mirror of
https://github.com/deneraraujo/OpenVPNAdapter.git
synced 2026-04-24 00:00:05 +08:00
Sergey Abramchuk
a01ecd6c88
cc90cde57 win: use 'MSVC 2017 Professional' as default compiler 4b072bce1 [OVPN3-311] function.hpp: fix Windows build 48b9b78de [OVPN3-310] logging: fix 'OPENVPN_LOG_NTNL': identifier not found 5a4a87552 cosmetics: helper function to check registry errors fc52fd8a5 [OC-78] proxy: support PROXY_AUTO_CONFIG_URL on Windows f5178cff9 [OC-77] proxy: refactor proxy settings code 18e50ec3f ReplyParser: added undefined status 8178ae06f unix file utils: added update_file_mod_time_nanoseconds() 8f20f7693 build: use LZ4_SYS=1 default when target is Linux 4bd996e61 timestr: added date_time_utc() and nanosec_time_to_string() 0eaa2586f string: added remove_spaces() method d47ae03cc OptionList: added get_c_str() method 1eb9cd657 unix file utils: added mtime_ns parameter to write_binary_unix() and write_binary_atomic() bf00c6e3e Time::delta_str(): use "INF" to denote infinite time 0e598a87b kovpn.hpp: asio must be included before sys/ and linux/ headers to avoid redefinition conflicts 1d2ce460d BufferType: added read_alloc_buf() method 148ae6085 BufferType: added reset_offset() method 6218ed618 Factor out IP::random_addr_v4() and IP::random_addr_v6() from IP::random_addr(). 5468670b9 pool: minor changes 36a885a82 route: allow for specialized IPv4/v6 RouteType 5e29e6628 BufferType: added typedef T value_type d92021c99 strerror.hpp: added #include <errno.h> for benefit of users 363cbece3 Function: misc cleanup d88435ecd IP::Route: added defined() method 3371cb745 kovpn.hpp: fix centos build with DCO enabled dc9e48d98 Fix bug in macos tunnel interface setup. Second ip address should be gateway address bcdb27993 Merged in schwabe/fix_clang_warnings (pull request #25) ede5e90ff Merged in schabe/fix_swig_ipadr (pull request #27) c0d580d24 Merged in schwabe/fix_openvpn_extern (pull request #26) 0965882e5 Merged in schwabe/stats_morecpus (pull request #23) 5f1f8470b Revert bugfix for not compiling IA32 ASM of 2.7.5 bde2c41be dep: switch from mbeTLS 2.7.0 to 2.7.5 9d06b5c97 [OC-77] proxy: support PROXY_AUTO_CONFIG_URL on macOS 3f2ad8e8c Hide const std::string IP methods from SWIG ba264862a Send also kovpn statistics of CPU Cores >= 16 via status message 2991d38b3 Fix warnings reported by LLVM/Clang 02d2a7975 Fix multiple inclusion of OpenVPN3 header with OPENPVN_EXTERN git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn git-subtree-split: cc90cde5769dcf9e13fdd9e85d6d0857963dabce
168 lines
4.3 KiB
C++
168 lines
4.3 KiB
C++
// OpenVPN -- An application to securely tunnel IP networks
|
|
// over a single port, with support for SSL/TLS-based
|
|
// session authentication and key exchange,
|
|
// packet encryption, packet authentication, and
|
|
// packet compression.
|
|
//
|
|
// Copyright (C) 2012-2017 OpenVPN Inc.
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License Version 3
|
|
// as published by the Free Software Foundation.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program in the COPYING file.
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
// Wrap a mbed TLS x509_crt object
|
|
|
|
#ifndef OPENVPN_MBEDTLS_PKI_X509CERT_H
|
|
#define OPENVPN_MBEDTLS_PKI_X509CERT_H
|
|
|
|
#include <string>
|
|
#include <sstream>
|
|
#include <cstring>
|
|
#include <iostream>
|
|
|
|
#include <mbedtls/x509.h>
|
|
#include <mbedtls/pem.h>
|
|
#include <mbedtls/base64.h>
|
|
|
|
#include <openvpn/common/size.hpp>
|
|
#include <openvpn/common/exception.hpp>
|
|
#include <openvpn/common/rc.hpp>
|
|
#include <openvpn/mbedtls/util/error.hpp>
|
|
|
|
namespace openvpn {
|
|
namespace MbedTLSPKI {
|
|
|
|
class X509Cert : public RC<thread_unsafe_refcount>
|
|
{
|
|
public:
|
|
typedef RCPtr<X509Cert> Ptr;
|
|
|
|
X509Cert() : chain(nullptr) {}
|
|
|
|
X509Cert(const std::string& cert_txt, const std::string& title, const bool strict)
|
|
: chain(nullptr)
|
|
{
|
|
try {
|
|
parse(cert_txt, title, strict);
|
|
}
|
|
catch (...)
|
|
{
|
|
dealloc();
|
|
throw;
|
|
}
|
|
}
|
|
|
|
void parse(const std::string& cert_txt, const std::string& title, const bool strict)
|
|
{
|
|
alloc();
|
|
|
|
if (cert_txt.empty())
|
|
throw MbedTLSException(title + " certificate is undefined");
|
|
|
|
// cert_txt.length() is increased by 1 as it does not include the NULL-terminator
|
|
// which mbedtls_x509_crt_parse() expects to see.
|
|
const int status = mbedtls_x509_crt_parse(chain,
|
|
(const unsigned char *)cert_txt.c_str(),
|
|
cert_txt.length() + 1);
|
|
if (status < 0)
|
|
{
|
|
throw MbedTLSException("error parsing " + title + " certificate", status);
|
|
}
|
|
if (status > 0)
|
|
{
|
|
std::ostringstream os;
|
|
os << status << " certificate(s) in " << title << " bundle failed to parse";
|
|
if (strict)
|
|
throw MbedTLSException(os.str());
|
|
else
|
|
OPENVPN_LOG("MBEDTLS: " << os.str());
|
|
}
|
|
}
|
|
|
|
static std::string der_to_pem(const unsigned char* der, size_t der_size)
|
|
{
|
|
size_t olen = 0;
|
|
int ret;
|
|
|
|
ret = mbedtls_pem_write_buffer(begin_cert, end_cert, der,
|
|
der_size, NULL, 0, &olen);
|
|
if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL)
|
|
throw MbedTLSException("X509Cert::extract: can't calculate PEM size");
|
|
|
|
BufferAllocated buff(olen, 0);
|
|
|
|
ret = mbedtls_pem_write_buffer(begin_cert, end_cert, der,
|
|
der_size, buff.data(), buff.max_size(), &olen);
|
|
if (ret)
|
|
throw MbedTLSException("X509Cert::extract: can't write PEM buffer");
|
|
|
|
return std::string((const char *)buff.data());
|
|
}
|
|
|
|
std::string extract() const
|
|
{
|
|
return der_to_pem(chain->raw.p, chain->raw.len);
|
|
}
|
|
|
|
std::vector<std::string> extract_extra_certs() const
|
|
{
|
|
std::vector<std::string> extra_certs;
|
|
|
|
/* extra certificates are appended to the main one */
|
|
for (mbedtls_x509_crt *cert = chain->next; cert; cert = cert->next)
|
|
{
|
|
extra_certs.push_back(der_to_pem(cert->raw.p, cert->raw.len));
|
|
}
|
|
return extra_certs;
|
|
}
|
|
|
|
mbedtls_x509_crt* get() const
|
|
{
|
|
return chain;
|
|
}
|
|
|
|
virtual ~X509Cert()
|
|
{
|
|
dealloc();
|
|
}
|
|
|
|
protected:
|
|
void alloc()
|
|
{
|
|
if (!chain)
|
|
{
|
|
chain = new mbedtls_x509_crt;
|
|
mbedtls_x509_crt_init(chain);
|
|
}
|
|
}
|
|
|
|
mbedtls_x509_crt *chain;
|
|
|
|
private:
|
|
void dealloc()
|
|
{
|
|
if (chain)
|
|
{
|
|
mbedtls_x509_crt_free(chain);
|
|
delete chain;
|
|
chain = nullptr;
|
|
}
|
|
}
|
|
|
|
constexpr static const char* begin_cert = "-----BEGIN CERTIFICATE-----\n";;
|
|
constexpr static const char* end_cert = "-----END CERTIFICATE-----\n";;
|
|
};
|
|
}
|
|
}
|
|
|
|
#endif
|