Reworked the eurephia patch for inclusion to the openvpn-testing tree

Addedd configure option (--disable-eurephia) to disable the code which the
eurephia plug-in depends on.

It was chosen to use --disable-eurephia, as this patch is not much intrusive.  It
just enables a SHA1 fingerprint environment variable for each certificate being
used for the connection.

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>

diff --git a/configure.ac b/configure.ac
index 4777108893379df5329477abc79083597806e735..aca812f9539ccba4205919e8db78ecaf073037ed 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -98,6 +98,12 @@ AC_ARG_ENABLE(plugins,
    [PLUGINS="yes"]
 )
 
+AC_ARG_ENABLE(eurephia,
+   [  --disable-eurephia      Disable support for the eurephia plug-in],
+   [EUREPHIA="$enableval"],
+   [EUREPHIA="yes"]
+)
+
 AC_ARG_ENABLE(management,
    [  --disable-management    Disable management server support],
    [MANAGEMENT="$enableval"],
@@ -641,6 +647,9 @@ if test "${WIN32}" != "yes"; then
            )],
            [AC_MSG_RESULT([libdl headers not found.])]
       )
+      if test "$EUREPHIA" = "yes"; then
+         AC_DEFINE(ENABLE_EUREPHIA, 1, [Enable support for the eurephia plug-in])
+      fi
    fi
 fi
 

diff --git a/options.c b/options.c
index a717e1e266547c06a33c804cf8ef2ac4458fcee5..fb2a00bcfce906cb7b2286cc62467cb47a7dc95d 100644 (file)
--- a/options.c
+++ b/options.c
@@ -7,6 +7,9 @@
  *
  *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
  *
+ *  Additions for eurephia plugin done by:
+ *         David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2009
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
  *  as published by the Free Software Foundation.
@@ -72,6 +75,9 @@ const char title_string[] =
 #endif
 #ifdef ENABLE_PKCS11
   " [PKCS11]"
+#endif
+#ifdef ENABLE_EUREPHIA
+  " [eurephia]"
 #endif
   " built on " __DATE__
 ;

diff --git a/ssl.c b/ssl.c
index b2886eb9d254aad7161f9d93934d87b8568fca1b..96b6fdc5122b8d2e645ddeffbb50c8c4cb7271a8 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -7,6 +7,10 @@
  *
  *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
  *
+ *  Additions for eurephia plugin done by:
+ *         David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009
+ *
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
  *  as published by the Free Software Foundation.
@@ -780,6 +784,16 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
   openvpn_snprintf (envname, sizeof(envname), "tls_id_%d", ctx->error_depth);
   setenv_str (opt->es, envname, subject);
 
+#ifdef ENABLE_EUREPHIA
+  /* export X509 cert SHA1 fingerprint */
+  {
+    struct gc_arena gc = gc_new ();
+    openvpn_snprintf (envname, sizeof(envname), "tls_digest_%d", ctx->error_depth);
+    setenv_str (opt->es, envname,
+               format_hex_ex(ctx->current_cert->sha1_hash, SHA_DIGEST_LENGTH, 0, 1, ":", &gc));
+    gc_free(&gc);
+  }
+#endif
 #if 0
   /* export common name string as environmental variable */
   openvpn_snprintf (envname, sizeof(envname), "tls_common_name_%d", ctx->error_depth);