Addedd configure option (--disable-eurephia) to disable the code which the
eurephia plug-in depends on.
It was chosen to use --disable-eurephia, as this patch is not much intrusive. It
just enables a SHA1 fingerprint environment variable for each certificate being
used for the connection.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
... | ... |
@@ -98,6 +98,12 @@ AC_ARG_ENABLE(plugins, |
98 | 98 |
[PLUGINS="yes"] |
99 | 99 |
) |
100 | 100 |
|
101 |
+AC_ARG_ENABLE(eurephia, |
|
102 |
+ [ --disable-eurephia Disable support for the eurephia plug-in], |
|
103 |
+ [EUREPHIA="$enableval"], |
|
104 |
+ [EUREPHIA="yes"] |
|
105 |
+) |
|
106 |
+ |
|
101 | 107 |
AC_ARG_ENABLE(management, |
102 | 108 |
[ --disable-management Disable management server support], |
103 | 109 |
[MANAGEMENT="$enableval"], |
... | ... |
@@ -641,6 +647,9 @@ if test "${WIN32}" != "yes"; then |
641 | 641 |
)], |
642 | 642 |
[AC_MSG_RESULT([libdl headers not found.])] |
643 | 643 |
) |
644 |
+ if test "$EUREPHIA" = "yes"; then |
|
645 |
+ AC_DEFINE(ENABLE_EUREPHIA, 1, [Enable support for the eurephia plug-in]) |
|
646 |
+ fi |
|
644 | 647 |
fi |
645 | 648 |
fi |
646 | 649 |
|
... | ... |
@@ -7,6 +7,9 @@ |
7 | 7 |
* |
8 | 8 |
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> |
9 | 9 |
* |
10 |
+ * Additions for eurephia plugin done by: |
|
11 |
+ * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2009 |
|
12 |
+ * |
|
10 | 13 |
* This program is free software; you can redistribute it and/or modify |
11 | 14 |
* it under the terms of the GNU General Public License version 2 |
12 | 15 |
* as published by the Free Software Foundation. |
... | ... |
@@ -73,6 +76,9 @@ const char title_string[] = |
73 | 73 |
#ifdef ENABLE_PKCS11 |
74 | 74 |
" [PKCS11]" |
75 | 75 |
#endif |
76 |
+#ifdef ENABLE_EUREPHIA |
|
77 |
+ " [eurephia]" |
|
78 |
+#endif |
|
76 | 79 |
" built on " __DATE__ |
77 | 80 |
; |
78 | 81 |
|
... | ... |
@@ -7,6 +7,10 @@ |
7 | 7 |
* |
8 | 8 |
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> |
9 | 9 |
* |
10 |
+ * Additions for eurephia plugin done by: |
|
11 |
+ * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009 |
|
12 |
+ * |
|
13 |
+ * |
|
10 | 14 |
* This program is free software; you can redistribute it and/or modify |
11 | 15 |
* it under the terms of the GNU General Public License version 2 |
12 | 16 |
* as published by the Free Software Foundation. |
... | ... |
@@ -780,6 +784,16 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) |
780 | 780 |
openvpn_snprintf (envname, sizeof(envname), "tls_id_%d", ctx->error_depth); |
781 | 781 |
setenv_str (opt->es, envname, subject); |
782 | 782 |
|
783 |
+#ifdef ENABLE_EUREPHIA |
|
784 |
+ /* export X509 cert SHA1 fingerprint */ |
|
785 |
+ { |
|
786 |
+ struct gc_arena gc = gc_new (); |
|
787 |
+ openvpn_snprintf (envname, sizeof(envname), "tls_digest_%d", ctx->error_depth); |
|
788 |
+ setenv_str (opt->es, envname, |
|
789 |
+ format_hex_ex(ctx->current_cert->sha1_hash, SHA_DIGEST_LENGTH, 0, 1, ":", &gc)); |
|
790 |
+ gc_free(&gc); |
|
791 |
+ } |
|
792 |
+#endif |
|
783 | 793 |
#if 0 |
784 | 794 |
/* export common name string as environmental variable */ |
785 | 795 |
openvpn_snprintf (envname, sizeof(envname), "tls_common_name_%d", ctx->error_depth); |