1 --- a
/src
/openvpn
/ssl_polarssl
.h
2 +++ b
/src
/openvpn
/ssl_polarssl
.h
4 #include <polarssl/pkcs11.h>
7 +#include <polarssl/compat-1.2.h>
9 typedef struct _buffer_entry buffer_entry
;
11 struct _buffer_entry
{
12 --- a
/src
/openvpn
/ssl_polarssl
.c
13 +++ b
/src
/openvpn
/ssl_polarssl
.c
16 #include "ssl_common.h"
18 -#include <polarssl/sha2.h>
19 +#include <polarssl/sha256.h>
20 #include <polarssl/havege.h>
22 #include "ssl_verify_polarssl.h"
23 @@
-204,12 +204,12 @@
tls_ctx_load_dh_params (struct tls_root_
25 if (!strcmp (dh_file
, INLINE_FILE_TAG
) && dh_file_inline
)
27 - if (0 != x509parse_dhm(ctx
->dhm_ctx
, dh_file_inline
, strlen(dh_file_inline
)))
28 + if (0 != dhm_parse_dhm(ctx
->dhm_ctx
, dh_file_inline
, strlen(dh_file_inline
)))
29 msg (M_FATAL
, "Cannot read inline DH parameters");
33 - if (0 != x509parse_dhmfile(ctx
->dhm_ctx
, dh_file
))
34 + if (0 != dhm_parse_dhmfile(ctx
->dhm_ctx
, dh_file
))
35 msg (M_FATAL
, "Cannot read DH parameters from file %s", dh_file
);
38 @@
-530,7 +530,7 @@
void key_state_ssl_init(struct key_state
42 - ssl_set_own_cert( ks_ssl
->ctx
, ssl_ctx
->crt_chain
, ssl_ctx
->priv_key
);
43 + ssl_set_own_cert_rsa( ks_ssl
->ctx
, ssl_ctx
->crt_chain
, ssl_ctx
->priv_key
);
45 /* Initialise SSL verification */
46 ssl_set_authmode (ks_ssl
->ctx
, SSL_VERIFY_REQUIRED
);
47 @@
-832,7 +832,7 @@
print_details (struct key_state_ssl
* ks
48 cert
= ssl_get_peer_cert(ks_ssl
->ctx
);
51 - openvpn_snprintf (s2
, sizeof (s2
), ", " counter_format
" bit RSA", (counter_type
) cert
->rsa
.len
* 8);
52 + openvpn_snprintf (s2
, sizeof (s2
), ", " counter_format
" bit RSA", (counter_type
) pk_rsa(cert
->pk
)->len
* 8);
55 msg (D_HANDSHAKE
, "%s%s", s1
, s2
);
56 --- a
/src
/openvpn
/crypto_polarssl
.c
57 +++ b
/src
/openvpn
/crypto_polarssl
.c
58 @@
-466,7 +466,12 @@
int cipher_ctx_mode (const cipher_contex
60 int cipher_ctx_reset (cipher_context_t
*ctx
, uint8_t *iv_buf
)
62 - return 0 == cipher_reset(ctx
, iv_buf
);
63 + int retval
= cipher_reset(ctx
);
66 + cipher_set_iv(ctx
, iv_buf
, ctx
->cipher_info
->iv_size
);
71 int cipher_ctx_update (cipher_context_t
*ctx
, uint8_t *dst
, int *dst_len
,
72 --- a
/src
/openvpn
/ssl_verify_polarssl
.h
73 +++ b
/src
/openvpn
/ssl_verify_polarssl
.h
77 #include <polarssl/x509.h>
78 +#include <polarssl/compat-1.2.h>
80 #ifndef __OPENVPN_X509_CERT_T_DECLARED
81 #define __OPENVPN_X509_CERT_T_DECLARED
82 --- a
/src
/openvpn
/ssl_verify
.c
83 +++ b
/src
/openvpn
/ssl_verify
.c
84 @@
-437,7 +437,7 @@
verify_cert_set_env(struct env_set
*es
,
87 /* export serial number as environmental variable */
88 - serial
= x509_get_serial(peer_cert
, &gc
);
89 + serial
= backend_x509_get_serial(peer_cert
, &gc
);
90 openvpn_snprintf (envname
, sizeof(envname
), "tls_serial_%d", cert_depth
);
91 setenv_str (es
, envname
, serial
);
93 @@
-564,7 +564,7 @@
verify_check_crl_dir(const char *crl_dir
95 struct gc_arena gc
= gc_new();
97 - char *serial
= x509_get_serial(cert
, &gc
);
98 + char *serial
= backend_x509_get_serial(cert
, &gc
);
100 if (!openvpn_snprintf(fn
, sizeof(fn
), "%s%c%s", crl_dir
, OS_SPECIFIC_DIRSEP
, serial
))
102 --- a
/src
/openvpn
/ssl_verify_backend
.h
103 +++ b
/src
/openvpn
/ssl_verify_backend
.h
104 @@
-122,7 +122,7 @@ result_t
x509_get_username (char *common
106 * @
return The certificate
's serial number.
108 -char *x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc);
109 +char *backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc);
112 * Save X509 fields to environment, using the naming convention:
113 --- a/src/openvpn/ssl_verify_openssl.c
114 +++ b/src/openvpn/ssl_verify_openssl.c
115 @@ -220,7 +220,7 @@ x509_get_username (char *common_name, in
119 -x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
120 +backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
122 ASN1_INTEGER *asn1_i;
124 --- a/src/openvpn/ssl_verify_polarssl.c
125 +++ b/src/openvpn/ssl_verify_polarssl.c
127 #if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL)
129 #include "ssl_verify.h"
130 +#include <polarssl/oid.h>
131 #include <polarssl/sha1.h>
133 #define MAX_SUBJECT_LENGTH 256
134 @@ -100,7 +101,7 @@ x509_get_username (char *cn, int cn_len,
135 /* Find common name */
136 while( name != NULL )
138 - if( memcmp( name->oid.p, OID_CN, OID_SIZE(OID_CN) ) == 0)
139 + if( memcmp( name->oid.p, OID_AT_CN, OID_SIZE(OID_AT_CN) ) == 0)
143 @@ -123,7 +124,7 @@ x509_get_username (char *cn, int cn_len,
147 -x509_get_serial (x509_cert *cert, struct gc_arena *gc)
148 +backend_x509_get_serial (x509_cert *cert, struct gc_arena *gc)
152 @@ -184,60 +185,18 @@ x509_setenv (struct env_set *es, int cer
153 while( name != NULL )
155 char name_expand[64+8];
156 + const char *shortname;
158 - if( name->oid.len == 2 && memcmp( name->oid.p, OID_X520, 2 ) == 0 )
159 + if( 0 == oid_get_attr_short_name(&name->oid, &shortname) )
161 - switch( name->oid.p[2] )
163 - case X520_COMMON_NAME:
164 - openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_CN",
165 - cert_depth); break;
168 - openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_C",
169 - cert_depth); break;
171 - case X520_LOCALITY:
172 - openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_L",
173 - cert_depth); break;
176 - openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_ST",
177 - cert_depth); break;
179 - case X520_ORGANIZATION:
180 - openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_O",
181 - cert_depth); break;
183 - case X520_ORG_UNIT:
184 - openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_OU",
185 - cert_depth); break;
188 - openvpn_snprintf (name_expand, sizeof(name_expand),
189 - "X509_%d_0x%02X", cert_depth, name->oid.p[2]);
192 + openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_%s",
193 + cert_depth, shortname);
197 + openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_\?\?",
200 - else if( name->oid.len == 8 && memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
202 - switch( name->oid.p[8] )
205 - openvpn_snprintf (name_expand, sizeof(name_expand),
206 - "X509_%d_emailAddress", cert_depth); break;
209 - openvpn_snprintf (name_expand, sizeof(name_expand),
210 - "X509_%d_0x%02X", cert_depth, name->oid.p[8]);
216 - openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_\?\?",
220 for( i = 0; i < name->val.len; i++ )