mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-19 19:52:15 +02:00
Rename OPENVPN_USE_TLS_MD5 to OPENVPN_ALLOW_INSECURE_CERTPROFILE
With OpenSSL 3.0 the name with MD5 no longer makes sense as it affects not only MD5 but also SHA1 and number of other settings. So replace the define with a more fitting name. Signed-off-by: Arne Schwabe <arne@openvpn.net>
This commit is contained in:
parent
9ed6f69a3b
commit
7897c3bd7e
@ -75,7 +75,7 @@ $GPP_CMD \
|
||||
-DASIO_STANDALONE \
|
||||
-DASIO_NO_DEPRECATED \
|
||||
-DHAVE_LZ4 \
|
||||
-DOPENVPN_USE_TLS_MD5 \
|
||||
-DOPENVPN_ALLOW_INSECURE_CERTPROFILE \
|
||||
-DASIO_HAS_STD_STRING_VIEW \
|
||||
-I$O3/core/client \
|
||||
-I$O3/core \
|
||||
|
@ -138,7 +138,7 @@ namespace openvpn {
|
||||
* X509 cert profiles.
|
||||
*/
|
||||
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
// This profile includes the broken MD5 alrogithm.
|
||||
// We are going to ship support for this algorithm for a limited
|
||||
// amount of time to allow our users to switch to something else
|
||||
@ -598,7 +598,7 @@ namespace openvpn {
|
||||
{
|
||||
switch (TLSCertProfile::default_if_undef(tls_cert_profile))
|
||||
{
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
case TLSCertProfile::INSECURE:
|
||||
return &mbedtls_ctx_private::crt_profile_insecure;
|
||||
#endif
|
||||
|
@ -1314,7 +1314,7 @@ namespace openvpn {
|
||||
OPENVPN_THROW(ssl_context_error,
|
||||
"OpenSSLContext: undefined tls-cert-profile");
|
||||
break;
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
case TLSCertProfile::INSECURE:
|
||||
SSL_CTX_set_security_level(ctx, 0);
|
||||
break;
|
||||
|
@ -34,7 +34,7 @@ namespace openvpn {
|
||||
namespace TLSCertProfile {
|
||||
enum Type {
|
||||
UNDEF=0,
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
INSECURE,
|
||||
#endif
|
||||
LEGACY,
|
||||
@ -56,7 +56,7 @@ namespace openvpn {
|
||||
{
|
||||
case UNDEF:
|
||||
return "UNDEF";
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
case INSECURE:
|
||||
return "INSECURE";
|
||||
#endif
|
||||
@ -73,7 +73,7 @@ namespace openvpn {
|
||||
|
||||
inline Type parse_tls_cert_profile(const std::string& profile_name)
|
||||
{
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
if (profile_name == "insecure")
|
||||
return INSECURE;
|
||||
else
|
||||
@ -108,7 +108,7 @@ namespace openvpn {
|
||||
const Type orig = type;
|
||||
if (override.empty() || override == "default")
|
||||
;
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
else if (override == "insecure-default")
|
||||
{
|
||||
if (orig == UNDEF)
|
||||
@ -125,7 +125,7 @@ namespace openvpn {
|
||||
if (orig == UNDEF)
|
||||
type = PREFERRED;
|
||||
}
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
else if (override == "insecure")
|
||||
type = INSECURE;
|
||||
#endif
|
||||
|
@ -1302,7 +1302,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content)
|
||||
std::cout << "--tvm-override, -M : tls-version-min override (disabled, default, tls_1_x)" << std::endl;
|
||||
std::cout << "--legacy-algorithms, -L: Enable legacy algorithm (OpenSSL legacy provider)" << std::endl;
|
||||
std::cout << "--tcprof-override, -X : tls-cert-profile override (" <<
|
||||
#ifdef OPENVPN_USE_TLS_MD5
|
||||
#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
|
||||
"insecure, " <<
|
||||
#endif
|
||||
"legacy, preferred, etc.)" << std::endl;
|
||||
|
Loading…
Reference in New Issue
Block a user