These functions are found in openvpn/mbedtls/pki/x509certinfo.hpp.
This change also adds support to build coreUnitTests against mbed TLS
instead of OpenSSL (default) by providing -DUSE_MBEDTLS=true to cmake.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This adds some basic unit tests for the various functions retrieving
information from a X.509 certificate.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This new VerifyX509Name class handles both extracting and parsing the
appropriate --verify-x509-name option and is able to verify if a given
subject or hostname is matching the expectation.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This avoids the mistake of using the insecure MTRand in anything but
a unit test and has the advantage that not all MTRand in a unit test
suite report being secure
Signed-off-by: Arne Schwabe <arne@openvpn.net>
To support the pre unittest tests that compare the output against an
expected output without fully rewriting them, this logger provides a
facility to integrate them in the unit test framework
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This avoid a linkage problem encountered when building core with two
compilation units and OPENVPN_EXTERN being used.
Also adjust core unit tests with regard to now different extern usage
This also removes unittest.vcxproj from solution, since
it is deprecated in favor of CMake-based unit tests.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This test attempts to assure that the measurements we get from
openvpn::cpu_time() is within a reasonable range of what we should
normally expect.
This is achieved by using a simple worker thread which ensures the
process is not "idling" (like it would with sleep()) but in a real busy
loop which takes some time. Then we measure the time spent in the busy
loop, both using a simplistic time() and comparing that with what
cpu_time() returns.
This unit test also supports measuring multiple running threads
individually too.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This introduces experimental support for Wintun
as an alternative for tap-windows6.
In order to use wintun, set "ClientAPI::Config::wintun"
flag to "true" or use "-w" option in test client.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This takes into use new TunSetup API which enables to create bypass
routes before establishing connection.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
There are two ways how Linux tun can be manipulated -
by using iproute2 or netlink. Both implementations have
defined identical Setup class implementation.
This commit factors out Setup class from tun implementations
and templatizes it, which removes need in duplicated code.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This uses Windows-specific wchar_t override of std::ifstream
to make it work with UNICODE paths. It is assumed that caller
passes UTF8-encoded string.
To support passing non-ASCII chars via command line, we
read it as wstring and then convert to UTF-8 encoded string.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This requires cli.cpp to be included in openvpn3-linux build environment
and the right defines set before the test.cpp is included.
This workaround is necessary since the dbus dependencies are not part
of the core and to adding an extra copy of cli.cpp to openvpn3-linux
Signed-off-by: Arne Schwabe <arne@openvpn.net>
The metadata that may be possibly be contained in the WKc has to be
verified by means of a user implemented behaviour.
Implement an abstract class that exports a verify() method to be
used for this purpose.
Users can extend this class and override the verify() method with
their own.
A basic implementation is also provided: it will just ignore the
metadata (if any) and report success to the core.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
On the linux client we need the information to which remote the client
is connecting to query the route information to ultimately discover the
device. On other platform that do not need these extra information we
ignore the extra arguments
The API uses std::string and bool instead of passing of passing IPAddr as
the API needs to be understand by Swig/Java and similar methods also opt in
favour of call by value and simply types.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
