Browse code
Reworked the eurephia patch for inclusion to the openvpn-testing tree
Addedd configure option (--disable-eurephia) to disable the code which the
eurephia plug-in depends on.
It was chosen to use --disable-eurephia, as this patch is not much intrusive. It
just enables a SHA1 fingerprint environment variable for each certificate being
used for the connection.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
David Sommerseth authored on 2010/02/16 07:15:44Showing 3 changed files
| ... | ... |
@@ -98,6 +98,12 @@ AC_ARG_ENABLE(plugins, |
| 98 | 98 |
[PLUGINS="yes"] |
| 99 | 99 |
) |
| 100 | 100 |
|
| 101 |
+AC_ARG_ENABLE(eurephia, |
|
| 102 |
+ [ --disable-eurephia Disable support for the eurephia plug-in], |
|
| 103 |
+ [EUREPHIA="$enableval"], |
|
| 104 |
+ [EUREPHIA="yes"] |
|
| 105 |
+) |
|
| 106 |
+ |
|
| 101 | 107 |
AC_ARG_ENABLE(management, |
| 102 | 108 |
[ --disable-management Disable management server support], |
| 103 | 109 |
[MANAGEMENT="$enableval"], |
| ... | ... |
@@ -641,6 +647,9 @@ if test "${WIN32}" != "yes"; then
|
| 641 | 641 |
)], |
| 642 | 642 |
[AC_MSG_RESULT([libdl headers not found.])] |
| 643 | 643 |
) |
| 644 |
+ if test "$EUREPHIA" = "yes"; then |
|
| 645 |
+ AC_DEFINE(ENABLE_EUREPHIA, 1, [Enable support for the eurephia plug-in]) |
|
| 646 |
+ fi |
|
| 644 | 647 |
fi |
| 645 | 648 |
fi |
| 646 | 649 |
|
| ... | ... |
@@ -7,6 +7,9 @@ |
| 7 | 7 |
* |
| 8 | 8 |
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> |
| 9 | 9 |
* |
| 10 |
+ * Additions for eurephia plugin done by: |
|
| 11 |
+ * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2009 |
|
| 12 |
+ * |
|
| 10 | 13 |
* This program is free software; you can redistribute it and/or modify |
| 11 | 14 |
* it under the terms of the GNU General Public License version 2 |
| 12 | 15 |
* as published by the Free Software Foundation. |
| ... | ... |
@@ -73,6 +76,9 @@ const char title_string[] = |
| 73 | 73 |
#ifdef ENABLE_PKCS11 |
| 74 | 74 |
" [PKCS11]" |
| 75 | 75 |
#endif |
| 76 |
+#ifdef ENABLE_EUREPHIA |
|
| 77 |
+ " [eurephia]" |
|
| 78 |
+#endif |
|
| 76 | 79 |
" built on " __DATE__ |
| 77 | 80 |
; |
| 78 | 81 |
|
| ... | ... |
@@ -7,6 +7,10 @@ |
| 7 | 7 |
* |
| 8 | 8 |
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> |
| 9 | 9 |
* |
| 10 |
+ * Additions for eurephia plugin done by: |
|
| 11 |
+ * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009 |
|
| 12 |
+ * |
|
| 13 |
+ * |
|
| 10 | 14 |
* This program is free software; you can redistribute it and/or modify |
| 11 | 15 |
* it under the terms of the GNU General Public License version 2 |
| 12 | 16 |
* as published by the Free Software Foundation. |
| ... | ... |
@@ -780,6 +784,16 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) |
| 780 | 780 |
openvpn_snprintf (envname, sizeof(envname), "tls_id_%d", ctx->error_depth); |
| 781 | 781 |
setenv_str (opt->es, envname, subject); |
| 782 | 782 |
|
| 783 |
+#ifdef ENABLE_EUREPHIA |
|
| 784 |
+ /* export X509 cert SHA1 fingerprint */ |
|
| 785 |
+ {
|
|
| 786 |
+ struct gc_arena gc = gc_new (); |
|
| 787 |
+ openvpn_snprintf (envname, sizeof(envname), "tls_digest_%d", ctx->error_depth); |
|
| 788 |
+ setenv_str (opt->es, envname, |
|
| 789 |
+ format_hex_ex(ctx->current_cert->sha1_hash, SHA_DIGEST_LENGTH, 0, 1, ":", &gc)); |
|
| 790 |
+ gc_free(&gc); |
|
| 791 |
+ } |
|
| 792 |
+#endif |
|
| 783 | 793 |
#if 0 |
| 784 | 794 |
/* export common name string as environmental variable */ |
| 785 | 795 |
openvpn_snprintf (envname, sizeof(envname), "tls_common_name_%d", ctx->error_depth); |