diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-12-27 18:25:47 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-12-27 18:25:47 +0100 |
commit | 79f3537f69e125f19f59c36aa090120a63186a54 (patch) | |
tree | 2089a3b7dac990841dbc2e4d9b2f535b82dbb0af /sample | |
parent | f2137fedb30cb87448eb03b2f288920df6187571 (diff) | |
parent | 3a2bbdb05ca6a6996e424c9fb225cb0d53804125 (diff) |
Merge tag 'upstream/2.4.0'
Upstream version 2.4.0
Diffstat (limited to 'sample')
31 files changed, 1676 insertions, 638 deletions
diff --git a/sample/Makefile.am b/sample/Makefile.am index be30c88..58ae965 100644 --- a/sample/Makefile.am +++ b/sample/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> +# Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> # Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> # diff --git a/sample/Makefile.in b/sample/Makefile.in index f210f15..51a869c 100644 --- a/sample/Makefile.in +++ b/sample/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> +# Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> # Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> # diff --git a/sample/sample-keys/sample-ca/01.pem b/sample/sample-keys/sample-ca/01.pem new file mode 100644 index 0000000..6613831 --- /dev/null +++ b/sample/sample-keys/sample-ca/01.pem @@ -0,0 +1,113 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + Validity + Not Before: Oct 28 12:54:32 2016 GMT + Not After : Oct 26 12:54:32 2026 GMT + Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a6:74:d1:c9:77:5d:ff:d6:22:e3:69:38:8f:e1: + 15:0c:e3:46:2c:19:61:31:af:ef:f9:34:5b:0c:bd: + 20:d1:76:6a:64:62:f6:89:aa:5b:c9:42:10:44:6f: + 07:0f:fe:62:59:96:0b:16:ec:62:3e:18:08:ad:67: + 37:b6:53:2d:3d:d9:81:b7:6b:11:d6:fa:23:6a:23: + 6c:3c:be:54:91:e3:04:c6:f5:8c:a6:6a:80:9f:ef: + e8:5b:63:1e:68:37:09:ef:4d:5c:44:82:e6:2e:0d: + e5:d7:94:3f:31:74:50:d1:10:5c:99:4d:b5:9f:80: + 2b:46:25:37:8b:a2:3d:ce:02:b2:0a:21:63:82:9c: + a1:35:b9:3d:9e:ad:a4:19:3c:f5:b2:3a:d7:aa:d4: + b7:6d:c2:95:4d:94:4b:38:6f:b0:60:cf:22:d7:37: + 66:62:1d:1a:86:c2:a8:6a:2a:56:e5:d6:c3:e2:31: + 34:a6:42:5d:79:da:12:e0:a1:95:d1:17:07:f6:cc: + f8:63:fa:01:8a:26:7b:bf:b8:a4:87:8c:b5:a3:59: + 23:60:67:07:4a:4c:c1:55:be:60:a1:56:92:6c:97: + 53:fb:fe:eb:d3:25:fd:28:23:3e:38:4d:e9:92:90: + 8b:a6:5e:22:2f:02:1f:69:c6:fa:88:a5:52:88:cc: + 61:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + Netscape Comment: + OpenSSL Generated Server Certificate + X509v3 Subject Key Identifier: + 7D:4C:17:FE:59:B2:58:FF:08:BC:F4:88:FC:A3:8F:9F:CA:3B:3B:5E + X509v3 Authority Key Identifier: + keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10 + DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + serial:A4:CC:46:13:89:24:40:73 + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 82:2e:11:99:f4:56:98:ad:23:97:74:5c:69:00:7b:fc:9a:93: + 15:20:93:db:d6:83:04:9a:6c:cb:55:cd:5c:07:d6:31:5a:00: + 1d:35:eb:8e:74:cd:7a:08:db:cd:1f:89:8c:04:70:f7:35:e0: + a7:cc:cf:76:2b:8a:a5:80:7b:c1:72:4e:9a:c6:b7:a2:f5:9c: + 23:dc:d7:0d:93:a3:0f:f4:10:7d:8b:1d:85:5e:bb:2f:09:c8: + 67:41:38:12:72:14:29:f6:6d:68:b5:8a:97:1c:a1:8f:3d:74: + 14:95:c6:88:4f:4c:cd:8b:2e:db:95:b0:98:55:d7:5b:22:1f: + f3:de:5c:b4:7b:a0:d9:f2:56:2c:ff:85:b0:16:52:63:11:2b: + 14:8e:d0:f8:03:d2:cc:89:35:c0:d5:a3:b9:ec:11:55:e0:17: + 43:95:b2:6e:f2:db:80:73:f2:b3:3f:9d:fa:4d:24:6a:60:25: + 24:1a:53:10:38:08:d4:fe:fa:06:1a:1e:d3:cc:15:64:c7:9e: + 8b:51:ee:b3:50:25:60:88:70:46:39:bd:79:f1:5a:74:67:3d: + f0:7e:22:a9:b4:2e:f5:06:45:c3:46:fe:e6:32:40:e6:e1:00: + dc:e8:a8:43:fe:f4:66:64:4f:41:45:d5:d2:7b:ab:a0:62:f7: + dc:f0:28:d3:c6:9c:21:3e:bd:44:95:4c:20:b4:8f:c3:ae:ee: + eb:d7:7a:11:88:2d:3d:18:49:5d:e6:09:b8:5f:c7:24:32:83: + dd:5f:ae:03:02:c1:b6:51:0d:62:a2:41:f4:13:12:b2:f2:9a: + c1:50:04:63:42:de:41:b3:b3:ab:45:57:9e:8b:01:e0:c5:70: + d9:70:0e:ea:84:39:07:08:03:e9:99:b1:60:ce:a9:c6:ce:a4: + 61:29:36:3c:58:52:a2:c3:01:4f:4e:c1:e8:af:3b:ca:7c:34: + 9c:2a:21:c9:40:17:ce:8c:10:b2:fc:c2:39:43:55:50:19:2d: + c9:f0:ab:48:b2:86:e6:cf:1e:13:6c:6a:ed:85:e9:f6:dd:b9: + ba:6e:70:6a:e9:78:43:40:a3:c8:64:50:1f:5b:88:0d:88:55: + 0f:94:9c:92:44:83:79:0c:38:79:09:c4:93:6a:a8:dc:f3:8b: + c4:af:bf:0c:20:7b:76:7b:31:52:01:70:4f:09:be:38:d0:14: + ce:62:c6:00:35:cd:fc:eb:68:f1:45:d5:de:6a:3f:8b:3f:dc: + 1c:c9:e3:8a:7c:f1:17:53:71:f8:af:c9:43:9f:91:5a:16:0b: + 3a:c0:d7:b0:e7:74:54:12:f0:9a:71:5f:f3:dd:6b:c0:69:ec: + 9d:4d:14:61:bd:10:21:80 +-----BEGIN CERTIFICATE----- +MIIFgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL +MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t +VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy +ODEyNTQzMloXDTI2MTAyNjEyNTQzMlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT +Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy +MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCmdNHJd13/1iLjaTiP4RUM40YsGWExr+/5NFsM +vSDRdmpkYvaJqlvJQhBEbwcP/mJZlgsW7GI+GAitZze2Uy092YG3axHW+iNqI2w8 +vlSR4wTG9YymaoCf7+hbYx5oNwnvTVxEguYuDeXXlD8xdFDREFyZTbWfgCtGJTeL +oj3OArIKIWOCnKE1uT2eraQZPPWyOteq1LdtwpVNlEs4b7BgzyLXN2ZiHRqGwqhq +Klbl1sPiMTSmQl152hLgoZXRFwf2zPhj+gGKJnu/uKSHjLWjWSNgZwdKTMFVvmCh +VpJsl1P7/uvTJf0oIz44TemSkIumXiIvAh9pxvqIpVKIzGGhAgMBAAGjggEzMIIB +LzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk +T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBR9 +TBf+WbJY/wi89Ij8o4+fyjs7XjCBmAYDVR0jBIGQMIGNgBQIxJTtIwojDdD60hPi +PLZl51MlEKFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRAwDgYDVQQH +EwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEW +Em1lQG15aG9zdC5teWRvbWFpboIJAKTMRhOJJEBzMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAgEAgi4RmfRWmK0jl3Rc +aQB7/JqTFSCT29aDBJpsy1XNXAfWMVoAHTXrjnTNegjbzR+JjARw9zXgp8zPdiuK +pYB7wXJOmsa3ovWcI9zXDZOjD/QQfYsdhV67LwnIZ0E4EnIUKfZtaLWKlxyhjz10 +FJXGiE9MzYsu25WwmFXXWyIf895ctHug2fJWLP+FsBZSYxErFI7Q+APSzIk1wNWj +uewRVeAXQ5WybvLbgHPysz+d+k0kamAlJBpTEDgI1P76Bhoe08wVZMeei1Hus1Al +YIhwRjm9efFadGc98H4iqbQu9QZFw0b+5jJA5uEA3OioQ/70ZmRPQUXV0nuroGL3 +3PAo08acIT69RJVMILSPw67u69d6EYgtPRhJXeYJuF/HJDKD3V+uAwLBtlENYqJB +9BMSsvKawVAEY0LeQbOzq0VXnosB4MVw2XAO6oQ5BwgD6ZmxYM6pxs6kYSk2PFhS +osMBT07B6K87ynw0nCohyUAXzowQsvzCOUNVUBktyfCrSLKG5s8eE2xq7YXp9t25 +um5waul4Q0CjyGRQH1uIDYhVD5SckkSDeQw4eQnEk2qo3POLxK+/DCB7dnsxUgFw +Twm+ONAUzmLGADXN/Oto8UXV3mo/iz/cHMnjinzxF1Nx+K/JQ5+RWhYLOsDXsOd0 +VBLwmnFf891rwGnsnU0UYb0QIYA= +-----END CERTIFICATE----- diff --git a/sample/sample-keys/sample-ca/02.pem b/sample/sample-keys/sample-ca/02.pem new file mode 100644 index 0000000..295f720 --- /dev/null +++ b/sample/sample-keys/sample-ca/02.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + Validity + Not Before: Oct 28 12:54:33 2016 GMT + Not After : Oct 26 12:54:33 2026 GMT + Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e5:4f:5f:c9:2c:3f:8e:1a:3e:0b:f8:7f:82:d5: + ca:c5:6e:94:a4:fd:98:85:c0:1d:eb:94:b5:93:5b: + df:c2:c0:3f:9b:8e:5e:a3:d0:91:ca:3e:f4:74:93: + 63:86:df:a7:ae:0d:15:28:6d:38:6e:3b:ac:c9:5c: + 1f:c7:f7:d5:66:64:b9:07:00:41:6d:b6:a6:1a:ee: + f1:bb:ce:bd:39:cc:70:1f:9b:65:d7:3c:3c:97:2e: + 8e:1e:31:90:7f:cc:a7:b8:d9:2f:4e:b3:4a:98:6d: + a0:15:04:9d:cb:e1:7a:e1:63:f4:96:7a:bb:9e:a8: + d8:f0:33:97:67:6d:bf:39:82:0e:a3:b7:2a:15:2d: + 99:2b:f8:53:b1:e8:14:0f:d9:b3:a2:4f:2a:f1:63: + fd:d5:72:a6:22:b9:d6:be:e4:7b:9e:c8:85:1e:06: + 1a:31:24:3d:f3:82:ac:d7:28:7d:a4:4f:4b:c3:fd: + 72:27:07:ef:9d:51:71:56:d4:a4:b6:66:d2:74:4f: + 97:7f:3f:90:a8:56:8b:5b:14:4a:4f:c0:3d:2d:5a: + 90:74:db:da:59:83:4d:dd:2b:0a:81:24:ce:19:ce: + 8e:56:10:0f:cd:0d:83:01:d8:75:8b:66:16:40:1b: + 47:af:77:1f:d7:c5:cf:0a:d7:7c:f2:7e:a0:a0:5d: + fa:67 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B8:DE:77:EB:43:83:FF:95:59:BB:28:78:E4:4D:F2:E5:C7:2E:06:EF + X509v3 Authority Key Identifier: + keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10 + DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + serial:A4:CC:46:13:89:24:40:73 + + Signature Algorithm: sha256WithRSAEncryption + a7:24:5d:b2:2f:49:63:55:90:e0:95:0e:fa:fc:d7:d8:0c:89: + 01:15:90:73:39:e9:32:3a:f9:8d:4b:cd:e7:3a:32:c0:fd:bb: + ed:3c:d9:cf:ea:0f:f3:6e:18:18:1d:1c:9c:e2:39:e6:c0:1d: + 2e:54:14:ec:1b:b2:5a:fd:1a:ac:65:45:9b:d4:0d:4a:3a:53: + 95:8d:bd:d3:44:20:17:70:d0:79:b5:f7:2c:dd:2a:0d:bf:b3: + d0:a8:1f:5c:db:33:5b:5d:56:24:84:2b:c8:43:32:fc:f3:dc: + b5:da:dc:7f:0a:1c:2a:2f:9b:60:ca:2d:6e:fe:98:55:26:d5: + 62:a7:3e:f4:49:5c:a9:76:54:87:19:0b:dd:74:ff:02:f0:75: + 8a:36:01:cf:29:67:9b:ae:c0:e5:da:da:2b:d9:57:61:92:69: + 1d:e3:b2:f4:66:8e:f8:dd:11:13:4c:1d:a5:7f:37:df:4e:fd: + 7d:96:ba:ac:6c:39:83:89:8f:05:47:1a:4b:4f:68:38:1a:99: + c8:68:1a:31:b9:78:9a:f5:12:ea:23:c2:c6:83:6b:e4:e0:9a: + fc:70:aa:bb:ef:00:1f:c9:18:ef:48:c2:fc:ec:e8:4c:e8:92: + d6:64:ab:5c:b3:ac:03:da:5f:a9:92:f2:ff:ef:a7:39:6f:d6: + 95:fb:44:89:c7:2b:c4:c4:45:b3:49:1a:c1:23:96:0d:f4:0b: + 0f:75:3b:6e:2c:4c:60:be:e7:0f:63:f2:3c:f0:9c:58:af:dd: + 5e:41:9e:f7:3f:e0:fb:28:be:f0:02:03:01:8c:9e:c5:52:e0: + a4:90:e0:b2:04:1b:58:3e:13:49:87:7b:20:27:73:f4:a8:cd: + c2:be:c7:c0:e9:8e:2d:d0:58:4b:9e:2f:fa:94:63:b2:99:16: + 08:5d:a1:49:1a:3d:29:9a:34:a3:63:ef:fd:79:da:0a:3e:79: + b1:cd:6f:f6:11:b7:c0:e8:67:41:36:36:94:a1:09:7a:cc:b9: + 4b:63:47:ce:49:c8:02:f9:d9:df:49:c1:04:82:09:f8:5b:92: + 4b:98:af:86:5e:fe:2e:48:fe:d6:69:7b:76:a8:c5:32:f6:b0: + ed:7e:bf:14:65:ca:fe:fa:bb:43:33:7e:c8:f4:98:a3:f8:0b: + 65:85:3d:5a:ed:33:45:12:76:90:9a:ca:34:fe:5a:ae:f6:ac: + 4d:9d:b6:28:7f:ac:e3:43:60:9a:dd:ec:a9:21:49:44:4a:74: + 48:12:6b:93:3b:08:70:ac:2e:58:f7:68:eb:8e:ba:9f:41:5a: + f9:a9:43:46:73:7a:1f:40:74:ce:87:c9:5e:51:67:8e:a3:cc: + b8:ea:ac:fe:7b:d8:2b:78 +-----BEGIN CERTIFICATE----- +MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL +MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t +VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy +ODEyNTQzM1oXDTI2MTAyNjEyNTQzM1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT +Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50 +MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDlT1/JLD+OGj4L+H+C1crFbpSk/ZiFwB3rlLWT +W9/CwD+bjl6j0JHKPvR0k2OG36euDRUobThuO6zJXB/H99VmZLkHAEFttqYa7vG7 +zr05zHAfm2XXPDyXLo4eMZB/zKe42S9Os0qYbaAVBJ3L4XrhY/SWerueqNjwM5dn +bb85gg6jtyoVLZkr+FOx6BQP2bOiTyrxY/3VcqYiuda+5HueyIUeBhoxJD3zgqzX +KH2kT0vD/XInB++dUXFW1KS2ZtJ0T5d/P5CoVotbFEpPwD0tWpB029pZg03dKwqB +JM4Zzo5WEA/NDYMB2HWLZhZAG0evdx/Xxc8K13zyfqCgXfpnAgMBAAGjgcgwgcUw +CQYDVR0TBAIwADAdBgNVHQ4EFgQUuN5360OD/5VZuyh45E3y5ccuBu8wgZgGA1Ud +IwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYTAktH +MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ +Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCkzEYT +iSRAczANBgkqhkiG9w0BAQsFAAOCAgEApyRdsi9JY1WQ4JUO+vzX2AyJARWQcznp +Mjr5jUvN5zoywP277TzZz+oP824YGB0cnOI55sAdLlQU7BuyWv0arGVFm9QNSjpT +lY2900QgF3DQebX3LN0qDb+z0KgfXNszW11WJIQryEMy/PPctdrcfwocKi+bYMot +bv6YVSbVYqc+9ElcqXZUhxkL3XT/AvB1ijYBzylnm67A5draK9lXYZJpHeOy9GaO ++N0RE0wdpX833079fZa6rGw5g4mPBUcaS09oOBqZyGgaMbl4mvUS6iPCxoNr5OCa +/HCqu+8AH8kY70jC/OzoTOiS1mSrXLOsA9pfqZLy/++nOW/WlftEiccrxMRFs0ka +wSOWDfQLD3U7bixMYL7nD2PyPPCcWK/dXkGe9z/g+yi+8AIDAYyexVLgpJDgsgQb +WD4TSYd7ICdz9KjNwr7HwOmOLdBYS54v+pRjspkWCF2hSRo9KZo0o2Pv/XnaCj55 +sc1v9hG3wOhnQTY2lKEJesy5S2NHzknIAvnZ30nBBIIJ+FuSS5ivhl7+Lkj+1ml7 +dqjFMvaw7X6/FGXK/vq7QzN+yPSYo/gLZYU9Wu0zRRJ2kJrKNP5arvasTZ22KH+s +40Ngmt3sqSFJREp0SBJrkzsIcKwuWPdo6466n0Fa+alDRnN6H0B0zofJXlFnjqPM +uOqs/nvYK3g= +-----END CERTIFICATE----- diff --git a/sample/sample-keys/sample-ca/03.pem b/sample/sample-keys/sample-ca/03.pem new file mode 100644 index 0000000..e4f5a82 --- /dev/null +++ b/sample/sample-keys/sample-ca/03.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + Validity + Not Before: Oct 28 12:54:33 2016 GMT + Not After : Oct 26 12:54:33 2026 GMT + Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=client-revoked/emailAddress=me@myhost.mydomain + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c1:a8:94:78:8a:48:84:7a:54:ab:34:a5:bc:8a: + 81:ca:30:8b:9f:df:8f:fd:25:ca:d3:9c:6c:06:b0: + d4:b2:64:5a:7b:09:6e:74:23:41:0e:e5:3d:13:73: + d5:34:7d:f7:42:e3:65:61:e9:3f:d8:e4:be:85:79: + f3:d0:27:bd:8b:de:ce:34:2d:b2:b0:dc:a9:58:1a: + 28:95:62:33:4f:4e:05:1a:16:fe:dd:19:2c:d4:ff: + e9:c2:77:3d:43:77:6d:65:04:d9:fd:a1:f1:fc:a8: + 5b:da:44:43:90:f3:16:a4:b7:48:ee:a7:84:67:ec: + 01:85:22:a7:69:a7:1b:bb:4b:8f:8f:ca:61:1c:50: + 8b:1a:ed:2d:fb:bd:ac:25:7e:4f:16:a7:63:8b:c7: + 34:8d:53:c8:5e:c8:8c:e4:36:70:02:34:f7:f7:0a: + 58:58:57:f1:02:65:5a:00:32:e5:62:94:b3:97:b8: + e7:f3:75:5c:fc:a5:33:41:4c:c2:5b:fc:e6:f2:7f: + f7:a8:4b:db:b2:01:0c:bd:7c:28:dc:c6:83:4c:4f: + 43:34:db:2a:e5:38:24:52:96:43:7d:fc:b7:a2:db: + 9d:6a:18:89:03:cc:8c:60:22:7f:e8:95:79:14:3e: + ad:62:6d:00:6e:d9:b2:be:62:29:65:56:e3:41:3b: + 6b:37 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C9:DD:AB:FE:FA:1E:B1:21:9E:93:E4:21:3E:36:9A:1B:A2:85:0D:1F + X509v3 Authority Key Identifier: + keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10 + DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + serial:A4:CC:46:13:89:24:40:73 + + Signature Algorithm: sha256WithRSAEncryption + 6c:e6:8b:2e:58:5e:60:77:bf:b8:9a:88:8c:c9:bd:40:66:cb: + c0:d4:5b:21:00:bc:d8:24:39:04:57:ee:9c:65:d1:03:1f:70: + e6:5d:e2:ef:08:5c:31:d1:8b:c0:44:30:96:e0:a1:e8:0f:d1: + 0e:95:9a:2f:02:6b:06:d6:8c:4d:0a:1f:b8:7b:d9:98:ca:79: + f9:30:4d:88:8f:c8:36:6a:4d:b0:f6:df:cf:ac:a3:67:40:e9: + 54:4f:61:73:b6:16:9b:e1:35:fe:f3:a4:9b:17:df:e5:bb:a8: + f6:63:91:10:c5:b0:5a:00:6e:00:d8:77:f3:35:6b:f4:db:0e: + ef:b6:93:6e:41:65:7d:66:82:2d:04:83:d9:d1:fc:ed:26:1c: + 04:61:9c:1d:30:dd:8a:e4:9f:0d:81:0d:57:eb:d2:64:f5:42: + 69:a1:e4:20:af:0a:20:6b:87:22:85:82:f3:53:19:bd:8f:24: + dd:48:bd:98:71:e9:9a:97:15:c4:f5:e5:56:f5:61:f4:3b:1b: + 06:e9:8e:cb:00:2f:c4:4e:43:82:f8:a9:c4:9c:ba:96:0a:c7: + bf:89:f1:3a:0c:43:aa:3f:96:2e:a3:a7:1d:ef:3c:a1:52:10: + dc:d0:c7:19:94:77:75:25:fa:d7:d4:35:ee:54:d3:32:7d:b5: + 80:cf:5e:ed:b0:f6:1f:e5:8b:b4:8b:3d:f2:31:74:1f:ef:e5: + bb:50:de:5f:24:6e:c7:e0:f2:31:88:9f:25:11:8e:a9:f4:58: + 8b:88:e2:5a:34:75:ba:f4:91:b8:80:4c:e3:59:e6:47:e6:3b: + 00:c1:30:cd:c1:65:dc:18:e7:f9:d3:af:6f:46:e0:e3:3e:5d: + 79:b8:08:19:a4:ac:dc:2b:ad:d3:32:a3:7d:e8:c7:64:4f:92: + 83:a4:b8:a3:f2:01:f3:3a:5c:64:0f:13:27:e4:b6:b2:e7:4b: + a4:d6:8d:b3:18:ec:3e:2d:17:6a:cc:70:4e:a5:69:f8:f1:5c: + 09:b4:18:25:e7:fe:e3:33:dd:a6:82:6d:ed:6a:01:33:45:24: + f5:7e:5f:96:59:6d:ea:79:e4:b2:d4:5c:11:68:91:76:1d:19: + c9:13:15:44:32:f6:5e:75:72:4e:5f:30:59:e8:05:81:be:3c: + 19:41:36:c0:e9:f5:9b:4d:19:8e:b2:72:dc:63:bf:37:05:ac: + 88:0a:1f:8c:19:71:2e:24:b7:ad:7a:14:a4:1b:82:26:6d:ed: + bd:ba:80:55:b4:09:b3:75:68:38:8b:db:f8:55:27:72:76:85: + 2d:9e:db:18:be:ba:c8:d3:93:0d:f5:c9:8f:34:a8:8e:a8:92: + 53:ec:5a:a2:cd:16:48:9d +-----BEGIN CERTIFICATE----- +MIIFFzCCAv+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL +MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t +VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy +ODEyNTQzM1oXDTI2MTAyNjEyNTQzM1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT +Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDmNsaWVudC1yZXZv +a2VkMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqJR4ikiEelSrNKW8ioHKMIuf34/9JcrT +nGwGsNSyZFp7CW50I0EO5T0Tc9U0ffdC42Vh6T/Y5L6FefPQJ72L3s40LbKw3KlY +GiiVYjNPTgUaFv7dGSzU/+nCdz1Dd21lBNn9ofH8qFvaREOQ8xakt0jup4Rn7AGF +Iqdppxu7S4+PymEcUIsa7S37vawlfk8Wp2OLxzSNU8heyIzkNnACNPf3ClhYV/EC +ZVoAMuVilLOXuOfzdVz8pTNBTMJb/Obyf/eoS9uyAQy9fCjcxoNMT0M02yrlOCRS +lkN9/Lei251qGIkDzIxgIn/olXkUPq1ibQBu2bK+YillVuNBO2s3AgMBAAGjgcgw +gcUwCQYDVR0TBAIwADAdBgNVHQ4EFgQUyd2r/voesSGek+QhPjaaG6KFDR8wgZgG +A1UdIwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYT +AktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3Bl +blZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCk +zEYTiSRAczANBgkqhkiG9w0BAQsFAAOCAgEAbOaLLlheYHe/uJqIjMm9QGbLwNRb +IQC82CQ5BFfunGXRAx9w5l3i7whcMdGLwEQwluCh6A/RDpWaLwJrBtaMTQofuHvZ +mMp5+TBNiI/INmpNsPbfz6yjZ0DpVE9hc7YWm+E1/vOkmxff5buo9mOREMWwWgBu +ANh38zVr9NsO77aTbkFlfWaCLQSD2dH87SYcBGGcHTDdiuSfDYENV+vSZPVCaaHk +IK8KIGuHIoWC81MZvY8k3Ui9mHHpmpcVxPXlVvVh9DsbBumOywAvxE5DgvipxJy6 +lgrHv4nxOgxDqj+WLqOnHe88oVIQ3NDHGZR3dSX619Q17lTTMn21gM9e7bD2H+WL +tIs98jF0H+/lu1DeXyRux+DyMYifJRGOqfRYi4jiWjR1uvSRuIBM41nmR+Y7AMEw +zcFl3Bjn+dOvb0bg4z5debgIGaSs3Cut0zKjfejHZE+Sg6S4o/IB8zpcZA8TJ+S2 +sudLpNaNsxjsPi0XasxwTqVp+PFcCbQYJef+4zPdpoJt7WoBM0Uk9X5flllt6nnk +stRcEWiRdh0ZyRMVRDL2XnVyTl8wWegFgb48GUE2wOn1m00ZjrJy3GO/NwWsiAof +jBlxLiS3rXoUpBuCJm3tvbqAVbQJs3VoOIvb+FUncnaFLZ7bGL66yNOTDfXJjzSo +jqiSU+xaos0WSJ0= +-----END CERTIFICATE----- diff --git a/sample/sample-keys/sample-ca/ca.crl b/sample/sample-keys/sample-ca/ca.crl new file mode 100644 index 0000000..7ad9d35 --- /dev/null +++ b/sample/sample-keys/sample-ca/ca.crl @@ -0,0 +1,21 @@ +-----BEGIN X509 CRL----- +MIIDZzCCAU8CAQEwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCS0cxCzAJBgNV +BAgTAk5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1Qx +ITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbhcNMTYxMDI4MTI1NDMz +WhcNMTYxMTI3MTI1NDMzWjAUMBICAQMXDTE2MTAyODEyNTQzM1qggZ4wgZswgZgG +A1UdIwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYT +AktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3Bl +blZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCk +zEYTiSRAczANBgkqhkiG9w0BAQsFAAOCAgEA8GGYfeiPmEidbPxLFQDIIvnz4QEa +9mKuB5VFa0l2yNlyMYoN2uXV2bqIzuQ94mnzc5xsMLVRkiSX4lq7HZY3VyTo57Ps +dpRGKsVOM5rsWgDFycAT4+9OuZMnpntKzmbAlYvaKwnvpQj0xuXP5l1QJSANrtAK +c/EQ2EmEwrHtcE4HEwOeMzC5ON5EceneLqMg+JTkZURoBW7e9Hk0MJh8HDewRcN0 +0D/+e7/ZuRFt68XDfDhjbXPQVv4vbPKR9OXaXClwJgw+LYvhGe+0s4Lumhb4sP6Z +oOTjGCXxQOtZJEC1vCb0cahFkuYJu6fCOh0crspGNt0wTgDKp7LXbEJhwv+6wQ6k +zu+4a6ES8wj2DwXqQaV5txG55S1Q5PMLCw7L7VDrKJr2DXi4PKdToj5b35aS1DU/ +q6JjcxiuzjN7sHfC7elQIudaVEuE2XkpxaQPNdKC4xKLvck7zZMqGUWOwuI1mqya +WGBfgrkeAllq4cWEF5SWR8iFREo2FBs3CxETgrkWGWWRgu3UsrLC9AXVHntud21e +dXwTCIbiYZ2Vv7iYI06W+pOwdeQNc6X/sg2QFpWMLLblYlhPy6yu/3zg7TKilDfS +tu0hmTrsgRKciB5lKWZAuylGUGIGLrmG+LzOq2b9j5yhS9WA5qL83fMVrCoyB3W+ +ISfJElodA9n+UM8= +-----END X509 CRL----- diff --git a/sample/sample-keys/sample-ca/ca.crt b/sample/sample-keys/sample-ca/ca.crt new file mode 100644 index 0000000..2775ca2 --- /dev/null +++ b/sample/sample-keys/sample-ca/ca.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGKDCCBBCgAwIBAgIJAKTMRhOJJEBzMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV +BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM +T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w +HhcNMTYxMDI4MTI1NDMyWhcNMjYxMDI2MTI1NDMyWjBmMQswCQYDVQQGEwJLRzEL +MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t +VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9EOM8PfRM8VrxwyesCSodTSlBcuyUJ43 +hVW9XBfOJP/PPVv3vgJKCyu/2B5XlP3L2NqJ/TesFGAN9ZBX+fzYJIzNxa6yUjaZ +HuAXRA7IxlKvO+l92Pl4RazpYELuKiS54RBhhChmxfRo2xEx2cPghFtJWNK2IAcH +4mKLUYIWGEKhpT/bMqazqlHDGmPkD4HfeLNwTNFDrNi4N5iF1bbfUjwNJF1PGCOz +o1Ka54TF9KTrTf1Ii8bM5ttUtjsTh0zyxOc/N5yw4Is9VEDIuvndrBDgq+yxLZjO +13KY+oO5M4uTf4QmM6yPFn4ZyZ23oW3CNF4ytVnfhR5W4rFeHtibbOjOwXBQ+NRw +jatZqVRpE1gwFR0Z7767cc2OosupM3YR/pTflXAyThVtU5uM1rMxuyedpNWPN5QN +5qhwyu1qVq1Y2mIWHS8rkN+6Zek4TZ9W05paR8zpjJ1Z8pbtjIFu1RM77cnLoOAT +KpoyO6avqo3vIDRHoYdoj044ff/0JAOyj049vcdd06KWLPsmNj4FzCyVUQOHR+LA +6plBJgGf3vyaZfs1ZwwcA/WQHtf1ztrkDPVUWaXixeipsg8CWZb4eIuYbzloc6Ot +b22wQ7C0cDO5pUjNGJZLYYDX0zIO9rwZSPGQ/gthlwQXg8zrM4MASLLw0hqZ45c0 +ems4nt0QDi8CAwEAAaOB2DCB1TAdBgNVHQ4EFgQUCMSU7SMKIw3Q+tIT4jy2ZedT +JRAwgZgGA1UdIwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJ +BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE +ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h +aW6CCQCkzEYTiSRAczAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG +9w0BAQsFAAOCAgEAmavYB0InmvVooI0Ukm9x8qF3ql0LDKwfm1T79aUybOUxscId +MT26djkAln0abo4mYXPaMYISVTrNNrBMX80Y+aa4DfXW392mKqrPf1L3fVD6jsoi +5kofqdiojSJs0uHfy+A32XVPrIzTeV3lvE/yDfKDBNb9f+3U8UIyIARXryYm4H6z +mCqUgocMAB1hFu8Lpf8eeGxrCfsD6yR6PMO8YNGdBfinbhXjfzCFD1ZJ+JxPePww +ydtL+Z0/dZvVzVehxdHCe8+vdpAjoI/YJk5UPSlAVGooaR+kH6BPbL/7QoVFUBxO +mDMnTpNFt5GLM5pMExZo2Ef89D9dsXDa9lgv4KTxfbF/Xn5ODQ5rW5i0i+p6REZs +FND1M0H/0DC14fhTdb8llpJzK0ZAwSf59SaUgrooVMCWzN2Xl4+zVCUik4gvjs6A +AHXdqL6dHEIG41+BAJHHoS0kkbvw03td1SbktKtbgaDWW7CkGcNhBmkMB7HZiVoW +yMV8X0WQoEntZfEq+kNePx68D51VR3htiOhBrO88rOXZAAJBoeke8K/CbLRm3av7 +LHM5Q2Ki821yjFpGFGgvMJBt3xvFajG5DwWLsGNXrlGA781UXdZBwmsvg8Z+iIMu +9+sidZJU68slPre6hQcFPAO4c21csr6yV7LVyOS1We6akeseYAR90fGNrI4= +-----END CERTIFICATE----- diff --git a/sample/sample-keys/sample-ca/ca.key b/sample/sample-keys/sample-ca/ca.key new file mode 100644 index 0000000..29e7d2d --- /dev/null +++ b/sample/sample-keys/sample-ca/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQD0Q4zw99EzxWvH +DJ6wJKh1NKUFy7JQnjeFVb1cF84k/889W/e+AkoLK7/YHleU/cvY2on9N6wUYA31 +kFf5/NgkjM3FrrJSNpke4BdEDsjGUq876X3Y+XhFrOlgQu4qJLnhEGGEKGbF9Gjb +ETHZw+CEW0lY0rYgBwfiYotRghYYQqGlP9syprOqUcMaY+QPgd94s3BM0UOs2Lg3 +mIXVtt9SPA0kXU8YI7OjUprnhMX0pOtN/UiLxszm21S2OxOHTPLE5z83nLDgiz1U +QMi6+d2sEOCr7LEtmM7Xcpj6g7kzi5N/hCYzrI8WfhnJnbehbcI0XjK1Wd+FHlbi +sV4e2Jts6M7BcFD41HCNq1mpVGkTWDAVHRnvvrtxzY6iy6kzdhH+lN+VcDJOFW1T +m4zWszG7J52k1Y83lA3mqHDK7WpWrVjaYhYdLyuQ37pl6ThNn1bTmlpHzOmMnVny +lu2MgW7VEzvtycug4BMqmjI7pq+qje8gNEehh2iPTjh9//QkA7KPTj29x13TopYs ++yY2PgXMLJVRA4dH4sDqmUEmAZ/e/Jpl+zVnDBwD9ZAe1/XO2uQM9VRZpeLF6Kmy +DwJZlvh4i5hvOWhzo61vbbBDsLRwM7mlSM0YlkthgNfTMg72vBlI8ZD+C2GXBBeD +zOszgwBIsvDSGpnjlzR6azie3RAOLwIDAQABAoICAQCUZC1Nft/i+b6eMDZ/f+Wv +Poo6WSM9AsFsCUh+mB+uLpIyDpsVHcLpwmxL2TMP2pdqaGmIIbgysKAKXOR1hHuy +yK+Btr2yYGTpcu3vdKPYiAbY+OJxXC0K9x7YUhDqHWGnLxJu/TRicjb5Txrf1rWg +8uw+P9RQ5LSPfZpxq/vMRT56a664uLlRcVZ7w8+a9CVU6H4CzOa2LPrNG6XCzdQh +20WIn/8bBSVuxRJCMFEqbL5epM7by6xTW0+9XWphugeKQ4oOOOzjnPNnKexIWt+m +VqKHD8Ybk0elb4MsPbXXcKXsw9WJcv2Chp0X9O7H7SwcMFXSAoVeE65pDaPGTYUt +luwtsw+82zYtorqtiRc6YV7DutokHaCHME3C7x9o1kyGFnuCFY6JlDlLS7fgEPhZ +19p5eIcieJ4GQfmASVxGWB0C1AKQHWqeSlr7DF5OEPy5+9a9JjO6pfh/kcfC5WWI +6vllb+ISrd+XcXTPL/sSKDEb5EFZ4MsBhVXYWMmqKDuyaCuyWy3BiQuz2vEI0tXY +YZF9Y+/HM61Jy2363ittxC455fYdpB9tVqOKDIYiXDctoaQDkbIfZMzCiozj9zi8 +H4o87i1EmBlyKNWzd3aiuxs581vboG8aCE5HmvYr+pFDfwvf8O4OYJZGehErwZz0 +K74E1IW79Mlec4UBl/HxEQKCAQEA/aj5MBoiXVF3aPxJDpCn67ZsjIDsFlyHyMrf +qDJIMHhplTI+LAcaJYu4Dj6fsj3ATHUIWjvP/T86Lf2E6qy0ZEmr3KaIskeGgh6e +YyJXGXH88BKOWgqaE/EEYPXKs1fdZTVfmpFGjoZ0ifJzJ50qJhSeM3jJGeOJdebL +O0XxsG5blpicwZcyLLQTAETH4a00TXgdqbL1BeALL/Pay5ErZKLw+txOFpDnKsu0 +D2XCHhRMk2ZqpjS6IUnWqUIA4/cn/H+vKTkxEMCNFkB3yLcPE/Hd/SAL9viDO2DY +jn+b0CObtapEA/eqEXkaBGvCrNNtcg6l1D3yzS8dl2K9qxsq3QKCAQEA9oRjRInp +nszUijKTs14Ml3vgSe8XcAPV9v+kcwnrbZXMe3fXKbma3/SKU4GNdGfXacWRxqRJ +TkzziqRvT5MOmdlEdBeHN3gIbjCBvOKzdrbYfNQ5Zcy4ODFhD1QSvLaer8xZbOTR +lKZ8kszZ3Wj7m3byXQE3ZYCVjRFS/07mP1Jh2/KUhg059a0JQhReydE12FZ40r4Y +OcL21ldzfLHDod5kjW7LZnIQpuiTD1eDLI2j59qIgg3yh3KIn5Xkmaq1SbqGAuzF +Gt2x73qfXYB/I/xeR1s3UKSM+bs9S85f/yAqQUSSNbjP4WU0u/zMmV6Ze+VYe7yN +nGyoS8GuwL3uewKCAQB5aM8cfuXD1KJa1aYCGqrE32PFPE/DxDYZnUC/uJFk4b1n +c8zeNegF4IIQD1lQbs4DymBdEBPVGtY1/QoJaPBOsBRaYDs9WY6/6PfWazFVNIHk +Rn1sC3cD5HA8GGkUvhFxx8IisTYcMa7F+A22ADuUTnoKGN3oTkgU7oqHrEqqL6gW +xKUC4+NYEjimAEXLdqN6EOvhtY4hacLxCL7IgItMd9DvwVJ+6ow6p5VfaU0oKH8e +bf7N3p7YIAdmq/jRJBM3f8XO7VjWs9LTu7eZkkTdPv8JkLUpWHk3insceWeSj/iP +UxeK7pewFU6mnw1muyu/U9N7assz+kEnnFM7+pzhAoIBAQCL3hF0kcs7jnwI7Slg +W7xJNr/LMxzZMVP1EJb9rmMlihi69QPfaK+24ciaGKdppIFUQgSz8AKnqoGD6Eg/ +nfBq2hs8wxy1HCWsX1k9EmNAt/2c1cy7NaxQNbQcPldjOzpOBGO4pRtEfDGyGQiD +10zqqFJa8pW7wXkY0PuGX/3Db7qWUMx0QozgF41pMKWXXFxwop9q8vBL1ZK3ima8 +GSAmd0gV9wbw2UcZbFwEGGMUpEibBCLvp3oz34glA6bwiSrS6kGe5zfuRlruxWQm +aQG6KTZUxixcVQCnsNTWbgGJf3Z6Ea3jTTilagbBom1zl3j+EuJhUloGpp/WW84L +DbiBAoIBAQDo0UOrrWHBmqOg5A9Z7Vub/Oi1Wdfhla4huaTn534Ml63NXpXkYts6 +sYGyyuSdWh0f1bLusWCs5COT5fZFVNvH59/6a7TVlKr/5B9jGNh9+LdP6Qpttd0B +Xfs7X2u/HiCUgDPj1cVOc9kQuOc+vw9t0WHdsVm+kCutjDd63LItIMbn4Vj9kxJq +wJiC+x/5Jpw8VjLQ0aPUosU9ZLV2L0g7XgdUPAJbkrb2HGaoxS9uh0bSnOFw9DQh +eFWCG9EAmyDBh975q8e9kmAOPCVUP2sdOSKgGC5FzSOwRdwkjHI8wa1F3NnxH4rC +Kt9XP5gPhxALZWWSk4h9gCJDmsl5dMJc +-----END PRIVATE KEY----- diff --git a/sample/sample-keys/sample-ca/client-pass.key b/sample/sample-keys/sample-ca/client-pass.key new file mode 100644 index 0000000..14be4dc --- /dev/null +++ b/sample/sample-keys/sample-ca/client-pass.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,78F6C09B62F40C57290E71382D07BF4D + +McT4Z3IZnCc//AXZGGPviFDPorHDv91H3zQcoMtbNzjGnJSMmfXxuQpUcDgOZln9 +dgKchPjPX8/X3X0tEnPVwZP8OjT5gVHhlDxiMP35FummwUNqE9srmGnApQky687b +Y3bGuhdqAPPtn86rxXCZiKBLzlDXL//6yOd80jDBMTJJB0/tpIdCtxSRqu3uAv73 +TbphSe9TTl77nifGZpDlSba8l9T+jSn7QnLDO0HauNeuMW9NJysqI6QwmRPlcELi +RAAAEt6ncd6H+a2KmzXJ8exRrLkKyAEbzMCUxtUQ7cADDUoKJKNnkza1yGdMacZc +IM16AzTJZQU7qS4H6058VOW5NmzWU+rmyz/2OftuRwgiuXaZWYc2TtgA/mHdTOHu +wpDkWefmDZz2yLzvvJDoaGHHS12R60UP/XSiIVayRBYOZBFxchXnfcvvHRfWP3Az +NILFUBLjVQTwb0N99s+VLJlr7WM9f12uM7SC6i+f1nPiGToSQw/1UP7XCYGi3ORA +2U3e1VrzaxwccR9tjwE4j7T/mYV/XU9W5Nk2FtFk3DT0iNe0jxdBfD9aEpa+Pnq4 +c5SeAyXEfF0+50VJ6RM/SKmU8tya1P6gLaHdcjLVa9b2j4X4iYrbkkZJ8ew7pmJu +2Natn8bcvYRIcS8rherrX9DZGM1Z3lwBWG1xrvoumdBlbxNS+ea0UeYtvm9QUpOK +0kMBiiiAkO9gG6fE55DZuIKHdssKsxpXnoM+JgZf2xI+aqOaXWG0SWyaamzuCHdl +cchA3YI7QXDZDMvByR2MMjpqGh/tAEpPGAsZA1TC8QyqhmiWc+9uuXpsIOGNwSse +4jVS2B2rxu9oRKQDjEh+qS/1Fr10WgWAZfnF0jZi2c+yJng1KgJ8UzlFKICvbHxp +nDlmqDazhIYtYlYzyjac2wHuNRBAPU2MELgnudIW2L9pIcEiyG7L7vxGtBiCPmfb +1mTw00NYXy1G5ZvDo58jdQeM3L9YekM8LMJY11AMSPJFzcmAUL8X/Zc3YBcljTRR +ZgnkVXkeHB21lj+BRyCBVowoAW9jDWz5u/pzIbLKpfBr+CuzQ53mjEFgmSrB/jro +mTvtz5hmm1IeJXGxPbemLCgiMzFp32aFMIF+R2op0wxDaZo8J5e7gIVIX0VowEh9 +ohukxyl3h3sOIYXMme8EN7PYv9BDdzHt2Eah5ICcmJ8VWPBItztgnHYqDN+igMMG +dW8RtAtcvc+a71v4MqOE98pFtAx/lPeu5+DgVjWwSB9uaN5Ik5NE6aRd2M0QrR+f +D+5s8LsjA6UKP1qVrmykNpt7JVy49TSLWpiEQZNBHSJkcc39yjU8dLt2cdDPUZGp +Iycv7WsOyZcJAdtIGiZuoO2qxFgSBXm+mWIvLmkomwVrdS4MFlOgtehlQkZzXw5x +0UxgG5XYI3zVa0oILR9ooPM+nDXtnE1ePN3NgNanemi6/2cJZc1eJyDCpH2iMHQY +O3GwCyuJcGvHXqypB1jENVOQ/VLC9M8z6Td//V/xmF/nPtuRL2xg8nUPpzJbfWti +ehUZ09cewyyN/W86MZdA9TdzzT/i1YvvZEb+2c2joD1MwqPp6TNw2Y/Hj786td0L +-----END RSA PRIVATE KEY----- diff --git a/sample/sample-keys/sample-ca/client-revoked.crt b/sample/sample-keys/sample-ca/client-revoked.crt new file mode 100644 index 0000000..e4f5a82 --- /dev/null +++ b/sample/sample-keys/sample-ca/client-revoked.crt @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + Validity + Not Before: Oct 28 12:54:33 2016 GMT + Not After : Oct 26 12:54:33 2026 GMT + Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=client-revoked/emailAddress=me@myhost.mydomain + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c1:a8:94:78:8a:48:84:7a:54:ab:34:a5:bc:8a: + 81:ca:30:8b:9f:df:8f:fd:25:ca:d3:9c:6c:06:b0: + d4:b2:64:5a:7b:09:6e:74:23:41:0e:e5:3d:13:73: + d5:34:7d:f7:42:e3:65:61:e9:3f:d8:e4:be:85:79: + f3:d0:27:bd:8b:de:ce:34:2d:b2:b0:dc:a9:58:1a: + 28:95:62:33:4f:4e:05:1a:16:fe:dd:19:2c:d4:ff: + e9:c2:77:3d:43:77:6d:65:04:d9:fd:a1:f1:fc:a8: + 5b:da:44:43:90:f3:16:a4:b7:48:ee:a7:84:67:ec: + 01:85:22:a7:69:a7:1b:bb:4b:8f:8f:ca:61:1c:50: + 8b:1a:ed:2d:fb:bd:ac:25:7e:4f:16:a7:63:8b:c7: + 34:8d:53:c8:5e:c8:8c:e4:36:70:02:34:f7:f7:0a: + 58:58:57:f1:02:65:5a:00:32:e5:62:94:b3:97:b8: + e7:f3:75:5c:fc:a5:33:41:4c:c2:5b:fc:e6:f2:7f: + f7:a8:4b:db:b2:01:0c:bd:7c:28:dc:c6:83:4c:4f: + 43:34:db:2a:e5:38:24:52:96:43:7d:fc:b7:a2:db: + 9d:6a:18:89:03:cc:8c:60:22:7f:e8:95:79:14:3e: + ad:62:6d:00:6e:d9:b2:be:62:29:65:56:e3:41:3b: + 6b:37 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C9:DD:AB:FE:FA:1E:B1:21:9E:93:E4:21:3E:36:9A:1B:A2:85:0D:1F + X509v3 Authority Key Identifier: + keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10 + DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + serial:A4:CC:46:13:89:24:40:73 + + Signature Algorithm: sha256WithRSAEncryption + 6c:e6:8b:2e:58:5e:60:77:bf:b8:9a:88:8c:c9:bd:40:66:cb: + c0:d4:5b:21:00:bc:d8:24:39:04:57:ee:9c:65:d1:03:1f:70: + e6:5d:e2:ef:08:5c:31:d1:8b:c0:44:30:96:e0:a1:e8:0f:d1: + 0e:95:9a:2f:02:6b:06:d6:8c:4d:0a:1f:b8:7b:d9:98:ca:79: + f9:30:4d:88:8f:c8:36:6a:4d:b0:f6:df:cf:ac:a3:67:40:e9: + 54:4f:61:73:b6:16:9b:e1:35:fe:f3:a4:9b:17:df:e5:bb:a8: + f6:63:91:10:c5:b0:5a:00:6e:00:d8:77:f3:35:6b:f4:db:0e: + ef:b6:93:6e:41:65:7d:66:82:2d:04:83:d9:d1:fc:ed:26:1c: + 04:61:9c:1d:30:dd:8a:e4:9f:0d:81:0d:57:eb:d2:64:f5:42: + 69:a1:e4:20:af:0a:20:6b:87:22:85:82:f3:53:19:bd:8f:24: + dd:48:bd:98:71:e9:9a:97:15:c4:f5:e5:56:f5:61:f4:3b:1b: + 06:e9:8e:cb:00:2f:c4:4e:43:82:f8:a9:c4:9c:ba:96:0a:c7: + bf:89:f1:3a:0c:43:aa:3f:96:2e:a3:a7:1d:ef:3c:a1:52:10: + dc:d0:c7:19:94:77:75:25:fa:d7:d4:35:ee:54:d3:32:7d:b5: + 80:cf:5e:ed:b0:f6:1f:e5:8b:b4:8b:3d:f2:31:74:1f:ef:e5: + bb:50:de:5f:24:6e:c7:e0:f2:31:88:9f:25:11:8e:a9:f4:58: + 8b:88:e2:5a:34:75:ba:f4:91:b8:80:4c:e3:59:e6:47:e6:3b: + 00:c1:30:cd:c1:65:dc:18:e7:f9:d3:af:6f:46:e0:e3:3e:5d: + 79:b8:08:19:a4:ac:dc:2b:ad:d3:32:a3:7d:e8:c7:64:4f:92: + 83:a4:b8:a3:f2:01:f3:3a:5c:64:0f:13:27:e4:b6:b2:e7:4b: + a4:d6:8d:b3:18:ec:3e:2d:17:6a:cc:70:4e:a5:69:f8:f1:5c: + 09:b4:18:25:e7:fe:e3:33:dd:a6:82:6d:ed:6a:01:33:45:24: + f5:7e:5f:96:59:6d:ea:79:e4:b2:d4:5c:11:68:91:76:1d:19: + c9:13:15:44:32:f6:5e:75:72:4e:5f:30:59:e8:05:81:be:3c: + 19:41:36:c0:e9:f5:9b:4d:19:8e:b2:72:dc:63:bf:37:05:ac: + 88:0a:1f:8c:19:71:2e:24:b7:ad:7a:14:a4:1b:82:26:6d:ed: + bd:ba:80:55:b4:09:b3:75:68:38:8b:db:f8:55:27:72:76:85: + 2d:9e:db:18:be:ba:c8:d3:93:0d:f5:c9:8f:34:a8:8e:a8:92: + 53:ec:5a:a2:cd:16:48:9d +-----BEGIN CERTIFICATE----- +MIIFFzCCAv+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL +MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t +VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy +ODEyNTQzM1oXDTI2MTAyNjEyNTQzM1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT +Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDmNsaWVudC1yZXZv +a2VkMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqJR4ikiEelSrNKW8ioHKMIuf34/9JcrT +nGwGsNSyZFp7CW50I0EO5T0Tc9U0ffdC42Vh6T/Y5L6FefPQJ72L3s40LbKw3KlY +GiiVYjNPTgUaFv7dGSzU/+nCdz1Dd21lBNn9ofH8qFvaREOQ8xakt0jup4Rn7AGF +Iqdppxu7S4+PymEcUIsa7S37vawlfk8Wp2OLxzSNU8heyIzkNnACNPf3ClhYV/EC +ZVoAMuVilLOXuOfzdVz8pTNBTMJb/Obyf/eoS9uyAQy9fCjcxoNMT0M02yrlOCRS +lkN9/Lei251qGIkDzIxgIn/olXkUPq1ibQBu2bK+YillVuNBO2s3AgMBAAGjgcgw +gcUwCQYDVR0TBAIwADAdBgNVHQ4EFgQUyd2r/voesSGek+QhPjaaG6KFDR8wgZgG +A1UdIwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYT +AktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3Bl +blZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCk +zEYTiSRAczANBgkqhkiG9w0BAQsFAAOCAgEAbOaLLlheYHe/uJqIjMm9QGbLwNRb +IQC82CQ5BFfunGXRAx9w5l3i7whcMdGLwEQwluCh6A/RDpWaLwJrBtaMTQofuHvZ +mMp5+TBNiI/INmpNsPbfz6yjZ0DpVE9hc7YWm+E1/vOkmxff5buo9mOREMWwWgBu +ANh38zVr9NsO77aTbkFlfWaCLQSD2dH87SYcBGGcHTDdiuSfDYENV+vSZPVCaaHk +IK8KIGuHIoWC81MZvY8k3Ui9mHHpmpcVxPXlVvVh9DsbBumOywAvxE5DgvipxJy6 +lgrHv4nxOgxDqj+WLqOnHe88oVIQ3NDHGZR3dSX619Q17lTTMn21gM9e7bD2H+WL +tIs98jF0H+/lu1DeXyRux+DyMYifJRGOqfRYi4jiWjR1uvSRuIBM41nmR+Y7AMEw +zcFl3Bjn+dOvb0bg4z5debgIGaSs3Cut0zKjfejHZE+Sg6S4o/IB8zpcZA8TJ+S2 +sudLpNaNsxjsPi0XasxwTqVp+PFcCbQYJef+4zPdpoJt7WoBM0Uk9X5flllt6nnk +stRcEWiRdh0ZyRMVRDL2XnVyTl8wWegFgb48GUE2wOn1m00ZjrJy3GO/NwWsiAof +jBlxLiS3rXoUpBuCJm3tvbqAVbQJs3VoOIvb+FUncnaFLZ7bGL66yNOTDfXJjzSo +jqiSU+xaos0WSJ0= +-----END CERTIFICATE----- diff --git a/sample/sample-keys/sample-ca/client-revoked.csr b/sample/sample-keys/sample-ca/client-revoked.csr new file mode 100644 index 0000000..83f39c2 --- /dev/null +++ b/sample/sample-keys/sample-ca/client-revoked.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRUwEwYDVQQK +EwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDmNsaWVudC1yZXZva2VkMSEwHwYJKoZI +hvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDBqJR4ikiEelSrNKW8ioHKMIuf34/9JcrTnGwGsNSyZFp7CW50 +I0EO5T0Tc9U0ffdC42Vh6T/Y5L6FefPQJ72L3s40LbKw3KlYGiiVYjNPTgUaFv7d +GSzU/+nCdz1Dd21lBNn9ofH8qFvaREOQ8xakt0jup4Rn7AGFIqdppxu7S4+PymEc +UIsa7S37vawlfk8Wp2OLxzSNU8heyIzkNnACNPf3ClhYV/ECZVoAMuVilLOXuOfz +dVz8pTNBTMJb/Obyf/eoS9uyAQy9fCjcxoNMT0M02yrlOCRSlkN9/Lei251qGIkD +zIxgIn/olXkUPq1ibQBu2bK+YillVuNBO2s3AgMBAAGgADANBgkqhkiG9w0BAQsF +AAOCAQEAVdY5lxOQyI2WIkH2xtTaUGzo7fOQsY3YFZdguAtc6mywKQj6v7d08uG2 +qaRxzpccpo2HKpWXG9pbKwtCmv9/akxI0NgACmCUnXVzPCJHVcg/Ogd7jDA7Piyc +fDltLGWmAmoIk+tUM9bnkpR/FSzhu8kewxzI6ukb2lsRG0D49XFj2w6zfcgB1Wgy +5jwJ//9QxJSqjWw+HX5tMAameqG/gs6uYCx5LF2f7IcM8ezq4k8cmtwu3A9JfZqF +Vmgnw2SCQ6YSdIxhsyW8lt51TDOySg26FAodnM5TED5jvt+Eu6VqEpAWpbQ8wLUC +gPGjtAfFdE/LegfC8mn0ZvQNBwv3/Q== +-----END CERTIFICATE REQUEST----- diff --git a/sample/sample-keys/sample-ca/client-revoked.key b/sample/sample-keys/sample-ca/client-revoked.key new file mode 100644 index 0000000..2a88c90 --- /dev/null +++ b/sample/sample-keys/sample-ca/client-revoked.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqJR4ikiEelSr +NKW8ioHKMIuf34/9JcrTnGwGsNSyZFp7CW50I0EO5T0Tc9U0ffdC42Vh6T/Y5L6F +efPQJ72L3s40LbKw3KlYGiiVYjNPTgUaFv7dGSzU/+nCdz1Dd21lBNn9ofH8qFva +REOQ8xakt0jup4Rn7AGFIqdppxu7S4+PymEcUIsa7S37vawlfk8Wp2OLxzSNU8he +yIzkNnACNPf3ClhYV/ECZVoAMuVilLOXuOfzdVz8pTNBTMJb/Obyf/eoS9uyAQy9 +fCjcxoNMT0M02yrlOCRSlkN9/Lei251qGIkDzIxgIn/olXkUPq1ibQBu2bK+Yill +VuNBO2s3AgMBAAECggEBAIgnu0NIjhW+YFsCp+f4RapfGTutFfI4qPLAjl7h4pkN +32OTzPmQc8RCPf+4N9UxHzAC6pu9P2uB38W+aUIXPrfhTX74BiM88T8FHTVyFnsS +cpnWQxg2BAQ5bSORbBxMEjitAYrGWnl18SZzSkHV9zyVtIw+cOQT1TnClIu+tsul +6P3WeMFrkEjypgwZo1pc37mMJ97IGw6hAERQ1o2EJDEEJ8uK2SlO1WhywfKGbPqY +A0LxmC1PPuJHpeT85FuFIB9mHf97cgZKGdD4Ue5VdLum6pIVCsiCsnxj8LUPp37u +rlpqB3Hb66C6t+mOvwAw9OjXL+WNeNeemDvVgD293iECgYEA9BmtCduzs6KHUFM5 +vvUzmiLm7IzEVfw8tm8pRc3Qty5vHA2Nowajiq4MCIccc5yJJMt1phyC9n3HX9UA +qxgvtq+b3vMnH/N4kBE6NELrAicDyWCa/5FoakMwp28y4NxjMTqe0tiHlH3G3VnF +8oBgSPahhkBxZzwZagJ25D/HqHECgYEAyxlmg7eNTazXMJ7gqGacWyqLgOWqTazr +XLvLxpgEwwE6vtbxh1T7kpYbmdZWC7eEN2ooOhs4oEedkhqo5orv0g7MIbMEx0p6 +/yRgNT77kqba7xp5W2e84v7jTl6O68G4F4HW/DDcuEx2gs3jjTp3/CvElXZX5x5Y +8xCjRP9t4icCgYA/FXejyZS6gvFnb+rHkAUC+6wkTAjdk+940mefM56SCL0MSfBl +xmxzhaF0fr56nmTPDoncIRgzbbQd7yVaEkkadG3bA4oD9t8clGcvZG/pwX14CLBm +BgUvGSg0zUcf17UG3vh20yDO3maLhAzlLAo2MQ7zbCoinOSQggyJ1nXZ8QKBgDwX +vORWKAIGlPk22SQakELNOM+fpJ8s/crHagjNrAMC1x3mPTqco38A2RPQfk8jMoSu +7U4cBcouxmmXZ8gm7cSKSk3iSRSqbfAWFD1M8GS45+h9PdEUxaeoYRssET+iZtTV +vwWJc5U4UoxrXNvJo/zB+n16sZGZwhnRH23n4dxbAoGAFjjwQtKjOP5kemsbqDtr +T3ELIwnjPY0q4mgxNIFc+6UpT+Piv5i2mIq10zmFLijMlLTA058lshHS7RxGTd+/ +NI8gufOuS6iZpGjXwvtfzgXAoaGzXv4MR1ErElK7n2XK3a9GoXVJ0L/+nLdp5Qmj +nsYL/BDXdn8Fstx4RPcgLMc= +-----END PRIVATE KEY----- diff --git a/sample/sample-keys/sample-ca/client.crt b/sample/sample-keys/sample-ca/client.crt new file mode 100644 index 0000000..295f720 --- /dev/null +++ b/sample/sample-keys/sample-ca/client.crt @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + Validity + Not Before: Oct 28 12:54:33 2016 GMT + Not After : Oct 26 12:54:33 2026 GMT + Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e5:4f:5f:c9:2c:3f:8e:1a:3e:0b:f8:7f:82:d5: + ca:c5:6e:94:a4:fd:98:85:c0:1d:eb:94:b5:93:5b: + df:c2:c0:3f:9b:8e:5e:a3:d0:91:ca:3e:f4:74:93: + 63:86:df:a7:ae:0d:15:28:6d:38:6e:3b:ac:c9:5c: + 1f:c7:f7:d5:66:64:b9:07:00:41:6d:b6:a6:1a:ee: + f1:bb:ce:bd:39:cc:70:1f:9b:65:d7:3c:3c:97:2e: + 8e:1e:31:90:7f:cc:a7:b8:d9:2f:4e:b3:4a:98:6d: + a0:15:04:9d:cb:e1:7a:e1:63:f4:96:7a:bb:9e:a8: + d8:f0:33:97:67:6d:bf:39:82:0e:a3:b7:2a:15:2d: + 99:2b:f8:53:b1:e8:14:0f:d9:b3:a2:4f:2a:f1:63: + fd:d5:72:a6:22:b9:d6:be:e4:7b:9e:c8:85:1e:06: + 1a:31:24:3d:f3:82:ac:d7:28:7d:a4:4f:4b:c3:fd: + 72:27:07:ef:9d:51:71:56:d4:a4:b6:66:d2:74:4f: + 97:7f:3f:90:a8:56:8b:5b:14:4a:4f:c0:3d:2d:5a: + 90:74:db:da:59:83:4d:dd:2b:0a:81:24:ce:19:ce: + 8e:56:10:0f:cd:0d:83:01:d8:75:8b:66:16:40:1b: + 47:af:77:1f:d7:c5:cf:0a:d7:7c:f2:7e:a0:a0:5d: + fa:67 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B8:DE:77:EB:43:83:FF:95:59:BB:28:78:E4:4D:F2:E5:C7:2E:06:EF + X509v3 Authority Key Identifier: + keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10 + DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + serial:A4:CC:46:13:89:24:40:73 + + Signature Algorithm: sha256WithRSAEncryption + a7:24:5d:b2:2f:49:63:55:90:e0:95:0e:fa:fc:d7:d8:0c:89: + 01:15:90:73:39:e9:32:3a:f9:8d:4b:cd:e7:3a:32:c0:fd:bb: + ed:3c:d9:cf:ea:0f:f3:6e:18:18:1d:1c:9c:e2:39:e6:c0:1d: + 2e:54:14:ec:1b:b2:5a:fd:1a:ac:65:45:9b:d4:0d:4a:3a:53: + 95:8d:bd:d3:44:20:17:70:d0:79:b5:f7:2c:dd:2a:0d:bf:b3: + d0:a8:1f:5c:db:33:5b:5d:56:24:84:2b:c8:43:32:fc:f3:dc: + b5:da:dc:7f:0a:1c:2a:2f:9b:60:ca:2d:6e:fe:98:55:26:d5: + 62:a7:3e:f4:49:5c:a9:76:54:87:19:0b:dd:74:ff:02:f0:75: + 8a:36:01:cf:29:67:9b:ae:c0:e5:da:da:2b:d9:57:61:92:69: + 1d:e3:b2:f4:66:8e:f8:dd:11:13:4c:1d:a5:7f:37:df:4e:fd: + 7d:96:ba:ac:6c:39:83:89:8f:05:47:1a:4b:4f:68:38:1a:99: + c8:68:1a:31:b9:78:9a:f5:12:ea:23:c2:c6:83:6b:e4:e0:9a: + fc:70:aa:bb:ef:00:1f:c9:18:ef:48:c2:fc:ec:e8:4c:e8:92: + d6:64:ab:5c:b3:ac:03:da:5f:a9:92:f2:ff:ef:a7:39:6f:d6: + 95:fb:44:89:c7:2b:c4:c4:45:b3:49:1a:c1:23:96:0d:f4:0b: + 0f:75:3b:6e:2c:4c:60:be:e7:0f:63:f2:3c:f0:9c:58:af:dd: + 5e:41:9e:f7:3f:e0:fb:28:be:f0:02:03:01:8c:9e:c5:52:e0: + a4:90:e0:b2:04:1b:58:3e:13:49:87:7b:20:27:73:f4:a8:cd: + c2:be:c7:c0:e9:8e:2d:d0:58:4b:9e:2f:fa:94:63:b2:99:16: + 08:5d:a1:49:1a:3d:29:9a:34:a3:63:ef:fd:79:da:0a:3e:79: + b1:cd:6f:f6:11:b7:c0:e8:67:41:36:36:94:a1:09:7a:cc:b9: + 4b:63:47:ce:49:c8:02:f9:d9:df:49:c1:04:82:09:f8:5b:92: + 4b:98:af:86:5e:fe:2e:48:fe:d6:69:7b:76:a8:c5:32:f6:b0: + ed:7e:bf:14:65:ca:fe:fa:bb:43:33:7e:c8:f4:98:a3:f8:0b: + 65:85:3d:5a:ed:33:45:12:76:90:9a:ca:34:fe:5a:ae:f6:ac: + 4d:9d:b6:28:7f:ac:e3:43:60:9a:dd:ec:a9:21:49:44:4a:74: + 48:12:6b:93:3b:08:70:ac:2e:58:f7:68:eb:8e:ba:9f:41:5a: + f9:a9:43:46:73:7a:1f:40:74:ce:87:c9:5e:51:67:8e:a3:cc: + b8:ea:ac:fe:7b:d8:2b:78 +-----BEGIN CERTIFICATE----- +MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL +MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t +VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy +ODEyNTQzM1oXDTI2MTAyNjEyNTQzM1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT +Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50 +MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDlT1/JLD+OGj4L+H+C1crFbpSk/ZiFwB3rlLWT +W9/CwD+bjl6j0JHKPvR0k2OG36euDRUobThuO6zJXB/H99VmZLkHAEFttqYa7vG7 +zr05zHAfm2XXPDyXLo4eMZB/zKe42S9Os0qYbaAVBJ3L4XrhY/SWerueqNjwM5dn +bb85gg6jtyoVLZkr+FOx6BQP2bOiTyrxY/3VcqYiuda+5HueyIUeBhoxJD3zgqzX +KH2kT0vD/XInB++dUXFW1KS2ZtJ0T5d/P5CoVotbFEpPwD0tWpB029pZg03dKwqB +JM4Zzo5WEA/NDYMB2HWLZhZAG0evdx/Xxc8K13zyfqCgXfpnAgMBAAGjgcgwgcUw +CQYDVR0TBAIwADAdBgNVHQ4EFgQUuN5360OD/5VZuyh45E3y5ccuBu8wgZgGA1Ud +IwSBkDCBjYAUCMSU7SMKIw3Q+tIT4jy2ZedTJRChaqRoMGYxCzAJBgNVBAYTAktH +MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ +Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCkzEYT +iSRAczANBgkqhkiG9w0BAQsFAAOCAgEApyRdsi9JY1WQ4JUO+vzX2AyJARWQcznp +Mjr5jUvN5zoywP277TzZz+oP824YGB0cnOI55sAdLlQU7BuyWv0arGVFm9QNSjpT +lY2900QgF3DQebX3LN0qDb+z0KgfXNszW11WJIQryEMy/PPctdrcfwocKi+bYMot +bv6YVSbVYqc+9ElcqXZUhxkL3XT/AvB1ijYBzylnm67A5draK9lXYZJpHeOy9GaO ++N0RE0wdpX833079fZa6rGw5g4mPBUcaS09oOBqZyGgaMbl4mvUS6iPCxoNr5OCa +/HCqu+8AH8kY70jC/OzoTOiS1mSrXLOsA9pfqZLy/++nOW/WlftEiccrxMRFs0ka +wSOWDfQLD3U7bixMYL7nD2PyPPCcWK/dXkGe9z/g+yi+8AIDAYyexVLgpJDgsgQb +WD4TSYd7ICdz9KjNwr7HwOmOLdBYS54v+pRjspkWCF2hSRo9KZo0o2Pv/XnaCj55 +sc1v9hG3wOhnQTY2lKEJesy5S2NHzknIAvnZ30nBBIIJ+FuSS5ivhl7+Lkj+1ml7 +dqjFMvaw7X6/FGXK/vq7QzN+yPSYo/gLZYU9Wu0zRRJ2kJrKNP5arvasTZ22KH+s +40Ngmt3sqSFJREp0SBJrkzsIcKwuWPdo6466n0Fa+alDRnN6H0B0zofJXlFnjqPM +uOqs/nvYK3g= +-----END CERTIFICATE----- diff --git a/sample/sample-keys/sample-ca/client.csr b/sample/sample-keys/sample-ca/client.csr new file mode 100644 index 0000000..3968434 --- /dev/null +++ b/sample/sample-keys/sample-ca/client.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICrzCCAZcCAQAwajELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRUwEwYDVQQK +EwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50MSEwHwYJKoZIhvcN +AQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDlT1/JLD+OGj4L+H+C1crFbpSk/ZiFwB3rlLWTW9/CwD+bjl6j0JHK +PvR0k2OG36euDRUobThuO6zJXB/H99VmZLkHAEFttqYa7vG7zr05zHAfm2XXPDyX +Lo4eMZB/zKe42S9Os0qYbaAVBJ3L4XrhY/SWerueqNjwM5dnbb85gg6jtyoVLZkr ++FOx6BQP2bOiTyrxY/3VcqYiuda+5HueyIUeBhoxJD3zgqzXKH2kT0vD/XInB++d +UXFW1KS2ZtJ0T5d/P5CoVotbFEpPwD0tWpB029pZg03dKwqBJM4Zzo5WEA/NDYMB +2HWLZhZAG0evdx/Xxc8K13zyfqCgXfpnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOC +AQEAakLYqsUoaxXNwYnm7QVL8KXe32m1+ot1CUt0XF65YaHLPcDBffpwqCb8jULv +lRKDbVmqf4SygnIXtTJ2Ii1sB4MPGj94L+y0l9xYn84/sScGety6Trr+Plp5vNMJ +aafv+NAxZquu/DKtGthdYt1uwgCMa4lm3Kg+E48DddO/XfFIaD/x0Bl7RPIhqiDu +gKYP4P6uwL9OzD0485wjaYKp85fZ96FCdDTVbNfpwoYXgDihAqf6sUfahtM+o7t+ +BFX60knfbWMPu8O9URq8QzYk6JOG9cW2ngTATXLmz7NslG+5GhtTEzaoromYR3Za +So7PnagMqjpz1WXvkKCLXvkoMA== +-----END CERTIFICATE REQUEST----- diff --git a/sample/sample-keys/sample-ca/client.key b/sample/sample-keys/sample-ca/client.key new file mode 100644 index 0000000..a497a9c --- /dev/null +++ b/sample/sample-keys/sample-ca/client.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDlT1/JLD+OGj4L ++H+C1crFbpSk/ZiFwB3rlLWTW9/CwD+bjl6j0JHKPvR0k2OG36euDRUobThuO6zJ +XB/H99VmZLkHAEFttqYa7vG7zr05zHAfm2XXPDyXLo4eMZB/zKe42S9Os0qYbaAV +BJ3L4XrhY/SWerueqNjwM5dnbb85gg6jtyoVLZkr+FOx6BQP2bOiTyrxY/3VcqYi +uda+5HueyIUeBhoxJD3zgqzXKH2kT0vD/XInB++dUXFW1KS2ZtJ0T5d/P5CoVotb +FEpPwD0tWpB029pZg03dKwqBJM4Zzo5WEA/NDYMB2HWLZhZAG0evdx/Xxc8K13zy +fqCgXfpnAgMBAAECggEAFsgW/RaPTd/fkDLlACubVJgS3n1vXMJkdpY0n+o9xcxx +xVOUpXPAODae9MH73ld0Aj+8fWK0e4ckOHEVmzlNEzoog8CLv4mo4P4iOAVnGUnt +TcaTjJmob2Cpr+g+seO0OhIhuBDp9VDW2Z+2yZ2iJqhWkWiqIS4nN134ycbGe8D2 +4wThVA2SV0umZRxhBo4m14GLtwoTxuLKz7aSsL862Z3LtT7M7ofWcyZTw3A4vQmP +77GLBxMyNv0qX+f3LZIi+jtsAk5tYqMVL0ZEgZwi5em+KRCwU/2o2BgJDRrRwSU6 +hrK5ycUuuAMUEQjC4ck3u/vcsXmSyjkjue+C1jfsGQKBgQD8LALHK1RAp3nAdxHK +0MzPiYkrSeiSK+I81NdWqNJ73ReCWUniqT7Q/jh68mBTpYfbSl2mvLbOLZuMvGWh +5rlaGUWSDj2NzA+yfZoa2z9o1hdcRYNM9c5LCEm/CKKAAoeshemO1i87m+76xwnI +IwSrflmuy6VzTzbjZVxq5HC8RQKBgQDoyoSFyo5Fpm0hS6J/tFRG6qNZyZ5Ni9E4 +LRQQhzsaLzTK0TfnlYxzF5+Oz79PfpceVF8CZaEXmX2dUReQdAPKhBJO0dTEqB9g ++GRzeu0XamKduOLvvJEAj5EoqzHxxgHQKYKvf1eshDv3Pl8PiXv9sVjdKKkswX0O +6a3WW+vkuwKBgQDWUUVPJsklZfD5HXlWqRzYaejVjKwHxxoxXydg9HxnXyGC3AYK +iJLlppo0C9jIXo/XVR3A/vRSyLpB40BxWBlBtObG2imAYOUaattVZe8/V21lM4MD +HonkhTfAD0OkjgHnI6y7g9eCzuVN52mt2e03H1xzTYrhNHrOyq+//US/DQKBgHII +GiiLk2us3ZJMwXn69LmUYJYv/DqSPdddxZFfHOVzsFGVcOQhTp5mOQO04krngNEb +lTrQW7v6tRylx3w8SEsgrPMtOCNpE43lvxcOZStuMoZ+NbQn04PJz9pzGdEMJIE6 +hEjBgUoBsHopdFlhCHq6MASN0WkaEs+GSmBRwNjXAoGBALQEU7fOApGoakwPyuhU +RZYFf/EFun7Zvt6lF1SWwJ02lTYmCh91lacWVLLwR/fCphp7orlynaAIofJSPsl6 +fTyKv1rpqMS3wMdD/LFGZPh1oyUmweTxsF/0aNVnSS9O9i46ihxLMRMu7wSguLIw +ycorZrB2bB1WnfmF6bB5qcKC +-----END PRIVATE KEY----- diff --git a/sample/sample-keys/sample-ca/client.p12 b/sample/sample-keys/sample-ca/client.p12 Binary files differnew file mode 100644 index 0000000..f8ac2a9 --- /dev/null +++ b/sample/sample-keys/sample-ca/client.p12 diff --git a/sample/sample-keys/sample-ca/index.txt b/sample/sample-keys/sample-ca/index.txt new file mode 100644 index 0000000..30063b2 --- /dev/null +++ b/sample/sample-keys/sample-ca/index.txt @@ -0,0 +1,3 @@ +V 261026125432Z 01 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain +V 261026125433Z 02 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain +R 261026125433Z 161028125433Z 03 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=client-revoked/emailAddress=me@myhost.mydomain diff --git a/sample/sample-keys/sample-ca/index.txt.attr b/sample/sample-keys/sample-ca/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/sample/sample-keys/sample-ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/sample/sample-keys/sample-ca/index.txt.attr.old b/sample/sample-keys/sample-ca/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/sample/sample-keys/sample-ca/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/sample/sample-keys/sample-ca/index.txt.old b/sample/sample-keys/sample-ca/index.txt.old new file mode 100644 index 0000000..3bfd8f8 --- /dev/null +++ b/sample/sample-keys/sample-ca/index.txt.old @@ -0,0 +1,3 @@ +V 261026125432Z 01 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain +V 261026125433Z 02 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain +V 261026125433Z 03 unknown /C=KG/ST=NA/O=OpenVPN-TEST/CN=client-revoked/emailAddress=me@myhost.mydomain diff --git a/sample/sample-keys/sample-ca/secp256k1.pem b/sample/sample-keys/sample-ca/secp256k1.pem new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/sample/sample-keys/sample-ca/secp256k1.pem diff --git a/sample/sample-keys/sample-ca/serial b/sample/sample-keys/sample-ca/serial new file mode 100644 index 0000000..6496923 --- /dev/null +++ b/sample/sample-keys/sample-ca/serial @@ -0,0 +1 @@ +04 diff --git a/sample/sample-keys/sample-ca/serial.old b/sample/sample-keys/sample-ca/serial.old new file mode 100644 index 0000000..75016ea --- /dev/null +++ b/sample/sample-keys/sample-ca/serial.old @@ -0,0 +1 @@ +03 diff --git a/sample/sample-keys/sample-ca/server.crt b/sample/sample-keys/sample-ca/server.crt new file mode 100644 index 0000000..6613831 --- /dev/null +++ b/sample/sample-keys/sample-ca/server.crt @@ -0,0 +1,113 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + Validity + Not Before: Oct 28 12:54:32 2016 GMT + Not After : Oct 26 12:54:32 2026 GMT + Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a6:74:d1:c9:77:5d:ff:d6:22:e3:69:38:8f:e1: + 15:0c:e3:46:2c:19:61:31:af:ef:f9:34:5b:0c:bd: + 20:d1:76:6a:64:62:f6:89:aa:5b:c9:42:10:44:6f: + 07:0f:fe:62:59:96:0b:16:ec:62:3e:18:08:ad:67: + 37:b6:53:2d:3d:d9:81:b7:6b:11:d6:fa:23:6a:23: + 6c:3c:be:54:91:e3:04:c6:f5:8c:a6:6a:80:9f:ef: + e8:5b:63:1e:68:37:09:ef:4d:5c:44:82:e6:2e:0d: + e5:d7:94:3f:31:74:50:d1:10:5c:99:4d:b5:9f:80: + 2b:46:25:37:8b:a2:3d:ce:02:b2:0a:21:63:82:9c: + a1:35:b9:3d:9e:ad:a4:19:3c:f5:b2:3a:d7:aa:d4: + b7:6d:c2:95:4d:94:4b:38:6f:b0:60:cf:22:d7:37: + 66:62:1d:1a:86:c2:a8:6a:2a:56:e5:d6:c3:e2:31: + 34:a6:42:5d:79:da:12:e0:a1:95:d1:17:07:f6:cc: + f8:63:fa:01:8a:26:7b:bf:b8:a4:87:8c:b5:a3:59: + 23:60:67:07:4a:4c:c1:55:be:60:a1:56:92:6c:97: + 53:fb:fe:eb:d3:25:fd:28:23:3e:38:4d:e9:92:90: + 8b:a6:5e:22:2f:02:1f:69:c6:fa:88:a5:52:88:cc: + 61:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + Netscape Comment: + OpenSSL Generated Server Certificate + X509v3 Subject Key Identifier: + 7D:4C:17:FE:59:B2:58:FF:08:BC:F4:88:FC:A3:8F:9F:CA:3B:3B:5E + X509v3 Authority Key Identifier: + keyid:08:C4:94:ED:23:0A:23:0D:D0:FA:D2:13:E2:3C:B6:65:E7:53:25:10 + DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain + serial:A4:CC:46:13:89:24:40:73 + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 82:2e:11:99:f4:56:98:ad:23:97:74:5c:69:00:7b:fc:9a:93: + 15:20:93:db:d6:83:04:9a:6c:cb:55:cd:5c:07:d6:31:5a:00: + 1d:35:eb:8e:74:cd:7a:08:db:cd:1f:89:8c:04:70:f7:35:e0: + a7:cc:cf:76:2b:8a:a5:80:7b:c1:72:4e:9a:c6:b7:a2:f5:9c: + 23:dc:d7:0d:93:a3:0f:f4:10:7d:8b:1d:85:5e:bb:2f:09:c8: + 67:41:38:12:72:14:29:f6:6d:68:b5:8a:97:1c:a1:8f:3d:74: + 14:95:c6:88:4f:4c:cd:8b:2e:db:95:b0:98:55:d7:5b:22:1f: + f3:de:5c:b4:7b:a0:d9:f2:56:2c:ff:85:b0:16:52:63:11:2b: + 14:8e:d0:f8:03:d2:cc:89:35:c0:d5:a3:b9:ec:11:55:e0:17: + 43:95:b2:6e:f2:db:80:73:f2:b3:3f:9d:fa:4d:24:6a:60:25: + 24:1a:53:10:38:08:d4:fe:fa:06:1a:1e:d3:cc:15:64:c7:9e: + 8b:51:ee:b3:50:25:60:88:70:46:39:bd:79:f1:5a:74:67:3d: + f0:7e:22:a9:b4:2e:f5:06:45:c3:46:fe:e6:32:40:e6:e1:00: + dc:e8:a8:43:fe:f4:66:64:4f:41:45:d5:d2:7b:ab:a0:62:f7: + dc:f0:28:d3:c6:9c:21:3e:bd:44:95:4c:20:b4:8f:c3:ae:ee: + eb:d7:7a:11:88:2d:3d:18:49:5d:e6:09:b8:5f:c7:24:32:83: + dd:5f:ae:03:02:c1:b6:51:0d:62:a2:41:f4:13:12:b2:f2:9a: + c1:50:04:63:42:de:41:b3:b3:ab:45:57:9e:8b:01:e0:c5:70: + d9:70:0e:ea:84:39:07:08:03:e9:99:b1:60:ce:a9:c6:ce:a4: + 61:29:36:3c:58:52:a2:c3:01:4f:4e:c1:e8:af:3b:ca:7c:34: + 9c:2a:21:c9:40:17:ce:8c:10:b2:fc:c2:39:43:55:50:19:2d: + c9:f0:ab:48:b2:86:e6:cf:1e:13:6c:6a:ed:85:e9:f6:dd:b9: + ba:6e:70:6a:e9:78:43:40:a3:c8:64:50:1f:5b:88:0d:88:55: + 0f:94:9c:92:44:83:79:0c:38:79:09:c4:93:6a:a8:dc:f3:8b: + c4:af:bf:0c:20:7b:76:7b:31:52:01:70:4f:09:be:38:d0:14: + ce:62:c6:00:35:cd:fc:eb:68:f1:45:d5:de:6a:3f:8b:3f:dc: + 1c:c9:e3:8a:7c:f1:17:53:71:f8:af:c9:43:9f:91:5a:16:0b: + 3a:c0:d7:b0:e7:74:54:12:f0:9a:71:5f:f3:dd:6b:c0:69:ec: + 9d:4d:14:61:bd:10:21:80 +-----BEGIN CERTIFICATE----- +MIIFgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL +MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t +VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MTAy +ODEyNTQzMloXDTI2MTAyNjEyNTQzMlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT +Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy +MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCmdNHJd13/1iLjaTiP4RUM40YsGWExr+/5NFsM +vSDRdmpkYvaJqlvJQhBEbwcP/mJZlgsW7GI+GAitZze2Uy092YG3axHW+iNqI2w8 +vlSR4wTG9YymaoCf7+hbYx5oNwnvTVxEguYuDeXXlD8xdFDREFyZTbWfgCtGJTeL +oj3OArIKIWOCnKE1uT2eraQZPPWyOteq1LdtwpVNlEs4b7BgzyLXN2ZiHRqGwqhq +Klbl1sPiMTSmQl152hLgoZXRFwf2zPhj+gGKJnu/uKSHjLWjWSNgZwdKTMFVvmCh +VpJsl1P7/uvTJf0oIz44TemSkIumXiIvAh9pxvqIpVKIzGGhAgMBAAGjggEzMIIB +LzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk +T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBR9 +TBf+WbJY/wi89Ij8o4+fyjs7XjCBmAYDVR0jBIGQMIGNgBQIxJTtIwojDdD60hPi +PLZl51MlEKFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRAwDgYDVQQH +EwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEW +Em1lQG15aG9zdC5teWRvbWFpboIJAKTMRhOJJEBzMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAgEAgi4RmfRWmK0jl3Rc +aQB7/JqTFSCT29aDBJpsy1XNXAfWMVoAHTXrjnTNegjbzR+JjARw9zXgp8zPdiuK +pYB7wXJOmsa3ovWcI9zXDZOjD/QQfYsdhV67LwnIZ0E4EnIUKfZtaLWKlxyhjz10 +FJXGiE9MzYsu25WwmFXXWyIf895ctHug2fJWLP+FsBZSYxErFI7Q+APSzIk1wNWj +uewRVeAXQ5WybvLbgHPysz+d+k0kamAlJBpTEDgI1P76Bhoe08wVZMeei1Hus1Al +YIhwRjm9efFadGc98H4iqbQu9QZFw0b+5jJA5uEA3OioQ/70ZmRPQUXV0nuroGL3 +3PAo08acIT69RJVMILSPw67u69d6EYgtPRhJXeYJuF/HJDKD3V+uAwLBtlENYqJB +9BMSsvKawVAEY0LeQbOzq0VXnosB4MVw2XAO6oQ5BwgD6ZmxYM6pxs6kYSk2PFhS +osMBT07B6K87ynw0nCohyUAXzowQsvzCOUNVUBktyfCrSLKG5s8eE2xq7YXp9t25 +um5waul4Q0CjyGRQH1uIDYhVD5SckkSDeQw4eQnEk2qo3POLxK+/DCB7dnsxUgFw +Twm+ONAUzmLGADXN/Oto8UXV3mo/iz/cHMnjinzxF1Nx+K/JQ5+RWhYLOsDXsOd0 +VBLwmnFf891rwGnsnU0UYb0QIYA= +-----END CERTIFICATE----- diff --git a/sample/sample-keys/sample-ca/server.csr b/sample/sample-keys/sample-ca/server.csr new file mode 100644 index 0000000..d54b7c0 --- /dev/null +++ b/sample/sample-keys/sample-ca/server.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICrzCCAZcCAQAwajELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRUwEwYDVQQK +EwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVyMSEwHwYJKoZIhvcN +AQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCmdNHJd13/1iLjaTiP4RUM40YsGWExr+/5NFsMvSDRdmpkYvaJqlvJ +QhBEbwcP/mJZlgsW7GI+GAitZze2Uy092YG3axHW+iNqI2w8vlSR4wTG9YymaoCf +7+hbYx5oNwnvTVxEguYuDeXXlD8xdFDREFyZTbWfgCtGJTeLoj3OArIKIWOCnKE1 +uT2eraQZPPWyOteq1LdtwpVNlEs4b7BgzyLXN2ZiHRqGwqhqKlbl1sPiMTSmQl15 +2hLgoZXRFwf2zPhj+gGKJnu/uKSHjLWjWSNgZwdKTMFVvmChVpJsl1P7/uvTJf0o +Iz44TemSkIumXiIvAh9pxvqIpVKIzGGhAgMBAAGgADANBgkqhkiG9w0BAQsFAAOC +AQEAd1l8S0ApIlcKg8G/WU65NIN7fcUQ5IDHNjzXv2J/yj4s6W/1yBUenm5TIAcp +CwIFCRl6bcsXIHZbQDgIiLYS1gW7E+oK8JVTRtyDVRxA6+yTf/rv+gJjgr5bE39b +rtSUxacdbTeiKo1ulo/wEi9uYAL4HoI8LQUK0lbq9w6PLOl6M2N9nhZS/W6RQqSC +T/2cGMCizAbkbZ/o44intbMkntzR+ISSirXxHjCsLaZptB67v1xdDHShP2aztmyB +rIs/KG4oUYlt2rwIr2ejpp7HrigmTbw4yXZIqMdp8/THHS8XgoVWuHv0h9GLuuy+ +fMIqE3HCbBtAtQlmYw4RtWBFQg== +-----END CERTIFICATE REQUEST----- diff --git a/sample/sample-keys/sample-ca/server.key b/sample/sample-keys/sample-ca/server.key new file mode 100644 index 0000000..9a0dd80 --- /dev/null +++ b/sample/sample-keys/sample-ca/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCmdNHJd13/1iLj +aTiP4RUM40YsGWExr+/5NFsMvSDRdmpkYvaJqlvJQhBEbwcP/mJZlgsW7GI+GAit +Zze2Uy092YG3axHW+iNqI2w8vlSR4wTG9YymaoCf7+hbYx5oNwnvTVxEguYuDeXX +lD8xdFDREFyZTbWfgCtGJTeLoj3OArIKIWOCnKE1uT2eraQZPPWyOteq1LdtwpVN +lEs4b7BgzyLXN2ZiHRqGwqhqKlbl1sPiMTSmQl152hLgoZXRFwf2zPhj+gGKJnu/ +uKSHjLWjWSNgZwdKTMFVvmChVpJsl1P7/uvTJf0oIz44TemSkIumXiIvAh9pxvqI +pVKIzGGhAgMBAAECggEAS9AfEIxuYqyMHVl6KoXQiZsmBcXVb8T7HlyLL6UgQmaV +lH1CXncZ8PNG53ROGim5b6YYDOvC3xchNKEzTbZaf7YGD50Tdf9di+TwUkY5zGxC +a7/AvLb7OF0TTjQ50CtpOfXZFVctMUKhMWvS0FpyyJWUJzqugyPkEcG3p8BQN/hj +/ccVxtUhviB6pkzVT4iULcrq78C1LEu4KYatC0z+5FI3VjTCaMJX+nXDshcPGfdQ +9ablCQcuYRbtiJ/USZj+ZL5jeo9PtxDHtuEmlpkLJ1us7XLgNr0mF3+1E/W2rUjG +eEFry5BSq7BhnOGmKQ9gn/XQwCBNTH6nw4Jqlc7XMQKBgQDaFT83JnXnZQrCOsgK +Up0wApmqVJi4Q189+2mugwVEWSUwOGZuNTCVDQzJyTdiAgqMaFMMUFszFZgR9GIJ +jwvX42c6XwaQdpKudkHSw/6LefLggHFdyN89CluBhaefBR0+dBx8rSZ3OOw/v8fT +SMET5MnAx0lswKTmVFUDA3AWjQKBgQDDZbK5K3AB0j2XZykO5upj5vSuJD63VCpE +5YMbsUpCKlIRN7wHZySw7yr2me1Pxlnbt2E1jXfhygqGg6eZSDL//4cNLk8Culw+ +xi9N9CuLroIbT3SxDDFG4ZRjJW/JuPDyrPYvd9EjsvbmNKN2ErxwcjNHoh5RNSdK +jV7dOFBsZQKBgQChXelZuIazgmt0jqQoJzsSJEpp45Dhf1CA/4ASVfZWvZOr23/H +emoJUA+vW8k0JwiBHkydJvRkl0zftDG6mvMLesOOSHQF/wbIOs630riNod2aStAX +siOk+f39l9UQ8GrUJHxTsJduzlrZTOHiL8pWGwtCLvPgmacqmyoQQcH1nQKBgC1M +9KSNd4hUj8b8Ob6kto62yt9cs9WZA7u5Yi4XalnwqdooC8XDmfQTXuiRQz2NhOO1 +ninmRHbqeoo5F7An1vsW6N6bb+H4Bs7e77So+TeHG87tGua5JuuB/P8HfOVNpT79 +7o2Ov8QBB9DTP1pueZWwREdFRLYbFqLoJ6guGCcpAoGAb/86lf8HhVZKeJ2S49cl +HBaynzn4FGiVZl/HekmOyHw1ymJCBS3lQMvw2pIDqPqGUReIjJwJVfRYazCQmdSY +hdlNcrn6nXAN5CVFolStJNpZIQBvTsAwl3dYjs7ycSh8pwDiPUKqmW0FiW1u7i8i +eyXzuBIBkRx6w+ky7J70VpU= +-----END PRIVATE KEY----- diff --git a/sample/sample-plugins/defer/simple.c b/sample/sample-plugins/defer/simple.c index 6539865..ad1bbb0 100644 --- a/sample/sample-plugins/defer/simple.c +++ b/sample/sample-plugins/defer/simple.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -25,7 +25,7 @@ /* * This file implements a simple OpenVPN plugin module which * will test deferred authentication and packet filtering. - * + * * Will run on Windows or *nix. * * Sample usage: @@ -68,13 +68,13 @@ */ struct plugin_context { - int test_deferred_auth; - int test_packet_filter; + int test_deferred_auth; + int test_packet_filter; }; struct plugin_per_client_context { - int n_calls; - bool generated_pf_file; + int n_calls; + bool generated_pf_file; }; /* @@ -83,223 +83,258 @@ struct plugin_per_client_context { * if found or NULL otherwise. */ static const char * -get_env (const char *name, const char *envp[]) +get_env(const char *name, const char *envp[]) { - if (envp) + if (envp) { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } + int i; + const int namelen = strlen(name); + for (i = 0; envp[i]; ++i) + { + if (!strncmp(envp[i], name, namelen)) + { + const char *cp = envp[i] + namelen; + if (*cp == '=') + { + return cp + 1; + } + } + } } - return NULL; + return NULL; } /* used for safe printf of possible NULL strings */ static const char * -np (const char *str) +np(const char *str) { - if (str) - return str; - else - return "[NULL]"; + if (str) + { + return str; + } + else + { + return "[NULL]"; + } } static int -atoi_null0 (const char *str) +atoi_null0(const char *str) { - if (str) - return atoi (str); - else - return 0; + if (str) + { + return atoi(str); + } + else + { + return 0; + } } OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) +openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[]) { - struct plugin_context *context; - - printf ("FUNC: openvpn_plugin_open_v1\n"); - - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp)); - printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth); - - context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp)); - printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter); - - /* - * Which callbacks to intercept. - */ - *type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF); - - return (openvpn_plugin_handle_t) context; + struct plugin_context *context; + + printf("FUNC: openvpn_plugin_open_v1\n"); + + /* + * Allocate our context + */ + context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); + + context->test_deferred_auth = atoi_null0(get_env("test_deferred_auth", envp)); + printf("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth); + + context->test_packet_filter = atoi_null0(get_env("test_packet_filter", envp)); + printf("TEST_PACKET_FILTER %d\n", context->test_packet_filter); + + /* + * Which callbacks to intercept. + */ + *type_mask = + OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ENABLE_PF); + + return (openvpn_plugin_handle_t) context; } static int -auth_user_pass_verify (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) +auth_user_pass_verify(struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) { - if (context->test_deferred_auth) + if (context->test_deferred_auth) { - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); - - /* get auth_control_file filename from envp string array*/ - const char *auth_control_file = get_env ("auth_control_file", envp); - - printf ("DEFER u='%s' p='%s' acf='%s'\n", - np(username), - np(password), - np(auth_control_file)); - - /* Authenticate asynchronously in n seconds */ - if (auth_control_file) - { - char buf[256]; - int auth = 2; - sscanf (username, "%d", &auth); - snprintf (buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &", - context->test_deferred_auth, - auth_control_file, - auth, - pcc->n_calls < auth, - auth_control_file); - printf ("%s\n", buf); - system (buf); - pcc->n_calls++; - return OPENVPN_PLUGIN_FUNC_DEFERRED; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; + /* get username/password from envp string array */ + const char *username = get_env("username", envp); + const char *password = get_env("password", envp); + + /* get auth_control_file filename from envp string array*/ + const char *auth_control_file = get_env("auth_control_file", envp); + + printf("DEFER u='%s' p='%s' acf='%s'\n", + np(username), + np(password), + np(auth_control_file)); + + /* Authenticate asynchronously in n seconds */ + if (auth_control_file) + { + char buf[256]; + int auth = 2; + sscanf(username, "%d", &auth); + snprintf(buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &", + context->test_deferred_auth, + auth_control_file, + auth, + pcc->n_calls < auth, + auth_control_file); + printf("%s\n", buf); + system(buf); + pcc->n_calls++; + return OPENVPN_PLUGIN_FUNC_DEFERRED; + } + else + { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + } + else + { + return OPENVPN_PLUGIN_FUNC_SUCCESS; } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; } static int -tls_final (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) +tls_final(struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) { - if (context->test_packet_filter) + if (context->test_packet_filter) + { + if (!pcc->generated_pf_file) + { + const char *pff = get_env("pf_file", envp); + const char *cn = get_env("username", envp); + if (pff && cn) + { + char buf[256]; + snprintf(buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &", + context->test_packet_filter, cn, pff, cn, pff); + printf("%s\n", buf); + system(buf); + pcc->generated_pf_file = true; + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } + else + { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + } + else + { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + } + else { - if (!pcc->generated_pf_file) - { - const char *pff = get_env ("pf_file", envp); - const char *cn = get_env ("username", envp); - if (pff && cn) - { - char buf[256]; - snprintf (buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &", - context->test_packet_filter, cn, pff, cn, pff); - printf ("%s\n", buf); - system (buf); - pcc->generated_pf_file = true; - return OPENVPN_PLUGIN_FUNC_SUCCESS; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; + return OPENVPN_PLUGIN_FUNC_SUCCESS; } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; } OPENVPN_EXPORT int -openvpn_plugin_func_v2 (openvpn_plugin_handle_t handle, - const int type, - const char *argv[], - const char *envp[], - void *per_client_context, - struct openvpn_plugin_string_list **return_list) +openvpn_plugin_func_v2(openvpn_plugin_handle_t handle, + const int type, + const char *argv[], + const char *envp[], + void *per_client_context, + struct openvpn_plugin_string_list **return_list) { - struct plugin_context *context = (struct plugin_context *) handle; - struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context; - switch (type) + struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context; + switch (type) { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - return auth_user_pass_verify (context, pcc, argv, envp); - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - return tls_final (context, pcc, argv, envp); - case OPENVPN_PLUGIN_ENABLE_PF: - printf ("OPENVPN_PLUGIN_ENABLE_PF\n"); - if (context->test_packet_filter) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; - default: - printf ("OPENVPN_PLUGIN_?\n"); - return OPENVPN_PLUGIN_FUNC_ERROR; + case OPENVPN_PLUGIN_UP: + printf("OPENVPN_PLUGIN_UP\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + case OPENVPN_PLUGIN_DOWN: + printf("OPENVPN_PLUGIN_DOWN\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + case OPENVPN_PLUGIN_ROUTE_UP: + printf("OPENVPN_PLUGIN_ROUTE_UP\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + case OPENVPN_PLUGIN_IPCHANGE: + printf("OPENVPN_PLUGIN_IPCHANGE\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + case OPENVPN_PLUGIN_TLS_VERIFY: + printf("OPENVPN_PLUGIN_TLS_VERIFY\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: + printf("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); + return auth_user_pass_verify(context, pcc, argv, envp); + + case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: + printf("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + case OPENVPN_PLUGIN_CLIENT_DISCONNECT: + printf("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + case OPENVPN_PLUGIN_LEARN_ADDRESS: + printf("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + case OPENVPN_PLUGIN_TLS_FINAL: + printf("OPENVPN_PLUGIN_TLS_FINAL\n"); + return tls_final(context, pcc, argv, envp); + + case OPENVPN_PLUGIN_ENABLE_PF: + printf("OPENVPN_PLUGIN_ENABLE_PF\n"); + if (context->test_packet_filter) + { + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } + else + { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + default: + printf("OPENVPN_PLUGIN_?\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; } } OPENVPN_EXPORT void * -openvpn_plugin_client_constructor_v1 (openvpn_plugin_handle_t handle) +openvpn_plugin_client_constructor_v1(openvpn_plugin_handle_t handle) { - printf ("FUNC: openvpn_plugin_client_constructor_v1\n"); - return calloc (1, sizeof (struct plugin_per_client_context)); + printf("FUNC: openvpn_plugin_client_constructor_v1\n"); + return calloc(1, sizeof(struct plugin_per_client_context)); } OPENVPN_EXPORT void -openvpn_plugin_client_destructor_v1 (openvpn_plugin_handle_t handle, void *per_client_context) +openvpn_plugin_client_destructor_v1(openvpn_plugin_handle_t handle, void *per_client_context) { - printf ("FUNC: openvpn_plugin_client_destructor_v1\n"); - free (per_client_context); + printf("FUNC: openvpn_plugin_client_destructor_v1\n"); + free(per_client_context); } OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) +openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; - printf ("FUNC: openvpn_plugin_close_v1\n"); - free (context); + struct plugin_context *context = (struct plugin_context *) handle; + printf("FUNC: openvpn_plugin_close_v1\n"); + free(context); } diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c index b0240b8..177977d 100644 --- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c +++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -41,23 +41,23 @@ #endif #define ovpn_err(fmt, ...) \ - plugin->log(PLOG_ERR, "SSO", fmt , ## __VA_ARGS__) + plugin->log(PLOG_ERR, "SSO", fmt, ## __VA_ARGS__) #define ovpn_dbg(fmt, ...) \ - plugin->log(PLOG_DEBUG, "SSO", fmt , ## __VA_ARGS__) + plugin->log(PLOG_DEBUG, "SSO", fmt, ## __VA_ARGS__) #define ovpn_note(fmt, ...) \ - plugin->log(PLOG_NOTE, "SSO", fmt , ## __VA_ARGS__) + plugin->log(PLOG_NOTE, "SSO", fmt, ## __VA_ARGS__) enum endpoint { CLIENT = 1, SERVER = 2 }; struct plugin { - plugin_log_t log; - enum endpoint type; - int mask; + plugin_log_t log; + enum endpoint type; + int mask; }; struct session { - char user[48]; - char key [48]; + char user[48]; + char key [48]; }; /* @@ -69,201 +69,226 @@ struct session { static const char * get_env(const char *name, const char *envp[]) { - if (envp) + if (envp) { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } + int i; + const int namelen = strlen(name); + for (i = 0; envp[i]; ++i) + { + if (!strncmp(envp[i], name, namelen)) + { + const char *cp = envp[i] + namelen; + if (*cp == '=') + { + return cp + 1; + } + } + } } - return NULL; + return NULL; } OPENVPN_EXPORT int -openvpn_plugin_open_v3 (const int version, - struct openvpn_plugin_args_open_in const *args, - struct openvpn_plugin_args_open_return *rv) +openvpn_plugin_open_v3(const int version, + struct openvpn_plugin_args_open_in const *args, + struct openvpn_plugin_args_open_return *rv) { - struct plugin *plugin = calloc (1, sizeof(*plugin)); + struct plugin *plugin = calloc(1, sizeof(*plugin)); - plugin->type = get_env ("remote_1", args->envp) ? CLIENT : SERVER; - plugin->log = args->callbacks->plugin_log; + plugin->type = get_env("remote_1", args->envp) ? CLIENT : SERVER; + plugin->log = args->callbacks->plugin_log; - plugin->mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); - plugin->mask |= OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY); + plugin->mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); + plugin->mask |= OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY); - ovpn_note("vpn endpoint type=%s",plugin->type == CLIENT ? "client":"server"); + ovpn_note("vpn endpoint type=%s",plugin->type == CLIENT ? "client" : "server"); - rv->type_mask = plugin->mask; - rv->handle = (void *)plugin; + rv->type_mask = plugin->mask; + rv->handle = (void *)plugin; - return OPENVPN_PLUGIN_FUNC_SUCCESS; + return OPENVPN_PLUGIN_FUNC_SUCCESS; } static void session_user_set(struct session *sess, X509 *x509) { - int fn_nid; - ASN1_OBJECT *fn; - ASN1_STRING *val; - X509_NAME *x509_name; - X509_NAME_ENTRY *ent; - const char *objbuf; - - x509_name = X509_get_subject_name (x509); - int i, n = X509_NAME_entry_count (x509_name); - for (i = 0; i < n; ++i) + int fn_nid; + ASN1_OBJECT *fn; + ASN1_STRING *val; + X509_NAME *x509_name; + X509_NAME_ENTRY *ent; + const char *objbuf; + + x509_name = X509_get_subject_name(x509); + int i, n = X509_NAME_entry_count(x509_name); + for (i = 0; i < n; ++i) { - if (!(ent = X509_NAME_get_entry (x509_name, i))) - continue; - if (!(fn = X509_NAME_ENTRY_get_object (ent))) - continue; - if (!(val = X509_NAME_ENTRY_get_data (ent))) - continue; - if ((fn_nid = OBJ_obj2nid (fn)) == NID_undef) - continue; - if (!(objbuf = OBJ_nid2sn (fn_nid))) - continue; - /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ - unsigned char *buf = (unsigned char *)1; - if (ASN1_STRING_to_UTF8 (&buf, val) <= 0) - continue; - - if (!strncasecmp(objbuf, "CN", 2)) - snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf); - - OPENSSL_free (buf); + if (!(ent = X509_NAME_get_entry(x509_name, i))) + { + continue; + } + if (!(fn = X509_NAME_ENTRY_get_object(ent))) + { + continue; + } + if (!(val = X509_NAME_ENTRY_get_data(ent))) + { + continue; + } + if ((fn_nid = OBJ_obj2nid(fn)) == NID_undef) + { + continue; + } + if (!(objbuf = OBJ_nid2sn(fn_nid))) + { + continue; + } + /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ + unsigned char *buf = (unsigned char *)1; + if (ASN1_STRING_to_UTF8(&buf, val) <= 0) + { + continue; + } + + if (!strncasecmp(objbuf, "CN", 2)) + { + snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf); + } + + OPENSSL_free(buf); } } static int tls_verify(struct openvpn_plugin_args_func_in const *args) { - struct plugin *plugin = (struct plugin *)args->handle; - struct session *sess = (struct session *)args->per_client_context; + struct plugin *plugin = (struct plugin *)args->handle; + struct session *sess = (struct session *)args->per_client_context; - /* we store cert subject for the server end point only */ - if (plugin->type != SERVER) - return OPENVPN_PLUGIN_FUNC_SUCCESS; + /* we store cert subject for the server end point only */ + if (plugin->type != SERVER) + { + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } - if (!args->current_cert) { - ovpn_err("this example plugin requires client certificate"); - return OPENVPN_PLUGIN_FUNC_ERROR; - } + if (!args->current_cert) + { + ovpn_err("this example plugin requires client certificate"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } - session_user_set(sess, args->current_cert); + session_user_set(sess, args->current_cert); - return OPENVPN_PLUGIN_FUNC_SUCCESS; + return OPENVPN_PLUGIN_FUNC_SUCCESS; } static void file_store(char *file, char *content) { - FILE *f; - if (!(f = fopen(file, "w+"))) - return; + FILE *f; + if (!(f = fopen(file, "w+"))) + { + return; + } - fprintf(f, "%s", content); - fclose(f); + fprintf(f, "%s", content); + fclose(f); } static void server_store(struct openvpn_plugin_args_func_in const *args) { - struct plugin *plugin = (struct plugin *)args->handle; - struct session *sess = (struct session *)args->per_client_context; + struct plugin *plugin = (struct plugin *)args->handle; + struct session *sess = (struct session *)args->per_client_context; - char file[MAXPATH]; - snprintf(file, sizeof(file) - 1, "/tmp/openvpn_sso_%s", sess->key); - ovpn_note("app session file: %s", file); - file_store(file, sess->user); + char file[MAXPATH]; + snprintf(file, sizeof(file) - 1, "/tmp/openvpn_sso_%s", sess->key); + ovpn_note("app session file: %s", file); + file_store(file, sess->user); } static void client_store(struct openvpn_plugin_args_func_in const *args) { - struct plugin *plugin = (struct plugin *)args->handle; - struct session *sess = (struct session *)args->per_client_context; + struct plugin *plugin = (struct plugin *)args->handle; + struct session *sess = (struct session *)args->per_client_context; - char *file = "/tmp/openvpn_sso_user"; - ovpn_note("app session file: %s", file); - file_store(file, sess->key); + char *file = "/tmp/openvpn_sso_user"; + ovpn_note("app session file: %s", file); + file_store(file, sess->key); } static int tls_final(struct openvpn_plugin_args_func_in const *args, struct openvpn_plugin_args_func_return *rv) { - struct plugin *plugin = (struct plugin *)args->handle; - struct session *sess = (struct session *)args->per_client_context; - - const char *key; - if (!(key = get_env ("exported_keying_material", args->envp))) - return OPENVPN_PLUGIN_FUNC_ERROR; - - snprintf(sess->key, sizeof(sess->key) - 1, "%s", key); - ovpn_note("app session key: %s", sess->key); - - switch (plugin->type) { - case SERVER: - server_store(args); - break; - case CLIENT: - client_store(args); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - } + struct plugin *plugin = (struct plugin *)args->handle; + struct session *sess = (struct session *)args->per_client_context; - ovpn_note("app session user: %s", sess->user); - return OPENVPN_PLUGIN_FUNC_SUCCESS; + const char *key; + if (!(key = get_env("exported_keying_material", args->envp))) + { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + snprintf(sess->key, sizeof(sess->key) - 1, "%s", key); + ovpn_note("app session key: %s", sess->key); + + switch (plugin->type) { + case SERVER: + server_store(args); + break; + + case CLIENT: + client_store(args); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } + + ovpn_note("app session user: %s", sess->user); + return OPENVPN_PLUGIN_FUNC_SUCCESS; } OPENVPN_EXPORT int -openvpn_plugin_func_v3 (const int version, - struct openvpn_plugin_args_func_in const *args, - struct openvpn_plugin_args_func_return *rv) +openvpn_plugin_func_v3(const int version, + struct openvpn_plugin_args_func_in const *args, + struct openvpn_plugin_args_func_return *rv) { - switch(args->type) { - case OPENVPN_PLUGIN_TLS_VERIFY: - return tls_verify(args); - case OPENVPN_PLUGIN_TLS_FINAL: - return tls_final(args, rv); - } - return OPENVPN_PLUGIN_FUNC_SUCCESS; + switch (args->type) { + case OPENVPN_PLUGIN_TLS_VERIFY: + return tls_verify(args); + + case OPENVPN_PLUGIN_TLS_FINAL: + return tls_final(args, rv); + } + return OPENVPN_PLUGIN_FUNC_SUCCESS; } OPENVPN_EXPORT void * openvpn_plugin_client_constructor_v1(openvpn_plugin_handle_t handle) { - struct plugin *plugin = (struct plugin *)handle; - struct session *sess = calloc (1, sizeof(*sess)); + struct plugin *plugin = (struct plugin *)handle; + struct session *sess = calloc(1, sizeof(*sess)); - ovpn_note("app session created"); + ovpn_note("app session created"); - return (void *)sess; + return (void *)sess; } OPENVPN_EXPORT void openvpn_plugin_client_destructor_v1(openvpn_plugin_handle_t handle, void *ctx) { - struct plugin *plugin = (struct plugin *)handle; - struct session *sess = (struct session *)ctx; + struct plugin *plugin = (struct plugin *)handle; + struct session *sess = (struct session *)ctx; - ovpn_note("app session key: %s", sess->key); - ovpn_note("app session destroyed"); + ovpn_note("app session key: %s", sess->key); + ovpn_note("app session destroyed"); - free (sess); + free(sess); } OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) +openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin *plugin = (struct plugin *)handle; - free (plugin); + struct plugin *plugin = (struct plugin *)handle; + free(plugin); } diff --git a/sample/sample-plugins/log/log.c b/sample/sample-plugins/log/log.c index 1cc4650..0201628 100644 --- a/sample/sample-plugins/log/log.c +++ b/sample/sample-plugins/log/log.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -39,8 +39,8 @@ * Our context, where we keep our state. */ struct plugin_context { - const char *username; - const char *password; + const char *username; + const char *password; }; /* @@ -49,136 +49,154 @@ struct plugin_context { * if found or NULL otherwise. */ static const char * -get_env (const char *name, const char *envp[]) +get_env(const char *name, const char *envp[]) { - if (envp) + if (envp) { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } + int i; + const int namelen = strlen(name); + for (i = 0; envp[i]; ++i) + { + if (!strncmp(envp[i], name, namelen)) + { + const char *cp = envp[i] + namelen; + if (*cp == '=') + { + return cp + 1; + } + } + } } - return NULL; + return NULL; } OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) +openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[]) { - struct plugin_context *context; - - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - /* - * Set the username/password we will require. - */ - context->username = "foo"; - context->password = "bar"; - - /* - * Which callbacks to intercept. - */ - *type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); - - return (openvpn_plugin_handle_t) context; + struct plugin_context *context; + + /* + * Allocate our context + */ + context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); + + /* + * Set the username/password we will require. + */ + context->username = "foo"; + context->password = "bar"; + + /* + * Which callbacks to intercept. + */ + *type_mask = + OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); + + return (openvpn_plugin_handle_t) context; } void -show (const int type, const char *argv[], const char *envp[]) +show(const int type, const char *argv[], const char *envp[]) { - size_t i; - switch (type) + size_t i; + switch (type) { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - break; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - break; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - break; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - break; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - break; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - break; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - break; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - break; - default: - printf ("OPENVPN_PLUGIN_?\n"); - break; + case OPENVPN_PLUGIN_UP: + printf("OPENVPN_PLUGIN_UP\n"); + break; + + case OPENVPN_PLUGIN_DOWN: + printf("OPENVPN_PLUGIN_DOWN\n"); + break; + + case OPENVPN_PLUGIN_ROUTE_UP: + printf("OPENVPN_PLUGIN_ROUTE_UP\n"); + break; + + case OPENVPN_PLUGIN_IPCHANGE: + printf("OPENVPN_PLUGIN_IPCHANGE\n"); + break; + + case OPENVPN_PLUGIN_TLS_VERIFY: + printf("OPENVPN_PLUGIN_TLS_VERIFY\n"); + break; + + case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: + printf("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); + break; + + case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: + printf("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); + break; + + case OPENVPN_PLUGIN_CLIENT_DISCONNECT: + printf("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); + break; + + case OPENVPN_PLUGIN_LEARN_ADDRESS: + printf("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); + break; + + case OPENVPN_PLUGIN_TLS_FINAL: + printf("OPENVPN_PLUGIN_TLS_FINAL\n"); + break; + + default: + printf("OPENVPN_PLUGIN_?\n"); + break; } - printf ("ARGV\n"); - for (i = 0; argv[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, argv[i]); + printf("ARGV\n"); + for (i = 0; argv[i] != NULL; ++i) + printf("%d '%s'\n", (int)i, argv[i]); - printf ("ENVP\n"); - for (i = 0; envp[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, envp[i]); + printf("ENVP\n"); + for (i = 0; envp[i] != NULL; ++i) + printf("%d '%s'\n", (int)i, envp[i]); } OPENVPN_EXPORT int -openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) +openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *) handle; - show (type, argv, envp); + show(type, argv, envp); - /* check entered username/password against what we require */ - if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + /* check entered username/password against what we require */ + if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + { + /* get username/password from envp string array */ + const char *username = get_env("username", envp); + const char *password = get_env("password", envp); + + if (username && !strcmp(username, context->username) + && password && !strcmp(password, context->password)) + { + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } + else + { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + } + else { - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); - - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; + return OPENVPN_PLUGIN_FUNC_SUCCESS; } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; } OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) +openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; - free (context); + struct plugin_context *context = (struct plugin_context *) handle; + free(context); } diff --git a/sample/sample-plugins/log/log_v3.c b/sample/sample-plugins/log/log_v3.c index 275b1e7..9037225 100644 --- a/sample/sample-plugins/log/log_v3.c +++ b/sample/sample-plugins/log/log_v3.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> * Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net> * * This program is free software; you can redistribute it and/or modify @@ -44,8 +44,8 @@ * Our context, where we keep our state. */ struct plugin_context { - const char *username; - const char *password; + const char *username; + const char *password; }; /* @@ -54,205 +54,238 @@ struct plugin_context { * if found or NULL otherwise. */ static const char * -get_env (const char *name, const char *envp[]) +get_env(const char *name, const char *envp[]) { - if (envp) + if (envp) { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } + int i; + const int namelen = strlen(name); + for (i = 0; envp[i]; ++i) + { + if (!strncmp(envp[i], name, namelen)) + { + const char *cp = envp[i] + namelen; + if (*cp == '=') + { + return cp + 1; + } + } + } } - return NULL; + return NULL; } OPENVPN_EXPORT int -openvpn_plugin_open_v3 (const int v3structver, - struct openvpn_plugin_args_open_in const *args, - struct openvpn_plugin_args_open_return *ret) +openvpn_plugin_open_v3(const int v3structver, + struct openvpn_plugin_args_open_in const *args, + struct openvpn_plugin_args_open_return *ret) { - struct plugin_context *context = NULL; - - /* Check that we are API compatible */ - if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) { - printf("log_v3: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); - return OPENVPN_PLUGIN_FUNC_ERROR; - } - - if( args->ssl_api != SSLAPI_OPENSSL ) { - printf("This plug-in can only be used against OpenVPN with OpenSSL\n"); - return OPENVPN_PLUGIN_FUNC_ERROR; - } - - /* Print some version information about the OpenVPN process using this plug-in */ - printf("log_v3: OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n", - args->ovpn_version, args->ovpn_version_major, - args->ovpn_version_minor, args->ovpn_version_patch); - - /* Which callbacks to intercept. */ - ret->type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); - - - /* Allocate our context */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - /* Set the username/password we will require. */ - context->username = "foo"; - context->password = "bar"; - - /* Point the global context handle to our newly created context */ - ret->handle = (void *) context; - - return OPENVPN_PLUGIN_FUNC_SUCCESS; + struct plugin_context *context = NULL; + + /* Check that we are API compatible */ + if (v3structver != OPENVPN_PLUGINv3_STRUCTVER) + { + printf("log_v3: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + if (args->ssl_api != SSLAPI_OPENSSL) + { + printf("This plug-in can only be used against OpenVPN with OpenSSL\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + /* Print some version information about the OpenVPN process using this plug-in */ + printf("log_v3: OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n", + args->ovpn_version, args->ovpn_version_major, + args->ovpn_version_minor, args->ovpn_version_patch); + + /* Which callbacks to intercept. */ + ret->type_mask = + OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); + + + /* Allocate our context */ + context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); + + /* Set the username/password we will require. */ + context->username = "foo"; + context->password = "bar"; + + /* Point the global context handle to our newly created context */ + ret->handle = (void *) context; + + return OPENVPN_PLUGIN_FUNC_SUCCESS; } void -show (const int type, const char *argv[], const char *envp[]) +show(const int type, const char *argv[], const char *envp[]) { - size_t i; - switch (type) + size_t i; + switch (type) { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - break; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - break; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - break; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - break; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - break; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - break; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - break; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - break; - default: - printf ("OPENVPN_PLUGIN_?\n"); - break; + case OPENVPN_PLUGIN_UP: + printf("OPENVPN_PLUGIN_UP\n"); + break; + + case OPENVPN_PLUGIN_DOWN: + printf("OPENVPN_PLUGIN_DOWN\n"); + break; + + case OPENVPN_PLUGIN_ROUTE_UP: + printf("OPENVPN_PLUGIN_ROUTE_UP\n"); + break; + + case OPENVPN_PLUGIN_IPCHANGE: + printf("OPENVPN_PLUGIN_IPCHANGE\n"); + break; + + case OPENVPN_PLUGIN_TLS_VERIFY: + printf("OPENVPN_PLUGIN_TLS_VERIFY\n"); + break; + + case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: + printf("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); + break; + + case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: + printf("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); + break; + + case OPENVPN_PLUGIN_CLIENT_DISCONNECT: + printf("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); + break; + + case OPENVPN_PLUGIN_LEARN_ADDRESS: + printf("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); + break; + + case OPENVPN_PLUGIN_TLS_FINAL: + printf("OPENVPN_PLUGIN_TLS_FINAL\n"); + break; + + default: + printf("OPENVPN_PLUGIN_?\n"); + break; } - printf ("ARGV\n"); - for (i = 0; argv[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, argv[i]); + printf("ARGV\n"); + for (i = 0; argv[i] != NULL; ++i) + printf("%d '%s'\n", (int)i, argv[i]); - printf ("ENVP\n"); - for (i = 0; envp[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, envp[i]); + printf("ENVP\n"); + for (i = 0; envp[i] != NULL; ++i) + printf("%d '%s'\n", (int)i, envp[i]); } static void -x509_print_info (X509 *x509crt) +x509_print_info(X509 *x509crt) { - int i, n; - int fn_nid; - ASN1_OBJECT *fn; - ASN1_STRING *val; - X509_NAME *x509_name; - X509_NAME_ENTRY *ent; - const char *objbuf; - unsigned char *buf; - - x509_name = X509_get_subject_name (x509crt); - n = X509_NAME_entry_count (x509_name); - for (i = 0; i < n; ++i) + int i, n; + int fn_nid; + ASN1_OBJECT *fn; + ASN1_STRING *val; + X509_NAME *x509_name; + X509_NAME_ENTRY *ent; + const char *objbuf; + unsigned char *buf; + + x509_name = X509_get_subject_name(x509crt); + n = X509_NAME_entry_count(x509_name); + for (i = 0; i < n; ++i) { - ent = X509_NAME_get_entry (x509_name, i); - if (!ent) - continue; - fn = X509_NAME_ENTRY_get_object (ent); - if (!fn) - continue; - val = X509_NAME_ENTRY_get_data (ent); - if (!val) - continue; - fn_nid = OBJ_obj2nid (fn); - if (fn_nid == NID_undef) - continue; - objbuf = OBJ_nid2sn (fn_nid); - if (!objbuf) - continue; - buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ - if (ASN1_STRING_to_UTF8 (&buf, val) <= 0) - continue; - - printf("X509 %s: %s\n", objbuf, (char *)buf); - OPENSSL_free (buf); + ent = X509_NAME_get_entry(x509_name, i); + if (!ent) + { + continue; + } + fn = X509_NAME_ENTRY_get_object(ent); + if (!fn) + { + continue; + } + val = X509_NAME_ENTRY_get_data(ent); + if (!val) + { + continue; + } + fn_nid = OBJ_obj2nid(fn); + if (fn_nid == NID_undef) + { + continue; + } + objbuf = OBJ_nid2sn(fn_nid); + if (!objbuf) + { + continue; + } + buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ + if (ASN1_STRING_to_UTF8(&buf, val) <= 0) + { + continue; + } + + printf("X509 %s: %s\n", objbuf, (char *)buf); + OPENSSL_free(buf); } } OPENVPN_EXPORT int -openvpn_plugin_func_v3 (const int version, - struct openvpn_plugin_args_func_in const *args, - struct openvpn_plugin_args_func_return *retptr) +openvpn_plugin_func_v3(const int version, + struct openvpn_plugin_args_func_in const *args, + struct openvpn_plugin_args_func_return *retptr) { - struct plugin_context *context = (struct plugin_context *) args->handle; + struct plugin_context *context = (struct plugin_context *) args->handle; - printf("\nopenvpn_plugin_func_v3() :::::>> "); - show (args->type, args->argv, args->envp); + printf("\nopenvpn_plugin_func_v3() :::::>> "); + show(args->type, args->argv, args->envp); + + /* Dump some X509 information if we're in the TLS_VERIFY phase */ + if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert) + { + printf("---- X509 Subject information ----\n"); + printf("Certificate depth: %i\n", args->current_cert_depth); + x509_print_info(args->current_cert); + printf("----------------------------------\n"); + } - /* Dump some X509 information if we're in the TLS_VERIFY phase */ - if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert ) { - printf("---- X509 Subject information ----\n"); - printf("Certificate depth: %i\n", args->current_cert_depth); - x509_print_info(args->current_cert); - printf("----------------------------------\n"); - } + /* check entered username/password against what we require */ + if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + { + /* get username/password from envp string array */ + const char *username = get_env("username", args->envp); + const char *password = get_env("password", args->envp); - /* check entered username/password against what we require */ - if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + if (username && !strcmp(username, context->username) + && password && !strcmp(password, context->password)) + { + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } + else + { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + } + else { - /* get username/password from envp string array */ - const char *username = get_env ("username", args->envp); - const char *password = get_env ("password", args->envp); - - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; + return OPENVPN_PLUGIN_FUNC_SUCCESS; } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; } OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) +openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; - free (context); + struct plugin_context *context = (struct plugin_context *) handle; + free(context); } diff --git a/sample/sample-plugins/simple/simple.c b/sample/sample-plugins/simple/simple.c index f26d89f..f595333 100644 --- a/sample/sample-plugins/simple/simple.c +++ b/sample/sample-plugins/simple/simple.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -41,8 +41,8 @@ * Our context, where we keep our state. */ struct plugin_context { - const char *username; - const char *password; + const char *username; + const char *password; }; /* @@ -51,70 +51,76 @@ struct plugin_context { * if found or NULL otherwise. */ static const char * -get_env (const char *name, const char *envp[]) +get_env(const char *name, const char *envp[]) { - if (envp) + if (envp) { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } + int i; + const int namelen = strlen(name); + for (i = 0; envp[i]; ++i) + { + if (!strncmp(envp[i], name, namelen)) + { + const char *cp = envp[i] + namelen; + if (*cp == '=') + { + return cp + 1; + } + } + } } - return NULL; + return NULL; } OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) +openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[]) { - struct plugin_context *context; + struct plugin_context *context; - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); + /* + * Allocate our context + */ + context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); - /* - * Set the username/password we will require. - */ - context->username = "foo"; - context->password = "bar"; + /* + * Set the username/password we will require. + */ + context->username = "foo"; + context->password = "bar"; - /* - * We are only interested in intercepting the - * --auth-user-pass-verify callback. - */ - *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); + /* + * We are only interested in intercepting the + * --auth-user-pass-verify callback. + */ + *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); - return (openvpn_plugin_handle_t) context; + return (openvpn_plugin_handle_t) context; } OPENVPN_EXPORT int -openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) +openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *) handle; - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); + /* get username/password from envp string array */ + const char *username = get_env("username", envp); + const char *password = get_env("password", envp); - /* check entered username/password against what we require */ - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; + /* check entered username/password against what we require */ + if (username && !strcmp(username, context->username) + && password && !strcmp(password, context->password)) + { + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } + else + { + return OPENVPN_PLUGIN_FUNC_ERROR; + } } OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) +openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; - free (context); + struct plugin_context *context = (struct plugin_context *) handle; + free(context); } |