git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan.karger@fox-it.com>
	Mon, 22 Oct 2018 11:45:15 +0000 (13:45 +0200)
committer	David Sommerseth <davids@openvpn.net>
	Fri, 26 Oct 2018 17:05:25 +0000 (19:05 +0200)
commit	ff931c5e99a808e762bc0203d70f19bf3767e216
tree	1e76db6c01f926068f86275ff20b68c9a1a30a06	tree
parent	19dffdbde08f6b1ea5d32d429a255218d4304c66	commit \| diff

tls-crypt-v2: add script hook to verify metadata

To allow rejecting incoming connections very early in the handshake,
add a --tls-crypt-v2-verify option that allows administators to
run an external command to verify the metadata from the client key.
See doc/tls-crypt-v2.txt for more details.

Because of the extra dependencies, this requires adding a mock
parse_line() to the tls-crypt unit tests. Also, this turns tls_wrap_free
into a static inline function, so that we don't need to compile in ssl.c
(and all of it's dependencies) with the unit tests.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540208715-14044-6-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17789.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

Changes.rst		diff \| blob \| blame \| history
doc/openvpn.8		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/options.h		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl.h		diff \| blob \| blame \| history
src/openvpn/ssl_common.h		diff \| blob \| blame \| history
src/openvpn/tls_crypt.c		diff \| blob \| blame \| history
src/openvpn/tls_crypt.h		diff \| blob \| blame \| history
tests/unit_tests/openvpn/Makefile.am		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_tls_crypt.c		diff \| blob \| blame \| history