If the OPENVPN_USE_SITNL is defined as compiler arguments or set
earlier if cli.cpp was used in an #include statement, the compiler
would warn about OPENVPN_USE_SITNL being redefined.
We want OPENVPN_USE_SITNL by default, but the code does not need
to explicitly define it if it is already defined.
Signed-off-by: David Sommerseth <davids@openvpn.net>
OpenSSL 1.1+ by default only allows signatures and key exchange from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. Since in
TLS1.3 key exchange is independent from the signature/key of the
certificates, allowing all groups per default is not a sensible choice
anymore and the shorter lister is reasonable.
However, when using certificates with exotic curves the signatures of
this certificates will no longer be accepted. This option allows to
modify the list for these corner cases.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This is needed for the tls-cipehr/tls-ciphersuites to have an
initialised OpenSSL when using OpenSSL < 1.1.0
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This option has been very likely been to fix some incompatibilities
between some TLS libraries. But nobody really remember what it fixes
and its usage today is questionable. So remove the option instead
of supporting an option we cannot even test anymore.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Added a unit test to confirm the fix.
Other changes:
* In Base64 decode(), avoid the use of std::strlen() in favor
of std::string length() method since a std::string could
conceivably contain embedded null chars.
* In Base64 unit test, renamed b64_test_bad() to
b64_test_bad_decode() for clarity.
Signed-off-by: James Yonan <james@openvpn.net>
This is useful for running a command from a worker thread
where signals have been blocked, but we want the child
process to run with the original pre-blocked signal configuration.
Signed-off-by: James Yonan <james@openvpn.net>
The added IV_CIPHER string that we send, brought the Frame used in
the proto test client over the 256 byte limit. Change the proto test
to use a larger test frame of 378 byte.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Linux filesystem is case-sensitive and all
mingw includes are in lower case. Also use
Linux directory separator, since it works on both
Linux and Windows.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
These functions are found in openvpn/mbedtls/pki/x509certinfo.hpp.
This change also adds support to build coreUnitTests against mbed TLS
instead of OpenSSL (default) by providing -DUSE_MBEDTLS=true to cmake.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This adds some basic unit tests for the various functions retrieving
information from a X.509 certificate.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This new VerifyX509Name class handles both extracting and parsing the
appropriate --verify-x509-name option and is able to verify if a given
subject or hostname is matching the expectation.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This avoids the mistake of using the insecure MTRand in anything but
a unit test and has the advantage that not all MTRand in a unit test
suite report being secure
Signed-off-by: Arne Schwabe <arne@openvpn.net>
To support the pre unittest tests that compare the output against an
expected output without fully rewriting them, this logger provides a
facility to integrate them in the unit test framework
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This avoid a linkage problem encountered when building core with two
compilation units and OPENVPN_EXTERN being used.
Also adjust core unit tests with regard to now different extern usage
This also removes unittest.vcxproj from solution, since
it is deprecated in favor of CMake-based unit tests.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This test attempts to assure that the measurements we get from
openvpn::cpu_time() is within a reasonable range of what we should
normally expect.
This is achieved by using a simple worker thread which ensures the
process is not "idling" (like it would with sleep()) but in a real busy
loop which takes some time. Then we measure the time spent in the busy
loop, both using a simplistic time() and comparing that with what
cpu_time() returns.
This unit test also supports measuring multiple running threads
individually too.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This introduces experimental support for Wintun
as an alternative for tap-windows6.
In order to use wintun, set "ClientAPI::Config::wintun"
flag to "true" or use "-w" option in test client.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This takes into use new TunSetup API which enables to create bypass
routes before establishing connection.
Signed-off-by: Lev Stipakov <lev@openvpn.net>