mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 12:12:15 +02:00
811c8c78ca
The xkey provider has been originally implemented by Selva Nair for OpenVPN 2.x and he has agreed to allow me to reuse the provider for OpenSSL 3.0 This brings the xkey provider to OpenSSL to Openvpn3. The xkey_provider.c file is kept as close as possible to the original OpenVPN 2 source. From xkey_helper only the parts that were needed were picked up and used in xkey.hpp. This also changes the requests for clients wanting to implementing the API, generally making them more work (adding PSS/PKCS1 padding and hashing) but this is a good thing since especially external keys/HSM often do not like doing raw signatures and often require to do padding/hashing themselves. This commit also updates the test client's EPKI implementation to work with the new requirements of the new API. Since most of OpenVPN3's code base assumes having only one compilation unit and the xkey_provider.c, this commit introduces the ENABLE_EXTERNAL_PKI define. Only if this is set external key support is supported (and the xkey_provider.c compilation unit needed). This commit furthermore removes the pragma statements from extpki.hpp that supressed warnings when being compiled with OpenSSL 3.0+ as this is header file longer compiled with OpenSSL 3.0+. (Technically xkey is >= 3.0.1 but we have no target that is OpenSSL 3.0.0). Signed-off-by: Arne Schwabe <arne@openvpn.net> |
||
---|---|---|
.. | ||
CMakeLists.txt | ||
ovpncli.cpp | ||
ovpncli.hpp | ||
ovpncli.i |