git.ipfire.org Git - thirdparty/openvpn.git/log

]> git.ipfire.org Git - thirdparty/openvpn.git/log

projects / thirdparty / openvpn.git / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Gert Doering [Wed, 23 Nov 2011 10:11:54 +0000 (11:11 +0100)]

log error message and exit for "win32, tun mode, tap driver version 9.8"

(driver is known-buggy for small IPv4 packets in tun mode)

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Gert Doering [Wed, 23 Nov 2011 10:07:09 +0000 (11:07 +0100)]

bump tap driver version from 9.8 to 9.9

(bugfixed tapdrvr.c regarding small IPv4 packets)

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

David Sommerseth [Fri, 18 Nov 2011 12:21:43 +0000 (13:21 +0100)]

Make '--win-sys env' default

Without this patch, the default path used by OpenVPN is hard coded
to C:\WINDOWS. As users might install Windows in a different directory,
this approach will cause OpenVPN to malfunction in some configurations.

OpenVPN have supported using the system path, by adding --win-sys env.
This patch removes the hard coded approach and uses the --win-sys env
approach by default instead.

Trac-ticket: 66
URL: http://thread.gmane.org/gmane.network.openvpn.user/32508
Signed-off-by: David Sommerseth <davids@redhat.com>
Tested-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>

commit | commitdiff | tree

David Sommerseth [Mon, 21 Nov 2011 11:49:33 +0000 (12:49 +0100)]

Fix FreeBSD/OpenBSD/NetBSD compiler warnings in get_default_gateway()

On these platforms (including DragonFly), get_default_gateway() would in some
cases return false. As get_default_gateway() is defined as a void function, and
none of the callers expect a return value -> just return without any value.

Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>

commit | commitdiff | tree

Samuli Seppänen [Wed, 9 Nov 2011 09:49:36 +0000 (11:49 +0200)]

Fixed a regression causing VS2008/Python build failure

Patch "Added options to switch between OpenSSL and PolarSSL and PKCS11" caused a
regression when building OpenVPN with Visual Studio 2008/Python build system.
The underlying cause was a wrong path to lzo2.lib.

Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 31 Oct 2011 15:29:21 +0000 (16:29 +0100)]

Fixed a typo when initialising cryptoapi certs

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Heiko Hund <heiko.hund@sophos.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 31 Oct 2011 15:29:20 +0000 (16:29 +0100)]

Minor cleanup to enable warning-free Windows build:

- Changed int32_t to size_t
- Removed some unused variables
- Added missing include files
- changed ordering to ensure variable declarations are before asserts

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Tested-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 31 Oct 2011 15:29:19 +0000 (16:29 +0100)]

Moved from strsep to strtok, for Windows compatibility

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 31 Oct 2011 15:29:18 +0000 (16:29 +0100)]

Added options to switch between OpenSSL and PolarSSL and PKCS11...

at compile time. Also included the option to enable/disable PKCS11.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 31 Oct 2011 15:29:17 +0000 (16:29 +0100)]

Reordered functions to ensure warning-free Windows build

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 31 Oct 2011 15:29:15 +0000 (16:29 +0100)]

Moved CryptoAPI header include to the ssl_openssl.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 31 Oct 2011 15:29:14 +0000 (16:29 +0100)]

Moved prng_uninit out of crypto_uninit_lib

Since prng_uninit is SSL-library agnostic, but crypto_uninit_lib isn't,
the function was moved up a level.

Also removed one unused variable (j) in tls1_P_hash().

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Gert Doering [Thu, 10 Nov 2011 19:15:44 +0000 (20:15 +0100)]

add missing break between "case IPv4" and "case IPv6", leading to the
minimum-size for IPv6 being applied to IPv4 packets, subsequently
leading to drop of small-sized IPv4 packets.

Bug found & fixed by Christian Niessner.

Signed-off-by: Christian Niessner <bug-report@secadm.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

David Sommerseth [Mon, 24 Oct 2011 06:53:35 +0000 (08:53 +0200)]

Fix PolarSSL and --pkcs12 option issues

PolarSSL does not support PKCS#12 certificate/key bundles, but had a
typo where #ifdef USE_POLARSSL was used, and it should have been #ifndef
instead.

Also added a few extra exclusions of PKCS#12 messages where appropriate,
to avoid confusing users.

Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 31 Oct 2011 15:29:16 +0000 (16:29 +0100)]

Fixed missing comma in plugin.h

Fixed a bug where the wrong value was being passed to plugin_call_ssl, due to a missing comma.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 24 Oct 2011 14:11:14 +0000 (16:11 +0200)]

Further removal of des_old.h based calls

Replaced des_set_key_unchecked and des_ecb_encrypt functions in cipher_des_encrypt_ecb

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 24 Oct 2011 11:11:32 +0000 (13:11 +0200)]

Removed obsolete des_cblock and des_keyschedule

This is to allow building on NetBSD which does not install <des_old.h> anymore

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 24 Oct 2011 08:46:00 +0000 (10:46 +0200)]

Got rid of a few magic numbers in ntlm.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 24 Oct 2011 08:46:01 +0000 (10:46 +0200)]

Fixed disabling crypto and SSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 24 Oct 2011 09:39:05 +0000 (11:39 +0200)]

Added missing #ifdef to allow --disable-managent to work again

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Sun, 16 Oct 2011 13:56:31 +0000 (15:56 +0200)]

Moved to PolarSSL 1.0.0:

- Reversed des_key_check_weak output check, as the library changed this
- Changed POLARSSL_MODE_CFB to POLARSSL_MODE_CFB128
- Changed the bio write function to accept const input

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Sun, 16 Oct 2011 13:13:36 +0000 (15:13 +0200)]

Made SSL_CIPHER const in print_details, to fix warning

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 29 Sep 2011 17:58:16 +0000 (19:58 +0200)]

Fixed a typo: print the subject instead of the serial for verification errors

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 1 Sep 2011 18:44:56 +0000 (20:44 +0200)]

Removed a stray Fox-IT tag

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 3 Aug 2011 19:25:57 +0000 (21:25 +0200)]

Unified verification function return values:

- Now return either SUCCESS or FAILURE.
- SUCCESS is defined as 0.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 3 Aug 2011 18:43:08 +0000 (20:43 +0200)]

Fixed a bug in the return value of ssl_verify when pre_verify failed

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 3 Aug 2011 18:16:01 +0000 (20:16 +0200)]

Moved gc_new and gc_free to begin end of function

As a safety measure against future modifications

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 28 Jul 2011 17:53:44 +0000 (19:53 +0200)]

Added back checks for ks->authenticated in verify_user_pass

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 14 Jul 2011 19:35:45 +0000 (21:35 +0200)]

Moved HMAC prints back to main crypto module

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 14 Jul 2011 19:19:12 +0000 (21:19 +0200)]

Moved print messages back to generic crypto.c from cipher backends

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 14 Jul 2011 18:50:29 +0000 (20:50 +0200)]

Fixed an unintentional change in the options calculated key size.

It is now in bits again.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 7 Jul 2011 08:05:32 +0000 (10:05 +0200)]

Further improvements to plugin support:

- Renamed struct entries to explicitly show them as disabled
- Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or ssl_verify_polarssl.h is included
- If neither of those files is included, disable ssl support for a plugin including openvpn-plugin.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 7 Jul 2011 07:21:03 +0000 (09:21 +0200)]

Fixes for the plugin system:

- Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins
- Fixed example plugin code to include USE_SSL when needed

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 11:50:48 +0000 (13:50 +0200)]

Hardening: periodically reset the PRNG's nonce value

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 11:09:13 +0000 (13:09 +0200)]

Disabled X.509 track and username selection for PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 10:46:33 +0000 (12:46 +0200)]

Added SSL library to title string

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 10:02:12 +0000 (12:02 +0200)]

Added an extra define to allow building without PKCS#11

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 09:48:38 +0000 (11:48 +0200)]

Refactored (and disabled for PolarSSL) support for writing external cert files in scripts

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 09:41:14 +0000 (11:41 +0200)]

Removed stray X509_free from ssl.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 08:32:09 +0000 (10:32 +0200)]

Removed support for management external keys in PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 08:16:46 +0000 (10:16 +0200)]

Disable CryptoAPI when not using OpenSSL, and document that fact.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 08:05:32 +0000 (10:05 +0200)]

Added warning that --capath is not available with PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 08:02:40 +0000 (10:02 +0200)]

Added a warning that the PolarSSL library does not support pkcs12 files.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 5 Jul 2011 07:56:53 +0000 (09:56 +0200)]

Fixed a compilation warning for size_t key sizes

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Sat, 2 Jul 2011 12:28:56 +0000 (14:28 +0200)]

Updated ssl_polarssl.c to work with 0.99-pre5

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Sat, 2 Jul 2011 12:28:17 +0000 (14:28 +0200)]

Changed PolarSSL crypto backend to support v0.99-pre5

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Sat, 2 Jul 2011 09:00:49 +0000 (11:00 +0200)]

Added SHA_DIGEST_SIZE definition

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Fri, 1 Jul 2011 15:31:44 +0000 (17:31 +0200)]

Fixed a bug in the hash generation in ssl_verify_openssl.c

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Fri, 1 Jul 2011 15:20:18 +0000 (17:20 +0200)]

Fixed a missing include in ssl_backend.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Fri, 1 Jul 2011 12:15:11 +0000 (14:15 +0200)]

Added PolarSSL support:

- Crypto library
- SSL library
- PKCS#11 support

For missing features, please see README.polarssl

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Fri, 1 Jul 2011 12:40:30 +0000 (14:40 +0200)]

Refactored X509 track feature to be contained within the openssl backend

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Fri, 1 Jul 2011 12:39:13 +0000 (14:39 +0200)]

Final cleanup before PolarSSL addition:

- Remove stray X509 entries
- Remove unnecessary USE_OPENSSL ifdefs
- Normalised x509_get_sha1_hash to look similar to x509_get_* functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 14:34:11 +0000 (16:34 +0200)]

Modified base64 code in preparation for PolarSSL merge

- Renamed base64_decode and base64_encode to openvpn_*
- Changed the contributor's name to UTF-8

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 14:28:56 +0000 (16:28 +0200)]

Separated OpenSSL-specific parts of the PKCS#11 driver

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 13:44:24 +0000 (15:44 +0200)]

Refactored: renamed X509 functions from verify_*

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 12:53:41 +0000 (14:53 +0200)]

Refactored: made M_SSL dependent on USE_OPENSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 13:11:47 +0000 (15:11 +0200)]

Cleaned up ssl.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 13:07:21 +0000 (15:07 +0200)]

Refactored: Moved verify_cert to ssl_verify

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 13:03:33 +0000 (15:03 +0200)]

Minor cleanup in verify_cert:

- Removed envname variable
- Removed debug code
- Changed ERR_clear_error to tls_clear_error
- Changed verify_get_subject to match verify_get_serial more closely

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 12:55:53 +0000 (14:55 +0200)]

Refactored CRL checks

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 12:38:38 +0000 (14:38 +0200)]

Refactored tls-verify script code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 12:15:40 +0000 (14:15 +0200)]

Refactored tls-verify-plugin code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 12:28:44 +0000 (14:28 +0200)]

Refactored tls-remote checking

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 12:24:15 +0000 (14:24 +0200)]

Refactored EKU verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 12:20:43 +0000 (14:20 +0200)]

Refactored key usage verification code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 11:51:16 +0000 (13:51 +0200)]

Refactored: Netscape certificate type verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 11:43:46 +0000 (13:43 +0200)]

Refactored: separated environment setup during verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 10:37:33 +0000 (12:37 +0200)]

Refactored: removed global x509_username_field

Moved to tls_options.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 09:43:38 +0000 (11:43 +0200)]

Added function to verify and extract the username

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 11:29:33 +0000 (13:29 +0200)]

Added function to extract and verify the subject from a certificate

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 09:19:07 +0000 (11:19 +0200)]

Refactored: split verify_callback into two parts

- One part is the actual callback, and is OpenSSL-specific
- One part, verify_cert(), is called by the callback to process the actual
verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 10:40:12 +0000 (12:40 +0200)]

Add some extra comments

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 08:48:18 +0000 (10:48 +0200)]

Refactored username and password authentication code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 28 Jun 2011 14:22:40 +0000 (16:22 +0200)]

Refactored common name locking functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 08:10:28 +0000 (10:10 +0200)]

Refactored certificate hash lock checks

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 28 Jun 2011 13:41:32 +0000 (15:41 +0200)]

Refactored client_config_dir_exclusive function

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 08:04:56 +0000 (10:04 +0200)]

Migrated data structures needed by verification functions to ssl_common.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 07:58:48 +0000 (09:58 +0200)]

Refactored Doxygen for tls_multi functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 28 Jun 2011 09:03:45 +0000 (11:03 +0200)]

Refactored: moved write_empty_string function back

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 28 Jun 2011 08:41:22 +0000 (10:41 +0200)]

Refactored: removed ks and ks_lame macro for clarity

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 28 Jun 2011 08:08:08 +0000 (10:08 +0200)]

Refactored: Moved BIO debug functions to OpenSSL backend

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 28 Jun 2011 08:02:47 +0000 (10:02 +0200)]

Refactored key_state write functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Tue, 28 Jun 2011 07:47:52 +0000 (09:47 +0200)]

Refactored key_state read code (including bio_read())

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 07:43:14 +0000 (09:43 +0200)]

Refactored print_details

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 27 Jun 2011 15:51:23 +0000 (17:51 +0200)]

Refactored key_state free code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 27 Jun 2011 15:44:40 +0000 (17:44 +0200)]

Refactored initalisation of key_states

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 07:33:41 +0000 (09:33 +0200)]

Refactored tls_options, key_state, and key_source data structures

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 16:32:44 +0000 (18:32 +0200)]

Refactored cipher restriction code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 16:28:02 +0000 (18:28 +0200)]

Refactored CA and extra certs code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Thu, 30 Jun 2011 06:57:52 +0000 (08:57 +0200)]

Refactored external key loading from management

Fixed a bug in external key loading, where if no certificate file was
specified, the program would still try to use an external private key.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 27 Jun 2011 12:39:23 +0000 (14:39 +0200)]

Refactored private key loading code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 15:59:55 +0000 (17:59 +0200)]

Refactored load certificate functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 27 Jun 2011 12:13:16 +0000 (14:13 +0200)]

Refactored windows cert loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 27 Jun 2011 12:01:22 +0000 (14:01 +0200)]

Refactored PKCS#11 loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 14:51:16 +0000 (16:51 +0200)]

Refactored PKCS#12 key loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 14:30:38 +0000 (16:30 +0200)]

Refactored root TLS option settings

- Started merge of new feature (x509_altnames), will continue in a
future patch

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 27 Jun 2011 11:03:07 +0000 (13:03 +0200)]

Refactored DH paramater loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 13:45:44 +0000 (15:45 +0200)]

Refactored new external key code

- To make patch application easier in the future

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Wed, 29 Jun 2011 13:30:34 +0000 (15:30 +0200)]

Refactored root SSL context initialisation

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

commit | commitdiff | tree

Adriaan de Jong [Mon, 27 Jun 2011 07:52:59 +0000 (09:52 +0200)]

Refactored get_highest_preference_tls_cipher

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

Mirror of https://github.com/OpenVPN/openvpn.git