSTM_H)

-

-

-SET(CMAKE_EXTRA_INCLUDE_FILES netinet/ip.h)

-CHECK_TYPE_SIZE("struct in_pktinfo" IN_PKTINFO)

-CHECK_STRUCT_HAS_MEMBER("struct in_pktinfo" ipi_spec_dst netinet/ip.h HAVE_IPI_SPEC_DST)

-CHECK_TYPE_SIZE("struct msghdr" MSGHDR)

-SET(CMAKE_EXTRA_INCLUDE_FILES)

+check_include_files("${NETEXTRA};netinet/in6.h" HAVE_NETINET_IN_H)

+check_include_files(linux/if_tun.h HAVE_LINUX_IF_TUN_H)

+check_include_files(linux/sockios.h HAVE_LINUX_SOCKIOS_H)

+check_include_files(dlfcn.h HAVE_DLFCN_H)

+check_include_files(fcntl.h HAVE_FCNTL_H)

+check_include_files(dmalloc.h HAVE_DMALLOC_H)

+check_include_files(err.h HAVE_ERR_H)

+check_include_files(sys/epoll.h HAVE_SYS_EPOLL_H)

+check_include_files(poll.h HAVE_POLL_H)

+check_include_files(sys/socket.h HAVE_SYS_SOCKET_H)

+check_include_files(sys/time.h HAVE_SYS_TIME_H)

+check_include_files(netdb.h HAVE_NETDB_H)

+check_include_files(unistd.h HAVE_UNISTD_H)

+check_include_files(sys/un.h HAVE_SYS_UN_H)

+check_include_files(libgen.h HAVE_LIBGEN_H)

+check_include_files(net/if.h HAVE_NET_IF_H)

+check_include_files("${NETEXTRA};netinet/ip.h" HAVE_NETINET_IP_H)

+check_include_files(arpa/inet.h HAVE_ARPA_INET_H)

+check_include_files(net/if_utun.h HAVE_NET_UTUN_H)

+check_include_files(sys/ioctl.h HAVE_SYS_IOCTL_H)

+check_include_files(sys/inotify.h HAVE_SYS_INOTIFY_H)

+check_include_files("${NETEXTRA};sys/uio.h" HAVE_SYS_UIO_H)

+check_include_files(syslog.h HAVE_SYSLOG_H)

+check_include_files(sys/wait.h HAVE_SYS_WAIT_H)

+check_include_files(grp.h HAVE_GRP_H)

+check_include_files(pwd.h HAVE_PWD_H)

+check_include_files(sys/mman.h HAVE_SYS_MMAN_H)

+

+

+check_include_files("${NETEXTRA};resolv.h" HAVE_RESOLV_H)

+check_include_files("${NETEXTRA};net/if_tun.h" HAVE_NET_IF_TUN_H)

+

+set(CMAKE_EXTRA_INCLUDE_FILES netinet/ip.h)

+check_type_size("struct in_pktinfo" IN_PKTINFO)

+check_struct_has_member("struct in_pktinfo" ipi_spec_dst netinet/ip.h HAVE_IPI_SPEC_DST)

+check_type_size("struct msghdr" MSGHDR)

+set(CMAKE_EXTRA_INCLUDE_FILES)

 find_program(IFCONFIG_PATH ifconfig)

 find_program(IPROUTE_PATH ip)

 find_program(ROUTE_PATH route)

+if (${ENABLE_LZ4})

+    pkg_search_module(liblz4 liblz4 REQUIRED IMPORTED_TARGET)

+endif ()

-if (NOT WIN32)

-    set(ENABLE_LZ4 YES)

-    set(ENABLE_LZO YES)

+if (${ENABLE_LZO})

+    pkg_search_module(lzo2 lzo2 REQUIRED IMPORTED_TARGET)

+endif ()

+

+if (${ENABLE_PKCS11})

+    pkg_search_module(pkcs11-helper libpkcs11-helper-1 REQUIRED IMPORTED_TARGET)

 endif ()

 function(add_library_deps target)

     if (${MBED})

-        target_include_directories(${target} PRIVATE $ENV{HOME}/oss/mbedtls2/include)

-        message("Building ${target} for mbed TLS")

-        target_link_libraries(${target} PUBLIC -L$ENV{HOME}/oss/mbedtls2/library -L/usr/local/opt/lzo/lib -lmbedtls -lmbedx509 -lmbedcrypto)

+        target_link_libraries(${target} -lmbedtls -lmbedx509 -lmbedcrypto)

     elseif (${WOLFSSL})

         pkg_search_module(wolfssl wolfssl REQUIRED)

         target_link_libraries(${target} PUBLIC ${wolfssl_LINK_LIBRARIES})

         target_include_directories(${target} PRIVATE ${wolfssl_INCLUDE_DIRS}/wolfssl)

-        message("Building ${target} for WolfSSL: ${wolfssl_LINK_LIBRARIES} ${wolfssl_INCLUDE_DIRS}/wolfsll")

     else ()

         set(ENABLE_X509ALTUSERNAME YES)

         find_package(OpenSSL REQUIRED)

-        target_link_libraries(${target} PUBLIC OpenSSL::SSL)

-

-        message("Building ${target} for default OpenSSL")

-    endif ()

-

+        target_link_libraries(${target} PUBLIC OpenSSL::SSL OpenSSL::Crypto)

+        if (WIN32)

+            target_link_libraries(${target} PUBLIC

+                ws2_32.lib crypt32.lib fwpuclnt.lib iphlpapi.lib

+                wininet.lib setupapi.lib rpcrt4.lib wtsapi32.lib ncrypt.lib bcrypt.lib)

+        endif ()

-    if (${ENABLE_LZ4})

-        pkg_search_module(liblz4 liblz4 REQUIRED IMPORTED_TARGET)

-        target_link_libraries(${target} PUBLIC PkgConfig::liblz4)

     endif ()

-    if (${ENABLE_LZO})

-        pkg_search_module(lzo2 lzo2 REQUIRED IMPORTED_TARGET)

-        target_link_libraries(${target} PUBLIC PkgConfig::lzo2)

-    endif ()

+    # optional dependencies

+    target_link_libraries(${target} PUBLIC

+        $<TARGET_NAME_IF_EXISTS:PkgConfig::liblz4>

+        $<TARGET_NAME_IF_EXISTS:PkgConfig::lzo2>

+        $<TARGET_NAME_IF_EXISTS:PkgConfig::pkcs11-helper>

+        )

     if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")

-        target_include_directories(${target} PUBLIC ${LIBNL_INCLUDE_DIRS})

-        target_link_libraries(${target} PUBLIC ${LIBNL_LIBRARIES})

-    endif ()

+        pkg_search_module(libcapng REQUIRED libcap-ng IMPORTED_TARGET)

+        pkg_search_module(libnl REQUIRED libnl-genl-3.0 IMPORTED_TARGET)

-    if (USE_WERROR)

-        if (MSVC)

-            target_compile_options(${target} PRIVATE /WX)

-        else ()

-            target_compile_options(${target} PRIVATE -Werror)

-        endif ()

+        target_link_libraries(${target} PUBLIC PkgConfig::libcapng PkgConfig::libnl)

     endif ()

+

 endfunction()

 if (${MBED})

@@ -245,240 +271,254 @@ endif ()

 include_directories(${CMAKE_CURRENT_SOURCE_DIR} src/compat include)

-if (WIN32)

-    find_package(OpenSSL REQUIRED)

-

-    link_libraries(OpenSSL::SSL OpenSSL::Crypto ws2_32.lib Crypt32.lib fwpuclnt.lib iphlpapi.lib

-            wininet.lib setupapi.lib rpcrt4.lib wtsapi32.lib Ncrypt.lib)

-    add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE -D _WINSOCK_DEPRECATED_NO_WARNINGS -D_CONSOLE)

-endif ()

+add_custom_command(

+    OUTPUT always_rebuild config-version.h

+    COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/contrib/cmake/git-version.py

+    )

+set(HAVE_CONFIG_VERSION_H YES)

 configure_file(config.h.cmake.in config.h)

 configure_file(include/openvpn-plugin.h.in openvpn-plugin.h)

+# TODO remove later when msvc-config.h is removed and we can always include config.h

+add_definitions(-DHAVE_CONFIG_H)

 include_directories(${CMAKE_CURRENT_BINARY_DIR})

-set(SOURCE_FILES

-        ${CMAKE_CURRENT_BINARY_DIR}/config.h

-        ${CMAKE_CURRENT_BINARY_DIR}/openvpn-plugin.h

+add_subdirectory(doc)

+add_subdirectory(src/openvpnmsica)

+add_subdirectory(src/openvpnserv)

+add_subdirectory(src/tapctl)

-        src/compat/compat-basename.c

-        src/compat/compat-daemon.c

-        src/compat/compat-dirname.c

-        src/compat/compat-gettimeofday.c

-        src/compat/compat-strsep.c

-        src/compat/compat-versionhelpers.h

-        src/openvpn/argv.c

-        src/openvpn/argv.h

-        src/openvpn/base64.c

-        src/openvpn/base64.h

-        src/openvpn/basic.h

-        src/openvpn/block_dns.h

-        src/openvpn/block_dns.c

-        src/openvpn/buffer.c

-        src/openvpn/buffer.h

-        src/openvpn/circ_list.h

-        src/openvpn/clinat.c

-        src/openvpn/clinat.h

-        src/openvpn/common.h

-        src/openvpn/comp-lz4.c

-        src/openvpn/comp-lz4.h

-        src/openvpn/comp.c

-        src/openvpn/comp.h

-        src/openvpn/compstub.c

-        src/openvpn/console.c

-        src/openvpn/console_builtin.c

-        src/openvpn/console.h

-        src/openvpn/crypto.c

-        src/openvpn/crypto.h

-        src/openvpn/crypto_backend.h

-        src/openvpn/crypto_openssl.c

-        src/openvpn/crypto_openssl.h

-        src/openvpn/crypto_mbedtls.c

-        src/openvpn/crypto_mbedtls.h

-        src/openvpn/cryptoapi.c

-        src/openvpn/cryptoapi.h

-        src/openvpn/dco.c

-        src/openvpn/dco.h

-        src/openvpn/dco_win.c

-        src/openvpn/dco_win.h

-        src/openvpn/dco_linux.c

-        src/openvpn/dco_linux.h

-        src/openvpn/dco_freebsd.c

-        src/openvpn/dco_freebsd.h

-        src/openvpn/dhcp.c

-        src/openvpn/dhcp.h

-        src/openvpn/dns.c

-        src/openvpn/dns.h

-        src/openvpn/errlevel.h

-        src/openvpn/env_set.c

-        src/openvpn/env_set.h

-        src/openvpn/error.c

-        src/openvpn/error.h

-        src/openvpn/event.c

-        src/openvpn/event.h

-        src/openvpn/fdmisc.c

-        src/openvpn/fdmisc.h

-        src/openvpn/forward.c

-        src/openvpn/forward.h

-        src/openvpn/fragment.c

-        src/openvpn/fragment.h

-        src/openvpn/gremlin.c

-        src/openvpn/gremlin.h

-        src/openvpn/helper.c

-        src/openvpn/helper.h

-        src/openvpn/httpdigest.c

-        src/openvpn/httpdigest.h

-        src/openvpn/init.c

-        src/openvpn/init.h

-        src/openvpn/integer.h

-        src/openvpn/interval.c

-        src/openvpn/interval.h

-        src/openvpn/list.c

-        src/openvpn/list.h

-        src/openvpn/lladdr.c

-        src/openvpn/lladdr.h

-        src/openvpn/lzo.c

-        src/openvpn/lzo.h

-        src/openvpn/manage.c

-        src/openvpn/manage.h

-        src/openvpn/mbuf.c

-        src/openvpn/mbuf.h

-        src/openvpn/memdbg.h

-        src/openvpn/misc.c

-        src/openvpn/misc.h

-        src/openvpn/mroute.c

-        src/openvpn/mroute.h

-        src/openvpn/mss.c

-        src/openvpn/mss.h

-        src/openvpn/mstats.c

-        src/openvpn/mstats.h

-        src/openvpn/mtcp.c

-        src/openvpn/mtcp.h

-        src/openvpn/mtu.c