OpenVPNClient::connect method doesn't communicate common OpenSSL errors
through it's return value due to lack of mappings of OpenSSL errors
to OpenVPN error codes in OpenSSLException implementation.
This commit fixes the issue by introducing new error codes:
- SSL_CA_MD_TOO_WEAK
- SSL_CA_KEY_TOO_SMALL
- SSL_DH_KEY_TOO_SMALL
These error codes are mapped to corresponding OpenSSL errors:
- SSL_R_CA_MD_TOO_WEAK
- SSL_R_CA_KEY_TOO_SMALL
- SSL_R_DH_KEY_TOO_SMALL
Signed-off-by: Dmitriy Dudnik <dmitro.dudnik@openvpn.net>
The get_integer_optional select the type to get from the JSON
dependent on the default_value parameter, making it simple to ensure
that the returned value will fit the requested type and range.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This is useful for running a command from a worker thread
where signals have been blocked, but we want the child
process to run with the original pre-blocked signal configuration.
Signed-off-by: James Yonan <james@openvpn.net>
Before the OpenSSL 1.1 changes ctx was a struct and not a pointer, so
the extra variable was necessary
This also solves a defect reported by Coverity of ctx not always
initialised.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
ARCH enables to build certain architecture only.
NO_DEPS disables downloading and building dependencies.
NO_OPENSSL disables downloading and building OpenSSL.
OPENSSL_ROOT_DIR allows to specify location for OpenSSL root
Example:
ARCH=x86_64 NO_OPENSSL=1 ./build
Signed-off-by: Lev Stipakov <lev@openvpn.net>
The added IV_CIPHER string that we send, brought the Frame used in
the proto test client over the 256 byte limit. Change the proto test
to use a larger test frame of 378 byte.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This also changes the mbed TLS implementation from using the AES GCM
specific API to the generic AEAD API in mbed TLS. As result we can
refactor the commonly used parts of AEAD and normal cipher into a
common class.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This code is MSVC specific (other compilers
don't support SEH) and is only useful during
debugging.
It is better to remove it and mute exception
in debugger, than add ifdefs for other compilers.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
c++17 provides overload, which accepts
std::filestream::path, which accepts wchar_t,
MSVS provides overload, which directly accepts wchar_t.
In other cases use char constructor. This likely breaks
support of non-ascii profile paths.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Having capture without initializer after nested struct
is broken in GCC 7.x and is fixed starting from GCC 8.1
(see https://stackoverflow.com/questions/60110629/).
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Linux filesystem is case-sensitive and all
mingw includes are in lower case. Also use
Linux directory separator, since it works on both
Linux and Windows.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Parse --windows-driver and set corresponding
value of config properties.
Could be used by clients to replicate openvpn2
behavior - use wintun driver if config contains
"--windows-driver wintun".
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This is needed to make openvpn-gui client work with openpvn3.
openvpn-gui passes all information, required to start vpn session,
to agent via named pipe. Agent impersonates another end of pipe,
which is gui process, running under user privileges, and starts
openvpn process.
openvpn-gui generates a random password, which is written by agent
into openvpn process's stdin. That password is used by openvpn-gui to
connect to openvpn's management interface.
openvpn-gui creates an event with unique name, which it is passed
to openvpn via command line. When user disconnects VPN session, gui
sets event into signalled state. openvpn waits on event and, when it is signalled, quits.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This open sources support code used to interact with AWS from an
OpenVPN 3 implementation. Prior to this change it, it was hosted in
a different git repository which was not open to the public.
The complete git history related to files being moved has been applied
to this repository.
Signed-off-by: David Sommerseth <davids@openvpn.net>
- add optional token parameter, which is required when
using temporary credentials
- add optional role parameter to fetch
temporary credentials
- make route API param more fine grained
Signed-off-by: Lev Stipakov <lev@openvpn.net>