GitList

Browse code

Remove the --disable-eurephia configure option

This "feature" has been enabled since OpenVPN 2.2 without any reports that
this has been causing issues. All it does is to add an extra environment
variable 'tls_digest_{n}' with the certificate SHA1 fingerprint/digest
hash.

Lets just simplify things by removing the possibility to disable this
environment variable.

Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1370600123-6029-1-git-send-email-dazo@users.sourceforge.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7660
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e3d388652f59fd2ddd9c7f470f7ef62ee6b35595)

David Sommerseth authored on 2013/06/07 19:15:23
Showing 5 changed files

INSTALL index ed69667..61dc975 100644
configure.ac index 5994991..4b7f96e 100644
src/openvpn/options.c index 23af272..82ed902 100644
src/openvpn/ssl.c index 8b864c8..8f6813d 100644
src/openvpn/ssl_verify.c index e651a8e..0670f2a 100644

INSTALL

History View file @ 14566e4

@@ -169,8 +169,6 @@ OPTIONS for ./configure:
                        --disable-server        disable server support only (but retain client
                                                support) [default=yes]
                        --disable-plugins       disable plug-in support [default=yes]
                     -  --disable-eurephia      disable support for the eurephia plug-in
                     -                          [default=yes]
                        --disable-management    disable management server support [default=yes]
                        --enable-pkcs11         enable pkcs11 support [default=no]
                        --disable-socks         disable Socks support [default=yes]

configure.ac

History View file @ 14566e4

@@ -96,13 +96,6 @@ AC_ARG_ENABLE(
+                     )
                      AC_ARG_ENABLE(
                     -	[eurephia],
                     -	[AS_HELP_STRING([--disable-eurephia], [disable support for the eurephia plug-in @<:@default=yes@:>@])],
                     -	,
                     -	[enable_eurephia="yes"]
                     -)
+                    -
                     -AC_ARG_ENABLE(
                      	[management],
                      	[AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
+                     	,
@@ -975,7 +968,6 @@ fi
                      if test "${enable_plugins}" = "yes"; then
                      	OPTIONAL_DL_LIBS="${DL_LIBS}"
                      	AC_DEFINE([ENABLE_PLUGIN], [1], [Enable systemd support])
                     -	test "${enable_eurephia}" = "yes" && AC_DEFINE([ENABLE_EUREPHIA], [1], [Enable support for the eurephia plug-in])
                      else
                      	enable_plugin_auth_pam="no"
                      	enable_plugin_down_root="no"

src/openvpn/options.c

History View file @ 14566e4

@@ -6,9 +6,7 @@
                       *             packet compression.
+                      *
                       *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
                     - *
                     - *  Additions for eurephia plugin done by:
                     - *         David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2009
                     + *  Copyright (C) 2008-2013 David Sommerseth <dazo@users.sourceforge.net>
+                      *
                       *  This program is free software; you can redistribute it and/or modify
                       *  it under the terms of the GNU General Public License version 2
@@ -100,9 +98,6 @@ const char title_string[] =
                      #ifdef ENABLE_PKCS11
                        " [PKCS11]"
                      #endif
                     -#ifdef ENABLE_EUREPHIA
                     -  " [eurephia]"
                     -#endif
                      #if ENABLE_IP_PKTINFO
                        " [MH]"
                      #endif

src/openvpn/ssl.c

History View file @ 14566e4

@@ -7,10 +7,7 @@
+                      *
                       *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
                       *  Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
                     - *
                     - *  Additions for eurephia plugin done by:
                     - *         David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009
                     - *
                     + *  Copyright (C) 2008-2013 David Sommerseth <dazo@users.sourceforge.net>
+                      *
                       *  This program is free software; you can redistribute it and/or modify
                       *  it under the terms of the GNU General Public License version 2

src/openvpn/ssl_verify.c

History View file @ 14566e4

@@ -425,7 +425,6 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert
                        setenv_str (es, envname, common_name);
                      #endif
                     -#ifdef ENABLE_EUREPHIA
                        /* export X509 cert SHA1 fingerprint */
+                       {
                          unsigned char *sha1_hash = x509_get_sha1_hash(peer_cert, &gc);
@@ -434,7 +433,6 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert
                          setenv_str (es, envname, format_hex_ex(sha1_hash, SHA_DIGEST_LENGTH, 0, 1,
                      					  ":", &gc));
+                       }
                     -#endif
                        /* export serial number as environmental variable */
                        serial = x509_get_serial(peer_cert, &gc);