]> git.ipfire.org Git - thirdparty/openvpn.git/log
projects / thirdparty / openvpn.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
thirdparty/openvpn.git
13 years agoFixed a bug in the return value of ssl_verify when pre_verify failed
commit | commitdiff | tree
Adriaan de Jong [Wed, 3 Aug 2011 18:43:08 +0000 (20:43 +0200)] 
Fixed a bug in the return value of ssl_verify when pre_verify failed

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMoved gc_new and gc_free to begin end of function
commit | commitdiff | tree
Adriaan de Jong [Wed, 3 Aug 2011 18:16:01 +0000 (20:16 +0200)] 
Moved gc_new and gc_free to begin end of function

As a safety measure against future modifications

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded back checks for ks->authenticated in verify_user_pass
commit | commitdiff | tree
Adriaan de Jong [Thu, 28 Jul 2011 17:53:44 +0000 (19:53 +0200)] 
Added back checks for ks->authenticated in verify_user_pass

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMoved HMAC prints back to main crypto module
commit | commitdiff | tree
Adriaan de Jong [Thu, 14 Jul 2011 19:35:45 +0000 (21:35 +0200)] 
Moved HMAC prints back to main crypto module

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMoved print messages back to generic crypto.c from cipher backends
commit | commitdiff | tree
Adriaan de Jong [Thu, 14 Jul 2011 19:19:12 +0000 (21:19 +0200)] 
Moved print messages back to generic crypto.c from cipher backends

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed an unintentional change in the options calculated key size.
commit | commitdiff | tree
Adriaan de Jong [Thu, 14 Jul 2011 18:50:29 +0000 (20:50 +0200)] 
Fixed an unintentional change in the options calculated key size.

It is now in bits again.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFurther improvements to plugin support:
commit | commitdiff | tree
Adriaan de Jong [Thu, 7 Jul 2011 08:05:32 +0000 (10:05 +0200)] 
Further improvements to plugin support:

 - Renamed struct entries to explicitly show them as disabled
 - Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or ssl_verify_polarssl.h is included
 - If neither of those files is included, disable ssl support for a plugin including openvpn-plugin.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixes for the plugin system:
commit | commitdiff | tree
Adriaan de Jong [Thu, 7 Jul 2011 07:21:03 +0000 (09:21 +0200)] 
Fixes for the plugin system:

 - Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins
 - Fixed example plugin code to include USE_SSL when needed

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoHardening: periodically reset the PRNG's nonce value
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 11:50:48 +0000 (13:50 +0200)] 
Hardening: periodically reset the PRNG's nonce value

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoDisabled X.509 track and username selection for PolarSSL
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 11:09:13 +0000 (13:09 +0200)] 
Disabled X.509 track and username selection for PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded SSL library to title string
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 10:46:33 +0000 (12:46 +0200)] 
Added SSL library to title string

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded an extra define to allow building without PKCS#11
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 10:02:12 +0000 (12:02 +0200)] 
Added an extra define to allow building without PKCS#11

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored (and disabled for PolarSSL) support for writing external cert files in...
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 09:48:38 +0000 (11:48 +0200)] 
Refactored (and disabled for PolarSSL) support for writing external cert files in scripts

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRemoved stray X509_free from ssl.c
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 09:41:14 +0000 (11:41 +0200)] 
Removed stray X509_free from ssl.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRemoved support for management external keys in PolarSSL
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 08:32:09 +0000 (10:32 +0200)] 
Removed support for management external keys in PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoDisable CryptoAPI when not using OpenSSL, and document that fact.
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 08:16:46 +0000 (10:16 +0200)] 
Disable CryptoAPI when not using OpenSSL, and document that fact.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded warning that --capath is not available with PolarSSL
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 08:05:32 +0000 (10:05 +0200)] 
Added warning that --capath is not available with PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded a warning that the PolarSSL library does not support pkcs12 files.
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 08:02:40 +0000 (10:02 +0200)] 
Added a warning that the PolarSSL library does not support pkcs12 files.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed a compilation warning for size_t key sizes
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 07:56:53 +0000 (09:56 +0200)] 
Fixed a compilation warning for size_t key sizes

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoUpdated ssl_polarssl.c to work with 0.99-pre5
commit | commitdiff | tree
Adriaan de Jong [Sat, 2 Jul 2011 12:28:56 +0000 (14:28 +0200)] 
Updated ssl_polarssl.c to work with 0.99-pre5

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoChanged PolarSSL crypto backend to support v0.99-pre5
commit | commitdiff | tree
Adriaan de Jong [Sat, 2 Jul 2011 12:28:17 +0000 (14:28 +0200)] 
Changed PolarSSL crypto backend to support v0.99-pre5

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded SHA_DIGEST_SIZE definition
commit | commitdiff | tree
Adriaan de Jong [Sat, 2 Jul 2011 09:00:49 +0000 (11:00 +0200)] 
Added SHA_DIGEST_SIZE definition

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed a bug in the hash generation in ssl_verify_openssl.c
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 15:31:44 +0000 (17:31 +0200)] 
Fixed a bug in the hash generation in ssl_verify_openssl.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed a missing include in ssl_backend.h
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 15:20:18 +0000 (17:20 +0200)] 
Fixed a missing include in ssl_backend.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded PolarSSL support:
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 12:15:11 +0000 (14:15 +0200)] 
Added PolarSSL support:

 - Crypto library
 - SSL library
 - PKCS#11 support

For missing features, please see README.polarssl

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored X509 track feature to be contained within the openssl backend
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 12:40:30 +0000 (14:40 +0200)] 
Refactored X509 track feature to be contained within the openssl backend

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFinal cleanup before PolarSSL addition:
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 12:39:13 +0000 (14:39 +0200)] 
Final cleanup before PolarSSL addition:

 - Remove stray X509 entries
 - Remove unnecessary USE_OPENSSL ifdefs
 - Normalised x509_get_sha1_hash to look similar to x509_get_* functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoModified base64 code in preparation for PolarSSL merge
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 14:34:11 +0000 (16:34 +0200)] 
Modified base64 code in preparation for PolarSSL merge

 - Renamed base64_decode and base64_encode to openvpn_*
 - Changed the contributor's name to UTF-8

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoSeparated OpenSSL-specific parts of the PKCS#11 driver
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 14:28:56 +0000 (16:28 +0200)] 
Separated OpenSSL-specific parts of the PKCS#11 driver

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: renamed X509 functions from verify_*
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 13:44:24 +0000 (15:44 +0200)] 
Refactored: renamed X509 functions from verify_*

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: made M_SSL dependent on USE_OPENSSL
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 12:53:41 +0000 (14:53 +0200)] 
Refactored: made M_SSL dependent on USE_OPENSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoCleaned up ssl.h
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 13:11:47 +0000 (15:11 +0200)] 
Cleaned up ssl.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Moved verify_cert to ssl_verify
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 13:07:21 +0000 (15:07 +0200)] 
Refactored: Moved verify_cert to ssl_verify

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMinor cleanup in verify_cert:
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 13:03:33 +0000 (15:03 +0200)] 
Minor cleanup in verify_cert:

 - Removed envname variable
 - Removed debug code
 - Changed ERR_clear_error to tls_clear_error
 - Changed verify_get_subject to match verify_get_serial more closely

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored CRL checks
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 12:55:53 +0000 (14:55 +0200)] 
Refactored CRL checks

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls-verify script code
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 12:38:38 +0000 (14:38 +0200)] 
Refactored tls-verify script code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls-verify-plugin code
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 12:15:40 +0000 (14:15 +0200)] 
Refactored tls-verify-plugin code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls-remote checking
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 12:28:44 +0000 (14:28 +0200)] 
Refactored tls-remote checking

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored EKU verification
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 12:24:15 +0000 (14:24 +0200)] 
Refactored EKU verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored key usage verification code
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 12:20:43 +0000 (14:20 +0200)] 
Refactored key usage verification code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Netscape certificate type verification
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 11:51:16 +0000 (13:51 +0200)] 
Refactored: Netscape certificate type verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: separated environment setup during verification
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 11:43:46 +0000 (13:43 +0200)] 
Refactored: separated environment setup during verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: removed global x509_username_field
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 10:37:33 +0000 (12:37 +0200)] 
Refactored: removed global x509_username_field

Moved to tls_options.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded function to verify and extract the username
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 09:43:38 +0000 (11:43 +0200)] 
Added function to verify and extract the username

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded function to extract and verify the subject from a certificate
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 11:29:33 +0000 (13:29 +0200)] 
Added function to extract and verify the subject from a certificate

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: split verify_callback into two parts
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 09:19:07 +0000 (11:19 +0200)] 
Refactored: split verify_callback into two parts

 - One part is the actual callback, and is OpenSSL-specific
 - One part, verify_cert(), is called by the callback to process the actual
   verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdd some extra comments
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 10:40:12 +0000 (12:40 +0200)] 
Add some extra comments

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored username and password authentication code
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 08:48:18 +0000 (10:48 +0200)] 
Refactored username and password authentication code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored common name locking functions
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 14:22:40 +0000 (16:22 +0200)] 
Refactored common name locking functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored certificate hash lock checks
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 08:10:28 +0000 (10:10 +0200)] 
Refactored certificate hash lock checks

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored client_config_dir_exclusive function
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 13:41:32 +0000 (15:41 +0200)] 
Refactored client_config_dir_exclusive function

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMigrated data structures needed by verification functions to ssl_common.h
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 08:04:56 +0000 (10:04 +0200)] 
Migrated data structures needed by verification functions to ssl_common.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored Doxygen for tls_multi functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 07:58:48 +0000 (09:58 +0200)] 
Refactored Doxygen for tls_multi functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: moved write_empty_string function back
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 09:03:45 +0000 (11:03 +0200)] 
Refactored: moved write_empty_string function back

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: removed ks and ks_lame macro for clarity
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 08:41:22 +0000 (10:41 +0200)] 
Refactored: removed ks and ks_lame macro for clarity

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Moved BIO debug functions to OpenSSL backend
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 08:08:08 +0000 (10:08 +0200)] 
Refactored: Moved BIO debug functions to OpenSSL backend

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored key_state write functions
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 08:02:47 +0000 (10:02 +0200)] 
Refactored key_state write functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored key_state read code (including bio_read())
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 07:47:52 +0000 (09:47 +0200)] 
Refactored key_state read code (including bio_read())

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored print_details
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 07:43:14 +0000 (09:43 +0200)] 
Refactored print_details

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored key_state free code
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 15:51:23 +0000 (17:51 +0200)] 
Refactored key_state free code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored initalisation of key_states
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 15:44:40 +0000 (17:44 +0200)] 
Refactored initalisation of key_states

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls_options, key_state, and key_source data structures
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 07:33:41 +0000 (09:33 +0200)] 
Refactored tls_options, key_state, and key_source data structures

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored cipher restriction code
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 16:32:44 +0000 (18:32 +0200)] 
Refactored cipher restriction code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored CA and extra certs code
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 16:28:02 +0000 (18:28 +0200)] 
Refactored CA and extra certs code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored external key loading from management
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 06:57:52 +0000 (08:57 +0200)] 
Refactored external key loading from management

Fixed a bug in external key loading, where if no certificate file was
specified, the program would still try to use an external private key.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored private key loading code
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 12:39:23 +0000 (14:39 +0200)] 
Refactored private key loading code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored load certificate functions
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 15:59:55 +0000 (17:59 +0200)] 
Refactored load certificate functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored windows cert loading
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 12:13:16 +0000 (14:13 +0200)] 
Refactored windows cert loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored PKCS#11 loading
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 12:01:22 +0000 (14:01 +0200)] 
Refactored PKCS#11 loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored PKCS#12 key loading
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 14:51:16 +0000 (16:51 +0200)] 
Refactored PKCS#12 key loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored root TLS option settings
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 14:30:38 +0000 (16:30 +0200)] 
Refactored root TLS option settings

 - Started merge of new feature (x509_altnames), will continue in a
future patch

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored DH paramater loading
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 11:03:07 +0000 (13:03 +0200)] 
Refactored DH paramater loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored new external key code
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 13:45:44 +0000 (15:45 +0200)] 
Refactored new external key code

 - To make patch application easier in the future

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored root SSL context initialisation
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 13:30:34 +0000 (15:30 +0200)] 
Refactored root SSL context initialisation

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored get_highest_preference_tls_cipher
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 07:52:59 +0000 (09:52 +0200)] 
Refactored get_highest_preference_tls_cipher

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls_show_available_ciphers
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 07:44:47 +0000 (09:44 +0200)] 
Refactored tls_show_available_ciphers

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored TLS_PRF to new hmac and md primitives
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 07:22:08 +0000 (09:22 +0200)] 
Refactored TLS_PRF to new hmac and md primitives

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored SSL initialisation functions
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 13:15:32 +0000 (15:15 +0200)] 
Refactored SSL initialisation functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Added stubs for new files
commit | commitdiff | tree
Adriaan de Jong [Fri, 24 Jun 2011 13:05:28 +0000 (15:05 +0200)] 
Refactored: Added stubs for new files

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded a check for Openssl or PolarSSL defines
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 16:02:45 +0000 (18:02 +0200)] 
Added a check for Openssl or PolarSSL defines

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRemoved stale OpenSSL defines from crypto.h
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:54:49 +0000 (17:54 +0200)] 
Removed stale OpenSSL defines from crypto.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Moved crypto.h inline functions to end of file
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:52:47 +0000 (17:52 +0200)] 
Refactored: Moved crypto.h inline functions to end of file

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded PRNG doxygen
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:44:35 +0000 (17:44 +0200)] 
Added PRNG doxygen

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored cipher functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:39:42 +0000 (17:39 +0200)] 
Refactored cipher functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored cipher key types
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:31:19 +0000 (17:31 +0200)] 
Refactored cipher key types

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored HMAC functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:18:32 +0000 (17:18 +0200)] 
Refactored HMAC functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored message digest functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 14:56:29 +0000 (16:56 +0200)] 
Refactored message digest functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored message digest type functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 14:21:32 +0000 (16:21 +0200)] 
Refactored message digest type functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored NTLM DES key generation
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 13:03:09 +0000 (15:03 +0200)] 
Refactored NTLM DES key generation

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored DES key manipulation functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 10:45:29 +0000 (12:45 +0200)] 
Refactored DES key manipulation functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored crypto initialisation functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 09:40:52 +0000 (11:40 +0200)] 
Refactored crypto initialisation functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored SSL_clear_error()
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 09:07:12 +0000 (11:07 +0200)] 
Refactored SSL_clear_error()

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored show_available_* functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 08:18:36 +0000 (10:18 +0200)] 
Refactored show_available_* functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored maximum cipher and hmac length constants
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 07:41:28 +0000 (09:41 +0200)] 
Refactored maximum cipher and hmac length constants

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored OpenSSL-specific constants
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 07:05:12 +0000 (09:05 +0200)] 
Refactored OpenSSL-specific constants

[David S: Fixed a few whitespace errors before merging]

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored to rand_bytes for OpenSSL-independency
commit | commitdiff | tree
Adriaan de Jong [Wed, 22 Jun 2011 15:16:03 +0000 (17:16 +0200)] 
Refactored to rand_bytes for OpenSSL-independency

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoChanged configure to accept --with-ssl-type=openssl
commit | commitdiff | tree
Adriaan de Jong [Fri, 24 Jun 2011 06:37:33 +0000 (08:37 +0200)] 
Changed configure to accept --with-ssl-type=openssl

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMove block for "stale-routes-check" config inside #ifdef P2MP_SERVER block
commit | commitdiff | tree
Gert Doering [Sat, 8 Oct 2011 10:26:52 +0000 (12:26 +0200)] 
Move block for "stale-routes-check" config inside #ifdef P2MP_SERVER block

options->stale_routes_ageing_time etc.  are not defined otherwise, and
compilation fails.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Davide Guerri <d.guerri@caspur.it>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
13 years agoNew feauture: Add --stale-routes-check
commit | commitdiff | tree
Davide Guerri [Thu, 15 Sep 2011 21:42:22 +0000 (23:42 +0200)] 
New feauture: Add --stale-routes-check

This patch adds a stale-routes-check option that takes 2 parameters: a ageing
time (in seconds) and a check interval (in seconds). The latter defaults to the
former if it's not present.  Internally, a new "check" is added in
multi_process_per_second_timers_dowork(). This check deletes stale routes and
it is inspired to the function multi_reap_range().

We're running a very large connectivity infrastructure based on openVPN (more
than 4000 different clients connected per day per server), so we can throughly
check this patch (or, of course, any variant of it).

Signed-off-by: Davide Guerri <d.guerri@caspur.it>
Reviewed-by: David Sommerseth <davids@redhat.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoPlatform cleanup for NetBSD
commit | commitdiff | tree
Gert Doering [Fri, 16 Sep 2011 17:51:09 +0000 (19:51 +0200)] 
Platform cleanup for NetBSD

make TAP devices work (need to go via multiplex device /dev/tap)
cleanup TUN devices at program end ("ifconfig tunX destroy")
correctly setup TUN devices for "topology subnet"
don't try to put TAP devices into TUNSIFHEAD mode (get rid of error message)

Tested on NetBSD 5.1_STABLE / Sparc64

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
next
Mirror of https://github.com/OpenVPN/openvpn.git