1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
Index: openvpn-2.2.0/README.eurephia
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openvpn-2.2.0/README.eurephia 2011-05-10 16:33:23.900007905 +0200
@@ -0,0 +1,24 @@
+
+ OpenVPN - eurephia version
+==============================
+
+This is the official OpenVPN version, patched with a
+patch to implement one needed feature for the eurephia
+plug-in.
+
+All this patch does is to provide the plug-in environment
+with a variable containing the SHA1 hash of the
+certificates in use for the session.
+
+eurephia is an authentication and security plug-in which
+enhances the security in OpenVPN even more. It provides
+user name/password authentication, automatic blacklisting
+of user account, certificates and IP addresses. In
+provides in addition automatic updates of the iptables
+firewall on Linux, with specific iptables profile per
+user and certificate.
+
+For more information about eurephia, have a look at:
+
+ http://www.eurephia.net/
+
Index: openvpn-2.2.0/options.c
===================================================================
--- openvpn-2.2.0.orig/options.c 2011-05-10 16:30:14.928001206 +0200
+++ openvpn-2.2.0/options.c 2011-05-10 16:33:23.900007905 +0200
@@ -10,6 +10,9 @@
* Additions for eurephia plugin done by:
* David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2009
*
+ * Additions for eurephia plugin done by:
+ * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2009
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
@@ -85,6 +88,7 @@
#ifdef USE_PF_INET6
" [PF_INET6]"
#endif
+ " [eurephia]"
" built on " __DATE__
;
Index: openvpn-2.2.0/ssl.c
===================================================================
--- openvpn-2.2.0.orig/ssl.c 2011-04-21 21:13:34.000000000 +0200
+++ openvpn-2.2.0/ssl.c 2011-05-10 16:33:23.904007483 +0200
@@ -11,6 +11,10 @@
* David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009
*
*
+ * Additions for eurephia plugin done by:
+ * David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009
+ *
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
@@ -388,6 +392,14 @@
}
}
+ /* export X509 cert SHA1 fingerprint */
+ {
+ struct gc_arena gc = gc_new ();
+ openvpn_snprintf (envname, sizeof(envname), "tls_digest_%d", ctx->error_depth);
+ setenv_str (opt->es, envname,
+ format_hex_ex(ctx->current_cert->sha1_hash, SHA_DIGEST_LENGTH, 0, 1, ":", &gc));
+ gc_free(&gc);
+ }
#if 0
static void
cert_hash_print (const struct cert_hash_set *chs, int msglevel)
|
