diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-01-20 12:01:07 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-01-20 12:01:07 +0100 |
commit | 19eab1fe2df20e38ea64d7a642d3e21c957082b8 (patch) | |
tree | fad602b603321d3e0e45807f8abb4f6c670a6cf2 /src/openvpn/ssl.c | |
parent | 35807e5652390e8b2fd66b9051f3b41c9488302e (diff) | |
parent | 9653b1bffea4e96c1eb7c1814e8bed21fea62321 (diff) |
Merge tag 'upstream/2.3.10'
Upstream version 2.3.10
Diffstat (limited to 'src/openvpn/ssl.c')
-rw-r--r-- | src/openvpn/ssl.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index a17c738..0679890 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -43,6 +43,7 @@ #endif #include "syshead.h" +#include "win32.h" #if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) @@ -301,8 +302,9 @@ tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame reliable_ack_adjust_frame_parameters (frame, CONTROL_SEND_ACK_MAX); frame_add_to_extra_frame (frame, SID_SIZE + sizeof (packet_id_type)); - /* set dynamic link MTU to minimum value */ - frame_set_mtu_dynamic (frame, 0, SET_MTU_TUN); + /* set dynamic link MTU to cap control channel packets at 1250 bytes */ + ASSERT (TUN_LINK_DELTA (frame) < min_int (frame->link_mtu, 1250)); + frame->link_mtu_dynamic = min_int (frame->link_mtu, 1250) - TUN_LINK_DELTA (frame); } void @@ -333,7 +335,7 @@ void pem_password_setup (const char *auth_file) { if (!strlen (passbuf.password)) - get_user_pass (&passbuf, auth_file, UP_TYPE_PRIVATE_KEY, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_PASSWORD_ONLY); + get_user_pass (&passbuf, auth_file, UP_TYPE_PRIVATE_KEY, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY); } int @@ -376,11 +378,11 @@ auth_user_pass_setup (const char *auth_file, const struct static_challenge_info get_user_pass_cr (&auth_user_pass, auth_file, UP_TYPE_AUTH, - GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_DYNAMIC_CHALLENGE, + GET_USER_PASS_MANAGEMENT|GET_USER_PASS_DYNAMIC_CHALLENGE, auth_challenge); else if (sci) /* static challenge response */ { - int flags = GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_STATIC_CHALLENGE; + int flags = GET_USER_PASS_MANAGEMENT|GET_USER_PASS_STATIC_CHALLENGE; if (sci->flags & SC_ECHO) flags |= GET_USER_PASS_STATIC_CHALLENGE_ECHO; get_user_pass_cr (&auth_user_pass, @@ -391,7 +393,7 @@ auth_user_pass_setup (const char *auth_file, const struct static_challenge_info } else # endif - get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE); + get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT); #endif } } @@ -555,6 +557,9 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) tls_ctx_load_extra_certs(new_ctx, options->extra_certs_file, options->extra_certs_file_inline); } + /* Check certificate notBefore and notAfter */ + tls_ctx_check_cert_time(new_ctx); + /* Allowable ciphers */ if (options->cipher_list) { @@ -1844,6 +1849,9 @@ push_peer_info(struct buffer *buf, struct tls_session *session) if (rgi.flags & RGI_HWADDR_DEFINED) buf_printf (&out, "IV_HWADDR=%s\n", format_hex_ex (rgi.hwaddr, 6, 0, 1, ":", &gc)); buf_printf (&out, "IV_SSL=%s\n", get_ssl_library_version() ); +#if defined(WIN32) + buf_printf (&out, "IV_PLAT_VER=%s\n", win32_version_string (&gc, false)); +#endif } /* push env vars that begin with UV_ and IV_GUI_VER */ |