CHANGE ERROR HANDLER FOR SSL ERROR: Change of indent

.appveyor.yml

@@ -0,0 +1,33 @@
+version: '{build}'
+
+image: Ubuntu2004
+
+configuration: Release
+
+skip_branch_with_pr: true
+clone_depth: 1
+
+skip_commits:
+  files:
+    - .travis.yml
+    - .gitlab-ci.yml
+    - .azure-pipelines.yml
+    - .cirrus.yml
+
+init:
+  - ps: Update-AppveyorBuild -Version "build-$env:APPVEYOR_BUILD_NUMBER-$($env:APPVEYOR_REPO_COMMIT.substring(0,7))"
+
+install:
+  - sudo apt-get -y install libsodium-dev libcap-ng-dev
+before_build:
+  - git submodule update --init --recursive
+  - ./configure
+build_script:
+  - make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4)
+  - .ci/memory-leak-test.sh
+test_script:
+  - .ci/appveyor-deb-install-test.sh
+  - sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip liblz4-dev libnl-genl-3-dev # openvpn build deps
+  - sudo .ci/start-se-openvpn.sh
+  - sudo .ci/run-openvpn-tests.sh
+

.azure-pipelines.yml

@@ -0,0 +1,4 @@
+jobs:
+  - template: .ci/azure-pipelines/linux.yml
+  - template: .ci/azure-pipelines/windows.yml
+  - template: .ci/azure-pipelines/macos.yml

.ci/azure-pipelines/linux.yml

@@ -0,0 +1,20 @@
+jobs:
+- job: Ubuntu_x64
+  pool:
+    vmImage: ubuntu-22.04
+  steps:
+  - checkout: self
+    submodules: true
+    persistCredentials: true
+  - script: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev
+    displayName: 'Prepare environment'
+  - script: "$(Build.SourcesDirectory)/.ci/azure-pipelines/linux_build.sh"
+    env:
+      SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
+    displayName: 'Build'
+  - script: |
+      .ci/appveyor-deb-install-test.sh
+      sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip libcap-ng-dev # To build OpenVPN
+      sudo BUILD_BINARIESDIRECTORY=$BUILD_BINARIESDIRECTORY .ci/start-se-openvpn.sh
+      sudo BUILD_BINARIESDIRECTORY=$BUILD_BINARIESDIRECTORY .ci/run-openvpn-tests.sh
+    displayName: 'Test'

.ci/azure-pipelines/linux_build.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
+	VERSION=$(python3 "version.py")
+	BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
+else
+	BUILD_NUMBER=0
+fi
+
+cd ${BUILD_BINARIESDIRECTORY}
+
+cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} ${BUILD_SOURCESDIRECTORY}
+cmake --build .
+
+cpack -C Release -G DEB 

.ci/azure-pipelines/macos.yml

@@ -0,0 +1,14 @@
+jobs:
+- job: macOS
+  pool:
+    vmImage: macOS-latest
+  steps:
+  - checkout: self
+    submodules: true
+    persistCredentials: true
+  - script: brew install pkg-config cmake ninja ncurses readline libsodium openssl zlib
+    displayName: 'Prepare environment'
+  - script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/macos_build.sh'
+    env:
+      SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
+    displayName: 'Build'

.ci/azure-pipelines/macos_build.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
+	VERSION=$(python3 "version.py")
+	BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
+else
+	BUILD_NUMBER=0
+fi
+
+cd ${BUILD_BINARIESDIRECTORY}
+
+cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} -DOPENSSL_ROOT_DIR="/usr/local/opt/openssl" ${BUILD_SOURCESDIRECTORY}
+cmake --build .

.ci/azure-pipelines/windows-steps.yml

@@ -0,0 +1,41 @@
+parameters:
+- name: architecture
+  type: string
+- name: compilerPath
+  type: string
+- name: vcpkgTriplet
+  type: string
+- name: vcvarsPath
+  type: string
+
+steps:
+- task: Cache@2
+  inputs:
+    key: '"vcpkg-manifest" | "$(Agent.OS)" | "${{parameters.vcpkgTriplet}}" | C:/vcpkg/.git/refs/heads/master'
+    path: '$(Build.BinariesDirectory)/vcpkg_installed'
+  displayName: 'Environment storage'
+- script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/windows_build.bat'
+  env:
+    ARCHITECTURE: ${{parameters.architecture}}
+    COMPILER_PATH: ${{parameters.compilerPath}}
+    VCPKG_TRIPLET: ${{parameters.vcpkgTriplet}}
+    VCVARS_PATH: ${{parameters.vcvarsPath}}
+    SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
+  displayName: 'Build'
+- powershell: |
+    . .ci/appveyor-vpntest.ps1
+  displayName: 'Test'
+- task: CopyFiles@2
+  inputs:
+    sourceFolder: '$(Build.BinariesDirectory)'
+    contents: '?(*.exe|*.se2|*.pdb)'
+    TargetFolder: '$(Build.StagingDirectory)/binaries/${{parameters.architecture}}'
+    flattenFolders: true
+- task: PublishBuildArtifacts@1
+  inputs:
+    pathtoPublish: '$(Build.StagingDirectory)/binaries/${{parameters.architecture}}'
+    artifactName: 'Binaries_${{parameters.architecture}}'
+- task: PublishBuildArtifacts@1
+  inputs:
+    pathtoPublish: '$(Build.StagingDirectory)/installers'
+    artifactName: 'Installers'

.ci/azure-pipelines/windows.yml

@@ -0,0 +1,27 @@
+jobs:
+- job: Windows_x64
+  pool:
+    vmImage: windows-latest
+  steps:
+  - checkout: self
+    submodules: true
+    persistCredentials: true
+  - template: "windows-steps.yml"
+    parameters:
+      architecture: "x64"
+      compilerPath: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe"
+      vcpkgTriplet: "x64-windows-static"
+      vcvarsPath: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"
+- job: Windows_x86
+  pool:
+    vmImage: windows-latest
+  steps:
+  - checkout: self
+    submodules: true
+    persistCredentials: true
+  - template: "windows-steps.yml"
+    parameters:
+      architecture: "x86"
+      compilerPath: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe"
+      vcpkgTriplet: "x86-windows-static"
+      vcvarsPath: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"

.ci/azure-pipelines/windows_build.bat

@@ -0,0 +1,26 @@
+@echo on
+
+:: The method we use to store a command's output into a variable:
+:: https://stackoverflow.com/a/6362922
+for /f "tokens=* USEBACKQ" %%g in (`python "version.py"`) do (set "VERSION=%%g")
+
+:: https://stackoverflow.com/a/8566001
+echo %SE_BUILD_NUMBER_TOKEN%> "%tmp%\length.txt"
+for %%? in ("%tmp%\length.txt") do ( set /A SE_BUILD_NUMBER_TOKEN_LENGTH=%%~z? - 2 )
+
+if %SE_BUILD_NUMBER_TOKEN_LENGTH% equ 64 (
+	for /f "tokens=* USEBACKQ" %%g in (`curl "https://softether.network/get-build-number?commit=%BUILD_SOURCEVERSION%&version=%VERSION%&token=%SE_BUILD_NUMBER_TOKEN%"`) do (set "BUILD_NUMBER=%%g")
+) else (
+	set BUILD_NUMBER=0
+)
+
+cd %BUILD_BINARIESDIRECTORY%
+
+call "%VCVARS_PATH%"
+
+cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% "%BUILD_SOURCESDIRECTORY%"
+cmake --build .
+
+mkdir "%BUILD_STAGINGDIRECTORY%\installers"
+vpnsetup /SFXMODE:vpnclient /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"

.github/workflows/linux.yml

@@ -1,34 +0,0 @@
-on: [push, pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  build_and_test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: true
-
-    - name: Install dependencies
-      run: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
-
-    - name: Build
-      run: |
-        mkdir build
-        cd build
-        cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
-        cmake --build .
-
-    - name: Build deb packages
-      run: |
-        cd build
-        cpack -C Release -G DEB 
-
-    - name: Test
-      run: |
-       .ci/appveyor-deb-install-test.sh
-       sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip libcap-ng-dev # To build OpenVPN
-       sudo .ci/start-se-openvpn.sh
-       sudo .ci/run-openvpn-tests.sh

.github/workflows/windows.yml

@@ -1,63 +0,0 @@
-on: [push, pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  build_and_test:
-    strategy:
-      matrix:
-        platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
-        ]
-    runs-on: windows-latest
-    name: ${{ matrix.platform.ARCHITECTURE }}
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: true
-    - name: Cache vcpkg
-      uses: actions/cache@v4
-      with:
-        path: 'build/vcpkg_installed/'
-        key: vcpkg-${{ matrix.platform.VCPKG_TRIPLET }}
-    - name: Set version variables
-      run: |
-        $v = python version.py
-        echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-      shell: pwsh
-    - name: Build
-      env:
-        ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
-        COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
-        VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
-        VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
-      run: |
-        set BUILD_NUMBER=0
-        mkdir build
-        cd build
-        call "%VCVARS_PATH%"
-        cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
-        cmake --build .
-        mkdir installers
-        vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-        vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-      shell: cmd
-    - name: Test
-      shell: powershell
-      run: |
-        . .ci/appveyor-vpntest.ps1
-    - uses: actions/upload-artifact@v4
-      with:
-        if-no-files-found: error
-        name: Binaries-${{ matrix.platform.ARCHITECTURE }}
-        path: |
-          build/*.exe
-          build/*.pdb
-          build/*.se2
-    - uses: actions/upload-artifact@v4
-      with:
-        if-no-files-found: error
-        name: Installers-${{ matrix.platform.ARCHITECTURE }}
-        path: build/installers

.github/workflows/windows_release.yml

@@ -1,94 +0,0 @@
-name: "Release"
-
-on:
-  push:
-    tags:
-      - '*'
-
-concurrency:
-  group: "${{ github.workflow }}-${{ github.ref }}"
-  cancel-in-progress: true
-
-permissions:
-  contents: write
-
-jobs:
-  release:
-    runs-on: windows-latest
-    outputs:
-      upload_url: "${{ steps.create_release.outputs.upload_url }}"
-    steps:
-      - name: "Checkout repository"
-        uses: actions/checkout@v4
-
-      - name: "Create GitHub release"
-        id: create_release
-        uses: softprops/action-gh-release@v1
-  build-windows:
-    name: ${{ matrix.platform.ARCHITECTURE }}
-    runs-on: windows-latest
-    needs: ["release"]
-    strategy:
-      matrix:
-        platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
-        ]
-    steps:
-      - name: "Checkout repository"
-        uses: actions/checkout@v4
-        with:
-          submodules: true
-      - name: Cache vcpkg
-        uses: actions/cache@v4
-        with:
-          path: 'build/vcpkg_installed/'
-          key: vcpkg-release-${{ matrix.platform.VCPKG_TRIPLET }}
-      - name: Set version variables
-        run: |
-          $b=(Get-Content CMakeSettings.json | Out-String | ConvertFrom-Json).environments.BuildNumber		
-          echo "BUILD_NUMBER=$b" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-          $v = python version.py
-          echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-        shell: pwsh
-      - name: Build
-        env:
-          ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
-          COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
-          VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
-          VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
-        run: |
-          mkdir build
-          cd build
-          call "%VCVARS_PATH%"
-          cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
-          cmake --build .
-          mkdir installers
-          vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-          vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-        shell: cmd
-
-      - name: dir
-        run: |
-          Get-ChildItem -Recurse build/installers
-        shell: pwsh
-
-      - name: "Upload softether-vpnclient"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: "${{ github.token }}"
-        with:
-          upload_url: "${{ needs.release.outputs.upload_url }}"
-          asset_path: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_content_type: "application/octet-stream"
-      - name: "Upload softether-vpnserver_vpnbridge"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: "${{ github.token }}"
-        with:
-          upload_url: "${{ needs.release.outputs.upload_url }}"
-          asset_path: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_content_type: "application/octet-stream"
-

.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-    "cmake.configureOnOpen": false
-}

CMakeLists.txt

@@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.10)
 set(BUILD_NUMBER CACHE STRING "The number of the current build.")
 
 if ("${BUILD_NUMBER}" STREQUAL "")
-	set(BUILD_NUMBER "5183")
+	set(BUILD_NUMBER "5182")
 endif()
 
 if (BUILD_NUMBER LESS 5180)

CMakeSettings.json

@@ -1,5 +1,5 @@
 {
-  "environments": [ { "BuildNumber": "5183" } ],
+  "environments": [ { "BuildNumber": "5182" } ],
   "configurations": [
     {
       "name": "x64-native",

README.md

@@ -2,8 +2,10 @@
 
 ||Badges|
 |---|---|
+|AppVeyor|[![AppVeyor build status](https://ci.appveyor.com/api/projects/status/github/softethervpn/softethervpn?branch=master&svg=true)](https://ci.appveyor.com/project/softethervpn/softethervpn) |
 |GitLab CI|[![GitLab CI build status](https://gitlab.com/SoftEther/SoftEtherVPN/badges/master/pipeline.svg)](https://gitlab.com/SoftEther/SoftEtherVPN/pipelines)|
 |Coverity Scan|[![Coverity Scan build status](https://scan.coverity.com/projects/16304/badge.svg)](https://scan.coverity.com/projects/softethervpn-softethervpn)|
+|Azure Pipelines|[![Azure Pipelines build status for Nightly](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_apis/build/status/6?api-version=6.0-preview.1)](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_build?definitionId=6)|
 |Cirrus CI|[![Cirrus CI build status](https://api.cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN.svg)](https://cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN)|
 
 - [SoftEther VPN](#softether-vpn)

src/Cedar/Protocol.c

@@ -6773,6 +6773,7 @@ PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x)
 
 	p = NewPack();
 	PackAddStr(p, "method", "login");
+	PackAddStr(p, "hubname", hubname);
 
 	if (IsEmptyStr(username))
 	{
@@ -6781,26 +6782,12 @@ PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x)
 			FreePack(p);
 			return NULL;
 		}
-
 		UniToStr(cn_username, sizeof(cn_username), x->subject_name->CommonName);
-
-		if (strchr(cn_username, '@') != NULL)
-
-		{
-			PackAddStr(p, "username", strtok(cn_username, "@"));
-			PackAddStr(p, "hubname", strtok(NULL, ""));
-		}
-		else
-		{
-			PackAddStr(p, "username", cn_username);
-			PackAddStr(p, "hubname", hubname);
-		}
-
+		PackAddStr(p, "username", cn_username);
 	}
 	else
 	{
 		PackAddStr(p, "username", username);
-		PackAddStr(p, "hubname", hubname);
 	}
 
 	PackAddInt(p, "authtype", AUTHTYPE_OPENVPN_CERT);

src/Cedar/Virtual.c

@@ -9340,20 +9340,48 @@ UINT ServeDhcpDiscoverEx(VH *v, UCHAR *mac, UINT request_ip, bool is_static_ip)
 		return 0;
 	}
 
+	UINT ret = 0;
 	DHCP_LEASE *d = SearchDhcpLeaseByIp(v, request_ip);
+
 	if (d != NULL)
 	{
-		// The requested IP address is used already
-		return 0;
+		// If an entry for the same IP address already exists,
+		// check whether it is a request from the same MAC address
+		if (Cmp(mac, d->MacAddress, 6) == 0)
+		{
+			// Examine whether the specified IP address is within the range of static assignment
+			if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
+				Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+			{
+				// Accept if within the range of static assignment
+				ret = request_ip;
+			}
+		}
+		else {
+			// Duplicated IPV4 address found. The specified IP address is not available for use
+			char ipstr[MAX_HOST_NAME_LEN + 1] = { 0 };
+			char macstr[128] = { 0 };
+			IPToStr32(ipstr, sizeof(ipstr), request_ip);
+			MacToStr(macstr, sizeof(macstr), d->MacAddress);
+			Debug("Virtual DHC Server: Duplicated IP address detected. Static IP: %s, with the MAC: %s\n", ipstr, macstr);
+		}
 	}
-
-	// For static IP, the requested IP address must NOT be within the range of the DHCP pool
-	if (Endian32(request_ip) < Endian32(v->DhcpIpStart) || Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+	else
 	{
-		return request_ip;
+		// Examine whether the specified IP address is within the range of static assignment
+		if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
+			Endian32(request_ip) > Endian32(v->DhcpIpEnd))
+		{
+			// Accept if within the range of static assignment
+			ret = request_ip;
+		}
+		else
+		{
+			// The specified IP address is not available for use
+		}
 	}
 
-	return 0;
+	return ret;
 }
 
 // Take an appropriate IP addresses that can be assigned newly
@@ -9540,6 +9568,11 @@ void VirtualDhcpServer(VH *v, PKT *p)
 			{
 				ip = ServeDhcpRequestEx(v, p->MacAddressSrc, opt->RequestedIp, ip_static);
 			}
+			// If the IP address in user's note is changed, then reply to DHCP_REQUEST with DHCP_NAK
+			if (p->L3.IPv4Header->SrcIP && ip != p->L3.IPv4Header->SrcIP)
+			{
+				ip = 0;
+			}
 		}
 
 		if (ip != 0 || opt->Opcode == DHCP_INFORM)
@@ -9552,6 +9585,14 @@ void VirtualDhcpServer(VH *v, PKT *p)
 				char client_mac[MAX_SIZE];
 				char client_ip[MAX_SIZE];
 
+				// If there is any entry with the same MAC address, then remove it
+				d = SearchDhcpLeaseByMac(v, p->MacAddressSrc);
+				if (d != NULL)
+				{
+					FreeDhcpLease(d);
+					Delete(v->DhcpLeaseList, d);
+				}
+
 				// Remove old records with the same IP address
 				d = SearchDhcpLeaseByIp(v, ip);
 				if (d != NULL)
@@ -9710,36 +9751,40 @@ void VirtualDhcpServer(VH *v, PKT *p)
 		}
 		else
 		{
-			// There is no IP address that can be provided
-			DHCP_OPTION_LIST ret;
-			LIST *o;
-			Zero(&ret, sizeof(ret));
-
-			ret.Opcode = DHCP_NACK;
-			ret.ServerAddress = v->HostIP;
-			StrCpy(ret.DomainName, sizeof(ret.DomainName), v->DhcpDomain);
-			ret.SubnetMask = v->DhcpMask;
-
-			// Build the DHCP option
-			o = BuildDhcpOption(&ret);
-			if (o != NULL)
+			// Reply of DHCP_REQUEST must be either DHCP_ACK or DHCP_NAK
+			if (opt->Opcode == DHCP_REQUEST)
 			{
-				BUF *b = BuildDhcpOptionsBuf(o);
-				if (b != NULL)
-				{
-					UINT dest_ip = p->L3.IPv4Header->SrcIP;
-					if (dest_ip == 0)
-					{
-						dest_ip = 0xffffffff;
-					}
-					// Transmission
-					VirtualDhcpSend(v, tran_id, dest_ip, Endian16(p->L4.UDPHeader->SrcPort),
-					                ip, dhcp->ClientMacAddress, b, dhcp->HardwareType, dhcp->HardwareAddressSize);
+				// There is no IP address that can be provided
+				DHCP_OPTION_LIST ret;
+				LIST *o;
+				Zero(&ret, sizeof(ret));
 
-					// Release the memory
-					FreeBuf(b);
+				ret.Opcode = DHCP_NACK;
+				ret.ServerAddress = v->HostIP;
+				StrCpy(ret.DomainName, sizeof(ret.DomainName), v->DhcpDomain);
+				ret.SubnetMask = v->DhcpMask;
+
+				// Build the DHCP option
+				o = BuildDhcpOption(&ret);
+				if (o != NULL)
+				{
+					BUF *b = BuildDhcpOptionsBuf(o);
+					if (b != NULL)
+					{
+						UINT dest_ip = p->L3.IPv4Header->SrcIP;
+						if (dest_ip == 0)
+						{
+							dest_ip = 0xffffffff;
+						}
+						// Transmission
+						VirtualDhcpSend(v, tran_id, dest_ip, Endian16(p->L4.UDPHeader->SrcPort),
+							ip, dhcp->ClientMacAddress, b, dhcp->HardwareType, dhcp->HardwareAddressSize);
+
+						// Release the memory
+						FreeBuf(b);
+					}
+					FreeDhcpOptions(o);
 				}
-				FreeDhcpOptions(o);
 			}
 		}
 	}

src/Mayaqua/Network.c

@@ -12288,6 +12288,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			ret = SSL_peek(ssl, &c, sizeof(c));
 		}
 		Unlock(sock->ssl_lock);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
+		// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
+		// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
+		// > You should instead call SSL_get_error() to find out if it's retryable.
 		if (ret == 0)
 		{
 			// The communication have been disconnected
@@ -12295,7 +12300,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 			return 0;
 		}
-		if (ret < 0)
+#endif
+		if (ret <= 0)
 		{
 			// An error has occurred
 			e = SSL_get_error(ssl, ret);
@@ -12303,14 +12309,16 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			{
 				if (e == SSL_ERROR_SSL
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-				        &&
-				        sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
-				        sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-				        sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+					&&
+					sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
+					sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
+					sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
 #endif
-				   )
+					)
 				{
-					Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
+					UINT ssl_err_no = ERR_get_error();
+
+					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 					Disconnect(sock);
 					return 0;
 				}
@@ -12337,14 +12345,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		}
 #endif	// OS_UNIX
 
-// Run the time-out thread for SOLARIS
+		// Run the time-out thread for SOLARIS
 #ifdef UNIX_SOLARIS
 		ttparam = NewSocketTimeout(sock);
 #endif // UNIX_SOLARIS
 
 		ret = SSL_read(ssl, data, size);
 
-// Stop the timeout thread
+		// Stop the timeout thread
 #ifdef UNIX_SOLARIS
 		FreeSocketTimeout(ttparam);
 #endif // UNIX_SOLARIS
@@ -12357,7 +12365,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		}
 #endif	// OS_UNIX
 
-		if (ret < 0)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		if (ret < 0) // OpenSSL version < 3.0.0
+#else
+		if (ret <= 0) // OpenSSL version >= 3.0.0
+#endif
 		{
 			e = SSL_get_error(ssl, ret);
 		}
@@ -12380,6 +12392,12 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 
 		return (UINT)ret;
 	}
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+	// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
+	// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
+	// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
+	// > You should instead call SSL_get_error() to find out if it's retryable.
 	if (ret == 0)
 	{
 		// Disconnect the communication
@@ -12387,20 +12405,24 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		//Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 		return 0;
 	}
+#endif
+
 	if (sock->AsyncMode)
 	{
 		if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 		{
 			if (e == SSL_ERROR_SSL
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-			        &&
-			        sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
-			        sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-			        sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+				&&
+				sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
+				sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
+				sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
 #endif
-			   )
+				)
 			{
-				Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
+				UINT ssl_err_no = ERR_get_error();
+
+				Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 				Disconnect(sock);
 				return 0;
 			}
@@ -12438,7 +12460,11 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		}
 
 		ret = SSL_write(ssl, data, size);
-		if (ret < 0)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		if (ret < 0) // OpenSSL version < 3.0.0
+#else
+		if (ret <= 0) // OpenSSL version >= 3.0.0
+#endif
 		{
 			e = SSL_get_error(ssl, ret);
 		}
@@ -12460,6 +12486,8 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		sock->WriteBlocked = false;
 		return (UINT)ret;
 	}
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 	if (ret == 0)
 	{
 		// Disconnect
@@ -12467,6 +12495,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		Disconnect(sock);
 		return 0;
 	}
+#endif
 
 	if (sock->AsyncMode)
 	{