summaryrefslogtreecommitdiffstats
path: root/ssl.c
Commit message (Collapse)AuthorAgeFilesLines
* Moved CryptoAPI header include to the ssl_openssl.cAdriaan de Jong2011-11-211-4/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved prng_uninit out of crypto_uninit_libAdriaan de Jong2011-11-211-2/+2
| | | | | | | | | | | Since prng_uninit is SSL-library agnostic, but crypto_uninit_lib isn't, the function was moved up a level. Also removed one unused variable (j) in tls1_P_hash(). Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Moved HMAC prints back to main crypto moduleAdriaan de Jong2011-10-221-2/+2
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Fixes for the plugin system:Adriaan de Jong2011-10-221-1/+1
| | | | | | | | | - Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins - Fixed example plugin code to include USE_SSL when needed Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Removed stray X509_free from ssl.cAdriaan de Jong2011-10-221-1/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Disable CryptoAPI when not using OpenSSL, and document that fact.Adriaan de Jong2011-10-221-1/+1
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Final cleanup before PolarSSL addition:Adriaan de Jong2011-10-221-1/+1
| | | | | | | | | | - Remove stray X509 entries - Remove unnecessary USE_OPENSSL ifdefs - Normalised x509_get_sha1_hash to look similar to x509_get_* functions Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Separated OpenSSL-specific parts of the PKCS#11 driverAdriaan de Jong2011-10-221-2/+6
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Moved verify_cert to ssl_verifyAdriaan de Jong2011-10-221-130/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Minor cleanup in verify_cert:Adriaan de Jong2011-10-221-14/+5
| | | | | | | | | | | - Removed envname variable - Removed debug code - Changed ERR_clear_error to tls_clear_error - Changed verify_get_subject to match verify_get_serial more closely Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored CRL checksAdriaan de Jong2011-10-221-64/+3
| | | | | | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com> Notes: "Doing low-level stuff like verifying CRL issuers and checking serial numbers is something that's better done by the OpenSSL library directly" (James Yonan, code review comment)
* Refactored tls-verify script codeAdriaan de Jong2011-10-221-79/+3
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored tls-verify-plugin codeAdriaan de Jong2011-10-221-23/+3
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored tls-remote checkingAdriaan de Jong2011-10-221-14/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored EKU verificationAdriaan de Jong2011-10-221-60/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored key usage verification codeAdriaan de Jong2011-10-211-57/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Netscape certificate type verificationAdriaan de Jong2011-10-211-35/+3
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: separated environment setup during verificationAdriaan de Jong2011-10-211-212/+6
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: removed global x509_username_fieldAdriaan de Jong2011-10-211-15/+2
| | | | | | | | Moved to tls_options. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added function to verify and extract the usernameAdriaan de Jong2011-10-211-124/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added function to extract and verify the subject from a certificateAdriaan de Jong2011-10-211-2/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: split verify_callback into two partsAdriaan de Jong2011-10-211-72/+47
| | | | | | | | | | - One part is the actual callback, and is OpenSSL-specific - One part, verify_cert(), is called by the callback to process the actual verification Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored username and password authentication codeAdriaan de Jong2011-10-211-514/+13
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored common name locking functionsAdriaan de Jong2011-10-211-75/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored certificate hash lock checksAdriaan de Jong2011-10-211-120/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored client_config_dir_exclusive functionAdriaan de Jong2011-10-211-11/+3
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored Doxygen for tls_multi functionsAdriaan de Jong2011-10-211-52/+2
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: moved write_empty_string function backAdriaan de Jong2011-10-211-8/+8
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: removed ks and ks_lame macro for clarityAdriaan de Jong2011-10-211-12/+20
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Moved BIO debug functions to OpenSSL backendAdriaan de Jong2011-10-211-62/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored key_state write functionsAdriaan de Jong2011-10-211-174/+4
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored key_state read code (including bio_read())Adriaan de Jong2011-10-211-122/+2
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored print_detailsAdriaan de Jong2011-10-211-46/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored key_state free codeAdriaan de Jong2011-10-211-9/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored initalisation of key_statesAdriaan de Jong2011-10-211-42/+4
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored tls_options, key_state, and key_source data structuresAdriaan de Jong2011-10-211-25/+25
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored cipher restriction codeAdriaan de Jong2011-10-211-6/+1
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored CA and extra certs codeAdriaan de Jong2011-10-211-190/+5
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored external key loading from managementAdriaan de Jong2011-10-191-142/+4
| | | | | | | | | Fixed a bug in external key loading, where if no certificate file was specified, the program would still try to use an external private key. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored private key loading codeAdriaan de Jong2011-10-191-59/+6
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored load certificate functionsAdriaan de Jong2011-10-191-129/+20
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored windows cert loadingAdriaan de Jong2011-10-191-5/+2
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored PKCS#11 loadingAdriaan de Jong2011-10-191-20/+9
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored PKCS#12 key loadingAdriaan de Jong2011-10-191-80/+3
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored root TLS option settingsAdriaan de Jong2011-10-191-71/+4
| | | | | | | | | - Started merge of new feature (x509_altnames), will continue in a future patch Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored DH paramater loadingAdriaan de Jong2011-10-191-28/+3
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored new external key codeAdriaan de Jong2011-10-191-7/+6
| | | | | | | | | - To make patch application easier in the future Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored root SSL context initialisationAdriaan de Jong2011-10-191-34/+14
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored get_highest_preference_tls_cipherAdriaan de Jong2011-10-191-26/+0
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored tls_show_available_ciphersAdriaan de Jong2011-10-191-29/+0
| | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-27 05:36:45 +0000