mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
Remove SSLv3 support
This commit is contained in:
parent
19a917adc1
commit
02db806181
@ -193,7 +193,7 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
|
|||||||
|
|
||||||
SetTimeout(ns, param->DataTimeout);
|
SetTimeout(ns, param->DataTimeout);
|
||||||
|
|
||||||
if (StartSSLEx(ns, NULL, NULL, true, 0, NULL))
|
if (StartSSLEx(ns, NULL, NULL, 0, NULL))
|
||||||
{
|
{
|
||||||
// Check certification
|
// Check certification
|
||||||
char server_cert_hash_str[MAX_SIZE];
|
char server_cert_hash_str[MAX_SIZE];
|
||||||
|
@ -6373,7 +6373,6 @@ void CmImportAccountMainEx(HWND hWnd, wchar_t *filename, bool overwrite)
|
|||||||
t->ClientOption->RequireMonitorMode = old_option->RequireMonitorMode;
|
t->ClientOption->RequireMonitorMode = old_option->RequireMonitorMode;
|
||||||
t->ClientOption->RequireBridgeRoutingMode = old_option->RequireBridgeRoutingMode;
|
t->ClientOption->RequireBridgeRoutingMode = old_option->RequireBridgeRoutingMode;
|
||||||
t->ClientOption->DisableQoS = old_option->DisableQoS;
|
t->ClientOption->DisableQoS = old_option->DisableQoS;
|
||||||
t->ClientOption->NoTls1 = old_option->NoTls1;
|
|
||||||
|
|
||||||
// Inherit the authentication data
|
// Inherit the authentication data
|
||||||
CiFreeClientAuth(t->ClientAuth);
|
CiFreeClientAuth(t->ClientAuth);
|
||||||
@ -6987,8 +6986,6 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
|
|||||||
}
|
}
|
||||||
a->ClientOption->RetryInterval = GetInt(hWnd, E_RETRY_SPAN);
|
a->ClientOption->RetryInterval = GetInt(hWnd, E_RETRY_SPAN);
|
||||||
|
|
||||||
a->ClientOption->NoTls1 = IsChecked(hWnd, R_NOTLS1);
|
|
||||||
|
|
||||||
// Information determining
|
// Information determining
|
||||||
if (UniStrLen(a->ClientOption->AccountName) == 0 && a->NatMode == false)
|
if (UniStrLen(a->ClientOption->AccountName) == 0 && a->NatMode == false)
|
||||||
{
|
{
|
||||||
@ -7442,8 +7439,6 @@ void CmEditAccountDlgInit(HWND hWnd, CM_ACCOUNT *a)
|
|||||||
}
|
}
|
||||||
SetIntEx(hWnd, E_RETRY_SPAN, a->ClientOption->RetryInterval);
|
SetIntEx(hWnd, E_RETRY_SPAN, a->ClientOption->RetryInterval);
|
||||||
|
|
||||||
Check(hWnd, R_NOTLS1, a->ClientOption->NoTls1);
|
|
||||||
|
|
||||||
// Title
|
// Title
|
||||||
if (a->NatMode == false)
|
if (a->NatMode == false)
|
||||||
{
|
{
|
||||||
|
@ -4548,7 +4548,6 @@ void InRpcClientOption(CLIENT_OPTION *c, PACK *p)
|
|||||||
c->RequireMonitorMode = PackGetBool(p, "RequireMonitorMode");
|
c->RequireMonitorMode = PackGetBool(p, "RequireMonitorMode");
|
||||||
c->RequireBridgeRoutingMode = PackGetBool(p, "RequireBridgeRoutingMode");
|
c->RequireBridgeRoutingMode = PackGetBool(p, "RequireBridgeRoutingMode");
|
||||||
c->FromAdminPack = PackGetBool(p, "FromAdminPack");
|
c->FromAdminPack = PackGetBool(p, "FromAdminPack");
|
||||||
c->NoTls1 = PackGetBool(p, "NoTls1");
|
|
||||||
c->NoUdpAcceleration = PackGetBool(p, "NoUdpAcceleration");
|
c->NoUdpAcceleration = PackGetBool(p, "NoUdpAcceleration");
|
||||||
PackGetData2(p, "HostUniqueKey", c->HostUniqueKey, SHA1_SIZE);
|
PackGetData2(p, "HostUniqueKey", c->HostUniqueKey, SHA1_SIZE);
|
||||||
}
|
}
|
||||||
@ -4586,7 +4585,6 @@ void OutRpcClientOption(PACK *p, CLIENT_OPTION *c)
|
|||||||
PackAddBool(p, "RequireBridgeRoutingMode", c->RequireBridgeRoutingMode);
|
PackAddBool(p, "RequireBridgeRoutingMode", c->RequireBridgeRoutingMode);
|
||||||
PackAddBool(p, "DisableQoS", c->DisableQoS);
|
PackAddBool(p, "DisableQoS", c->DisableQoS);
|
||||||
PackAddBool(p, "FromAdminPack", c->FromAdminPack);
|
PackAddBool(p, "FromAdminPack", c->FromAdminPack);
|
||||||
PackAddBool(p, "NoTls1", c->NoTls1);
|
|
||||||
PackAddBool(p, "NoUdpAcceleration", c->NoUdpAcceleration);
|
PackAddBool(p, "NoUdpAcceleration", c->NoUdpAcceleration);
|
||||||
PackAddData(p, "HostUniqueKey", c->HostUniqueKey, SHA1_SIZE);
|
PackAddData(p, "HostUniqueKey", c->HostUniqueKey, SHA1_SIZE);
|
||||||
}
|
}
|
||||||
@ -9580,7 +9578,6 @@ CLIENT_OPTION *CiLoadClientOption(FOLDER *f)
|
|||||||
o->RequireBridgeRoutingMode = CfgGetBool(f, "RequireBridgeRoutingMode");
|
o->RequireBridgeRoutingMode = CfgGetBool(f, "RequireBridgeRoutingMode");
|
||||||
o->DisableQoS = CfgGetBool(f, "DisableQoS");
|
o->DisableQoS = CfgGetBool(f, "DisableQoS");
|
||||||
o->FromAdminPack = CfgGetBool(f, "FromAdminPack");
|
o->FromAdminPack = CfgGetBool(f, "FromAdminPack");
|
||||||
o->NoTls1 = CfgGetBool(f, "NoTls1");
|
|
||||||
o->NoUdpAcceleration = CfgGetBool(f, "NoUdpAcceleration");
|
o->NoUdpAcceleration = CfgGetBool(f, "NoUdpAcceleration");
|
||||||
|
|
||||||
b = CfgGetBuf(f, "HostUniqueKey");
|
b = CfgGetBuf(f, "HostUniqueKey");
|
||||||
@ -10114,7 +10111,6 @@ void CiWriteClientOption(FOLDER *f, CLIENT_OPTION *o)
|
|||||||
CfgAddBool(f, "RequireMonitorMode", o->RequireMonitorMode);
|
CfgAddBool(f, "RequireMonitorMode", o->RequireMonitorMode);
|
||||||
CfgAddBool(f, "RequireBridgeRoutingMode", o->RequireBridgeRoutingMode);
|
CfgAddBool(f, "RequireBridgeRoutingMode", o->RequireBridgeRoutingMode);
|
||||||
CfgAddBool(f, "DisableQoS", o->DisableQoS);
|
CfgAddBool(f, "DisableQoS", o->DisableQoS);
|
||||||
CfgAddBool(f, "NoTls1", o->NoTls1);
|
|
||||||
CfgAddBool(f, "NoUdpAcceleration", o->NoUdpAcceleration);
|
CfgAddBool(f, "NoUdpAcceleration", o->NoUdpAcceleration);
|
||||||
|
|
||||||
if (o->FromAdminPack)
|
if (o->FromAdminPack)
|
||||||
|
@ -2190,7 +2190,7 @@ void TtcThread(THREAD *thread, void *param)
|
|||||||
IPToStr(target_host, sizeof(target_host), &ip_ret);
|
IPToStr(target_host, sizeof(target_host), &ip_ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
s = ConnectEx4(target_host, ttc->Port, 0, ttc->Cancel, NULL, NULL, false, false, true, &ip_ret);
|
s = ConnectEx4(target_host, ttc->Port, 0, ttc->Cancel, NULL, NULL, false, true, &ip_ret);
|
||||||
|
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
|
@ -3659,9 +3659,6 @@ CONNECTION *NewClientConnectionEx(SESSION *s, char *client_str, UINT client_ver,
|
|||||||
StrCpy(c->ServerName, sizeof(c->ServerName), s->ClientOption->Hostname);
|
StrCpy(c->ServerName, sizeof(c->ServerName), s->ClientOption->Hostname);
|
||||||
c->ServerPort = s->ClientOption->Port;
|
c->ServerPort = s->ClientOption->Port;
|
||||||
|
|
||||||
// TLS 1.0 using flag
|
|
||||||
c->DontUseTls1 = s->ClientOption->NoTls1;
|
|
||||||
|
|
||||||
// Create queues
|
// Create queues
|
||||||
c->ReceivedBlocks = NewQueue();
|
c->ReceivedBlocks = NewQueue();
|
||||||
c->SendBlocks = NewQueue();
|
c->SendBlocks = NewQueue();
|
||||||
|
@ -189,7 +189,6 @@ struct CLIENT_OPTION
|
|||||||
bool RequireBridgeRoutingMode; // Bridge or routing mode
|
bool RequireBridgeRoutingMode; // Bridge or routing mode
|
||||||
bool DisableQoS; // Disable the VoIP / QoS function
|
bool DisableQoS; // Disable the VoIP / QoS function
|
||||||
bool FromAdminPack; // For Administration Pack
|
bool FromAdminPack; // For Administration Pack
|
||||||
bool NoTls1; // Do not use TLS 1.0
|
|
||||||
bool NoUdpAcceleration; // Do not use UDP acceleration mode
|
bool NoUdpAcceleration; // Do not use UDP acceleration mode
|
||||||
UCHAR HostUniqueKey[SHA1_SIZE]; // Host unique key
|
UCHAR HostUniqueKey[SHA1_SIZE]; // Host unique key
|
||||||
};
|
};
|
||||||
@ -310,7 +309,6 @@ struct CONNECTION
|
|||||||
IP ClientIp; // Client IP address
|
IP ClientIp; // Client IP address
|
||||||
char ClientHostname[MAX_HOST_NAME_LEN + 1]; // Client host name
|
char ClientHostname[MAX_HOST_NAME_LEN + 1]; // Client host name
|
||||||
UINT Type; // Type
|
UINT Type; // Type
|
||||||
bool DontUseTls1; // Do not use TLS 1.0
|
|
||||||
void *hWndForUI; // Parent window
|
void *hWndForUI; // Parent window
|
||||||
bool IsInProc; // In-process
|
bool IsInProc; // In-process
|
||||||
char InProcPrefix[64]; // Prefix
|
char InProcPrefix[64]; // Prefix
|
||||||
|
@ -3995,7 +3995,7 @@ SOCK *ClientAdditionalConnectToServer(CONNECTION *c)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Socket connection
|
// Socket connection
|
||||||
s = ClientConnectGetSocket(c, true, (c->DontUseTls1 ? false : true));
|
s = ClientConnectGetSocket(c, true);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
// Connection failure
|
// Connection failure
|
||||||
@ -4030,7 +4030,7 @@ SOCK *ClientAdditionalConnectToServer(CONNECTION *c)
|
|||||||
SetTimeout(s, CONNECTING_TIMEOUT);
|
SetTimeout(s, CONNECTING_TIMEOUT);
|
||||||
|
|
||||||
// Start the SSL communication
|
// Start the SSL communication
|
||||||
if (StartSSLEx(s, NULL, NULL, (c->DontUseTls1 ? false : true), 0, c->ServerName) == false)
|
if (StartSSLEx(s, NULL, NULL, 0, c->ServerName) == false)
|
||||||
{
|
{
|
||||||
// SSL communication failure
|
// SSL communication failure
|
||||||
Disconnect(s);
|
Disconnect(s);
|
||||||
@ -6445,7 +6445,7 @@ SOCK *ClientConnectToServer(CONNECTION *c)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Get the socket by connecting
|
// Get the socket by connecting
|
||||||
s = ClientConnectGetSocket(c, false, (c->DontUseTls1 ? false : true));
|
s = ClientConnectGetSocket(c, false);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
// Connection failure
|
// Connection failure
|
||||||
@ -6466,7 +6466,7 @@ SOCK *ClientConnectToServer(CONNECTION *c)
|
|||||||
SetTimeout(s, CONNECTING_TIMEOUT);
|
SetTimeout(s, CONNECTING_TIMEOUT);
|
||||||
|
|
||||||
// Start the SSL communication
|
// Start the SSL communication
|
||||||
if (StartSSLEx(s, x, k, (c->DontUseTls1 ? false : true), 0, c->ServerName) == false)
|
if (StartSSLEx(s, x, k, 0, c->ServerName) == false)
|
||||||
{
|
{
|
||||||
// SSL communication start failure
|
// SSL communication start failure
|
||||||
Disconnect(s);
|
Disconnect(s);
|
||||||
@ -6490,7 +6490,7 @@ SOCK *ClientConnectToServer(CONNECTION *c)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Return a socket by connecting to the server
|
// Return a socket by connecting to the server
|
||||||
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect, bool no_tls)
|
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
|
||||||
{
|
{
|
||||||
SOCK *s = NULL;
|
SOCK *s = NULL;
|
||||||
CLIENT_OPTION *o;
|
CLIENT_OPTION *o;
|
||||||
@ -6562,7 +6562,7 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect, bool no_tls
|
|||||||
// If additional_connect == true, follow the IsRUDPSession setting in this session
|
// If additional_connect == true, follow the IsRUDPSession setting in this session
|
||||||
s = TcpIpConnectEx(host_for_direct_connection, port_for_direct_connection,
|
s = TcpIpConnectEx(host_for_direct_connection, port_for_direct_connection,
|
||||||
(bool *)cancel_flag, hWnd, &nat_t_err, (additional_connect ? (!is_additional_rudp_session) : false),
|
(bool *)cancel_flag, hWnd, &nat_t_err, (additional_connect ? (!is_additional_rudp_session) : false),
|
||||||
true, no_tls, &ret_ip);
|
true, &ret_ip);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -6723,7 +6723,7 @@ SOCK *SocksConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Connection
|
// Connection
|
||||||
s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, false, ret_ip);
|
s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, ret_ip);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
// Failure
|
// Failure
|
||||||
@ -6930,7 +6930,7 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Connection
|
// Connection
|
||||||
s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, false, NULL);
|
s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, NULL);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
// Failure
|
// Failure
|
||||||
@ -7080,32 +7080,32 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// TCP connection function
|
// TCP connection function
|
||||||
SOCK *TcpConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool try_start_ssl, bool ssl_no_tls)
|
SOCK *TcpConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool try_start_ssl)
|
||||||
{
|
{
|
||||||
return TcpConnectEx3(hostname, port, timeout, cancel_flag, hWnd, false, NULL, try_start_ssl, ssl_no_tls, NULL);
|
return TcpConnectEx3(hostname, port, timeout, cancel_flag, hWnd, false, NULL, try_start_ssl, NULL);
|
||||||
}
|
}
|
||||||
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, IP *ret_ip)
|
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, IP *ret_ip)
|
||||||
{
|
{
|
||||||
#ifdef OS_WIN32
|
#ifdef OS_WIN32
|
||||||
if (hWnd == NULL)
|
if (hWnd == NULL)
|
||||||
{
|
{
|
||||||
#endif // OS_WIN32
|
#endif // OS_WIN32
|
||||||
return ConnectEx4(hostname, port, timeout, cancel_flag, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), nat_t_error_code, try_start_ssl, ssl_no_tls, true, ret_ip);
|
return ConnectEx4(hostname, port, timeout, cancel_flag, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), nat_t_error_code, try_start_ssl, true, ret_ip);
|
||||||
#ifdef OS_WIN32
|
#ifdef OS_WIN32
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return WinConnectEx3((HWND)hWnd, hostname, port, timeout, 0, NULL, NULL, nat_t_error_code, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), try_start_ssl, ssl_no_tls);
|
return WinConnectEx3((HWND)hWnd, hostname, port, timeout, 0, NULL, NULL, nat_t_error_code, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), try_start_ssl);
|
||||||
}
|
}
|
||||||
#endif // OS_WIN32
|
#endif // OS_WIN32
|
||||||
}
|
}
|
||||||
|
|
||||||
// Connect with TCP/IP
|
// Connect with TCP/IP
|
||||||
SOCK *TcpIpConnect(char *hostname, UINT port, bool try_start_ssl, bool ssl_no_tls)
|
SOCK *TcpIpConnect(char *hostname, UINT port, bool try_start_ssl)
|
||||||
{
|
{
|
||||||
return TcpIpConnectEx(hostname, port, NULL, NULL, NULL, false, try_start_ssl, ssl_no_tls, NULL);
|
return TcpIpConnectEx(hostname, port, NULL, NULL, NULL, false, try_start_ssl, NULL);
|
||||||
}
|
}
|
||||||
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, bool ssl_no_tls, IP *ret_ip)
|
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip)
|
||||||
{
|
{
|
||||||
SOCK *s = NULL;
|
SOCK *s = NULL;
|
||||||
UINT dummy_int = 0;
|
UINT dummy_int = 0;
|
||||||
@ -7120,7 +7120,7 @@ SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, U
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
s = TcpConnectEx3(hostname, port, 0, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ssl_no_tls, ret_ip);
|
s = TcpConnectEx3(hostname, port, 0, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ret_ip);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -217,16 +217,16 @@ UINT64 ShortStrToDate64(char *str);
|
|||||||
bool ServerAccept(CONNECTION *c);
|
bool ServerAccept(CONNECTION *c);
|
||||||
bool ClientConnect(CONNECTION *c);
|
bool ClientConnect(CONNECTION *c);
|
||||||
SOCK *ClientConnectToServer(CONNECTION *c);
|
SOCK *ClientConnectToServer(CONNECTION *c);
|
||||||
SOCK *TcpIpConnect(char *hostname, UINT port, bool try_start_ssl, bool ssl_no_tls);
|
SOCK *TcpIpConnect(char *hostname, UINT port, bool try_start_ssl);
|
||||||
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, bool ssl_no_tls, IP *ret_ip);
|
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip);
|
||||||
bool ClientUploadSignature(SOCK *s);
|
bool ClientUploadSignature(SOCK *s);
|
||||||
bool ClientDownloadHello(CONNECTION *c, SOCK *s);
|
bool ClientDownloadHello(CONNECTION *c, SOCK *s);
|
||||||
bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str);
|
bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str);
|
||||||
bool ServerUploadHello(CONNECTION *c);
|
bool ServerUploadHello(CONNECTION *c);
|
||||||
bool ClientUploadAuth(CONNECTION *c);
|
bool ClientUploadAuth(CONNECTION *c);
|
||||||
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect, bool no_tls);
|
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect);
|
||||||
SOCK *TcpConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool try_start_ssl, bool ssl_no_tls);
|
SOCK *TcpConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool try_start_ssl);
|
||||||
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, IP *ret_ip);
|
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, IP *ret_ip);
|
||||||
|
|
||||||
void InitProtocol();
|
void InitProtocol();
|
||||||
void FreeProtocol();
|
void FreeProtocol();
|
||||||
|
@ -2550,9 +2550,6 @@ void SiLoadInitialConfiguration(SERVER *s)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Default to TLS only; mitigates CVE-2016-0800
|
|
||||||
s->Cedar->SslAcceptSettings.AcceptOnlyTls = true;
|
|
||||||
|
|
||||||
// Auto saving interval related
|
// Auto saving interval related
|
||||||
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
|
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
|
||||||
s->BackupConfigOnlyWhenModified = true;
|
s->BackupConfigOnlyWhenModified = true;
|
||||||
@ -6132,16 +6129,6 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
|
|||||||
// Disable session reconnect
|
// Disable session reconnect
|
||||||
SetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT, CfgGetBool(f, "DisableSessionReconnect"));
|
SetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT, CfgGetBool(f, "DisableSessionReconnect"));
|
||||||
|
|
||||||
// AcceptOnlyTls
|
|
||||||
if (CfgIsItem(f, "AcceptOnlyTls"))
|
|
||||||
{
|
|
||||||
c->SslAcceptSettings.AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// Default to TLS only; mitigates CVE-2016-0800
|
|
||||||
c->SslAcceptSettings.AcceptOnlyTls = true;
|
|
||||||
}
|
|
||||||
c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0");
|
c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0");
|
||||||
c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1");
|
c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1");
|
||||||
c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
|
c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
|
||||||
@ -6466,7 +6453,6 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
|
|||||||
CfgAddBool(f, "DisableGetHostNameWhenAcceptTcp", s->DisableGetHostNameWhenAcceptTcp);
|
CfgAddBool(f, "DisableGetHostNameWhenAcceptTcp", s->DisableGetHostNameWhenAcceptTcp);
|
||||||
CfgAddBool(f, "DisableCoreDumpOnUnix", s->DisableCoreDumpOnUnix);
|
CfgAddBool(f, "DisableCoreDumpOnUnix", s->DisableCoreDumpOnUnix);
|
||||||
|
|
||||||
CfgAddBool(f, "AcceptOnlyTls", c->SslAcceptSettings.AcceptOnlyTls);
|
|
||||||
CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0);
|
CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0);
|
||||||
CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1);
|
CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1);
|
||||||
CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2);
|
CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2);
|
||||||
|
@ -4431,7 +4431,7 @@ void NatTcpConnectThread(THREAD *t, void *p)
|
|||||||
|
|
||||||
// Attempt to connect to the TCP host
|
// Attempt to connect to the TCP host
|
||||||
Debug("NatTcpConnect Connecting to %s:%u\n", hostname, port_number);
|
Debug("NatTcpConnect Connecting to %s:%u\n", hostname, port_number);
|
||||||
sock = ConnectEx3(hostname, port_number, 0, &n->NatTcpCancelFlag, NULL, NULL, false, false, true);
|
sock = ConnectEx3(hostname, port_number, 0, &n->NatTcpCancelFlag, NULL, NULL, false, true);
|
||||||
if (sock == NULL)
|
if (sock == NULL)
|
||||||
{
|
{
|
||||||
// Connection failure
|
// Connection failure
|
||||||
|
@ -1460,7 +1460,7 @@ void WinConnectDlgThread(THREAD *thread, void *param)
|
|||||||
nat_t_svc_name = d->nat_t_svc_name;
|
nat_t_svc_name = d->nat_t_svc_name;
|
||||||
}
|
}
|
||||||
|
|
||||||
s = ConnectEx3(d->hostname, d->port, d->timeout, &d->cancel, nat_t_svc_name, &nat_t_error_code, d->try_start_ssl, d->ssl_no_tls, false);
|
s = ConnectEx3(d->hostname, d->port, d->timeout, &d->cancel, nat_t_svc_name, &nat_t_error_code, d->try_start_ssl, false);
|
||||||
|
|
||||||
d->ret_sock = s;
|
d->ret_sock = s;
|
||||||
d->nat_t_error_code = nat_t_error_code;
|
d->nat_t_error_code = nat_t_error_code;
|
||||||
@ -1536,7 +1536,7 @@ UINT WinConnectDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *
|
|||||||
}
|
}
|
||||||
|
|
||||||
// TCP connection with showing the UI
|
// TCP connection with showing the UI
|
||||||
SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_id, wchar_t *caption, wchar_t *info, UINT *nat_t_error_code, char *nat_t_svc_name, bool try_start_ssl, bool ssl_no_tls)
|
SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_id, wchar_t *caption, wchar_t *info, UINT *nat_t_error_code, char *nat_t_svc_name, bool try_start_ssl)
|
||||||
{
|
{
|
||||||
wchar_t tmp[MAX_SIZE];
|
wchar_t tmp[MAX_SIZE];
|
||||||
wchar_t tmp2[MAX_SIZE];
|
wchar_t tmp2[MAX_SIZE];
|
||||||
@ -1572,7 +1572,6 @@ SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_
|
|||||||
Zero(&d, sizeof(d));
|
Zero(&d, sizeof(d));
|
||||||
|
|
||||||
d.try_start_ssl = try_start_ssl;
|
d.try_start_ssl = try_start_ssl;
|
||||||
d.ssl_no_tls = ssl_no_tls;
|
|
||||||
d.cancel = false;
|
d.cancel = false;
|
||||||
d.caption = caption;
|
d.caption = caption;
|
||||||
d.icon_id = icon_id;
|
d.icon_id = icon_id;
|
||||||
|
@ -449,7 +449,6 @@ typedef struct WINCONNECT_DLG_DATA
|
|||||||
char nat_t_svc_name[MAX_SIZE];
|
char nat_t_svc_name[MAX_SIZE];
|
||||||
UINT nat_t_error_code;
|
UINT nat_t_error_code;
|
||||||
bool try_start_ssl;
|
bool try_start_ssl;
|
||||||
bool ssl_no_tls;
|
|
||||||
} WINCONNECT_DLG_DATA;
|
} WINCONNECT_DLG_DATA;
|
||||||
|
|
||||||
HBITMAP ResizeBitmap(HBITMAP hSrc, UINT src_x, UINT src_y, UINT dst_x, UINT dst_y);
|
HBITMAP ResizeBitmap(HBITMAP hSrc, UINT src_x, UINT src_y, UINT dst_x, UINT dst_y);
|
||||||
@ -838,7 +837,7 @@ HFONT GetMeiryoFont();
|
|||||||
HFONT GetMeiryoFontEx(UINT font_size);
|
HFONT GetMeiryoFontEx(UINT font_size);
|
||||||
HFONT GetMeiryoFontEx2(UINT font_size, bool bold);
|
HFONT GetMeiryoFontEx2(UINT font_size, bool bold);
|
||||||
bool ShowWindowsNetworkConnectionDialog();
|
bool ShowWindowsNetworkConnectionDialog();
|
||||||
SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_id, wchar_t *caption, wchar_t *info, UINT *nat_t_error_code, char *nat_t_svc_name, bool try_start_ssl, bool ssl_no_tls);
|
SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_id, wchar_t *caption, wchar_t *info, UINT *nat_t_error_code, char *nat_t_svc_name, bool try_start_ssl);
|
||||||
UINT WinConnectDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param);
|
UINT WinConnectDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param);
|
||||||
void WinConnectDlgThread(THREAD *thread, void *param);
|
void WinConnectDlgThread(THREAD *thread, void *param);
|
||||||
void NicInfo(UI_NICINFO *info);
|
void NicInfo(UI_NICINFO *info);
|
||||||
|
@ -623,7 +623,7 @@ SOCK *WpcSockConnectEx(WPC_CONNECT *param, UINT *error_code, UINT timeout, bool
|
|||||||
switch (param->ProxyType)
|
switch (param->ProxyType)
|
||||||
{
|
{
|
||||||
case PROXY_DIRECT:
|
case PROXY_DIRECT:
|
||||||
sock = TcpConnectEx3(param->HostName, param->Port, timeout, cancel, NULL, true, NULL, false, false, NULL);
|
sock = TcpConnectEx3(param->HostName, param->Port, timeout, cancel, NULL, true, NULL, false, NULL);
|
||||||
if (sock == NULL)
|
if (sock == NULL)
|
||||||
{
|
{
|
||||||
err = ERR_CONNECT_FAILED;
|
err = ERR_CONNECT_FAILED;
|
||||||
@ -790,7 +790,7 @@ BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
// If the connection is not SSL via HTTP Proxy
|
// If the connection is not SSL via HTTP Proxy
|
||||||
s = TcpConnectEx3(con.ProxyHostName, con.ProxyPort, timeout_connect, cancel, NULL, true, NULL, false, false, NULL);
|
s = TcpConnectEx3(con.ProxyHostName, con.ProxyPort, timeout_connect, cancel, NULL, true, NULL, false, NULL);
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
*error_code = ERR_PROXY_CONNECT_FAILED;
|
*error_code = ERR_PROXY_CONNECT_FAILED;
|
||||||
@ -805,7 +805,7 @@ BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
|
|||||||
if (data->Secure)
|
if (data->Secure)
|
||||||
{
|
{
|
||||||
// Start the SSL communication
|
// Start the SSL communication
|
||||||
if (StartSSLEx(s, NULL, NULL, true, 0, (IsEmptyStr(data->SniString) ? NULL : data->SniString)) == false)
|
if (StartSSLEx(s, NULL, NULL, 0, (IsEmptyStr(data->SniString) ? NULL : data->SniString)) == false)
|
||||||
{
|
{
|
||||||
// SSL connection failed
|
// SSL connection failed
|
||||||
*error_code = ERR_PROTOCOL_ERROR;
|
*error_code = ERR_PROTOCOL_ERROR;
|
||||||
|
@ -831,7 +831,7 @@ bool GetIPViaDnsProxyForJapanFlets(IP *ip_ret, char *hostname, bool ipv6, UINT t
|
|||||||
Format(connect_hostname2, sizeof(connect_hostname2), "[%s]", connect_hostname);
|
Format(connect_hostname2, sizeof(connect_hostname2), "[%s]", connect_hostname);
|
||||||
}
|
}
|
||||||
|
|
||||||
s = ConnectEx3(connect_hostname, BFLETS_DNS_PROXY_PORT, timeout, cancel, NULL, NULL, false, false, false);
|
s = ConnectEx3(connect_hostname, BFLETS_DNS_PROXY_PORT, timeout, cancel, NULL, NULL, false, false);
|
||||||
|
|
||||||
if (s == NULL)
|
if (s == NULL)
|
||||||
{
|
{
|
||||||
@ -849,7 +849,7 @@ bool GetIPViaDnsProxyForJapanFlets(IP *ip_ret, char *hostname, bool ipv6, UINT t
|
|||||||
SetTimeout(s, timeout);
|
SetTimeout(s, timeout);
|
||||||
|
|
||||||
// Start the SSL
|
// Start the SSL
|
||||||
if (StartSSLEx(s, NULL, NULL, true, 0, NULL) && (*cancel == false))
|
if (StartSSLEx(s, NULL, NULL, 0, NULL) && (*cancel == false))
|
||||||
{
|
{
|
||||||
UCHAR hash[SHA1_SIZE];
|
UCHAR hash[SHA1_SIZE];
|
||||||
BUF *hash2 = StrToBin(BFLETS_DNS_PROXY_CERT_HASH);
|
BUF *hash2 = StrToBin(BFLETS_DNS_PROXY_CERT_HASH);
|
||||||
@ -12143,9 +12143,9 @@ bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x)
|
|||||||
// Start a TCP-SSL communication
|
// Start a TCP-SSL communication
|
||||||
bool StartSSL(SOCK *sock, X *x, K *priv)
|
bool StartSSL(SOCK *sock, X *x, K *priv)
|
||||||
{
|
{
|
||||||
return StartSSLEx(sock, x, priv, true, 0, NULL);
|
return StartSSLEx(sock, x, priv, 0, NULL);
|
||||||
}
|
}
|
||||||
bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, char *sni_hostname)
|
bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname)
|
||||||
{
|
{
|
||||||
X509 *x509;
|
X509 *x509;
|
||||||
EVP_PKEY *key;
|
EVP_PKEY *key;
|
||||||
@ -12205,64 +12205,51 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
|||||||
{
|
{
|
||||||
if (sock->ServerMode)
|
if (sock->ServerMode)
|
||||||
{
|
{
|
||||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
|
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_server_method());
|
||||||
|
|
||||||
#ifdef SSL_OP_NO_SSLv2
|
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
|
|
||||||
#endif // SSL_OP_NO_SSLv2
|
|
||||||
|
|
||||||
if (sock->SslAcceptSettings.AcceptOnlyTls)
|
|
||||||
{
|
|
||||||
#ifdef SSL_OP_NO_SSLv3
|
#ifdef SSL_OP_NO_SSLv3
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
|
||||||
#endif // SSL_OP_NO_SSLv3
|
#endif // SSL_OP_NO_SSLv3
|
||||||
}
|
|
||||||
|
|
||||||
|
#ifdef SSL_OP_NO_TLSv1
|
||||||
if (sock->SslAcceptSettings.Tls_Disable1_0)
|
if (sock->SslAcceptSettings.Tls_Disable1_0)
|
||||||
{
|
{
|
||||||
#ifdef SSL_OP_NO_TLSv1
|
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
|
||||||
#endif // SSL_OP_NO_TLSv1
|
|
||||||
}
|
}
|
||||||
|
#endif // SSL_OP_NO_TLSv1
|
||||||
|
|
||||||
|
#ifdef SSL_OP_NO_TLSv1_1
|
||||||
if (sock->SslAcceptSettings.Tls_Disable1_1)
|
if (sock->SslAcceptSettings.Tls_Disable1_1)
|
||||||
{
|
{
|
||||||
#ifdef SSL_OP_NO_TLSv1_1
|
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
|
||||||
#endif // SSL_OP_NO_TLSv1_1
|
|
||||||
}
|
}
|
||||||
|
#endif // SSL_OP_NO_TLSv1_1
|
||||||
|
|
||||||
|
#ifdef SSL_OP_NO_TLSv1_2
|
||||||
if (sock->SslAcceptSettings.Tls_Disable1_2)
|
if (sock->SslAcceptSettings.Tls_Disable1_2)
|
||||||
{
|
{
|
||||||
#ifdef SSL_OP_NO_TLSv1_2
|
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
|
||||||
#endif // SSL_OP_NO_TLSv1_2
|
|
||||||
}
|
}
|
||||||
|
#endif // SSL_OP_NO_TLSv1_2
|
||||||
|
|
||||||
Unlock(openssl_lock);
|
Unlock(openssl_lock);
|
||||||
AddChainSslCertOnDirectory(ssl_ctx);
|
AddChainSslCertOnDirectory(ssl_ctx);
|
||||||
Lock(openssl_lock);
|
Lock(openssl_lock);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
|
||||||
if (client_tls == false)
|
|
||||||
{
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
||||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method());
|
|
||||||
#else
|
|
||||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
|
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
|
||||||
|
|
||||||
|
#ifdef SSL_OP_NO_SSLv3
|
||||||
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
|
||||||
|
#endif // SSL_OP_NO_SSLv3
|
||||||
}
|
}
|
||||||
}
|
|
||||||
sock->ssl = SSL_new(ssl_ctx);
|
sock->ssl = SSL_new(ssl_ctx);
|
||||||
SSL_set_fd(sock->ssl, (int)sock->socket);
|
SSL_set_fd(sock->ssl, (int)sock->socket);
|
||||||
|
|
||||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||||
if (sock->ServerMode == false && client_tls)
|
if (sock->ServerMode == false)
|
||||||
{
|
{
|
||||||
if (IsEmptyStr(sni_hostname) == false)
|
if (IsEmptyStr(sni_hostname) == false)
|
||||||
{
|
{
|
||||||
@ -14281,7 +14268,7 @@ void ConnectThreadForTcp(THREAD *thread, void *param)
|
|||||||
|
|
||||||
// Connecting process
|
// Connecting process
|
||||||
IPToStr(hostname, sizeof(hostname), &p->Ip);
|
IPToStr(hostname, sizeof(hostname), &p->Ip);
|
||||||
sock = ConnectEx3(hostname, p->Port, p->Timeout, p->CancelFlag, NULL, NULL, false, false, true);
|
sock = ConnectEx3(hostname, p->Port, p->Timeout, p->CancelFlag, NULL, NULL, false, true);
|
||||||
|
|
||||||
if (sock != NULL && p->Tcp_TryStartSsl)
|
if (sock != NULL && p->Tcp_TryStartSsl)
|
||||||
{
|
{
|
||||||
@ -14306,7 +14293,7 @@ void ConnectThreadForTcp(THREAD *thread, void *param)
|
|||||||
Unlock(p->CancelLock);
|
Unlock(p->CancelLock);
|
||||||
|
|
||||||
// Start the SSL communication
|
// Start the SSL communication
|
||||||
ssl_ret = StartSSLEx(sock, NULL, NULL, p->Tcp_SslNoTls, 0, p->Hostname);
|
ssl_ret = StartSSLEx(sock, NULL, NULL, 0, p->Hostname);
|
||||||
|
|
||||||
if (ssl_ret)
|
if (ssl_ret)
|
||||||
{
|
{
|
||||||
@ -14419,14 +14406,13 @@ SOCK *ConnectEx(char *hostname, UINT port, UINT timeout)
|
|||||||
}
|
}
|
||||||
SOCK *ConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag)
|
SOCK *ConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag)
|
||||||
{
|
{
|
||||||
return ConnectEx3(hostname, port, timeout, cancel_flag, NULL, NULL, false, false, true);
|
return ConnectEx3(hostname, port, timeout, cancel_flag, NULL, NULL, false, true);
|
||||||
}
|
}
|
||||||
SOCK *ConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, bool no_get_hostname)
|
SOCK *ConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool no_get_hostname)
|
||||||
{
|
{
|
||||||
return ConnectEx4(hostname, port, timeout, cancel_flag, nat_t_svc_name, nat_t_error_code, try_start_ssl, ssl_no_tls,
|
return ConnectEx4(hostname, port, timeout, cancel_flag, nat_t_svc_name, nat_t_error_code, try_start_ssl, no_get_hostname, NULL);
|
||||||
no_get_hostname, NULL);
|
|
||||||
}
|
}
|
||||||
SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, bool no_get_hostname, IP *ret_ip)
|
SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool no_get_hostname, IP *ret_ip)
|
||||||
{
|
{
|
||||||
SOCK *sock;
|
SOCK *sock;
|
||||||
SOCKET s;
|
SOCKET s;
|
||||||
@ -14605,7 +14591,6 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha
|
|||||||
p1.CancelFlag = &cancel_flag2;
|
p1.CancelFlag = &cancel_flag2;
|
||||||
p1.FinishEvent = finish_event;
|
p1.FinishEvent = finish_event;
|
||||||
p1.Tcp_TryStartSsl = try_start_ssl;
|
p1.Tcp_TryStartSsl = try_start_ssl;
|
||||||
p1.Tcp_SslNoTls = ssl_no_tls;
|
|
||||||
p1.CancelLock = NewLock();
|
p1.CancelLock = NewLock();
|
||||||
|
|
||||||
// p2: NAT-T
|
// p2: NAT-T
|
||||||
|
@ -250,7 +250,6 @@ struct SOCK_EVENT
|
|||||||
// SSL Accept Settings
|
// SSL Accept Settings
|
||||||
struct SSL_ACCEPT_SETTINGS
|
struct SSL_ACCEPT_SETTINGS
|
||||||
{
|
{
|
||||||
bool AcceptOnlyTls;
|
|
||||||
bool Tls_Disable1_0;
|
bool Tls_Disable1_0;
|
||||||
bool Tls_Disable1_1;
|
bool Tls_Disable1_1;
|
||||||
bool Tls_Disable1_2;
|
bool Tls_Disable1_2;
|
||||||
@ -927,7 +926,6 @@ struct CONNECT_TCP_RUDP_PARAM
|
|||||||
UINT RUdpProtocol;
|
UINT RUdpProtocol;
|
||||||
UINT Delay;
|
UINT Delay;
|
||||||
bool Tcp_TryStartSsl;
|
bool Tcp_TryStartSsl;
|
||||||
bool Tcp_SslNoTls;
|
|
||||||
LOCK *CancelLock;
|
LOCK *CancelLock;
|
||||||
SOCK *CancelDisconnectSock;
|
SOCK *CancelDisconnectSock;
|
||||||
bool Tcp_InNegotiation;
|
bool Tcp_InNegotiation;
|
||||||
@ -1271,8 +1269,8 @@ void CleanupSock(SOCK *s);
|
|||||||
SOCK *Connect(char *hostname, UINT port);
|
SOCK *Connect(char *hostname, UINT port);
|
||||||
SOCK *ConnectEx(char *hostname, UINT port, UINT timeout);
|
SOCK *ConnectEx(char *hostname, UINT port, UINT timeout);
|
||||||
SOCK *ConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag);
|
SOCK *ConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag);
|
||||||
SOCK *ConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, bool no_get_hostname);
|
SOCK *ConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool no_get_hostname);
|
||||||
SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, bool no_get_hostname, IP *ret_ip);
|
SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool no_get_hostname, IP *ret_ip);
|
||||||
SOCKET ConnectTimeoutIPv4(IP *ip, UINT port, UINT timeout, bool *cancel_flag);
|
SOCKET ConnectTimeoutIPv4(IP *ip, UINT port, UINT timeout, bool *cancel_flag);
|
||||||
void SetSocketSendRecvBufferSize(SOCKET s, UINT size);
|
void SetSocketSendRecvBufferSize(SOCKET s, UINT size);
|
||||||
bool SetSocketBufferSize(SOCKET s, bool send, UINT size);
|
bool SetSocketBufferSize(SOCKET s, bool send, UINT size);
|
||||||
@ -1295,7 +1293,7 @@ void SetNoNeedToRead(SOCK *sock);
|
|||||||
UINT SecureSend(SOCK *sock, void *data, UINT size);
|
UINT SecureSend(SOCK *sock, void *data, UINT size);
|
||||||
UINT SecureRecv(SOCK *sock, void *data, UINT size);
|
UINT SecureRecv(SOCK *sock, void *data, UINT size);
|
||||||
bool StartSSL(SOCK *sock, X *x, K *priv);
|
bool StartSSL(SOCK *sock, X *x, K *priv);
|
||||||
bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, char *sni_hostname);
|
bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname);
|
||||||
bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x);
|
bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x);
|
||||||
void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx);
|
void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx);
|
||||||
bool SendAll(SOCK *sock, void *data, UINT size, bool secure);
|
bool SendAll(SOCK *sock, void *data, UINT size, bool secure);
|
||||||
|
@ -1564,7 +1564,6 @@ BEGIN
|
|||||||
EDITTEXT E_RETRY_SPAN,318,251,41,11,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
|
EDITTEXT E_RETRY_SPAN,318,251,41,11,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
|
||||||
LTEXT "@S_RETRY_SPAN_2",S_RETRY_SPAN_2,364,252,72,9
|
LTEXT "@S_RETRY_SPAN_2",S_RETRY_SPAN_2,364,252,72,9
|
||||||
CONTROL "@R_INFINITE",R_INFINITE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,266,265,171,9
|
CONTROL "@R_INFINITE",R_INFINITE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,266,265,171,9
|
||||||
CONTROL "@R_NOTLS1",R_NOTLS1,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,253,280,87,9
|
|
||||||
PUSHBUTTON "@B_DETAIL",B_DETAIL,344,277,87,15
|
PUSHBUTTON "@B_DETAIL",B_DETAIL,344,277,87,15
|
||||||
DEFPUSHBUTTON "@IDOK",IDOK,308,300,64,17
|
DEFPUSHBUTTON "@IDOK",IDOK,308,300,64,17
|
||||||
PUSHBUTTON "@IDCANCEL",IDCANCEL,380,300,64,17
|
PUSHBUTTON "@IDCANCEL",IDCANCEL,380,300,64,17
|
||||||
|
@ -360,8 +360,6 @@
|
|||||||
#define B_IE 1087
|
#define B_IE 1087
|
||||||
#define B_EXPORT 1088
|
#define B_EXPORT 1088
|
||||||
#define IDC_STATIC1 1088
|
#define IDC_STATIC1 1088
|
||||||
#define R_R_NOTLS1 1088
|
|
||||||
#define R_NOTLS1 1088
|
|
||||||
#define R_USE_PASSWORD 1089
|
#define R_USE_PASSWORD 1089
|
||||||
#define IDC_STATIC3 1089
|
#define IDC_STATIC3 1089
|
||||||
#define B_IMPORT2 1089
|
#define B_IMPORT2 1089
|
||||||
|
@ -2332,7 +2332,6 @@ S_RETRY_NUM_2 次
|
|||||||
S_RETRY_SPAN_1 重连间隔(&K):
|
S_RETRY_SPAN_1 重连间隔(&K):
|
||||||
S_RETRY_SPAN_2 秒
|
S_RETRY_SPAN_2 秒
|
||||||
R_INFINITE 无限重连(总是保持 VPN 在线) (&I)
|
R_INFINITE 无限重连(总是保持 VPN 在线) (&I)
|
||||||
R_NOTLS1 使用 SSL 3.0 (&1)
|
|
||||||
B_DETAIL 高级设置(&D)...
|
B_DETAIL 高级设置(&D)...
|
||||||
IDOK 确定(&O)
|
IDOK 确定(&O)
|
||||||
IDCANCEL 取消
|
IDCANCEL 取消
|
||||||
|
@ -2312,7 +2312,6 @@ S_RETRY_NUM_2 times
|
|||||||
S_RETRY_SPAN_1 Reconnect Interval:
|
S_RETRY_SPAN_1 Reconnect Interval:
|
||||||
S_RETRY_SPAN_2 seconds
|
S_RETRY_SPAN_2 seconds
|
||||||
R_INFINITE &Infinite Reconnects (Keep VPN Always Online)
|
R_INFINITE &Infinite Reconnects (Keep VPN Always Online)
|
||||||
R_NOTLS1 Use SSL 3.0 (&1)
|
|
||||||
B_DETAIL A&dvanced Settings...
|
B_DETAIL A&dvanced Settings...
|
||||||
IDOK &OK
|
IDOK &OK
|
||||||
IDCANCEL Cancel
|
IDCANCEL Cancel
|
||||||
|
@ -2317,7 +2317,6 @@ S_RETRY_NUM_2 回
|
|||||||
S_RETRY_SPAN_1 再接続間隔(&K):
|
S_RETRY_SPAN_1 再接続間隔(&K):
|
||||||
S_RETRY_SPAN_2 秒
|
S_RETRY_SPAN_2 秒
|
||||||
R_INFINITE 無限に再接続を試行する (常時接続) (&I)
|
R_INFINITE 無限に再接続を試行する (常時接続) (&I)
|
||||||
R_NOTLS1 SSL 3.0 を使用する(&1)
|
|
||||||
B_DETAIL 高度な通信設定(&N)...
|
B_DETAIL 高度な通信設定(&N)...
|
||||||
IDOK &OK
|
IDOK &OK
|
||||||
IDCANCEL キャンセル
|
IDCANCEL キャンセル
|
||||||
|
@ -2312,7 +2312,6 @@ S_RETRY_NUM_2 회
|
|||||||
S_RETRY_SPAN_1 다시 연결 간격 (&K):
|
S_RETRY_SPAN_1 다시 연결 간격 (&K):
|
||||||
S_RETRY_SPAN_2 초
|
S_RETRY_SPAN_2 초
|
||||||
R_INFINITE 무한 재 연결을 시도하는 (상시 접속) (&I)
|
R_INFINITE 무한 재 연결을 시도하는 (상시 접속) (&I)
|
||||||
R_NOTLS1 사용 SSL 3.0(&1)
|
|
||||||
B_DETAIL 고급 통신 설정 (&N)...
|
B_DETAIL 고급 통신 설정 (&N)...
|
||||||
IDOK & OK
|
IDOK & OK
|
||||||
IDCANCEL 취소
|
IDCANCEL 취소
|
||||||
|
@ -2333,7 +2333,6 @@ S_RETRY_NUM_2 次
|
|||||||
S_RETRY_SPAN_1 重連間隔(&K):
|
S_RETRY_SPAN_1 重連間隔(&K):
|
||||||
S_RETRY_SPAN_2 秒
|
S_RETRY_SPAN_2 秒
|
||||||
R_INFINITE 無限重連(總是保持 VPN 線上) (&I)
|
R_INFINITE 無限重連(總是保持 VPN 線上) (&I)
|
||||||
R_NOTLS1 使用 SSL 3.0 (&1)
|
|
||||||
B_DETAIL 進階設置(&D)...
|
B_DETAIL 進階設置(&D)...
|
||||||
IDOK 確定(&O)
|
IDOK 確定(&O)
|
||||||
IDCANCEL 取消
|
IDCANCEL 取消
|
||||||
|
Loading…
Reference in New Issue
Block a user