mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 12:12:15 +02:00
a6b7cf458f
This patch builds on work by David Sommerseth <davids@openvpn.net> to move the PolarSSL API from polarssl-1.3 to mbedtls-2.3, which has significant differences in some areas. - Strings containing keys, certificates, CRLs, and DH parameters need to be NULL-terminated and the length argument provided to the corresponding mbedtls parse function must be able to read the NULL-terminator. These places have been modified with a '+1' to the length argument (x509cert.hpp, x509crl.hpp, dh.hpp, pkctx.hpp). - The SSL context object has been split up in mbedtls-2.3 Now many of the SSL configurations are done in a separate SSL config object, which is added to the SSL context once configured. In addition private/public keys are now stored in a separate pk_context, which is later on attached to the SSL context. Due to this, many of the calls setting either SSL configuration parameters or working with pk_contexts have been refactored. (sslctx.hpp) - The older API loading the CA chain took a hostname argument. The new API requires mbedtls_ssl_set_hostname() explicitly to be called setting hostname. Some refactoring was needed here too (sslctx.hpp). - x509_oid_get_description() is now replaced by mbedtls_oid_get_extended_key_usage(). - when mbedTLS renamed OID_CMP to MBEDTLS_OID_CMP, the return value was changed so that a return value of 0 now means equal rather than not-equal. - mbedtls/platform.h must be loaded before any other mbedtls include files (sslchoose.hpp). - All functions and macros related to mbedTLS are now prefixed with mbedtls_/MBEDTLS_ - Refactored External PKI and added some options to cli.cpp to make it easier to test that the feature still works correctly. This included removing the sig_type var and standardizing on a PKCS#1 digest prefix per RFC 3447. - Updated test keys to 2048 bits. - Updated dependency build scripts to build mbedTLS. - Enable MD4 in mbedTLS build script (needed for NTLM auth). - Use an allow-all X509 cert profile to preserve compatibility with older configs. Going forward, we will implement new options to increase strictness on minimum RSA key size and required cert signing algs. - Added human-readable reason strings that explain why a given cert in the chain wasn't accepted. - This patch doesn't rename any files or rename internal OpenVPN 3 symbols such as PolarSSLContext. This will be done in a separate commit. Signed-off-by: James Yonan <james@openvpn.net>
29 lines
1.7 KiB
Plaintext
29 lines
1.7 KiB
Plaintext
-----BEGIN PRIVATE KEY-----
|
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCluKLuzrGmD2qy
|
|
n9MiF3neCZhxePqnzjZRVFfHMZlW0YrWxf1S5ogOe/nqJ3q/PxTsqtL/i1ZYrMpR
|
|
d8U8tuSDbyIGLVvr51nUq0LI1amHc7NzNlEvpdCQoodkVGwS07h2R2mvro8As3C5
|
|
52c/jGo9eV+BJ6MOqqc9gUgQsRhsOC6PenvFPSHI+aB/FyuIT7ry7G0kjmzxClzZ
|
|
W7Gw/EnLStJYxiolsJeEw57/NIwQRn8P+zxZeqYpDK6OUDryU4RALdWRewo3joJ3
|
|
zmYvNHdcpUU7ABmnB9GS5ma5O07pY/wzmBquewh9Ct96uqpZbYaCCmQr2lmnTE7v
|
|
Pb0EoksxAgMBAAECggEAPMOMin+jR75TYxeTNObiunVOPh0b2zeTVxLT9KfND7ZZ
|
|
cBK8pg79SEJRCnhbW5BnvbeNEkIm8PC6ZlDCM1bkRwUStq0fDUqQ95esLzOYq5/S
|
|
5qW98viblszhU/pYfja/Zi8dI1uf96PT63Zbt0NnGQ9N42+DLDeKhtTGdchZqiQA
|
|
LeSR0bQanY4tUUtCNYvBT8E3pzhoIsUzVwzIK53oovRpcOX3pMXVYZsmNhXdFFRy
|
|
YkjMXpj7fGyaAJK0QsC+PsgrKuhXDzDttsG2lI/mq9+7RXB3d/pzhmBVWynVH2lw
|
|
iQ7ONkSz7akDz/4I4WmxJep+FfQJYgK6rnLAlQqauQKBgQDammSAprnvDvNhSEp8
|
|
W+xt7jQnFqaENbGgP0/D/OZMXc4khgexqlKFmSnBCRDmQ6JvLTWqDXC4+aqAbFQz
|
|
zAIjiKaT+so8xvFRob+rBMJY5JLYKNa+zUUanfORUNYLFJPvFqnrWGaJ9uufdaM7
|
|
0a5bu95PN74NXee3DBbpBv8HLwKBgQDCEk+IjNbjMT+Neq0ywUeM5rFrUKi92abe
|
|
AgsVpjbighRV+6jA2lZFJcize+xYJ9wiOR1/TEI9PZ2OtBkqpwVdvTEHTagRLcvd
|
|
NfGcptREDnNLoNWA22buQpztiEduutACWQsrd+JQmqbUicUdW4zw86/oCMbYCW3V
|
|
QmYOLns7nwKBgHHUX20WZE91S4pmqFKlUzHTDdkk1ESX6Qx2q0R01j8BwawHFs6O
|
|
0DW9EZ7w55nfsh+OPRl1sjK/3ubMgfQO0TZLm+IGf3Sya0qEnVeiPMkpDMX+TgRA
|
|
wzEe+ou6uho+9uFSvdxMxeglaYA5M2ycvNwLsbEyZ4ZyVYxdgTiKahYFAoGAcIfP
|
|
iD0qKQiYcj/tB94cz+3AeJqHjbYT1O1YYhBECOkmQ4kuG80+cs/q5W/45lEOiuWV
|
|
Xgfo7Lu6jVGOujWoneci87oqtvNYH4e09oGh2WiLoBG9Wv9dWtBTUERSLzmxfXsG
|
|
SAk2uEhEbj8IhfJc8iZLHH9iVUh6YEslBBodqL8CgYEAlAhvcqAvw5SzsfBR5Mcu
|
|
4Nql6mXEVhHCvS4hdFCGaNF0z9A6eBORKJpdLWnqhpquDQDsghWE+Ga4QKSNFIi1
|
|
fnAaykmZuY3ToqNOIaVlYM6HpMEz0wHQbTWfDLGcTFcElLZgMAk7VlDyiYVOco+E
|
|
QX9lXOO1PGpLzXhlDxSe63Y=
|
|
-----END PRIVATE KEY-----
|