mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-19 19:52:15 +02:00
Add certificate to EvalConfig
Clients need access to the server VPN ca for whitelisting reasons so it is now available inside the EvalConfig structure. Implemented the change and added a unit test for same. Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.net>
This commit is contained in:
parent
272d0ef07d
commit
75d9d0fae5
@ -4,7 +4,7 @@
|
||||
// packet encryption, packet authentication, and
|
||||
// packet compression.
|
||||
//
|
||||
// Copyright (C) 2012-2022 OpenVPN Inc.
|
||||
// Copyright (C) 2012 - 2024 OpenVPN Inc.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License Version 3
|
||||
@ -650,6 +650,7 @@ OPENVPN_CLIENT_EXPORT void OpenVPNClientHelper::parse_config(const Config &confi
|
||||
eval.friendlyName = cc.friendlyName();
|
||||
eval.autologin = cc.autologin();
|
||||
eval.externalPki = cc.externalPki();
|
||||
eval.vpnCa = cc.vpnCa();
|
||||
eval.staticChallenge = cc.staticChallenge();
|
||||
eval.staticChallengeEcho = cc.staticChallengeEcho();
|
||||
eval.privateKeyPasswordRequired = cc.privateKeyPasswordRequired();
|
||||
|
@ -4,7 +4,7 @@
|
||||
// packet encryption, packet authentication, and
|
||||
// packet compression.
|
||||
//
|
||||
// Copyright (C) 2012-2022 OpenVPN Inc.
|
||||
// Copyright (C) 2012 - 2024 OpenVPN Inc.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License Version 3
|
||||
@ -53,8 +53,14 @@ struct ServerEntry
|
||||
std::string friendlyName;
|
||||
};
|
||||
|
||||
// return properties of config
|
||||
// (client reads)
|
||||
/**
|
||||
@brief Struct containing configuration details parsed from an OpenVPN configuration file.
|
||||
@details
|
||||
This struct holds various properties extracted from an OpenVPN configuration file, such as
|
||||
error status, profile name, autologin flag, external PKI flag, VPN server CA, static
|
||||
challenge, private key password requirement, remote host information, list of selectable VPN
|
||||
servers, Windows driver, and DCO compatibility details.
|
||||
*/
|
||||
struct EvalConfig
|
||||
{
|
||||
// true if error
|
||||
@ -78,6 +84,13 @@ struct EvalConfig
|
||||
// if true, this is an External PKI profile (no cert or key directives)
|
||||
bool externalPki = false;
|
||||
|
||||
// VPN server CA in PEM format as given in the configuration. This is the CA, the
|
||||
// VPN server certificate is checked against. This is not a parsed version so it
|
||||
// can have extra lines around the actual certificates that an X509 parser would
|
||||
// ignore.
|
||||
// Note that this can can be empty if the profile uses --peer-fingerprint instead of traditional PKI check.
|
||||
std::string vpnCa;
|
||||
|
||||
// static challenge, may be empty, ignored if autologin
|
||||
std::string staticChallenge;
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
// packet encryption, packet authentication, and
|
||||
// packet compression.
|
||||
//
|
||||
// Copyright (C) 2012-2022 OpenVPN Inc.
|
||||
// Copyright (C) 2012 - 2024 OpenVPN Inc.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License Version 3
|
||||
@ -224,6 +224,12 @@ class ParseClientConfig
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
const Option *o = options.get_ptr("ca");
|
||||
if (o)
|
||||
vpnCa_ = o->get(1, Option::MULTILINE);
|
||||
}
|
||||
|
||||
// profile name
|
||||
{
|
||||
const Option *o = options.get_ptr("PROFILE");
|
||||
@ -461,6 +467,11 @@ class ParseClientConfig
|
||||
return externalPki_;
|
||||
}
|
||||
|
||||
std::string vpnCa() const
|
||||
{
|
||||
return vpnCa_;
|
||||
}
|
||||
|
||||
// static challenge, may be empty, ignored if autologin
|
||||
const std::string &staticChallenge() const
|
||||
{
|
||||
@ -786,6 +797,7 @@ class ParseClientConfig
|
||||
bool autologin_;
|
||||
bool clientCertEnabled_;
|
||||
bool externalPki_;
|
||||
std::string vpnCa_;
|
||||
bool pushPeerInfo_;
|
||||
std::string staticChallenge_;
|
||||
bool staticChallengeEcho_;
|
||||
|
@ -195,6 +195,17 @@ TEST(config, dco_compatibility)
|
||||
}
|
||||
}
|
||||
|
||||
TEST(config, server_cert_in_eval)
|
||||
{
|
||||
ClientAPI::Config api_config;
|
||||
api_config.content = minimalConfig;
|
||||
|
||||
ClientAPI::OpenVPNClientHelper client_helper;
|
||||
auto eval = client_helper.eval_config(api_config);
|
||||
|
||||
EXPECT_FALSE(eval.vpnCa.empty());
|
||||
}
|
||||
|
||||
|
||||
TEST(config, server_options_present_in_error_msg)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user