summaryrefslogtreecommitdiffstats
path: root/src/openvpn/ssl_verify.h
Commit message (Collapse)AuthorAgeFilesLines
* Disallow lameduck's float to an address taken by another clientLev Stipakov2015-01-221-0/+8
| | | | | | | | | | | | | | | Existing check didn't take into account the case when floated client is lame duck (CN for lame duck is NULL), which allowed lame duck to float to an address taken by another client. As a fix we use cert_hash_compare function which, besides fixing mentioned case, also allows lame duck to float to an address already taken by the same client. Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1420658798-29943-1-git-send-email-lstipakov@gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/9386 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove ENABLE_SSL define (and --disable-ssl configure option)Steffan Karger2014-12-311-2/+2
| | | | | | | | | | | | | | | | | | | Remove the --disable-ssl configure option and accompanying ENABLE_SSL defines in the master/2.4 branch, to reduce the code and testing complexity a bit. This does not remove to runtime option to run without SSL, just the compile time option to not include any SSL-related code. During the community meeting in November 2014 there were no objections amongst he developers present. Also, this has been announced on the -users and -devel mailing lists two weeks ago, without any response whatsoever. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <54A4248A.1090501@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9371 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Fix --disable-ssl builds, were broken by cleanup in 63dc03d.Steffan Karger2014-06-021-1/+4
| | | | | | | | | | | Wrap ssl_verify.h in "#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL)" to make it empty for --disable-ssl builds. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401737019-15702-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8763 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove dependency on manage.h from ssl_verify.hSteffan Karger2014-06-011-20/+0
| | | | | | | | | | | verify_user_pass_enabled() is a function on a tls_session, and belongs in ssl.c. Moving the function removes the dependency on manage.h. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1401645536-27849-5-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8754 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* add new option for X.509 name verificationHeiko Hund2013-03-071-0/+6
| | | | | | | | | | | | | | Add the option --verify-x509-name to provide the functionality of the now deprecated --tls-remote. The new option accepts RFC 2253 subject DNs only and compares RDN or RDN prefix only if configured explicitly. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: 1362670601-18660-1-git-send-email-heiko.hund@sophos.com URL: http://article.gmane.org/gmane.network.openvpn.devel/7376 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* build: proper crypto detection and usageAlon Bar-Lev2012-03-221-2/+2
| | | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* build: standard directory layoutAlon Bar-Lev2012-03-221-0/+252
Suitable for mature project. root - administrative stuff doc - documents src - sources tests - tests distro - distro specific files sample - samples SIDE EFFECT: many changes to rpm spec. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-22 03:52:19 +0000