mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
OpenVPN is an open source VPN daemon
c3746da7f0
This is implements --peer-fingerprint command to support OpenVPN authentication without involving a PKI. The current implementation in OpenVPN for peer fingerprint has been already extensively rewritten from the original submission from Jason [1]. The commit preserved the original author since it was based on Jason code/idea. This commit is based on two previous commits that prepare the infrastructure to use a simple to use --peer-fingerprint directive instead of using a --tls-verify script like the v1 of the patch proposed. The two commits preparing this are: - Extend verify-hash to allow multiple hashes - Implement peer-fingerprint to check fingerprint of peer certificate These preceding patches make this actual patch quite short. There are some lines in this patch that bear some similarity to the ones like if (!preverify_ok && !session->opt->verify_hash_no_ca) vs if (!preverify_ok && !session->opt->ca_file_none) But these similarities are one line fragments and dictated by the surrounding style and program flow, so even a complete black box implementation will likely end up with the same lines. [1] https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16781.html Change-Id: Ie74c3d606c5429455c293c367462244566a936e3 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20230524132424.3098475-2-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26723.html Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
---|---|---|
.github | ||
build | ||
contrib | ||
debug | ||
dev-tools | ||
distro | ||
doc | ||
include | ||
m4 | ||
sample | ||
src | ||
tests | ||
.git-blame-ignore-revs | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.svncommitters | ||
AUTHORS | ||
ChangeLog | ||
Changes.rst | ||
CMakeLists.txt | ||
CMakePresets.json | ||
compat.m4 | ||
config.h.cmake.in | ||
configure.ac | ||
CONTRIBUTING.rst | ||
COPYING | ||
COPYRIGHT.GPL | ||
INSTALL | ||
Makefile.am | ||
NEWS | ||
PORTS | ||
README | ||
README.cmake.md | ||
README.dco.md | ||
README.ec | ||
README.mbedtls | ||
README.wolfssl | ||
version.m4 |
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2022 OpenVPN Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* To get the latest release of OpenVPN, go to: https://openvpn.net/community-downloads/ To Build and Install, tar -zxf openvpn-<version>.tar.gz cd openvpn-<version> ./configure make make install or see the file INSTALL for more info. For information on how to build OpenVPN on/for Windows with MinGW or MSVC see README.cmake.md. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html To report an issue, see https://github.com/OpenVPN/openvpn/issues/new (Note: We recently switched to GitHub for reporting new issues, old issues can be found at: https://community.openvpn.net/openvpn/report) For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows6 Community-provided Windows installers (MSI) and Debian packages are built from https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.