git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Thu, 5 May 2016 20:14:07 +0000 (22:14 +0200)
committer	David Sommerseth <davids@openvpn.net>
	Sat, 17 Sep 2016 12:23:04 +0000 (15:23 +0300)
commit	af1e4d26ab65bd71de168ea621ca55d0e40a0bc1
tree	96b7bb0d0300d22d635e0706b523c543ae318df0	tree
parent	d13a40a4a477bae3efede6945174df1cb2c3aa69	commit \| diff

Add SHA256 fingerprint support

Add SHA256 fingerprint support for both the normal exported fingerprints
(tls_digest_n -> tls_digest_sha256_n), as well as for --x509-track.

Also switch to using the SHA256 fingerprint instead of the SHA1 fingerprint
internally, in cert_hash_remember() / cert_hash_compare(). And instead of
updating an #if 0'd code block that has been disabled since 2009, just
remove that.

This should take care of trac #675.

v2: update openvpn.8 accordingly

[ DS: This commit squashes in the clean-up cert_hash_remember scoping patch,
as it is highly related and tied to this primary patch ]

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: 1462479247-21854-1-git-send-email-steffan@karger.me
Message-Id: 1474055635-7427-1-git-send-email-steffan@karger.me
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg11859.html
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12464.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

doc/openvpn.8		diff \| blob \| blame \| history
src/openvpn/ssl_verify.c		diff \| blob \| blame \| history
src/openvpn/ssl_verify.h		diff \| blob \| blame \| history
src/openvpn/ssl_verify_backend.h		diff \| blob \| blame \| history
src/openvpn/ssl_verify_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/ssl_verify_openssl.c		diff \| blob \| blame \| history