diff options
| author | James Yonan <james@openvpn.net> | 2010-12-09 11:21:04 +0000 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2011-03-25 09:38:28 +0100 |
| commit | cf69617bbea45a15423c4188daa9386debcbe1ec (patch) | |
| tree | c3786b3116633d98e037c76f3ced6378e05edcad /syshead.h | |
| parent | 98c6662472adf7228e4265328aa8d067aa41695f (diff) | |
| download | openvpn-cf69617bbea45a15423c4188daa9386debcbe1ec.tar.gz openvpn-cf69617bbea45a15423c4188daa9386debcbe1ec.tar.xz openvpn-cf69617bbea45a15423c4188daa9386debcbe1ec.zip | |
Added "management-external-key" option. This option can be used
instead of "key" in client mode, and allows the client to run
without the need to load the actual private key. When the SSL
protocol needs to perform an RSA sign operation, the data to
be signed will be sent to the management interface via a
notification as follows:
>RSA_SIGN:[BASE64_DATA]
The management interface client should then sign BASE64_DATA
using the private key and return the signature as follows:
rsa-sig
[BASE64_SIG_LINE]
.
.
.
END
This capability is intended to allow the use of arbitrary
cryptographic service providers with OpenVPN via the
management interface.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6708 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'syshead.h')
| -rw-r--r-- | syshead.h | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -510,6 +510,21 @@ socket_defined (const socket_descriptor_t sd) #endif /* + * Enable external private key + */ +#if defined(ENABLE_MANAGEMENT) && defined(USE_SSL) +#define MANAGMENT_EXTERNAL_KEY +#endif + +/* + * MANAGEMENT_IN_EXTRA allows the management interface to + * read multi-line inputs from clients. + */ +#if defined(MANAGEMENT_DEF_AUTH) || defined(MANAGMENT_EXTERNAL_KEY) +#define MANAGEMENT_IN_EXTRA +#endif + +/* * Enable packet filter? */ #if defined(CONFIGURE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) && defined(HAVE_STAT) |