git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Sat, 21 Nov 2015 11:41:00 +0000 (12:41 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 22 Nov 2015 14:51:47 +0000 (15:51 +0100)
commit	67a67e39895d9c2c7af08e7fb38ba341e6be8fb6
tree	ae1c1e22db0ce5d3186fb1fd384a67d15e65d7d4	tree
parent	e60849a708c7b70f0d7d2363489863e4c5c9c893	commit \| diff

polarssl: don't use deprecated functions anymore

A number of functions were deprecated in polarssl 1.3.11. Stop using
these, and use their alternatives instead.

This enables (and also almost forces) us to move the pkcs11 and external
key logic from the per-connection setup (key_state_ssl_init()) to the
per-instance setup (tls_ctx_use_{pkcs11,external_private_key}()).

Note that tls_ctx_use_external_private_key() is now placed right below
external_pkcs1_sign() and external_key_len(), instead of right above,
because it now needs to be aware of those static functions.

Tested with:
* PEM key files
* pkcs11
* management-external-key

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1448106060-19469-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10544
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/crypto_polarssl.c		diff \| blob \| blame \| history
src/openvpn/pkcs11_polarssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_polarssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_verify_polarssl.c		diff \| blob \| blame \| history