mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code
OpenVPN is an open source VPN daemon
1,494 Commits 13 Branches 119 Tags 33 MiB
C 94.7%
Shell 1.7%
M4 1.4%
CMake 1.1%
Makefile 0.7%
Other 0.4%
39e3d336d4
Go to file
Vasily Kulikov 39e3d336d4 Mac OS X Keychain management client 
This patch adds support for using certificates stored in the Mac OSX
Keychain to authenticate with the OpenVPN server.  This works with
certificates stored on the computer as well as certificates on hardware
tokens that support Apple's tokend interface.  The patch is based on
the Windows Crypto API certificate functionality that currently exists
in OpenVPN.

This patch version implements management client which handles RSA-SIGN
command for RSA offloading.  Also it handles new 'NEED-CERTIFICATE'
request to pass a certificate from the keychain to OpenVPN.

OpenVPN itself gets new 'NEED-CERTIFICATE" command which is called when
--management-external-cert is used.  It is implemented as a multiline
command very similar to an existing 'RSA-SIGN' command.

The patch is against commit 3341a98c28.

v4:
 - added '--management-external-cert' argument
 - keychain-mcd now parses NEED-CERTIFICATE argument if 'auto' is passed
   as cmdline's identity template
 - fixed typo in help output option name
 - added '--management-external-cert' info in openvpn(8) manpage
 - added 'certificate' command documentation into doc/management-notes.txt

v3:
 - used new 'NEED-CERTIFICATE' command for certificate data request
instead of 'NEED-OK'
 - improved option checking
 - improved invalid certificate selection string handling
 - added man page for keychain-mcd
 - handle INFO, FATAL commands from openvpn and show them to user
 * ACK from Arne Schwabe for OpenVPN part
 * ACK from James based on Arne's testing

v2 (http://sourceforge.net/p/openvpn/mailman/message/33225603/):
 - used management interface to communicate with OpenVPN process

v1 (http://sourceforge.net/p/openvpn/mailman/message/33125844/):
 - used RSA_METHOD to extend openvpn itself

Signed-off-by: Vasily Kulikov <segoon@openwall.com>
--
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20150225160718.GA6306@cachalot>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9486
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2015-04-13 20:36:11 +02:00
build build: msvc: upgrade to Visual Studio 2010 + fixups 2012-03-29 12:31:10 +02:00
contrib Mac OS X Keychain management client 2015-04-13 20:36:11 +02:00
debug build: standard directory layout 2012-03-22 22:07:08 +01:00
distro Include systemd units in the source tarball (make dist) 2014-12-02 21:42:11 +01:00
doc Mac OS X Keychain management client 2015-04-13 20:36:11 +02:00
include Remove ENABLE_SSL define (and --disable-ssl configure option) 2014-12-31 17:36:54 +01:00
m4 build: ax_varargs.m4: fixups 2012-03-26 14:33:15 +02:00
sample Use tls-auth in sample config files 2015-02-22 17:19:23 +01:00
src Mac OS X Keychain management client 2015-04-13 20:36:11 +02:00
tests Really fix '--cipher none' regression 2014-12-02 22:10:56 +01:00
.gitattributes cleanup: add .gitattributes to control eol style explicitly 2012-04-26 20:54:26 +02:00
.gitignore Update doxygen (a bit) 2014-12-07 19:57:04 +01:00
.mailmap Added mapping files from SVN commit ID to more descriptive commit IDs. 2010-10-21 11:31:26 +02:00
.svncommitters Added mapping files from SVN commit ID to more descriptive commit IDs. 2010-10-21 11:31:26 +02:00
AUTHORS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
ChangeLog Preparing for v2.3_beta1 2012-09-12 16:12:28 +02:00
compat.m4 build: add git revision to --version output if build from git repository 2012-06-01 15:34:49 +02:00
config-msvc-version.h.in build: win-msvc: msbuild format 2012-03-22 22:53:39 +01:00
config-msvc.h Remove ENABLE_SSL define (and --disable-ssl configure option) 2014-12-31 17:36:54 +01:00
configure.ac Remove ENABLE_SSL define (and --disable-ssl configure option) 2014-12-31 17:36:54 +01:00
COPYING Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
COPYRIGHT.GPL This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
INSTALL t_client.sh: Write errors to stderr and document requirements 2013-11-16 14:06:40 +01:00
INSTALL-win32.txt Added cross-compilation information INSTALL-win32.txt 2013-02-03 14:47:19 +01:00
Makefile.am Minor t_client.sh cleanups 2014-04-21 13:58:11 +02:00
msvc-build.bat build: msvc: chdir with change drive to script location 2012-06-29 10:26:15 +02:00
msvc-dev.bat build: msvc: chdir with change drive to script location 2012-06-29 10:26:15 +02:00
msvc-env.bat build: msvc: chdir with change drive to script location 2012-06-29 10:26:15 +02:00
NEWS This is the start of the BETA21 branch. 2005-09-26 05:28:27 +00:00
openvpn.sln build: msvc: upgrade to Visual Studio 2010 + fixups 2012-03-29 12:31:10 +02:00
PORTS Updated copyright date to 2010. 2010-04-28 16:31:36 +00:00
README Updated README 2013-02-03 14:47:28 +01:00
README.ec Add support for elliptic curve diffie-hellmann key exchange (ECDH) 2014-04-25 19:36:52 +02:00
README.IPv6 Update IPv6 related readme files 2014-01-03 16:01:12 +01:00
README.polarssl Update README.polarssl 2014-06-24 22:51:27 +02:00
TODO.IPv6 Update IPv6 related readme files 2014-01-03 16:01:12 +01:00
version.m4 Improve the git revision tracking 2013-04-19 15:46:37 +02:00
version.sh.in build: windows: install version.sh to allow installer read version 2012-03-24 00:14:23 +01:00

README 

OpenVPN -- A Secure tunneling daemon

Copyright (C) 2002-2010 OpenVPN Technologies, Inc. This program is free software;
you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
as published by the Free Software Foundation.

*************************************************************************

For the latest version of OpenVPN, go to:

	http://openvpn.net/

To Build and Install,

	./configure
	make
	make install

or see the file INSTALL for more info.

*************************************************************************

For detailed information on OpenVPN, including examples, see the man page
  http://openvpn.net/man.html

For a sample VPN configuration, see
  http://openvpn.net/howto.html

For a description of OpenVPN's underlying protocol,
  see the file ssl.h included in the source distribution.

*************************************************************************

Other Files & Directories:

* INSTALL-win32.txt -- installation instructions
  for Windows

* configure.ac -- script to rebuild our configure
  script and makefile.

* sample/sample-scripts/verify-cn

  A sample perl script which can be used with OpenVPN's
  --tls-verify option to provide a customized authentication
  test on embedded X509 certificate fields.

* sample/sample-keys/

  Sample RSA keys and certificates.  DON'T USE THESE FILES
  FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE.

* sample/sample-config-files/

  A collection of OpenVPN config files and scripts from
  the HOWTO at http://openvpn.net/howto.html

*************************************************************************

Note that easy-rsa and tap-windows are now maintained in their own subprojects.
Their source code is available here:

  https://github.com/OpenVPN/easy-rsa
  https://github.com/OpenVPN/tap-windows

The old cross-compilation environment (domake-win) and the Python-based
buildsystem have been replaced with openvpn-build:

  https://github.com/OpenVPN/openvpn-build

See the INSTALL file for usage information.