summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed disabling crypto and SSLAdriaan de Jong2011-10-2412-22/+47
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added missing #ifdef to allow --disable-managent to work againAdriaan de Jong2011-10-241-1/+4
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved to PolarSSL 1.0.0:Adriaan de Jong2011-10-223-3/+3
| | | | | | | | | | - Reversed des_key_check_weak output check, as the library changed this - Changed POLARSSL_MODE_CFB to POLARSSL_MODE_CFB128 - Changed the bio write function to accept const input Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Made SSL_CIPHER const in print_details, to fix warningAdriaan de Jong2011-10-221-1/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a typo: print the subject instead of the serial for verification errorsAdriaan de Jong2011-10-221-1/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed a stray Fox-IT tagAdriaan de Jong2011-10-221-1/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Unified verification function return values:Adriaan de Jong2011-10-224-110/+116
| | | | | | | | | - Now return either SUCCESS or FAILURE. - SUCCESS is defined as 0. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a bug in the return value of ssl_verify when pre_verify failedAdriaan de Jong2011-10-221-2/+4
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved gc_new and gc_free to begin end of functionAdriaan de Jong2011-10-221-3/+2
| | | | | | | | As a safety measure against future modifications Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added back checks for ks->authenticated in verify_user_passAdriaan de Jong2011-10-221-4/+5
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved HMAC prints back to main crypto moduleAdriaan de Jong2011-10-226-46/+20
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved print messages back to generic crypto.c from cipher backendsAdriaan de Jong2011-10-224-37/+19
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed an unintentional change in the options calculated key size.Adriaan de Jong2011-10-221-1/+1
| | | | | | | | It is now in bits again. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Further improvements to plugin support:Adriaan de Jong2011-10-223-11/+15
| | | | | | | | | | - Renamed struct entries to explicitly show them as disabled - Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or ssl_verify_polarssl.h is included - If neither of those files is included, disable ssl support for a plugin including openvpn-plugin.h Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixes for the plugin system:Adriaan de Jong2011-10-2211-34/+83
| | | | | | | | | - Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins - Fixed example plugin code to include USE_SSL when needed Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Hardening: periodically reset the PRNG's nonce valueAdriaan de Jong2011-10-222-11/+31
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Disabled X.509 track and username selection for PolarSSLAdriaan de Jong2011-10-225-8/+20
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added SSL library to title stringAdriaan de Jong2011-10-221-2/+14
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added an extra define to allow building without PKCS#11Adriaan de Jong2011-10-221-0/+2
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored (and disabled for PolarSSL) support for writing external cert ↵Adriaan de Jong2011-10-225-56/+43
| | | | | | | | files in scripts Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed stray X509_free from ssl.cAdriaan de Jong2011-10-224-1/+20
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed support for management external keys in PolarSSLAdriaan de Jong2011-10-222-2/+2
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Disable CryptoAPI when not using OpenSSL, and document that fact.Adriaan de Jong2011-10-229-11/+18
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added warning that --capath is not available with PolarSSLAdriaan de Jong2011-10-222-0/+3
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added a warning that the PolarSSL library does not support pkcs12 files.Adriaan de Jong2011-10-223-0/+6
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a compilation warning for size_t key sizesAdriaan de Jong2011-10-221-3/+3
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Updated ssl_polarssl.c to work with 0.99-pre5Adriaan de Jong2011-10-221-22/+24
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Changed PolarSSL crypto backend to support v0.99-pre5Adriaan de Jong2011-10-221-6/+21
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added SHA_DIGEST_SIZE definitionAdriaan de Jong2011-10-221-0/+1
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a bug in the hash generation in ssl_verify_openssl.cAdriaan de Jong2011-10-221-1/+1
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixed a missing include in ssl_backend.hAdriaan de Jong2011-10-221-0/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added PolarSSL support:Adriaan de Jong2011-10-2217-28/+2348
| | | | | | | | | | | | | - Crypto library - SSL library - PKCS#11 support For missing features, please see README.polarssl Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored X509 track feature to be contained within the openssl backendAdriaan de Jong2011-10-224-50/+65
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Final cleanup before PolarSSL addition:Adriaan de Jong2011-10-226-56/+97
| | | | | | | | | | - Remove stray X509 entries - Remove unnecessary USE_OPENSSL ifdefs - Normalised x509_get_sha1_hash to look similar to x509_get_* functions Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Modified base64 code in preparation for PolarSSL mergeAdriaan de Jong2011-10-227-14/+14
| | | | | | | | | - Renamed base64_decode and base64_encode to openvpn_* - Changed the contributor's name to UTF-8 Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Separated OpenSSL-specific parts of the PKCS#11 driverAdriaan de Jong2011-10-228-114/+304
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: renamed X509 functions from verify_*Adriaan de Jong2011-10-223-40/+40
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: made M_SSL dependent on USE_OPENSSLAdriaan de Jong2011-10-222-1/+9
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Cleaned up ssl.hAdriaan de Jong2011-10-221-14/+19
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Moved verify_cert to ssl_verifyAdriaan de Jong2011-10-224-156/+119
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Minor cleanup in verify_cert:Adriaan de Jong2011-10-223-29/+30
| | | | | | | | | | | - Removed envname variable - Removed debug code - Changed ERR_clear_error to tls_clear_error - Changed verify_get_subject to match verify_get_serial more closely Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored CRL checksAdriaan de Jong2011-10-225-64/+100
| | | | | | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com> Notes: "Doing low-level stuff like verifying CRL issuers and checking serial numbers is something that's better done by the OpenSSL library directly" (James Yonan, code review comment)
* Refactored tls-verify script codeAdriaan de Jong2011-10-225-79/+95
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored tls-verify-plugin codeAdriaan de Jong2011-10-226-29/+51
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored tls-remote checkingAdriaan de Jong2011-10-222-14/+15
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored EKU verificationAdriaan de Jong2011-10-224-60/+72
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored key usage verification codeAdriaan de Jong2011-10-214-57/+85
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Netscape certificate type verificationAdriaan de Jong2011-10-218-39/+95
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: separated environment setup during verificationAdriaan de Jong2011-10-216-228/+313
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: removed global x509_username_fieldAdriaan de Jong2011-10-213-15/+8
| | | | | | | | Moved to tls_options. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-28 23:13:13 +0000