mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
OpenVPN is an open source VPN daemon
86d8cd6860
PolarSSL / mbed TLS 1.3 is going end-of-life by 2016-12-31, so let's move the master branch on to the 2.x series. This patch purges all references to polarssl, except for file names and some comments referring to 1.2 and earlier, which were never released as 'mbed TLS'. A separate patch for the file names follows, so the real changes are easier to spot without git-fu. This patch intends to not change any behaviour. The vast majority of this patch is just renaming functions and structs. There are some small changes in the implementation: * In ssl_polarssl.c: the debug callback prototype changed, so our implementation changed a bit too. * in ssl_polarssl.c: the old polarssl ssl_context is now split into a mbedtls_ssl_config and mbedtls_ssl_context. The intention is that mbedtls_ssl_config is shared among connections, and mbedtls_ssl_context contains the per-connection state. That doesn't work for us, because we use per-connection verify callback data, while the verify callback is registered on mbed_tls_config. Therefore we still need to init a mbed_tls_config struct for each connection. * in ssl_polarssl.c: the mbed bio handling changed, so our implementation changed a bit too. * in ssl_polarssl.c and ssl_verify_polarssl.c: the mbedtls x509 parse functions now fail if we don't provide a NUL-terminated string, so use strlen()+1 as the length argument to include the terminating NUL. I tested this patch to work with: * 'make check' (with 2.0.0 and 2.2.1, other tests just with 2.2.1) * static key mode * TLS mode with PEM key file * TLS mode with password protected PEM key file * TLS mode with management-external-key * TLS mode with PKCS#11 * TLS mode with inline ca/key/cert/dh Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1460918143-408-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/11458 Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
|---|---|---|
| build | ||
| contrib | ||
| debug | ||
| distro | ||
| doc | ||
| include | ||
| m4 | ||
| sample | ||
| src | ||
| tests | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .svncommitters | ||
| AUTHORS | ||
| ChangeLog | ||
| Changes.rst | ||
| compat.m4 | ||
| config-msvc-version.h.in | ||
| config-msvc.h | ||
| configure.ac | ||
| CONTRIBUTING.rst | ||
| COPYING | ||
| COPYRIGHT.GPL | ||
| INSTALL | ||
| INSTALL-win32.txt | ||
| Makefile.am | ||
| msvc-build.bat | ||
| msvc-dev.bat | ||
| msvc-env.bat | ||
| NEWS | ||
| openvpn.sln | ||
| PORTS | ||
| README | ||
| README.ec | ||
| README.IPv6 | ||
| README.polarssl | ||
| TODO.IPv6 | ||
| version.m4 | ||
| version.sh.in | ||
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2010 OpenVPN Technologies, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* For the latest version of OpenVPN, go to: http://openvpn.net/ To Build and Install, ./configure make make install or see the file INSTALL for more info. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * INSTALL-win32.txt -- installation instructions for Windows * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows The old cross-compilation environment (domake-win) and the Python-based buildsystem have been replaced with openvpn-build: https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.