]> git.ipfire.org Git - thirdparty/openvpn.git/log
projects / thirdparty / openvpn.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
thirdparty/openvpn.git
13 years agoFixed missing comma in plugin.h
commit | commitdiff | tree
Adriaan de Jong [Mon, 31 Oct 2011 15:29:16 +0000 (16:29 +0100)] 
Fixed missing comma in plugin.h

Fixed a bug where the wrong value was being passed to plugin_call_ssl, due to a missing comma.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFurther removal of des_old.h based calls
commit | commitdiff | tree
Adriaan de Jong [Mon, 24 Oct 2011 14:11:14 +0000 (16:11 +0200)] 
Further removal of des_old.h based calls

Replaced des_set_key_unchecked and des_ecb_encrypt functions in cipher_des_encrypt_ecb

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRemoved obsolete des_cblock and des_keyschedule
commit | commitdiff | tree
Adriaan de Jong [Mon, 24 Oct 2011 11:11:32 +0000 (13:11 +0200)] 
Removed obsolete des_cblock and des_keyschedule

This is to allow building on NetBSD which does not install <des_old.h> anymore

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoGot rid of a few magic numbers in ntlm.c
commit | commitdiff | tree
Adriaan de Jong [Mon, 24 Oct 2011 08:46:00 +0000 (10:46 +0200)] 
Got rid of a few magic numbers in ntlm.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed disabling crypto and SSL
commit | commitdiff | tree
Adriaan de Jong [Mon, 24 Oct 2011 08:46:01 +0000 (10:46 +0200)] 
Fixed disabling crypto and SSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded missing #ifdef to allow --disable-managent to work again
commit | commitdiff | tree
Adriaan de Jong [Mon, 24 Oct 2011 09:39:05 +0000 (11:39 +0200)] 
Added missing #ifdef to allow --disable-managent to work again

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMoved to PolarSSL 1.0.0:
commit | commitdiff | tree
Adriaan de Jong [Sun, 16 Oct 2011 13:56:31 +0000 (15:56 +0200)] 
Moved to PolarSSL 1.0.0:

 - Reversed des_key_check_weak output check, as the library changed this
 - Changed POLARSSL_MODE_CFB to POLARSSL_MODE_CFB128
 - Changed the bio write function to accept const input

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMade SSL_CIPHER const in print_details, to fix warning
commit | commitdiff | tree
Adriaan de Jong [Sun, 16 Oct 2011 13:13:36 +0000 (15:13 +0200)] 
Made SSL_CIPHER const in print_details, to fix warning

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed a typo: print the subject instead of the serial for verification errors
commit | commitdiff | tree
Adriaan de Jong [Thu, 29 Sep 2011 17:58:16 +0000 (19:58 +0200)] 
Fixed a typo: print the subject instead of the serial for verification errors

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRemoved a stray Fox-IT tag
commit | commitdiff | tree
Adriaan de Jong [Thu, 1 Sep 2011 18:44:56 +0000 (20:44 +0200)] 
Removed a stray Fox-IT tag

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoUnified verification function return values:
commit | commitdiff | tree
Adriaan de Jong [Wed, 3 Aug 2011 19:25:57 +0000 (21:25 +0200)] 
Unified verification function return values:

 - Now return either SUCCESS or FAILURE.
 - SUCCESS is defined as 0.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed a bug in the return value of ssl_verify when pre_verify failed
commit | commitdiff | tree
Adriaan de Jong [Wed, 3 Aug 2011 18:43:08 +0000 (20:43 +0200)] 
Fixed a bug in the return value of ssl_verify when pre_verify failed

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMoved gc_new and gc_free to begin end of function
commit | commitdiff | tree
Adriaan de Jong [Wed, 3 Aug 2011 18:16:01 +0000 (20:16 +0200)] 
Moved gc_new and gc_free to begin end of function

As a safety measure against future modifications

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded back checks for ks->authenticated in verify_user_pass
commit | commitdiff | tree
Adriaan de Jong [Thu, 28 Jul 2011 17:53:44 +0000 (19:53 +0200)] 
Added back checks for ks->authenticated in verify_user_pass

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMoved HMAC prints back to main crypto module
commit | commitdiff | tree
Adriaan de Jong [Thu, 14 Jul 2011 19:35:45 +0000 (21:35 +0200)] 
Moved HMAC prints back to main crypto module

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMoved print messages back to generic crypto.c from cipher backends
commit | commitdiff | tree
Adriaan de Jong [Thu, 14 Jul 2011 19:19:12 +0000 (21:19 +0200)] 
Moved print messages back to generic crypto.c from cipher backends

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed an unintentional change in the options calculated key size.
commit | commitdiff | tree
Adriaan de Jong [Thu, 14 Jul 2011 18:50:29 +0000 (20:50 +0200)] 
Fixed an unintentional change in the options calculated key size.

It is now in bits again.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFurther improvements to plugin support:
commit | commitdiff | tree
Adriaan de Jong [Thu, 7 Jul 2011 08:05:32 +0000 (10:05 +0200)] 
Further improvements to plugin support:

 - Renamed struct entries to explicitly show them as disabled
 - Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or ssl_verify_polarssl.h is included
 - If neither of those files is included, disable ssl support for a plugin including openvpn-plugin.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixes for the plugin system:
commit | commitdiff | tree
Adriaan de Jong [Thu, 7 Jul 2011 07:21:03 +0000 (09:21 +0200)] 
Fixes for the plugin system:

 - Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins
 - Fixed example plugin code to include USE_SSL when needed

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoHardening: periodically reset the PRNG's nonce value
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 11:50:48 +0000 (13:50 +0200)] 
Hardening: periodically reset the PRNG's nonce value

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoDisabled X.509 track and username selection for PolarSSL
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 11:09:13 +0000 (13:09 +0200)] 
Disabled X.509 track and username selection for PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded SSL library to title string
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 10:46:33 +0000 (12:46 +0200)] 
Added SSL library to title string

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded an extra define to allow building without PKCS#11
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 10:02:12 +0000 (12:02 +0200)] 
Added an extra define to allow building without PKCS#11

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored (and disabled for PolarSSL) support for writing external cert files in...
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 09:48:38 +0000 (11:48 +0200)] 
Refactored (and disabled for PolarSSL) support for writing external cert files in scripts

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRemoved stray X509_free from ssl.c
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 09:41:14 +0000 (11:41 +0200)] 
Removed stray X509_free from ssl.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRemoved support for management external keys in PolarSSL
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 08:32:09 +0000 (10:32 +0200)] 
Removed support for management external keys in PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoDisable CryptoAPI when not using OpenSSL, and document that fact.
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 08:16:46 +0000 (10:16 +0200)] 
Disable CryptoAPI when not using OpenSSL, and document that fact.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded warning that --capath is not available with PolarSSL
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 08:05:32 +0000 (10:05 +0200)] 
Added warning that --capath is not available with PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded a warning that the PolarSSL library does not support pkcs12 files.
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 08:02:40 +0000 (10:02 +0200)] 
Added a warning that the PolarSSL library does not support pkcs12 files.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed a compilation warning for size_t key sizes
commit | commitdiff | tree
Adriaan de Jong [Tue, 5 Jul 2011 07:56:53 +0000 (09:56 +0200)] 
Fixed a compilation warning for size_t key sizes

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoUpdated ssl_polarssl.c to work with 0.99-pre5
commit | commitdiff | tree
Adriaan de Jong [Sat, 2 Jul 2011 12:28:56 +0000 (14:28 +0200)] 
Updated ssl_polarssl.c to work with 0.99-pre5

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoChanged PolarSSL crypto backend to support v0.99-pre5
commit | commitdiff | tree
Adriaan de Jong [Sat, 2 Jul 2011 12:28:17 +0000 (14:28 +0200)] 
Changed PolarSSL crypto backend to support v0.99-pre5

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded SHA_DIGEST_SIZE definition
commit | commitdiff | tree
Adriaan de Jong [Sat, 2 Jul 2011 09:00:49 +0000 (11:00 +0200)] 
Added SHA_DIGEST_SIZE definition

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed a bug in the hash generation in ssl_verify_openssl.c
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 15:31:44 +0000 (17:31 +0200)] 
Fixed a bug in the hash generation in ssl_verify_openssl.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFixed a missing include in ssl_backend.h
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 15:20:18 +0000 (17:20 +0200)] 
Fixed a missing include in ssl_backend.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded PolarSSL support:
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 12:15:11 +0000 (14:15 +0200)] 
Added PolarSSL support:

 - Crypto library
 - SSL library
 - PKCS#11 support

For missing features, please see README.polarssl

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored X509 track feature to be contained within the openssl backend
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 12:40:30 +0000 (14:40 +0200)] 
Refactored X509 track feature to be contained within the openssl backend

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoFinal cleanup before PolarSSL addition:
commit | commitdiff | tree
Adriaan de Jong [Fri, 1 Jul 2011 12:39:13 +0000 (14:39 +0200)] 
Final cleanup before PolarSSL addition:

 - Remove stray X509 entries
 - Remove unnecessary USE_OPENSSL ifdefs
 - Normalised x509_get_sha1_hash to look similar to x509_get_* functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoModified base64 code in preparation for PolarSSL merge
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 14:34:11 +0000 (16:34 +0200)] 
Modified base64 code in preparation for PolarSSL merge

 - Renamed base64_decode and base64_encode to openvpn_*
 - Changed the contributor's name to UTF-8

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoSeparated OpenSSL-specific parts of the PKCS#11 driver
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 14:28:56 +0000 (16:28 +0200)] 
Separated OpenSSL-specific parts of the PKCS#11 driver

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: renamed X509 functions from verify_*
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 13:44:24 +0000 (15:44 +0200)] 
Refactored: renamed X509 functions from verify_*

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: made M_SSL dependent on USE_OPENSSL
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 12:53:41 +0000 (14:53 +0200)] 
Refactored: made M_SSL dependent on USE_OPENSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoCleaned up ssl.h
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 13:11:47 +0000 (15:11 +0200)] 
Cleaned up ssl.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Moved verify_cert to ssl_verify
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 13:07:21 +0000 (15:07 +0200)] 
Refactored: Moved verify_cert to ssl_verify

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMinor cleanup in verify_cert:
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 13:03:33 +0000 (15:03 +0200)] 
Minor cleanup in verify_cert:

 - Removed envname variable
 - Removed debug code
 - Changed ERR_clear_error to tls_clear_error
 - Changed verify_get_subject to match verify_get_serial more closely

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored CRL checks
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 12:55:53 +0000 (14:55 +0200)] 
Refactored CRL checks

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls-verify script code
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 12:38:38 +0000 (14:38 +0200)] 
Refactored tls-verify script code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls-verify-plugin code
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 12:15:40 +0000 (14:15 +0200)] 
Refactored tls-verify-plugin code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls-remote checking
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 12:28:44 +0000 (14:28 +0200)] 
Refactored tls-remote checking

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored EKU verification
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 12:24:15 +0000 (14:24 +0200)] 
Refactored EKU verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored key usage verification code
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 12:20:43 +0000 (14:20 +0200)] 
Refactored key usage verification code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Netscape certificate type verification
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 11:51:16 +0000 (13:51 +0200)] 
Refactored: Netscape certificate type verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: separated environment setup during verification
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 11:43:46 +0000 (13:43 +0200)] 
Refactored: separated environment setup during verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: removed global x509_username_field
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 10:37:33 +0000 (12:37 +0200)] 
Refactored: removed global x509_username_field

Moved to tls_options.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded function to verify and extract the username
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 09:43:38 +0000 (11:43 +0200)] 
Added function to verify and extract the username

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded function to extract and verify the subject from a certificate
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 11:29:33 +0000 (13:29 +0200)] 
Added function to extract and verify the subject from a certificate

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: split verify_callback into two parts
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 09:19:07 +0000 (11:19 +0200)] 
Refactored: split verify_callback into two parts

 - One part is the actual callback, and is OpenSSL-specific
 - One part, verify_cert(), is called by the callback to process the actual
   verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdd some extra comments
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 10:40:12 +0000 (12:40 +0200)] 
Add some extra comments

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored username and password authentication code
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 08:48:18 +0000 (10:48 +0200)] 
Refactored username and password authentication code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored common name locking functions
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 14:22:40 +0000 (16:22 +0200)] 
Refactored common name locking functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored certificate hash lock checks
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 08:10:28 +0000 (10:10 +0200)] 
Refactored certificate hash lock checks

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored client_config_dir_exclusive function
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 13:41:32 +0000 (15:41 +0200)] 
Refactored client_config_dir_exclusive function

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoMigrated data structures needed by verification functions to ssl_common.h
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 08:04:56 +0000 (10:04 +0200)] 
Migrated data structures needed by verification functions to ssl_common.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored Doxygen for tls_multi functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 07:58:48 +0000 (09:58 +0200)] 
Refactored Doxygen for tls_multi functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: moved write_empty_string function back
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 09:03:45 +0000 (11:03 +0200)] 
Refactored: moved write_empty_string function back

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: removed ks and ks_lame macro for clarity
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 08:41:22 +0000 (10:41 +0200)] 
Refactored: removed ks and ks_lame macro for clarity

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Moved BIO debug functions to OpenSSL backend
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 08:08:08 +0000 (10:08 +0200)] 
Refactored: Moved BIO debug functions to OpenSSL backend

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored key_state write functions
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 08:02:47 +0000 (10:02 +0200)] 
Refactored key_state write functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored key_state read code (including bio_read())
commit | commitdiff | tree
Adriaan de Jong [Tue, 28 Jun 2011 07:47:52 +0000 (09:47 +0200)] 
Refactored key_state read code (including bio_read())

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored print_details
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 07:43:14 +0000 (09:43 +0200)] 
Refactored print_details

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored key_state free code
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 15:51:23 +0000 (17:51 +0200)] 
Refactored key_state free code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored initalisation of key_states
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 15:44:40 +0000 (17:44 +0200)] 
Refactored initalisation of key_states

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls_options, key_state, and key_source data structures
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 07:33:41 +0000 (09:33 +0200)] 
Refactored tls_options, key_state, and key_source data structures

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored cipher restriction code
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 16:32:44 +0000 (18:32 +0200)] 
Refactored cipher restriction code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored CA and extra certs code
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 16:28:02 +0000 (18:28 +0200)] 
Refactored CA and extra certs code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored external key loading from management
commit | commitdiff | tree
Adriaan de Jong [Thu, 30 Jun 2011 06:57:52 +0000 (08:57 +0200)] 
Refactored external key loading from management

Fixed a bug in external key loading, where if no certificate file was
specified, the program would still try to use an external private key.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored private key loading code
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 12:39:23 +0000 (14:39 +0200)] 
Refactored private key loading code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored load certificate functions
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 15:59:55 +0000 (17:59 +0200)] 
Refactored load certificate functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored windows cert loading
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 12:13:16 +0000 (14:13 +0200)] 
Refactored windows cert loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored PKCS#11 loading
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 12:01:22 +0000 (14:01 +0200)] 
Refactored PKCS#11 loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored PKCS#12 key loading
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 14:51:16 +0000 (16:51 +0200)] 
Refactored PKCS#12 key loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored root TLS option settings
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 14:30:38 +0000 (16:30 +0200)] 
Refactored root TLS option settings

 - Started merge of new feature (x509_altnames), will continue in a
future patch

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored DH paramater loading
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 11:03:07 +0000 (13:03 +0200)] 
Refactored DH paramater loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored new external key code
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 13:45:44 +0000 (15:45 +0200)] 
Refactored new external key code

 - To make patch application easier in the future

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored root SSL context initialisation
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 13:30:34 +0000 (15:30 +0200)] 
Refactored root SSL context initialisation

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored get_highest_preference_tls_cipher
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 07:52:59 +0000 (09:52 +0200)] 
Refactored get_highest_preference_tls_cipher

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored tls_show_available_ciphers
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 07:44:47 +0000 (09:44 +0200)] 
Refactored tls_show_available_ciphers

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored TLS_PRF to new hmac and md primitives
commit | commitdiff | tree
Adriaan de Jong [Mon, 27 Jun 2011 07:22:08 +0000 (09:22 +0200)] 
Refactored TLS_PRF to new hmac and md primitives

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored SSL initialisation functions
commit | commitdiff | tree
Adriaan de Jong [Wed, 29 Jun 2011 13:15:32 +0000 (15:15 +0200)] 
Refactored SSL initialisation functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Added stubs for new files
commit | commitdiff | tree
Adriaan de Jong [Fri, 24 Jun 2011 13:05:28 +0000 (15:05 +0200)] 
Refactored: Added stubs for new files

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded a check for Openssl or PolarSSL defines
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 16:02:45 +0000 (18:02 +0200)] 
Added a check for Openssl or PolarSSL defines

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRemoved stale OpenSSL defines from crypto.h
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:54:49 +0000 (17:54 +0200)] 
Removed stale OpenSSL defines from crypto.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored: Moved crypto.h inline functions to end of file
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:52:47 +0000 (17:52 +0200)] 
Refactored: Moved crypto.h inline functions to end of file

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoAdded PRNG doxygen
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:44:35 +0000 (17:44 +0200)] 
Added PRNG doxygen

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored cipher functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:39:42 +0000 (17:39 +0200)] 
Refactored cipher functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored cipher key types
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:31:19 +0000 (17:31 +0200)] 
Refactored cipher key types

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored HMAC functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 15:18:32 +0000 (17:18 +0200)] 
Refactored HMAC functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored message digest functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 14:56:29 +0000 (16:56 +0200)] 
Refactored message digest functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored message digest type functions
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 14:21:32 +0000 (16:21 +0200)] 
Refactored message digest type functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
13 years agoRefactored NTLM DES key generation
commit | commitdiff | tree
Adriaan de Jong [Thu, 23 Jun 2011 13:03:09 +0000 (15:03 +0200)] 
Refactored NTLM DES key generation

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
next
Mirror of https://github.com/OpenVPN/openvpn.git