mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
ovpn3 client API : added sslDebugLevel parameter to control
the logging level of the underlying SSL library.
This commit is contained in:
parent
85b893cf8a
commit
899fa6c4bc
@ -54,7 +54,6 @@
|
||||
#define OPENVPN_DEBUG_PROTO 1 // increases low-level protocol verbosity (1)
|
||||
//#define OPENVPN_DEBUG_PROTO_DUMP // dump hex of transport-layer packets, requires OPENVPN_DEBUG_CLIPROTO (comment out)
|
||||
//#define OPENVPN_DEBUG_VERBOSE_ERRORS // verbosely log Error::Type errors (comment out)
|
||||
#define OPENVPN_SSL_DEBUG 0 // show verbose SSL debug info (0)
|
||||
#define OPENVPN_DEBUG_TUN 2 // debug level for tun object (2)
|
||||
#define OPENVPN_DEBUG_UDPLINK 2 // debug level for UDP link object (2)
|
||||
#define OPENVPN_DEBUG_TCPLINK 2 // debug level for TCP link object (2)
|
||||
@ -369,6 +368,7 @@ namespace openvpn {
|
||||
std::string private_key_password;
|
||||
std::string external_pki_alias;
|
||||
bool disable_client_cert = false;
|
||||
int ssl_debug_level = 0;
|
||||
int default_key_direction = -1;
|
||||
bool force_aes_cbc_ciphersuites = false;
|
||||
std::string tls_version_min_override;
|
||||
@ -585,6 +585,7 @@ namespace openvpn {
|
||||
if (eval.externalPki)
|
||||
state->external_pki_alias = config.externalPkiAlias;
|
||||
state->disable_client_cert = config.disableClientCert;
|
||||
state->ssl_debug_level = config.sslDebugLevel;
|
||||
state->default_key_direction = config.defaultKeyDirection;
|
||||
state->force_aes_cbc_ciphersuites = config.forceAesCbcCiphersuites;
|
||||
state->tls_version_min_override = config.tlsVersionMinOverride;
|
||||
@ -770,6 +771,11 @@ namespace openvpn {
|
||||
connect_attach();
|
||||
|
||||
try {
|
||||
// set global PolarSSL debug level
|
||||
#if defined(USE_POLARSSL)
|
||||
debug_set_threshold(state->ssl_debug_level); // fixme -- using a global method for this seems wrong
|
||||
#endif
|
||||
|
||||
// load options
|
||||
ClientOptions::Config cc;
|
||||
cc.cli_stats = state->stats;
|
||||
@ -792,6 +798,7 @@ namespace openvpn {
|
||||
cc.remote_override = &state->remote_override;
|
||||
cc.private_key_password = state->private_key_password;
|
||||
cc.disable_client_cert = state->disable_client_cert;
|
||||
cc.ssl_debug_level = state->ssl_debug_level;
|
||||
cc.default_key_direction = state->default_key_direction;
|
||||
cc.force_aes_cbc_ciphersuites = state->force_aes_cbc_ciphersuites;
|
||||
cc.tls_version_min_override = state->tls_version_min_override;
|
||||
|
@ -200,6 +200,9 @@ namespace openvpn {
|
||||
// If true, don't send client cert/key to peer.
|
||||
bool disableClientCert = false;
|
||||
|
||||
// SSL library debug level
|
||||
int sslDebugLevel = 0;
|
||||
|
||||
// Compression mode, one of:
|
||||
// yes -- allow compression on both uplink and downlink
|
||||
// asym -- allow compression on downlink only (i.e. server -> client)
|
||||
|
@ -129,6 +129,7 @@ namespace openvpn {
|
||||
bool google_dns_fallback = false;
|
||||
std::string private_key_password;
|
||||
bool disable_client_cert = false;
|
||||
int ssl_debug_level = 0;
|
||||
int default_key_direction = -1;
|
||||
bool force_aes_cbc_ciphersuites = false;
|
||||
bool autologin_sessions = false;
|
||||
@ -212,9 +213,7 @@ namespace openvpn {
|
||||
cc->set_external_pki_callback(config.external_pki);
|
||||
cc->set_frame(frame);
|
||||
cc->set_flags(SSLConst::LOG_VERIFY_STATUS);
|
||||
#ifdef OPENVPN_SSL_DEBUG
|
||||
cc->set_debug_level(OPENVPN_SSL_DEBUG);
|
||||
#endif
|
||||
cc->set_debug_level(config.ssl_debug_level);
|
||||
cc->set_rng(rng);
|
||||
cc->set_local_cert_enabled(pcc.clientCertEnabled() && !config.disable_client_cert);
|
||||
cc->set_private_key_password(config.private_key_password);
|
||||
|
@ -272,6 +272,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content)
|
||||
{ "merge", no_argument, nullptr, 'm' },
|
||||
{ "version", no_argument, nullptr, 'v' },
|
||||
{ "auto-sess", no_argument, nullptr, 'a' },
|
||||
{ "ssl-debug", required_argument, nullptr, 1 },
|
||||
{ nullptr, 0, nullptr, 0 }
|
||||
};
|
||||
|
||||
@ -308,6 +309,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content)
|
||||
bool proxyAllowCleartextAuth = false;
|
||||
int defaultKeyDirection = -1;
|
||||
bool forceAesCbcCiphersuites = false;
|
||||
int sslDebugLevel = 0;
|
||||
bool googleDnsFallback = false;
|
||||
bool autologinSessions = false;
|
||||
bool tunPersist = false;
|
||||
@ -322,6 +324,9 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content)
|
||||
{
|
||||
switch (ch)
|
||||
{
|
||||
case 1:
|
||||
sslDebugLevel = ::atoi(optarg);
|
||||
break;
|
||||
case 'e':
|
||||
eval = true;
|
||||
break;
|
||||
@ -482,6 +487,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content)
|
||||
config.dco = dco;
|
||||
config.defaultKeyDirection = defaultKeyDirection;
|
||||
config.forceAesCbcCiphersuites = forceAesCbcCiphersuites;
|
||||
config.sslDebugLevel = sslDebugLevel;
|
||||
config.googleDnsFallback = googleDnsFallback;
|
||||
config.autologinSessions = autologinSessions;
|
||||
config.tunPersist = tunPersist;
|
||||
@ -649,6 +655,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content)
|
||||
std::cout << "--no-cert, -x : disable client certificate" << std::endl;
|
||||
std::cout << "--def-keydir, -k : default key direction ('bi', '0', or '1')" << std::endl;
|
||||
std::cout << "--force-aes-cbc, -f : force AES-CBC ciphersuites" << std::endl;
|
||||
std::cerr << "--ssl-debug : SSL debug level" << std::endl;
|
||||
std::cout << "--google-dns, -g : enable Google DNS fallback" << std::endl;
|
||||
std::cout << "--auto-sess, -a : request autologin session" << std::endl;
|
||||
std::cout << "--persist-tun, -j : keep TUN interface open across reconnects" << std::endl;
|
||||
|
Loading…
Reference in New Issue
Block a user