This option has been very likely been to fix some incompatibilities
between some TLS libraries. But nobody really remember what it fixes
and its usage today is questionable. So remove the option instead
of supporting an option we cannot even test anymore.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This also changes the mbed TLS implementation from using the AES GCM
specific API to the generic AEAD API in mbed TLS. As result we can
refactor the commonly used parts of AEAD and normal cipher into a
common class.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This is the mbed TLS counter part to the OpenSSL change in
commit e0fd92f30756. These two methods are generic and not
tied to the MbedTLSContext in any particular way.
This is needed to be able to add a unit test for the x509_get_*()
functions.
Signed-off-by: David Sommerseth <davids@openvpn.net>
const modifies on primitive return types (int, bool, etc.) do not
do anything and Clang complains about these.
Zero initialisation in C++ is done by = {} or class().
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This information is only send if push-peer-info is enabled. It is meant
to have an easy way for centrally adminstrated to spot clients using
outdated SSL libraries.
For example, the following client directive will push the SNI name
"test@example.com" to the server:
sni "test@example.com"
Signed-off-by: James Yonan <james@openvpn.net>
auth_cert() can now be const because OpenSSL rebuild_authcert()
is never called unless authcert has already been allocated,
making
authcert.reset(new AuthCert());
redundant. Once the above statement is removed,
rebuild_authcert() becomes const.
Signed-off-by: James Yonan <james@openvpn.net>
Attempting to build a standalone program that includes
openvpn/openssl/pki/pkey.hpp will fail because it depends
on the PKType enum in openvpn/ssl/sslapi.hpp which
is not explicitly included by pkey.hpp.
Rather than having pkey.hpp include sslapi.hpp (which
seems like a dependency inversion), put PKType into
its own header file.
Signed-off-by: James Yonan <james@openvpn.net>
On the server side, we add the abstract base class
SNIHandlerBase to provide a hook (sni_hello) where
servers can inspect the SNI name given in the client
hello message and possibly return a different SSLFactoryAPI.
In other changes, we rename the ENABLE_SNI flag to
ENABLE_CLIENT_SNI to be clear that this flag only affects
the client-side SNI implementation.
We also add the NO_VERIFY_HOSTNAME flag on the client side
to allow the SNI name to be transmitted to the server
without requiring a match between the SNI name and the
common name or subject alternative name in the server
certificate.
Signed-off-by: James Yonan <james@openvpn.net>
The Clang++ compiler is not happy about this missing declaration on
virtual methods, which is a fair complaint.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Returns true if we did a full SSL handshake/negotiation.
or false for cached, reused, or persisted sessions.
Signed-off-by: James Yonan <james@openvpn.net>
This is an initial client and server-side implementation
for OpenSSL 1.0.2.
Note that this functionality is intended for use with
HTTP sessions, and should not be used with the OpenVPN
protocol.
Signed-off-by: James Yonan <james@openvpn.net>
Removed set_enable_renegotiation from SSLConfigAPI and underlying
SSL implementations (OpenSSL, MbedTLS) since we are not currently
using it and TLS 1.3 standardizes on a session ticket model rather
than server-side session caching.
Signed-off-by: James Yonan <james@openvpn.net>
In TLS 1.3 the RSA-PSS padding is required in addition to the
traditional PKCS1 padding used in TLS 1.2 and below. Add an
argument to the external sign function to signal what padding
is required. As quirkyness OpenSSL calls out requesting a NONE
padding instead of RSA-PASS.
We might need to move from RSA_method to EVP_PKEY_method in the
future.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
The commit 8b22a7b2 had two mistakes:
Accidentally moving the #endif to the wrong line during reformat.
Forgetting to include mbedtls/version.h so the version check was always
false.
Add PEMAPI to allow OpenVPN core to encode/decode PEM
format using {mbed,Open}SSL API.
Needed to decode tls-crypt-v2 keys.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This is super unlikely to fail but be better safe than sorry.
The function needs mbed TLS 2.7.0 which should be fine for every
still supported platform of us.
Without this patch you get still specify a client EC certificate and
connect to a RSA server. The connection will be established until the
external pki sign will fail in "interesting" ways.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
To bundle ptcore and openvpncli into the same shared library for
OpenVPN Connect, the two libraries need both to include OpenVPN (or
parts of it).
Ptcore defines OPENVPN_EXTERN as extern to define the symbols as extern
in that library but a few places are missing proper weak symbol (inline)
or extern declaration.
Introduce profile flag "allow-name-constraints".
mbedTLS doesn't support x509v3 'Name Constrains'
extension. To allow client to connect, make mbedTLS
not to fail on this extension and drop a warning to UI.
This depends on "Enable allowing unsupported critical extensions in runtime"
patch to mbedTLS.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Whitelist TLS ciphersuites that include the ECDSA algorithm.
This way EC certificates can be finally used.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
The SSLAPI instance should use this new attribute to
report potential issues detected during the tls handshake.
Upper layers will process this attribute when needed.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Following an high number of users complaints, it was suggested
to re-enable MD5 and to give our users a notice period of some
months before dropping its support entirely.
With this patch we add a new certificate profile called "insecure"
which is equal to "legacy" with the addition of MD5.
By default OpenVPN3 still use legacy and the insecure profile
must be enabled explicitly by the client app.
The new profile is also enveloped in an ifdef so that
such support is not introduced, unless who builds the core
knows about it.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
SSL_CBC_RECORD_SPLITTING is not enabled in OpenVPN-2.x
therefore we have to disable it by defaultin OpenVPN-3 as well
to keep wire compatibility.
This feature can cause nasty behaviours when communicating over
TLS-1.0. Crashes of servers running openvpn < 2.3.7 have also
been witnessed due to an assert on the packet size (assert has been
removed in 2.3.7).
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>