git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Selva Nair <selva.nair@gmail.com>
	Sat, 20 Jan 2018 04:52:54 +0000 (23:52 -0500)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 25 Jan 2018 08:49:39 +0000 (09:49 +0100)
commit	51d57d7dad6c6380df7b76bbec1897ea4f98474d
tree	3c699d7d9a8ecef5270425414e3bf62c31fbe581	tree
parent	e05aca4517b666740b384399348b995a3a646629	commit \| diff

TLS v1.2 support for cryptoapicert -- RSA only

- If an NCRYPT handle for the private key can be obtained, use
  NCryptSignHash from the Cryptography NG API to sign the hash.

  This should work for all keys in the Windows certifiate stores
  but may fail for keys in a legacy token, for example. In such
  cases, we disable TLS v1.2 and fall back to the current
  behaviour. A warning is logged unless TLS version is already
  restricted to <= 1.1

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1516423974-22159-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16288.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/Makefile.am		diff \| blob \| blame \| history
src/openvpn/cryptoapi.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history