diff options
Diffstat (limited to 'debian/patches/eurephia.patch')
| -rw-r--r-- | debian/patches/eurephia.patch | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/debian/patches/eurephia.patch b/debian/patches/eurephia.patch new file mode 100644 index 0000000..78340df --- /dev/null +++ b/debian/patches/eurephia.patch @@ -0,0 +1,81 @@ +Index: openvpn-2.2.0/README.eurephia +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openvpn-2.2.0/README.eurephia 2011-05-10 16:33:23.900007905 +0200 +@@ -0,0 +1,24 @@ ++ ++ OpenVPN - eurephia version ++============================== ++ ++This is the official OpenVPN version, patched with a ++patch to implement one needed feature for the eurephia ++plug-in. ++ ++All this patch does is to provide the plug-in environment ++with a variable containing the SHA1 hash of the ++certificates in use for the session. ++ ++eurephia is an authentication and security plug-in which ++enhances the security in OpenVPN even more. It provides ++user name/password authentication, automatic blacklisting ++of user account, certificates and IP addresses. In ++provides in addition automatic updates of the iptables ++firewall on Linux, with specific iptables profile per ++user and certificate. ++ ++For more information about eurephia, have a look at: ++ ++ http://www.eurephia.net/ ++ +Index: openvpn-2.2.0/options.c +=================================================================== +--- openvpn-2.2.0.orig/options.c 2011-05-10 16:30:14.928001206 +0200 ++++ openvpn-2.2.0/options.c 2011-05-10 16:33:23.900007905 +0200 +@@ -10,6 +10,9 @@ + * Additions for eurephia plugin done by: + * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2009 + * ++ * Additions for eurephia plugin done by: ++ * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2009 ++ * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. +@@ -85,6 +88,7 @@ + #ifdef USE_PF_INET6 + " [PF_INET6]" + #endif ++ " [eurephia]" + " built on " __DATE__ + ; + +Index: openvpn-2.2.0/ssl.c +=================================================================== +--- openvpn-2.2.0.orig/ssl.c 2011-04-21 21:13:34.000000000 +0200 ++++ openvpn-2.2.0/ssl.c 2011-05-10 16:33:23.904007483 +0200 +@@ -11,6 +11,10 @@ + * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009 + * + * ++ * Additions for eurephia plugin done by: ++ * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009 ++ * ++ * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. +@@ -388,6 +392,14 @@ + } + } + ++ /* export X509 cert SHA1 fingerprint */ ++ { ++ struct gc_arena gc = gc_new (); ++ openvpn_snprintf (envname, sizeof(envname), "tls_digest_%d", ctx->error_depth); ++ setenv_str (opt->es, envname, ++ format_hex_ex(ctx->current_cert->sha1_hash, SHA_DIGEST_LENGTH, 0, 1, ":", &gc)); ++ gc_free(&gc); ++ } + #if 0 + static void + cert_hash_print (const struct cert_hash_set *chs, int msglevel) |