mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
Minor changes to Android 4 client and core:
* clear_auth() now clears username field. * OpenSSL impl in core now logs TLS handshake details. * Added build-openssl-small to build a trimmed-down version of OpenSSL.
This commit is contained in:
parent
e82d3986d9
commit
eca10fa23d
@ -1,11 +1,12 @@
|
||||
#!/usr/bin/env bash
|
||||
# generate expire time in python: time.mktime((2012, 5, 1, 0, 0, 0, 0, 0, -1))
|
||||
# -flto=4 -Wl,--no-as-needed \
|
||||
set -e
|
||||
swig -c++ -java -package net.openvpn.openvpn -I$OVPN3_DIR ovpncli.i
|
||||
$GPP_CMD \
|
||||
--sysroot=$NDK/platforms/android-9/arch-arm \
|
||||
-DAPP_EXPIRE_TIME=1335852000 \
|
||||
-g -O3 -fPIC \
|
||||
-O3 -fPIC \
|
||||
-fno-strict-aliasing \
|
||||
-Wall -Wno-sign-compare -Wno-unused-parameter \
|
||||
-fwhole-program "-DSWIGEXPORT=__attribute__((externally_visible))" \
|
||||
|
@ -8,7 +8,7 @@
|
||||
// debug settings
|
||||
|
||||
#define OPENVPN_DEBUG
|
||||
#define OPENVPN_SSL_DEBUG // fixme
|
||||
//#define OPENVPN_SSL_DEBUG
|
||||
//#define OPENVPN_DEBUG_CLIPROTO
|
||||
//#define OPENVPN_FORCE_TUN_NULL
|
||||
//#define OPENVPN_DEBUG_PROTO
|
||||
|
@ -209,6 +209,11 @@ namespace openvpn {
|
||||
return ct_out.read_buf();
|
||||
}
|
||||
|
||||
std::string ssl_handshake_details() const // fixme -- code me
|
||||
{
|
||||
return "[not implemented]";
|
||||
}
|
||||
|
||||
~SSL()
|
||||
{
|
||||
ssl_erase();
|
||||
|
@ -2,6 +2,7 @@
|
||||
#define OPENVPN_OPENSSL_SSL_SSLCTX_H
|
||||
|
||||
#include <cstring>
|
||||
#include <sstream>
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
@ -279,12 +280,44 @@ namespace openvpn {
|
||||
return bmq_stream::memq_from_bio(ct_out)->read_buf();
|
||||
}
|
||||
|
||||
std::string ssl_handshake_details() const
|
||||
{
|
||||
return ssl_handshake_details(ssl);
|
||||
}
|
||||
|
||||
~SSL()
|
||||
{
|
||||
ssl_erase();
|
||||
}
|
||||
|
||||
private:
|
||||
// Print a one line summary of SSL/TLS session handshake.
|
||||
static std::string ssl_handshake_details (const ::SSL *c_ssl)
|
||||
{
|
||||
std::ostringstream os;
|
||||
|
||||
const SSL_CIPHER *ciph = SSL_get_current_cipher (c_ssl);
|
||||
os << SSL_get_version (c_ssl) << ", cipher " << SSL_CIPHER_get_version (ciph) << ' ' << SSL_CIPHER_get_name (ciph);
|
||||
|
||||
::X509 *cert = SSL_get_peer_certificate (c_ssl);
|
||||
if (cert != NULL)
|
||||
{
|
||||
EVP_PKEY *pkey = X509_get_pubkey (cert);
|
||||
if (pkey != NULL)
|
||||
{
|
||||
if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL && pkey->pkey.rsa->n != NULL)
|
||||
os << ", " << BN_num_bits (pkey->pkey.rsa->n) << " bit RSA";
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL && pkey->pkey.dsa->p != NULL)
|
||||
os << ", " << BN_num_bits (pkey->pkey.dsa->p) << " bit DSA";
|
||||
#endif
|
||||
EVP_PKEY_free (pkey);
|
||||
}
|
||||
X509_free (cert);
|
||||
}
|
||||
return os.str();
|
||||
}
|
||||
|
||||
void ssl_clear()
|
||||
{
|
||||
ssl_bio_linkage = false;
|
||||
|
@ -3,7 +3,9 @@
|
||||
|
||||
#include <string>
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
#include <openvpn/common/exception.hpp>
|
||||
#include <openvpn/openssl/util/error.hpp>
|
||||
@ -14,6 +16,7 @@ namespace openvpn {
|
||||
|
||||
void openssl_setup_engine (const std::string& engine)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE_load_builtin_engines ();
|
||||
|
||||
if (engine == "auto")
|
||||
@ -27,6 +30,7 @@ namespace openvpn {
|
||||
throw openssl_engine_error();
|
||||
if (!ENGINE_set_default (e, ENGINE_METHOD_ALL))
|
||||
throw openssl_engine_error();
|
||||
#endif
|
||||
}
|
||||
|
||||
} // namespace openvpn
|
||||
|
@ -1284,6 +1284,7 @@ namespace openvpn {
|
||||
|
||||
void active()
|
||||
{
|
||||
OPENVPN_LOG("SSL Handshake: " << Base::ssl_handshake_details());
|
||||
generate_session_keys();
|
||||
while (!app_pre_write_queue.empty())
|
||||
{
|
||||
|
@ -196,6 +196,11 @@ namespace openvpn {
|
||||
}
|
||||
}
|
||||
|
||||
std::string ssl_handshake_details() const
|
||||
{
|
||||
return ssl_->ssl_handshake_details();
|
||||
}
|
||||
|
||||
virtual ~ProtoStackBase() {}
|
||||
|
||||
private:
|
||||
|
20
scripts/android/build-openssl-small
Executable file
20
scripts/android/build-openssl-small
Executable file
@ -0,0 +1,20 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
export OPENSSL=openssl-1.0.0g
|
||||
export TPRE=arm-linux-androideabi
|
||||
export DIST=$(pwd)/openssl
|
||||
export BIN=$TC/bin
|
||||
rm -rf $OPENSSL $DIST
|
||||
tar xfz ~/Downloads/$OPENSSL.tar.gz
|
||||
cd $OPENSSL
|
||||
NO_FLAGS="no-engine no-hw no-ssl2 no-ssl3 no-zlib no-rc2 no-idea no-des no-cast no-md2 no-mdc2 no-ripemd no-rc5 no-camellia no-seed no-krb5 no-socks no-ecdsa no-ec no-ecdh no-md2 no-md4 no-whirlpool no-dsa no-cms no-jpake no-gost"
|
||||
./Configure linux-armv4 no-shared threads no-idea no-mdc2 no-rc5 $NO_FLAGS --prefix=$DIST
|
||||
#sed -i "" -e 's|-O3|-O3 -flto|' Makefile
|
||||
#sed -i "" -e 's|^all:.*$|all: Makefile build_all libssl.pc libcrypto.pc|' Makefile
|
||||
#sed -i "" -e 's|^build_all:.*$|build_all: build_libs|' Makefile
|
||||
make CC="$BIN/$TPRE-gcc" AR="$BIN/$TPRE-ar r" RANLIB="$BIN/$TPRE-ranlib" build_libs
|
||||
touch apps/openssl
|
||||
touch openssl.pc
|
||||
touch libcrypto.pc
|
||||
touch libssl.pc
|
||||
make install_sw
|
Loading…
Reference in New Issue
Block a user