diff options
author | Steffan Karger <steffan@karger.me> | 2014-11-30 17:44:09 +0100 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2014-12-31 17:36:54 +0100 |
commit | ec828db63f12eeb17f0f8c4de57f766e70161a13 (patch) | |
tree | 02c42123b4cc8f4d9bf4fe5e8bde526101b42590 /src/openvpn/forward.c | |
parent | c3e1809f540db16c23fc74f06d6e8c29a4a6941a (diff) | |
download | openvpn-ec828db63f12eeb17f0f8c4de57f766e70161a13.tar.gz openvpn-ec828db63f12eeb17f0f8c4de57f766e70161a13.tar.xz openvpn-ec828db63f12eeb17f0f8c4de57f766e70161a13.zip |
Remove ENABLE_SSL define (and --disable-ssl configure option)
Remove the --disable-ssl configure option and accompanying ENABLE_SSL
defines in the master/2.4 branch, to reduce the code and testing
complexity a bit.
This does not remove to runtime option to run without SSL, just the compile
time option to not include any SSL-related code.
During the community meeting in November 2014 there were no objections
amongst he developers present. Also, this has been announced on the -users
and -devel mailing lists two weeks ago, without any response whatsoever.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <54A4248A.1090501@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9371
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/forward.c')
-rw-r--r-- | src/openvpn/forward.c | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 91c4711..a3323e9 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -88,7 +88,7 @@ show_wait_status (struct context *c) * traffic on the control-channel. * */ -#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) +#ifdef ENABLE_CRYPTO void check_tls_dowork (struct context *c) { @@ -117,9 +117,6 @@ check_tls_dowork (struct context *c) if (wakeup) context_reschedule_sec (c, wakeup); } -#endif - -#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) void check_tls_errors_co (struct context *c) @@ -133,8 +130,7 @@ check_tls_errors_nco (struct context *c) { register_signal (c, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */ } - -#endif +#endif /* ENABLE_CRYPTO */ #if P2MP @@ -239,7 +235,7 @@ check_connection_established_dowork (struct context *c) bool send_control_channel_string (struct context *c, const char *str, int msglevel) { -#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) +#ifdef ENABLE_CRYPTO if (c->c2.tls_multi) { struct gc_arena gc = gc_new (); bool stat; @@ -264,7 +260,7 @@ send_control_channel_string (struct context *c, const char *str, int msglevel) gc_free (&gc); return stat; } -#endif +#endif /* ENABLE_CRYPTO */ return true; } @@ -457,7 +453,6 @@ encrypt_sign (struct context *c, bool comp_frag) } #ifdef ENABLE_CRYPTO -#ifdef ENABLE_SSL /* * If TLS mode, get the key we will use to encrypt * the packet. @@ -466,7 +461,6 @@ encrypt_sign (struct context *c, bool comp_frag) { tls_pre_encrypt (c->c2.tls_multi, &c->c2.buf, &c->c2.crypto_options); } -#endif /* * Encrypt the packet and write an optional @@ -480,7 +474,6 @@ encrypt_sign (struct context *c, bool comp_frag) link_socket_get_outgoing_addr (&c->c2.buf, get_link_socket_info (c), &c->c2.to_link_addr); #ifdef ENABLE_CRYPTO -#ifdef ENABLE_SSL /* * In TLS mode, prepend the appropriate one-byte opcode * to the packet which identifies it as a data channel @@ -493,7 +486,6 @@ encrypt_sign (struct context *c, bool comp_frag) tls_post_encrypt (c->c2.tls_multi, &c->c2.buf); } #endif -#endif /* if null encryption, copy result to read_tun_buf */ buffer_turnover (orig_buf, &c->c2.to_link, &c->c2.buf, &b->read_tun_buf); @@ -783,7 +775,6 @@ process_incoming_link_part1 (struct context *c, struct link_socket_info *lsi, bo link_socket_bad_incoming_addr (&c->c2.buf, lsi, &c->c2.from); #ifdef ENABLE_CRYPTO -#ifdef ENABLE_SSL if (c->c2.tls_multi) { /* @@ -813,7 +804,6 @@ process_incoming_link_part1 (struct context *c, struct link_socket_info *lsi, bo if (c->c2.context_auth != CAS_SUCCEEDED) c->c2.buf.len = 0; #endif -#endif /* ENABLE_SSL */ /* authenticate and decrypt the incoming packet */ decrypt_status = openvpn_decrypt (&c->c2.buf, c->c2.buffers->decrypt_buf, &c->c2.crypto_options, &c->c2.frame); |