diff options
Diffstat (limited to 'src/Cedar/Interop_OpenVPN.c')
| -rw-r--r-- | src/Cedar/Interop_OpenVPN.c | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/src/Cedar/Interop_OpenVPN.c b/src/Cedar/Interop_OpenVPN.c index 4c6d8771..dbb203e9 100644 --- a/src/Cedar/Interop_OpenVPN.c +++ b/src/Cedar/Interop_OpenVPN.c @@ -433,7 +433,8 @@ void OvsProcessRecvControlPacket(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN // Create an SSL pipe
Lock(s->Cedar->lock);
{
- c->SslPipe = NewSslPipe(true, s->Cedar->ServerX, s->Cedar->ServerK, s->Dh);
+ bool cert_verify = true;
+ c->SslPipe = NewSslPipeEx(true, s->Cedar->ServerX, s->Cedar->ServerK, s->Dh, cert_verify, &c->ClientCert);
}
Unlock(s->Cedar->lock);
@@ -703,8 +704,19 @@ void OvsBeginIPCAsyncConnectionIfEmpty(OPENVPN_SERVER *s, OPENVPN_SESSION *se, O p.BridgeMode = true;
}
+ if (IsEmptyStr(c->ClientKey.Username) || IsEmptyStr(c->ClientKey.Password))
+ {
+ // OpenVPN X.509 certificate authentication is used only when no username / password is specified
+ if (c->ClientCert.X != NULL)
+ {
+ p.ClientCertificate = c->ClientCert.X;
+ }
+ }
+
p.IsOpenVPN = true;
+ p.Layer = (se->Mode == OPENVPN_MODE_L2) ? IPC_LAYER_2 : IPC_LAYER_3;
+
// Calculate the MSS
p.Mss = OvsCalcTcpMss(s, se, c);
Debug("MSS=%u\n", p.Mss);
@@ -771,6 +783,26 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C OvsLog(s, se, c, "LO_OPTION_STR_RECV", data->OptionString);
+ if (c->ClientCert.X != NULL)
+ {
+ if (c->ClientCert.X->subject_name != NULL)
+ {
+ OvsLog(s, se, c, "LO_CLIENT_CERT", c->ClientCert.X->subject_name->CommonName);
+ }
+ else
+ {
+ OvsLog(s, se, c, "LO_CLIENT_CERT", "(unknown CN)");
+ }
+ }
+ else if (!c->ClientCert.PreverifyErr)
+ {
+ OvsLog(s, se, c, "LO_CLIENT_NO_CERT");
+ }
+ else
+ {
+ OvsLog(s, se, c, "LO_CLIENT_UNVERIFIED_CERT", c->ClientCert.PreverifyErrMessage);
+ }
+
Zero(opt_str, sizeof(opt_str));
StrCpy(opt_str, sizeof(opt_str), data->OptionString);
if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false))
@@ -1350,6 +1382,11 @@ void OvsFreeChannel(OPENVPN_CHANNEL *c) FreeMd(c->MdRecv);
FreeMd(c->MdSend);
+ if (c->ClientCert.X != NULL)
+ {
+ FreeX(c->ClientCert.X);
+ }
+
Free(c);
}
|