Merge 9a7e55b3e0 into 4fe5352931

CI: Update to FreeBSD 14.0-RELEASE

.cirrus.yml

@@ -11,7 +11,7 @@ FreeBSD_task:
       SSL:
   matrix:
     freebsd_instance:
-      image_family: freebsd-13-2
+      image_family: freebsd-14-0
   prepare_script:
     - pkg install -y pkgconf cmake git libsodium $SSL
     - git submodule update --init --recursive

.github/workflows/build_source_release.yml

@@ -8,15 +8,16 @@ on:
 
 jobs:
   build:
-    name: build
+    name: Build
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@v1
+    - name: Checkout
+      uses: actions/checkout@v4
       with:
         submodules: true
 
-    - name: archive
+    - name: Archive
       id: archive
       run: |
         VERSION=${{ github.event.release.tag_name }}
@@ -28,12 +29,8 @@ jobs:
         tar cJf $TARBALL $PKGNAME
         echo "tarball=$TARBALL" >> $GITHUB_OUTPUT
 
-    - name: upload tarball
+    - name: Upload tarball
-      uses: actions/upload-release-asset@v1
+      uses: softprops/action-gh-release@v2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        upload_url: ${{ github.event.release.upload_url }}
+        files: ./${{ steps.archive.outputs.tarball }}
-        asset_path: ./${{ steps.archive.outputs.tarball }}
+        name: ${{ steps.archive.outputs.tarball }}
-        asset_name: ${{ steps.archive.outputs.tarball }}
-        asset_content_type: application/gzip

.github/workflows/coverity.yml

@@ -1,4 +1,3 @@
-
 name: Coverity
 
 on:
@@ -10,28 +9,36 @@ permissions:
 
 jobs:
   scan:
+    name: Scan
     runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    if: github.repository_owner == 'SoftEtherVPN'
     steps:
-    - uses: actions/checkout@v2
+
+    - name: Checkout
+      uses: actions/checkout@v4
       with:
         submodules: true
+
     - name: Install apt dependencies
       run: |
         sudo apt-get update
         sudo apt-get install -y cmake gcc g++ libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev libsodium-dev
+
     - name: Download Coverity build tool
       run: |
         wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=SoftEtherVPN%2FSoftEtherVPN" -O coverity_tool.tar.gz
         mkdir coverity_tool
         tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+
     - name: Configure
       run: |
         ./configure
+
     - name: Build with Coverity build tool
       run: |
         export PATH=`pwd`/coverity_tool/bin:$PATH
         cov-build --dir cov-int make -C build
+
     - name: Submit build result to Coverity Scan
       run: |
         tar czvf cov.tar.gz cov-int

.github/workflows/fedora-rawhide.yml

@@ -19,15 +19,18 @@ jobs:
     container:
       image: fedora:rawhide
     steps:
-    - uses: actions/checkout@v1
+
-      with:
-        submodules: true
     - name: Install dependencies
       run: |
         dnf -y install git cmake ncurses-devel openssl-devel libsodium-devel readline-devel zlib-devel gcc-c++ clang
+
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        submodules: true
+
     - name: Compile with ${{ matrix.cc }}
       run: |
         export CC=${{ matrix.cc }}
         ./configure
         make -C build
-

.github/workflows/linux.yml

@@ -1,3 +1,4 @@
+name: Linux
 on: [push, pull_request]
 
 permissions:
@@ -5,14 +6,16 @@ permissions:
 
 jobs:
   build_and_test:
+    name: Build
     runs-on: ubuntu-latest
     steps:
+
     - uses: actions/checkout@v4
       with:
         submodules: true
 
     - name: Install dependencies
-      run: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
+      run: sudo apt-get update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
 
     - name: Build
       run: |

.github/workflows/macos.yml

@@ -1,3 +1,4 @@
+name: macOS
 on: [push, pull_request, workflow_dispatch]
 
 permissions:
@@ -7,22 +8,25 @@ jobs:
   build_and_test:
     strategy:
       matrix:
-        os: [macos-13, macos-12, macos-11]
+        os: [macos-14, macos-13, macos-12]
     name: ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v1
+
+    - uses: actions/checkout@v4
       with:
         submodules: true
+
     - name: Install dependencies
       run: |
         brew install libsodium
+
     - name: Compile 
       run: |
         ./configure
         make -C build
+
     - name: Test 
       run: |
         otool -L build/vpnserver
         .ci/memory-leak-test.sh
-

.github/workflows/musl.yml

@@ -1,4 +1,4 @@
-name: alpine/musl
+name: Alpine/musl
 
 on: [push, pull_request]
 
@@ -7,17 +7,22 @@ permissions:
 
 jobs:
   musl:
-      name: gcc
+    name: gcc
-      runs-on: ubuntu-latest
+    runs-on: ubuntu-latest
-      container:
+    container:
-        image: alpine:latest
+      image: alpine:latest
-      steps:
+    steps:
-      - uses: actions/checkout@v1
+
-        with:
-          submodules: true
       - name: Install dependencies
         run: apk add binutils --no-cache build-base readline-dev openssl-dev ncurses-dev git cmake zlib-dev libsodium-dev gnu-libiconv 
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
       - name: Configure
         run: ./configure
+
       - name: make 
         run: make -C build

.github/workflows/stb_check.yml

@@ -1,3 +1,4 @@
+name: STB Check
 on: [push, pull_request]
 
 permissions:
@@ -5,11 +6,15 @@ permissions:
 
 jobs:
   check:
+      name: Check
       runs-on: ubuntu-latest
       steps:
-      - uses: actions/checkout@v1
+
+      - name: Checkout
+        uses: actions/checkout@v4
         with:
           submodules: true
+
       - name: Check
         run: |
           cd developer_tools/stbchecker

.github/workflows/windows.yml

@@ -1,3 +1,4 @@
+name: Windows
 on: [push, pull_request]
 
 permissions:
@@ -14,19 +15,24 @@ jobs:
     runs-on: windows-latest
     name: ${{ matrix.platform.ARCHITECTURE }}
     steps:
-    - uses: actions/checkout@v4
+
+    - name: Checkout
+      uses: actions/checkout@v4
       with:
         submodules: true
+
     - name: Cache vcpkg
       uses: actions/cache@v4
       with:
         path: 'build/vcpkg_installed/'
         key: vcpkg-${{ matrix.platform.VCPKG_TRIPLET }}
+
     - name: Set version variables
       run: |
         $v = python version.py
         echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
       shell: pwsh
+
     - name: Build
       env:
         ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
@@ -44,11 +50,14 @@ jobs:
         vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
         vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
       shell: cmd
+
     - name: Test
       shell: powershell
       run: |
         . .ci/appveyor-vpntest.ps1
-    - uses: actions/upload-artifact@v4
+
+    - name: Upload built binaries
+      uses: actions/upload-artifact@v4
       with:
         if-no-files-found: error
         name: Binaries-${{ matrix.platform.ARCHITECTURE }}
@@ -56,7 +65,9 @@ jobs:
           build/*.exe
           build/*.pdb
           build/*.se2
-    - uses: actions/upload-artifact@v4
+
+    - name: Upload installers
+      uses: actions/upload-artifact@v4
       with:
         if-no-files-found: error
         name: Installers-${{ matrix.platform.ARCHITECTURE }}

.github/workflows/windows_release.yml

@@ -14,16 +14,19 @@ permissions:
 
 jobs:
   release:
+    name: Release
     runs-on: windows-latest
     outputs:
       upload_url: "${{ steps.create_release.outputs.upload_url }}"
     steps:
+
       - name: "Checkout repository"
         uses: actions/checkout@v4
 
       - name: "Create GitHub release"
         id: create_release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
+
   build-windows:
     name: ${{ matrix.platform.ARCHITECTURE }}
     runs-on: windows-latest
@@ -35,15 +38,18 @@ jobs:
           { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
         ]
     steps:
+
       - name: "Checkout repository"
         uses: actions/checkout@v4
         with:
           submodules: true
+
       - name: Cache vcpkg
         uses: actions/cache@v4
         with:
           path: 'build/vcpkg_installed/'
           key: vcpkg-release-${{ matrix.platform.VCPKG_TRIPLET }}
+ 
       - name: Set version variables
         run: |
           $b=(Get-Content CMakeSettings.json | Out-String | ConvertFrom-Json).environments.BuildNumber		
@@ -51,6 +57,7 @@ jobs:
           $v = python version.py
           echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
         shell: pwsh
+
       - name: Build
         env:
           ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
@@ -68,27 +75,19 @@ jobs:
           vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
         shell: cmd
 
-      - name: dir
+      - name: Show directory items
         run: |
           Get-ChildItem -Recurse build/installers
         shell: pwsh
 
       - name: "Upload softether-vpnclient"
-        uses: actions/upload-release-asset@v1
+        uses: softprops/action-gh-release@v2
-        env:
-          GITHUB_TOKEN: "${{ github.token }}"
         with:
-          upload_url: "${{ needs.release.outputs.upload_url }}"
+          files: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_path: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_content_type: "application/octet-stream"
-      - name: "Upload softether-vpnserver_vpnbridge"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: "${{ github.token }}"
-        with:
-          upload_url: "${{ needs.release.outputs.upload_url }}"
-          asset_path: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_content_type: "application/octet-stream"
           
+      - name: "Upload softether-vpnserver_vpnbridge"
+        uses: softprops/action-gh-release@v2
+        with:
+          files: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"

CMakeLists.txt

@@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.10)
 set(BUILD_NUMBER CACHE STRING "The number of the current build.")
 
 if ("${BUILD_NUMBER}" STREQUAL "")
-	set(BUILD_NUMBER "5184")
+	set(BUILD_NUMBER "5185")
 endif()
 
 if (BUILD_NUMBER LESS 5180)

CMakeSettings.json

@@ -1,5 +1,5 @@
 {
-  "environments": [ { "BuildNumber": "5184" } ],
+  "environments": [ { "BuildNumber": "5185" } ],
   "configurations": [
     {
       "name": "x64-native",

src/Cedar/Virtual.c

@@ -9349,62 +9349,35 @@ UINT ServeDhcpDiscoverEx(VH *v, UCHAR *mac, UINT request_ip, bool is_static_ip)
 		// check whether it is a request from the same MAC address
 		if (Cmp(mac, d->MacAddress, 6) == 0)
 		{
-			// Examine whether the specified IP address is within the range of assignment
+			// Examine whether the specified IP address is within the range of static assignment
 			if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
 				Endian32(request_ip) > Endian32(v->DhcpIpEnd))
 			{
-				// Accept if within the range
+				// Accept if within the range of static assignment
 				ret = request_ip;
 			}
 		}
 		else {
-			// Duplicated IPV4 address found. The DHCP server replies to DHCPREQUEST with DHCP NAK.
+			// Duplicated IPV4 address found. The specified IP address is not available for use
 			char ipstr[MAX_HOST_NAME_LEN + 1] = { 0 };
 			char macstr[128] = { 0 };
 			IPToStr32(ipstr, sizeof(ipstr), request_ip);
-			BinToStr(macstr, sizeof(macstr), d->MacAddress, 6);
+			MacToStr(macstr, sizeof(macstr), d->MacAddress);
-			Debug("Virtual DHC Server: Duplicated IP address detected. Static IP: %s, Used by MAC:%s\n", ipstr, macstr);
+			Debug("Virtual DHC Server: Duplicated IP address detected. Static IP: %s, with the MAC: %s\n", ipstr, macstr);
-			return ret;
 		}
 	}
 	else
 	{
-		// Examine whether the specified IP address is within the range of assignment
+		// Examine whether the specified IP address is within the range of static assignment
 		if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
 			Endian32(request_ip) > Endian32(v->DhcpIpEnd))
 		{
-			// Accept if within the range
+			// Accept if within the range of static assignment
 			ret = request_ip;
 		}
 		else
 		{
-			// Propose an IP in the range since it's a Discover although It is out of range
+			// The specified IP address is not available for use
-		}
-	}
-	if (ret == 0)
-	{
-		// If there is any entry with the same MAC address
-		// that are already registered, use it with priority
-		DHCP_LEASE *d = SearchDhcpLeaseByMac(v, mac);
-
-		if (d != NULL)
-		{
-			// Examine whether the found IP address is in the allocation region
-			if (Endian32(v->DhcpIpStart) > Endian32(d->IpAddress) ||
-				Endian32(d->IpAddress) > Endian32(v->DhcpIpEnd))
-			{
-				// Use the IP address if it's found within the range
-				ret = d->IpAddress;
-			}
-		}
-	}
-	if (ret == 0)
-	{
-		// For static IP, the requested IP address must NOT be within the range of the DHCP pool
-		if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
-			Endian32(request_ip) > Endian32(v->DhcpIpEnd))
-		{
-			ret = request_ip;
 		}
 	}
 
@@ -9595,6 +9568,11 @@ void VirtualDhcpServer(VH *v, PKT *p)
 			{
 				ip = ServeDhcpRequestEx(v, p->MacAddressSrc, opt->RequestedIp, ip_static);
 			}
+			// If the IP address in user's note is changed, then reply to DHCP_REQUEST with DHCP_NAK
+			if (p->L3.IPv4Header->SrcIP && ip != p->L3.IPv4Header->SrcIP)
+			{
+				ip = 0;
+			}
 		}
 
 		if (ip != 0 || opt->Opcode == DHCP_INFORM)
@@ -9607,6 +9585,14 @@ void VirtualDhcpServer(VH *v, PKT *p)
 				char client_mac[MAX_SIZE];
 				char client_ip[MAX_SIZE];
 
+				// If there is any entry with the same MAC address, then remove it
+				d = SearchDhcpLeaseByMac(v, p->MacAddressSrc);
+				if (d != NULL)
+				{
+					FreeDhcpLease(d);
+					Delete(v->DhcpLeaseList, d);
+				}
+
 				// Remove old records with the same IP address
 				d = SearchDhcpLeaseByIp(v, ip);
 				if (d != NULL)
@@ -9765,7 +9751,7 @@ void VirtualDhcpServer(VH *v, PKT *p)
 		}
 		else
 		{
-			// Reply of DHCP_REQUEST must be either DHCP_ACK or DHCP_NAK.
+			// Reply of DHCP_REQUEST must be either DHCP_ACK or DHCP_NAK
 			if (opt->Opcode == DHCP_REQUEST)
 			{
 				// There is no IP address that can be provided

src/Mayaqua/Network.c

@@ -12288,6 +12288,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			ret = SSL_peek(ssl, &c, sizeof(c));
 		}
 		Unlock(sock->ssl_lock);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
+		// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
+		// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
+		// > You should instead call SSL_get_error() to find out if it's retryable.
 		if (ret == 0)
 		{
 			// The communication have been disconnected
@@ -12295,7 +12300,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 			return 0;
 		}
-		if (ret < 0)
+#endif
+		if (ret <= 0)
 		{
 			// An error has occurred
 			e = SSL_get_error(ssl, ret);
@@ -12303,14 +12309,16 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			{
 				if (e == SSL_ERROR_SSL
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-				        &&
+					&&
-				        sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
+					sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
-				        sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
+					sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-				        sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+					sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
 #endif
-				   )
+					)
 				{
-					Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
+					UINT ssl_err_no = ERR_get_error();
+
+					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 					Disconnect(sock);
 					return 0;
 				}
@@ -12337,14 +12345,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		}
 #endif	// OS_UNIX
 
-// Run the time-out thread for SOLARIS
+		// Run the time-out thread for SOLARIS
 #ifdef UNIX_SOLARIS
 		ttparam = NewSocketTimeout(sock);
 #endif // UNIX_SOLARIS
 
 		ret = SSL_read(ssl, data, size);
 
-// Stop the timeout thread
+		// Stop the timeout thread
 #ifdef UNIX_SOLARIS
 		FreeSocketTimeout(ttparam);
 #endif // UNIX_SOLARIS
@@ -12357,7 +12365,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		}
 #endif	// OS_UNIX
 
-		if (ret < 0)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		if (ret < 0) // OpenSSL version < 3.0.0
+#else
+		if (ret <= 0) // OpenSSL version >= 3.0.0
+#endif
 		{
 			e = SSL_get_error(ssl, ret);
 		}
@@ -12380,6 +12392,12 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 
 		return (UINT)ret;
 	}
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+	// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
+	// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
+	// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
+	// > You should instead call SSL_get_error() to find out if it's retryable.
 	if (ret == 0)
 	{
 		// Disconnect the communication
@@ -12387,20 +12405,24 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		//Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 		return 0;
 	}
+#endif
+
 	if (sock->AsyncMode)
 	{
 		if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 		{
 			if (e == SSL_ERROR_SSL
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-			        &&
+				&&
-			        sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
+				sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
-			        sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
+				sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-			        sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+				sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
 #endif
-			   )
+				)
 			{
-				Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
+				UINT ssl_err_no = ERR_get_error();
+
+				Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 				Disconnect(sock);
 				return 0;
 			}
@@ -12438,7 +12460,11 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		}
 
 		ret = SSL_write(ssl, data, size);
-		if (ret < 0)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+		if (ret < 0) // OpenSSL version < 3.0.0
+#else
+		if (ret <= 0) // OpenSSL version >= 3.0.0
+#endif
 		{
 			e = SSL_get_error(ssl, ret);
 		}
@@ -12460,6 +12486,8 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		sock->WriteBlocked = false;
 		return (UINT)ret;
 	}
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 	if (ret == 0)
 	{
 		// Disconnect
@@ -12467,6 +12495,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		Disconnect(sock);
 		return 0;
 	}
+#endif
 
 	if (sock->AsyncMode)
 	{

src/bin/hamcore/strtable_ru.stb

@@ -115,7 +115,7 @@ ERR_48					Не удалось подключиться к контроллер
 ERR_49					Контроллеру кластера не удалось установить новую сессию в кластере.
 ERR_50					Не удается управлять Virtual Hub-ом сервера-члена кластера.
 ERR_51					Удаленное подключение запрещено, т.к. использован пустой пароль пользователя. Пустой пароль может быть разрешен только для соединений с локального хоста VPN-сервера (127.0.0.1).
-ERR_52					Не достаточно прав.
+ERR_52					Недостаточно прав.
 ERR_53					Указанный порт прослушивания не найден.
 ERR_54					Указанный порт прослушивания уже существует.
 ERR_55					Этот сервер не член кластера.
@@ -2421,8 +2421,8 @@ STATIC17				Другие конфигурации:
 R_NO_ROUTING			Не вносить изменения в таблицу маршрутизации
 STATIC18				Если у вас нет опыта работы с сетью и безопасностью, то оставьте настройки в этом окне по умолчанию.
 STATIC19				Функции VoIP/QoS обрабатывают пакеты (например VoIP) с высоким приоритетом для более быстрой передачи.
-STATIC20				Source IP Address:
+STATIC20				IP адрес источника:
-STATIC21				Source Port Number:
+STATIC21				Номер порта:
 R_DISABLE_QOS			Отключить функции VoIP / QoS
 IDOK					&OK
 IDCANCEL				Отмена
@@ -2524,7 +2524,7 @@ STATIC2					Имя Virtual &Hub:
 STATIC3					&Пользователь:
 STATIC4					&Старый пароль:
 STATIC5					&Новый пароль:
-STATIC6					&Подтвердить новый пароль:
+STATIC6					&Подтвердить пароль:
 IDOK					&OK
 IDCANCEL				Отмена
 S_STATIC				Примечание: Вы не сможете изменить пароль пользователя, если выбран тип авторизации "RADIUS или авторизация в домене".
@@ -2533,7 +2533,7 @@ S_STATIC				Примечание: Вы не сможете изменить па
 PREFIX					D_SM_MAIN
 CAPTION					SoftEther VPN-сервер менеджер Developer Edition
 STATIC1					Настройки подключения для VPN-сервера:
-STATIC2					Настройки подключения для VPN-сервера или VPN-моста. Чтобы подключиться к серверу дважды щелкните по его названию.\r\n Чтобы добавить новое подключение, нажмите "Новое подключение".
+STATIC2					Настройки подключения для VPN-сервера или VPN-моста. Чтобы подключиться к серверу дважды щелкните по его названию.\r\nЧтобы добавить новое подключение, нажмите "Новое подключение".
 B_NEW_SETTING			&Создать
 B_EDIT_SETTING			&Изменить
 B_DELETE				&Удалить
@@ -2558,9 +2558,9 @@ STATIC8					Прокси-сервер:
 STATIC9					Вы можете подключиться к VPN-серверу через прокси-сервер.
 STATIC10				Тип прокси:
 R_DIRECT_TCP			&Прямое TCP/IP соединение (без прокси)
-R_HTTPS					Подключиться через HTTP прокси-сервер
+R_HTTPS					Через HTTP прокси-сервер
-R_SOCKS					Подключиться через SOCKS прокси-сервер
+R_SOCKS					Через SOCKS прокси-сервер
-R_SOCKS5				Подключиться через SOCKS5 прокси-сервер
+R_SOCKS5				Через SOCKS5 прокси-сервер
 B_PROXY_CONFIG			Настройки прокси-сервера
 STATIC11				Выберите режим администрирования и введите пароль
 STATIC12				Вы можете подключиться к VPN-серверу, используя либо режим администратора сервера, либо режим Virtual Hub администратора. \r\n\r\nРежим администратора сервера позволяет вам управлять VPN-сервером и всеми Virtual Hub. \r\n\r\nРежим Virtual Hub администратора позволяет вам управлять только одним Virtual Hub, на который у вас есть права.
@@ -4111,7 +4111,7 @@ S_LATEST_STR			Версия %S%s
 
 PREFIX					D_UPDATE_CONFIG
 CAPTION					Настройка уведомлений об обновлении
-S_INFO					Периодически проверяет новые версии %s и показывает уведомление, когда будет выпущена новая версия.\r\n\r\nДля проверки обновлений будут использоваться HTTPS пакеты  между этим компьютером и сервером обновлений SoftEther, расположенным в городе Цукуба, префектура Ибараки, Япония. Никакая личная информация отправляться не будет.
+S_INFO					Периодически проверяет новые версии %s и показывает уведомление, когда будет выпущена новая версия.\r\n\r\nДля проверки обновлений будут использоваться HTTPS пакеты между этим компьютером и сервером обновлений SoftEther, расположенным в городе Цукуба, префектура Ибараки, Япония. Никакая личная информация отправляться не будет.
 S_TITLE					%s настройки уведомлений об обновлении
 S_ENABLE				&Включить проверку обновлений
 S_DISABLE				&Отключить проверку обновлений