mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 12:12:15 +02:00
Add reporting of IV_SSL_VER
This information is only send if push-peer-info is enabled. It is meant to have an easy way for centrally adminstrated to spot clients using outdated SSL libraries.
This commit is contained in:
parent
63ab5b5e46
commit
23959fa705
@ -548,6 +548,7 @@ namespace openvpn {
|
||||
std::string hwaddr = get_hwaddr();
|
||||
if (!hwaddr.empty())
|
||||
pi->emplace_back("IV_HWADDR", hwaddr);
|
||||
pi->emplace_back ("IV_SSL", get_ssl_library_version());
|
||||
}
|
||||
|
||||
return pi;
|
||||
|
@ -1461,6 +1461,16 @@ namespace openvpn {
|
||||
}
|
||||
};
|
||||
|
||||
inline const std::string get_ssl_library_version()
|
||||
{
|
||||
unsigned int ver = mbedtls_version_get_number();
|
||||
std::string version = "mbed TLS " +
|
||||
std::to_string((ver>>24)&0xff) +
|
||||
"." + std::to_string((ver>>16)&0xff) +
|
||||
"." + std::to_string((ver>>8)&0xff);
|
||||
|
||||
return version;
|
||||
}
|
||||
} // namespace openvpn
|
||||
|
||||
#endif
|
||||
|
@ -2132,6 +2132,10 @@ namespace openvpn {
|
||||
SSL_METHOD OpenSSLContext::SSL::ssl23_method_client_;
|
||||
SSL_METHOD OpenSSLContext::SSL::ssl23_method_server_;
|
||||
#endif
|
||||
}
|
||||
|
||||
inline const std::string get_ssl_library_version()
|
||||
{
|
||||
return OpenSSL_version(OPENSSL_VERSION);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -188,6 +188,15 @@ namespace openvpn {
|
||||
|
||||
virtual SSLFactoryAPI::Ptr new_factory() = 0;
|
||||
};
|
||||
|
||||
/**
|
||||
* Reports a human readable string of the SSL library in use and its version.
|
||||
* E.g. mbed TLS 1.2.4
|
||||
*
|
||||
* @return a human readable SSL library version string
|
||||
*/
|
||||
inline const std::string get_ssl_library_version();
|
||||
|
||||
}
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user