2014-07-21 05:22:06 +02:00
|
|
|
// OpenVPN -- An application to securely tunnel IP networks
|
|
|
|
// over a single port, with support for SSL/TLS-based
|
|
|
|
// session authentication and key exchange,
|
|
|
|
// packet encryption, packet authentication, and
|
|
|
|
// packet compression.
|
2013-06-07 00:18:17 +02:00
|
|
|
//
|
2022-09-29 11:41:13 +02:00
|
|
|
// Copyright (C) 2012-2022 OpenVPN Inc.
|
2013-06-07 00:18:17 +02:00
|
|
|
//
|
2014-07-21 05:22:06 +02:00
|
|
|
// This program is free software: you can redistribute it and/or modify
|
2017-12-21 21:42:20 +01:00
|
|
|
// it under the terms of the GNU Affero General Public License Version 3
|
2014-07-21 05:22:06 +02:00
|
|
|
// as published by the Free Software Foundation.
|
2013-06-07 00:18:17 +02:00
|
|
|
//
|
2014-07-21 05:22:06 +02:00
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2017-12-21 21:42:20 +01:00
|
|
|
// GNU Affero General Public License for more details.
|
2014-07-21 05:22:06 +02:00
|
|
|
//
|
2017-12-21 21:42:20 +01:00
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
2014-07-21 05:22:06 +02:00
|
|
|
// along with this program in the COPYING file.
|
|
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
2013-06-07 00:18:17 +02:00
|
|
|
|
|
|
|
// Parse the tls-version-min option.
|
|
|
|
|
2020-08-27 16:24:42 +02:00
|
|
|
#pragma once
|
2013-06-07 00:18:17 +02:00
|
|
|
|
|
|
|
#include <string>
|
|
|
|
|
2015-05-17 21:27:34 +02:00
|
|
|
#include <openvpn/common/size.hpp>
|
2013-06-07 00:18:17 +02:00
|
|
|
#include <openvpn/common/exception.hpp>
|
|
|
|
#include <openvpn/common/options.hpp>
|
|
|
|
|
2023-03-11 13:11:44 +01:00
|
|
|
namespace openvpn::TLSVersion {
|
|
|
|
|
|
|
|
enum class Type
|
2013-06-07 00:18:17 +02:00
|
|
|
{
|
2023-03-11 13:11:44 +01:00
|
|
|
UNDEF,
|
2014-03-04 02:38:44 +01:00
|
|
|
V1_0,
|
2013-06-07 00:18:17 +02:00
|
|
|
V1_1,
|
2018-11-22 17:33:58 +01:00
|
|
|
V1_2,
|
|
|
|
V1_3
|
2013-06-07 00:18:17 +02:00
|
|
|
};
|
|
|
|
|
2023-03-11 13:56:40 +01:00
|
|
|
inline bool operator<(const Type &A, const Type &B)
|
2023-03-11 13:11:44 +01:00
|
|
|
{
|
|
|
|
return static_cast<int>(A) < static_cast<int>(B);
|
|
|
|
}
|
|
|
|
|
2015-11-25 19:34:41 +01:00
|
|
|
inline const std::string to_string(const Type version)
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2015-02-05 04:29:43 +01:00
|
|
|
switch (version)
|
|
|
|
{
|
2023-03-11 13:11:44 +01:00
|
|
|
case Type::UNDEF:
|
2015-02-05 04:29:43 +01:00
|
|
|
return "UNDEF";
|
2023-03-11 13:11:44 +01:00
|
|
|
case Type::V1_0:
|
2015-02-05 04:29:43 +01:00
|
|
|
return "V1_0";
|
2023-03-11 13:11:44 +01:00
|
|
|
case Type::V1_1:
|
2015-02-05 04:29:43 +01:00
|
|
|
return "V1_1";
|
2023-03-11 13:11:44 +01:00
|
|
|
case Type::V1_2:
|
2015-02-05 04:29:43 +01:00
|
|
|
return "V1_2";
|
2023-03-11 13:11:44 +01:00
|
|
|
case Type::V1_3:
|
2018-11-22 17:33:58 +01:00
|
|
|
return "V1_3";
|
2015-02-05 04:29:43 +01:00
|
|
|
default:
|
|
|
|
return "???";
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
2015-02-05 04:29:43 +01:00
|
|
|
|
2015-10-16 08:40:52 +02:00
|
|
|
inline Type parse_tls_version_min(const std::string &ver,
|
|
|
|
const bool or_highest,
|
|
|
|
const Type max_version)
|
|
|
|
{
|
2023-03-11 13:11:44 +01:00
|
|
|
if (ver == "1.0" && Type::V1_0 <= max_version)
|
|
|
|
return Type::V1_0;
|
|
|
|
else if (ver == "1.1" && Type::V1_1 <= max_version)
|
|
|
|
return Type::V1_1;
|
|
|
|
else if (ver == "1.2" && Type::V1_2 <= max_version)
|
|
|
|
return Type::V1_2;
|
|
|
|
else if (ver == "1.3" && Type::V1_3 <= max_version)
|
|
|
|
return Type::V1_3;
|
2015-10-16 08:40:52 +02:00
|
|
|
else if (or_highest)
|
|
|
|
return max_version;
|
|
|
|
else
|
|
|
|
throw option_error("tls-version-min: unrecognized TLS version");
|
|
|
|
}
|
|
|
|
|
2016-11-20 21:06:35 +01:00
|
|
|
inline Type parse_tls_version_min(const OptionList &opt,
|
|
|
|
const std::string &relay_prefix,
|
|
|
|
const Type max_version)
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2016-11-20 21:06:35 +01:00
|
|
|
const Option *o = opt.get_ptr(relay_prefix + "tls-version-min");
|
2023-01-11 20:43:22 +01:00
|
|
|
if (o)
|
2015-10-16 08:40:52 +02:00
|
|
|
{
|
2016-05-02 05:49:26 +02:00
|
|
|
const std::string ver = o->get_optional(1, 16);
|
2015-10-16 08:40:52 +02:00
|
|
|
const bool or_highest = (o->get_optional(2, 16) == "or-highest");
|
|
|
|
return parse_tls_version_min(ver, or_highest, max_version);
|
2013-06-07 00:18:17 +02:00
|
|
|
}
|
2023-03-11 13:11:44 +01:00
|
|
|
return Type::UNDEF;
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
2015-02-05 04:29:43 +01:00
|
|
|
|
|
|
|
inline void apply_override(Type &tvm, const std::string &override)
|
|
|
|
{
|
2023-03-11 13:11:44 +01:00
|
|
|
const Type orig = tvm;
|
|
|
|
Type newtvm = Type::UNDEF;
|
|
|
|
|
2015-02-05 04:29:43 +01:00
|
|
|
if (override.empty() || override == "default")
|
2023-03-11 13:11:44 +01:00
|
|
|
newtvm = tvm;
|
2015-02-05 04:29:43 +01:00
|
|
|
else if (override == "disabled")
|
2023-03-11 13:11:44 +01:00
|
|
|
tvm = Type::UNDEF;
|
2015-02-05 04:29:43 +01:00
|
|
|
else if (override == "tls_1_0")
|
2023-03-11 13:11:44 +01:00
|
|
|
newtvm = Type::V1_0;
|
2015-02-05 04:29:43 +01:00
|
|
|
else if (override == "tls_1_1")
|
2023-03-11 13:11:44 +01:00
|
|
|
newtvm = Type::V1_1;
|
2015-02-05 04:29:43 +01:00
|
|
|
else if (override == "tls_1_2")
|
2023-03-11 13:11:44 +01:00
|
|
|
newtvm = Type::V1_2;
|
2018-11-22 17:33:58 +01:00
|
|
|
else if (override == "tls_1_3")
|
2023-03-11 13:11:44 +01:00
|
|
|
newtvm = Type::V1_3;
|
2015-02-05 04:29:43 +01:00
|
|
|
else
|
|
|
|
throw option_error("tls-version-min: unrecognized override string");
|
|
|
|
|
2023-03-11 13:11:44 +01:00
|
|
|
if (newtvm > orig || newtvm == Type::UNDEF)
|
|
|
|
tvm = newtvm;
|
|
|
|
|
2015-02-05 04:29:43 +01:00
|
|
|
// OPENVPN_LOG("*** TLS-version-min before=" << to_string(orig) << " override=" << override << " after=" << to_string(tvm)); // fixme
|
2013-06-07 00:18:17 +02:00
|
|
|
}
|
2023-03-11 13:11:44 +01:00
|
|
|
} // namespace openvpn::TLSVersion
|