mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-22 17:39:53 +03:00
Remove SSLv3 support
This commit is contained in:
Davide Beatrici
parent
19a917adc1
commit
02db806181
@ -193,7 +193,7 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
|
||||
|
||||
SetTimeout(ns, param->DataTimeout);
|
||||
|
||||
if (StartSSLEx(ns, NULL, NULL, true, 0, NULL))
|
||||
if (StartSSLEx(ns, NULL, NULL, 0, NULL))
|
||||
{
|
||||
// Check certification
|
||||
char server_cert_hash_str[MAX_SIZE];
|
||||
|
||||
@ -6373,7 +6373,6 @@ void CmImportAccountMainEx(HWND hWnd, wchar_t *filename, bool overwrite)
|
||||
t->ClientOption->RequireMonitorMode = old_option->RequireMonitorMode;
|
||||
t->ClientOption->RequireBridgeRoutingMode = old_option->RequireBridgeRoutingMode;
|
||||
t->ClientOption->DisableQoS = old_option->DisableQoS;
|
||||
t->ClientOption->NoTls1 = old_option->NoTls1;
|
||||
|
||||
// Inherit the authentication data
|
||||
CiFreeClientAuth(t->ClientAuth);
|
||||
@ -6987,8 +6986,6 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
|
||||
}
|
||||
a->ClientOption->RetryInterval = GetInt(hWnd, E_RETRY_SPAN);
|
||||
|
||||
a->ClientOption->NoTls1 = IsChecked(hWnd, R_NOTLS1);
|
||||
|
||||
// Information determining
|
||||
if (UniStrLen(a->ClientOption->AccountName) == 0 && a->NatMode == false)
|
||||
{
|
||||
@ -7442,8 +7439,6 @@ void CmEditAccountDlgInit(HWND hWnd, CM_ACCOUNT *a)
|
||||
}
|
||||
SetIntEx(hWnd, E_RETRY_SPAN, a->ClientOption->RetryInterval);
|
||||
|
||||
Check(hWnd, R_NOTLS1, a->ClientOption->NoTls1);
|
||||
|
||||
// Title
|
||||
if (a->NatMode == false)
|
||||
{
|
||||
|
||||
@ -4548,7 +4548,6 @@ void InRpcClientOption(CLIENT_OPTION *c, PACK *p)
|
||||
c->RequireMonitorMode = PackGetBool(p, "RequireMonitorMode");
|
||||
c->RequireBridgeRoutingMode = PackGetBool(p, "RequireBridgeRoutingMode");
|
||||
c->FromAdminPack = PackGetBool(p, "FromAdminPack");
|
||||
c->NoTls1 = PackGetBool(p, "NoTls1");
|
||||
c->NoUdpAcceleration = PackGetBool(p, "NoUdpAcceleration");
|
||||
PackGetData2(p, "HostUniqueKey", c->HostUniqueKey, SHA1_SIZE);
|
||||
}
|
||||
@ -4586,7 +4585,6 @@ void OutRpcClientOption(PACK *p, CLIENT_OPTION *c)
|
||||
PackAddBool(p, "RequireBridgeRoutingMode", c->RequireBridgeRoutingMode);
|
||||
PackAddBool(p, "DisableQoS", c->DisableQoS);
|
||||
PackAddBool(p, "FromAdminPack", c->FromAdminPack);
|
||||
PackAddBool(p, "NoTls1", c->NoTls1);
|
||||
PackAddBool(p, "NoUdpAcceleration", c->NoUdpAcceleration);
|
||||
PackAddData(p, "HostUniqueKey", c->HostUniqueKey, SHA1_SIZE);
|
||||
}
|
||||
@ -9580,7 +9578,6 @@ CLIENT_OPTION *CiLoadClientOption(FOLDER *f)
|
||||
o->RequireBridgeRoutingMode = CfgGetBool(f, "RequireBridgeRoutingMode");
|
||||
o->DisableQoS = CfgGetBool(f, "DisableQoS");
|
||||
o->FromAdminPack = CfgGetBool(f, "FromAdminPack");
|
||||
o->NoTls1 = CfgGetBool(f, "NoTls1");
|
||||
o->NoUdpAcceleration = CfgGetBool(f, "NoUdpAcceleration");
|
||||
|
||||
b = CfgGetBuf(f, "HostUniqueKey");
|
||||
@ -10114,7 +10111,6 @@ void CiWriteClientOption(FOLDER *f, CLIENT_OPTION *o)
|
||||
CfgAddBool(f, "RequireMonitorMode", o->RequireMonitorMode);
|
||||
CfgAddBool(f, "RequireBridgeRoutingMode", o->RequireBridgeRoutingMode);
|
||||
CfgAddBool(f, "DisableQoS", o->DisableQoS);
|
||||
CfgAddBool(f, "NoTls1", o->NoTls1);
|
||||
CfgAddBool(f, "NoUdpAcceleration", o->NoUdpAcceleration);
|
||||
|
||||
if (o->FromAdminPack)
|
||||
|
||||
@ -2190,7 +2190,7 @@ void TtcThread(THREAD *thread, void *param)
|
||||
IPToStr(target_host, sizeof(target_host), &ip_ret);
|
||||
}
|
||||
|
||||
s = ConnectEx4(target_host, ttc->Port, 0, ttc->Cancel, NULL, NULL, false, false, true, &ip_ret);
|
||||
s = ConnectEx4(target_host, ttc->Port, 0, ttc->Cancel, NULL, NULL, false, true, &ip_ret);
|
||||
|
||||
if (s == NULL)
|
||||
{
|
||||
|
||||
@ -3659,9 +3659,6 @@ CONNECTION *NewClientConnectionEx(SESSION *s, char *client_str, UINT client_ver,
|
||||
StrCpy(c->ServerName, sizeof(c->ServerName), s->ClientOption->Hostname);
|
||||
c->ServerPort = s->ClientOption->Port;
|
||||
|
||||
// TLS 1.0 using flag
|
||||
c->DontUseTls1 = s->ClientOption->NoTls1;
|
||||
|
||||
// Create queues
|
||||
c->ReceivedBlocks = NewQueue();
|
||||
c->SendBlocks = NewQueue();
|
||||
|
||||
@ -189,7 +189,6 @@ struct CLIENT_OPTION
|
||||
bool RequireBridgeRoutingMode; // Bridge or routing mode
|
||||
bool DisableQoS; // Disable the VoIP / QoS function
|
||||
bool FromAdminPack; // For Administration Pack
|
||||
bool NoTls1; // Do not use TLS 1.0
|
||||
bool NoUdpAcceleration; // Do not use UDP acceleration mode
|
||||
UCHAR HostUniqueKey[SHA1_SIZE]; // Host unique key
|
||||
};
|
||||
@ -310,7 +309,6 @@ struct CONNECTION
|
||||
IP ClientIp; // Client IP address
|
||||
char ClientHostname[MAX_HOST_NAME_LEN + 1]; // Client host name
|
||||
UINT Type; // Type
|
||||
bool DontUseTls1; // Do not use TLS 1.0
|
||||
void *hWndForUI; // Parent window
|
||||
bool IsInProc; // In-process
|
||||
char InProcPrefix[64]; // Prefix
|
||||
|
||||
@ -3995,7 +3995,7 @@ SOCK *ClientAdditionalConnectToServer(CONNECTION *c)
|
||||
}
|
||||
|
||||
// Socket connection
|
||||
s = ClientConnectGetSocket(c, true, (c->DontUseTls1 ? false : true));
|
||||
s = ClientConnectGetSocket(c, true);
|
||||
if (s == NULL)
|
||||
{
|
||||
// Connection failure
|
||||
@ -4030,7 +4030,7 @@ SOCK *ClientAdditionalConnectToServer(CONNECTION *c)
|
||||
SetTimeout(s, CONNECTING_TIMEOUT);
|
||||
|
||||
// Start the SSL communication
|
||||
if (StartSSLEx(s, NULL, NULL, (c->DontUseTls1 ? false : true), 0, c->ServerName) == false)
|
||||
if (StartSSLEx(s, NULL, NULL, 0, c->ServerName) == false)
|
||||
{
|
||||
// SSL communication failure
|
||||
Disconnect(s);
|
||||
@ -6445,7 +6445,7 @@ SOCK *ClientConnectToServer(CONNECTION *c)
|
||||
}
|
||||
|
||||
// Get the socket by connecting
|
||||
s = ClientConnectGetSocket(c, false, (c->DontUseTls1 ? false : true));
|
||||
s = ClientConnectGetSocket(c, false);
|
||||
if (s == NULL)
|
||||
{
|
||||
// Connection failure
|
||||
@ -6466,7 +6466,7 @@ SOCK *ClientConnectToServer(CONNECTION *c)
|
||||
SetTimeout(s, CONNECTING_TIMEOUT);
|
||||
|
||||
// Start the SSL communication
|
||||
if (StartSSLEx(s, x, k, (c->DontUseTls1 ? false : true), 0, c->ServerName) == false)
|
||||
if (StartSSLEx(s, x, k, 0, c->ServerName) == false)
|
||||
{
|
||||
// SSL communication start failure
|
||||
Disconnect(s);
|
||||
@ -6490,7 +6490,7 @@ SOCK *ClientConnectToServer(CONNECTION *c)
|
||||
}
|
||||
|
||||
// Return a socket by connecting to the server
|
||||
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect, bool no_tls)
|
||||
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect)
|
||||
{
|
||||
SOCK *s = NULL;
|
||||
CLIENT_OPTION *o;
|
||||
@ -6562,7 +6562,7 @@ SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect, bool no_tls
|
||||
// If additional_connect == true, follow the IsRUDPSession setting in this session
|
||||
s = TcpIpConnectEx(host_for_direct_connection, port_for_direct_connection,
|
||||
(bool *)cancel_flag, hWnd, &nat_t_err, (additional_connect ? (!is_additional_rudp_session) : false),
|
||||
true, no_tls, &ret_ip);
|
||||
true, &ret_ip);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -6723,7 +6723,7 @@ SOCK *SocksConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
|
||||
}
|
||||
|
||||
// Connection
|
||||
s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, false, ret_ip);
|
||||
s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, ret_ip);
|
||||
if (s == NULL)
|
||||
{
|
||||
// Failure
|
||||
@ -6930,7 +6930,7 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
|
||||
}
|
||||
|
||||
// Connection
|
||||
s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, false, NULL);
|
||||
s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, NULL);
|
||||
if (s == NULL)
|
||||
{
|
||||
// Failure
|
||||
@ -7080,32 +7080,32 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
|
||||
}
|
||||
|
||||
// TCP connection function
|
||||
SOCK *TcpConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool try_start_ssl, bool ssl_no_tls)
|
||||
SOCK *TcpConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool try_start_ssl)
|
||||
{
|
||||
return TcpConnectEx3(hostname, port, timeout, cancel_flag, hWnd, false, NULL, try_start_ssl, ssl_no_tls, NULL);
|
||||
return TcpConnectEx3(hostname, port, timeout, cancel_flag, hWnd, false, NULL, try_start_ssl, NULL);
|
||||
}
|
||||
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, IP *ret_ip)
|
||||
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, IP *ret_ip)
|
||||
{
|
||||
#ifdef OS_WIN32
|
||||
if (hWnd == NULL)
|
||||
{
|
||||
#endif // OS_WIN32
|
||||
return ConnectEx4(hostname, port, timeout, cancel_flag, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), nat_t_error_code, try_start_ssl, ssl_no_tls, true, ret_ip);
|
||||
return ConnectEx4(hostname, port, timeout, cancel_flag, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), nat_t_error_code, try_start_ssl, true, ret_ip);
|
||||
#ifdef OS_WIN32
|
||||
}
|
||||
else
|
||||
{
|
||||
return WinConnectEx3((HWND)hWnd, hostname, port, timeout, 0, NULL, NULL, nat_t_error_code, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), try_start_ssl, ssl_no_tls);
|
||||
return WinConnectEx3((HWND)hWnd, hostname, port, timeout, 0, NULL, NULL, nat_t_error_code, (no_nat_t ? NULL : VPN_RUDP_SVC_NAME), try_start_ssl);
|
||||
}
|
||||
#endif // OS_WIN32
|
||||
}
|
||||
|
||||
// Connect with TCP/IP
|
||||
SOCK *TcpIpConnect(char *hostname, UINT port, bool try_start_ssl, bool ssl_no_tls)
|
||||
SOCK *TcpIpConnect(char *hostname, UINT port, bool try_start_ssl)
|
||||
{
|
||||
return TcpIpConnectEx(hostname, port, NULL, NULL, NULL, false, try_start_ssl, ssl_no_tls, NULL);
|
||||
return TcpIpConnectEx(hostname, port, NULL, NULL, NULL, false, try_start_ssl, NULL);
|
||||
}
|
||||
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, bool ssl_no_tls, IP *ret_ip)
|
||||
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip)
|
||||
{
|
||||
SOCK *s = NULL;
|
||||
UINT dummy_int = 0;
|
||||
@ -7120,7 +7120,7 @@ SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, U
|
||||
return NULL;
|
||||
}
|
||||
|
||||
s = TcpConnectEx3(hostname, port, 0, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ssl_no_tls, ret_ip);
|
||||
s = TcpConnectEx3(hostname, port, 0, cancel_flag, hWnd, no_nat_t, nat_t_error_code, try_start_ssl, ret_ip);
|
||||
if (s == NULL)
|
||||
{
|
||||
return NULL;
|
||||
|
||||
@ -217,16 +217,16 @@ UINT64 ShortStrToDate64(char *str);
|
||||
bool ServerAccept(CONNECTION *c);
|
||||
bool ClientConnect(CONNECTION *c);
|
||||
SOCK *ClientConnectToServer(CONNECTION *c);
|
||||
SOCK *TcpIpConnect(char *hostname, UINT port, bool try_start_ssl, bool ssl_no_tls);
|
||||
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, bool ssl_no_tls, IP *ret_ip);
|
||||
SOCK *TcpIpConnect(char *hostname, UINT port, bool try_start_ssl);
|
||||
SOCK *TcpIpConnectEx(char *hostname, UINT port, bool *cancel_flag, void *hWnd, UINT *nat_t_error_code, bool no_nat_t, bool try_start_ssl, IP *ret_ip);
|
||||
bool ClientUploadSignature(SOCK *s);
|
||||
bool ClientDownloadHello(CONNECTION *c, SOCK *s);
|
||||
bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str);
|
||||
bool ServerUploadHello(CONNECTION *c);
|
||||
bool ClientUploadAuth(CONNECTION *c);
|
||||
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect, bool no_tls);
|
||||
SOCK *TcpConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool try_start_ssl, bool ssl_no_tls);
|
||||
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, IP *ret_ip);
|
||||
SOCK *ClientConnectGetSocket(CONNECTION *c, bool additional_connect);
|
||||
SOCK *TcpConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool try_start_ssl);
|
||||
SOCK *TcpConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, void *hWnd, bool no_nat_t, UINT *nat_t_error_code, bool try_start_ssl, IP *ret_ip);
|
||||
|
||||
void InitProtocol();
|
||||
void FreeProtocol();
|
||||
|
||||
@ -2550,9 +2550,6 @@ void SiLoadInitialConfiguration(SERVER *s)
|
||||
return;
|
||||
}
|
||||
|
||||
// Default to TLS only; mitigates CVE-2016-0800
|
||||
s->Cedar->SslAcceptSettings.AcceptOnlyTls = true;
|
||||
|
||||
// Auto saving interval related
|
||||
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
|
||||
s->BackupConfigOnlyWhenModified = true;
|
||||
@ -6132,16 +6129,6 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
|
||||
// Disable session reconnect
|
||||
SetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT, CfgGetBool(f, "DisableSessionReconnect"));
|
||||
|
||||
// AcceptOnlyTls
|
||||
if (CfgIsItem(f, "AcceptOnlyTls"))
|
||||
{
|
||||
c->SslAcceptSettings.AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
|
||||
}
|
||||
else
|
||||
{
|
||||
// Default to TLS only; mitigates CVE-2016-0800
|
||||
c->SslAcceptSettings.AcceptOnlyTls = true;
|
||||
}
|
||||
c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0");
|
||||
c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1");
|
||||
c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
|
||||
@ -6466,7 +6453,6 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
|
||||
CfgAddBool(f, "DisableGetHostNameWhenAcceptTcp", s->DisableGetHostNameWhenAcceptTcp);
|
||||
CfgAddBool(f, "DisableCoreDumpOnUnix", s->DisableCoreDumpOnUnix);
|
||||
|
||||
CfgAddBool(f, "AcceptOnlyTls", c->SslAcceptSettings.AcceptOnlyTls);
|
||||
CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0);
|
||||
CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1);
|
||||
CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2);
|
||||
|
||||
@ -4431,7 +4431,7 @@ void NatTcpConnectThread(THREAD *t, void *p)
|
||||
|
||||
// Attempt to connect to the TCP host
|
||||
Debug("NatTcpConnect Connecting to %s:%u\n", hostname, port_number);
|
||||
sock = ConnectEx3(hostname, port_number, 0, &n->NatTcpCancelFlag, NULL, NULL, false, false, true);
|
||||
sock = ConnectEx3(hostname, port_number, 0, &n->NatTcpCancelFlag, NULL, NULL, false, true);
|
||||
if (sock == NULL)
|
||||
{
|
||||
// Connection failure
|
||||
|
||||
@ -1460,7 +1460,7 @@ void WinConnectDlgThread(THREAD *thread, void *param)
|
||||
nat_t_svc_name = d->nat_t_svc_name;
|
||||
}
|
||||
|
||||
s = ConnectEx3(d->hostname, d->port, d->timeout, &d->cancel, nat_t_svc_name, &nat_t_error_code, d->try_start_ssl, d->ssl_no_tls, false);
|
||||
s = ConnectEx3(d->hostname, d->port, d->timeout, &d->cancel, nat_t_svc_name, &nat_t_error_code, d->try_start_ssl, false);
|
||||
|
||||
d->ret_sock = s;
|
||||
d->nat_t_error_code = nat_t_error_code;
|
||||
@ -1536,7 +1536,7 @@ UINT WinConnectDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *
|
||||
}
|
||||
|
||||
// TCP connection with showing the UI
|
||||
SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_id, wchar_t *caption, wchar_t *info, UINT *nat_t_error_code, char *nat_t_svc_name, bool try_start_ssl, bool ssl_no_tls)
|
||||
SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_id, wchar_t *caption, wchar_t *info, UINT *nat_t_error_code, char *nat_t_svc_name, bool try_start_ssl)
|
||||
{
|
||||
wchar_t tmp[MAX_SIZE];
|
||||
wchar_t tmp2[MAX_SIZE];
|
||||
@ -1572,7 +1572,6 @@ SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_
|
||||
Zero(&d, sizeof(d));
|
||||
|
||||
d.try_start_ssl = try_start_ssl;
|
||||
d.ssl_no_tls = ssl_no_tls;
|
||||
d.cancel = false;
|
||||
d.caption = caption;
|
||||
d.icon_id = icon_id;
|
||||
|
||||
@ -449,7 +449,6 @@ typedef struct WINCONNECT_DLG_DATA
|
||||
char nat_t_svc_name[MAX_SIZE];
|
||||
UINT nat_t_error_code;
|
||||
bool try_start_ssl;
|
||||
bool ssl_no_tls;
|
||||
} WINCONNECT_DLG_DATA;
|
||||
|
||||
HBITMAP ResizeBitmap(HBITMAP hSrc, UINT src_x, UINT src_y, UINT dst_x, UINT dst_y);
|
||||
@ -838,7 +837,7 @@ HFONT GetMeiryoFont();
|
||||
HFONT GetMeiryoFontEx(UINT font_size);
|
||||
HFONT GetMeiryoFontEx2(UINT font_size, bool bold);
|
||||
bool ShowWindowsNetworkConnectionDialog();
|
||||
SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_id, wchar_t *caption, wchar_t *info, UINT *nat_t_error_code, char *nat_t_svc_name, bool try_start_ssl, bool ssl_no_tls);
|
||||
SOCK *WinConnectEx3(HWND hWnd, char *server, UINT port, UINT timeout, UINT icon_id, wchar_t *caption, wchar_t *info, UINT *nat_t_error_code, char *nat_t_svc_name, bool try_start_ssl);
|
||||
UINT WinConnectDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param);
|
||||
void WinConnectDlgThread(THREAD *thread, void *param);
|
||||
void NicInfo(UI_NICINFO *info);
|
||||
|
||||
@ -623,7 +623,7 @@ SOCK *WpcSockConnectEx(WPC_CONNECT *param, UINT *error_code, UINT timeout, bool
|
||||
switch (param->ProxyType)
|
||||
{
|
||||
case PROXY_DIRECT:
|
||||
sock = TcpConnectEx3(param->HostName, param->Port, timeout, cancel, NULL, true, NULL, false, false, NULL);
|
||||
sock = TcpConnectEx3(param->HostName, param->Port, timeout, cancel, NULL, true, NULL, false, NULL);
|
||||
if (sock == NULL)
|
||||
{
|
||||
err = ERR_CONNECT_FAILED;
|
||||
@ -790,7 +790,7 @@ BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
else
|
||||
{
|
||||
// If the connection is not SSL via HTTP Proxy
|
||||
s = TcpConnectEx3(con.ProxyHostName, con.ProxyPort, timeout_connect, cancel, NULL, true, NULL, false, false, NULL);
|
||||
s = TcpConnectEx3(con.ProxyHostName, con.ProxyPort, timeout_connect, cancel, NULL, true, NULL, false, NULL);
|
||||
if (s == NULL)
|
||||
{
|
||||
*error_code = ERR_PROXY_CONNECT_FAILED;
|
||||
@ -805,7 +805,7 @@ BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
if (data->Secure)
|
||||
{
|
||||
// Start the SSL communication
|
||||
if (StartSSLEx(s, NULL, NULL, true, 0, (IsEmptyStr(data->SniString) ? NULL : data->SniString)) == false)
|
||||
if (StartSSLEx(s, NULL, NULL, 0, (IsEmptyStr(data->SniString) ? NULL : data->SniString)) == false)
|
||||
{
|
||||
// SSL connection failed
|
||||
*error_code = ERR_PROTOCOL_ERROR;
|
||||
|
||||
@ -831,7 +831,7 @@ bool GetIPViaDnsProxyForJapanFlets(IP *ip_ret, char *hostname, bool ipv6, UINT t
|
||||
Format(connect_hostname2, sizeof(connect_hostname2), "[%s]", connect_hostname);
|
||||
}
|
||||
|
||||
s = ConnectEx3(connect_hostname, BFLETS_DNS_PROXY_PORT, timeout, cancel, NULL, NULL, false, false, false);
|
||||
s = ConnectEx3(connect_hostname, BFLETS_DNS_PROXY_PORT, timeout, cancel, NULL, NULL, false, false);
|
||||
|
||||
if (s == NULL)
|
||||
{
|
||||
@ -849,7 +849,7 @@ bool GetIPViaDnsProxyForJapanFlets(IP *ip_ret, char *hostname, bool ipv6, UINT t
|
||||
SetTimeout(s, timeout);
|
||||
|
||||
// Start the SSL
|
||||
if (StartSSLEx(s, NULL, NULL, true, 0, NULL) && (*cancel == false))
|
||||
if (StartSSLEx(s, NULL, NULL, 0, NULL) && (*cancel == false))
|
||||
{
|
||||
UCHAR hash[SHA1_SIZE];
|
||||
BUF *hash2 = StrToBin(BFLETS_DNS_PROXY_CERT_HASH);
|
||||
@ -12143,9 +12143,9 @@ bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x)
|
||||
// Start a TCP-SSL communication
|
||||
bool StartSSL(SOCK *sock, X *x, K *priv)
|
||||
{
|
||||
return StartSSLEx(sock, x, priv, true, 0, NULL);
|
||||
return StartSSLEx(sock, x, priv, 0, NULL);
|
||||
}
|
||||
bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, char *sni_hostname)
|
||||
bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname)
|
||||
{
|
||||
X509 *x509;
|
||||
EVP_PKEY *key;
|
||||
@ -12205,39 +12205,32 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
||||
{
|
||||
if (sock->ServerMode)
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_server_method());
|
||||
|
||||
#ifdef SSL_OP_NO_SSLv2
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
|
||||
#endif // SSL_OP_NO_SSLv2
|
||||
|
||||
if (sock->SslAcceptSettings.AcceptOnlyTls)
|
||||
{
|
||||
#ifdef SSL_OP_NO_SSLv3
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
|
||||
#endif // SSL_OP_NO_SSLv3
|
||||
}
|
||||
|
||||
#ifdef SSL_OP_NO_TLSv1
|
||||
if (sock->SslAcceptSettings.Tls_Disable1_0)
|
||||
{
|
||||
#ifdef SSL_OP_NO_TLSv1
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
|
||||
#endif // SSL_OP_NO_TLSv1
|
||||
}
|
||||
#endif // SSL_OP_NO_TLSv1
|
||||
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
if (sock->SslAcceptSettings.Tls_Disable1_1)
|
||||
{
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
|
||||
#endif // SSL_OP_NO_TLSv1_1
|
||||
}
|
||||
#endif // SSL_OP_NO_TLSv1_1
|
||||
|
||||
#ifdef SSL_OP_NO_TLSv1_2
|
||||
if (sock->SslAcceptSettings.Tls_Disable1_2)
|
||||
{
|
||||
#ifdef SSL_OP_NO_TLSv1_2
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
|
||||
#endif // SSL_OP_NO_TLSv1_2
|
||||
}
|
||||
#endif // SSL_OP_NO_TLSv1_2
|
||||
|
||||
Unlock(openssl_lock);
|
||||
AddChainSslCertOnDirectory(ssl_ctx);
|
||||
@ -12245,24 +12238,18 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
|
||||
}
|
||||
else
|
||||
{
|
||||
if (client_tls == false)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method());
|
||||
#else
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
|
||||
}
|
||||
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method());
|
||||
|
||||
#ifdef SSL_OP_NO_SSLv3
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
|
||||
#endif // SSL_OP_NO_SSLv3
|
||||
}
|
||||
|
||||
sock->ssl = SSL_new(ssl_ctx);
|
||||
SSL_set_fd(sock->ssl, (int)sock->socket);
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
if (sock->ServerMode == false && client_tls)
|
||||
if (sock->ServerMode == false)
|
||||
{
|
||||
if (IsEmptyStr(sni_hostname) == false)
|
||||
{
|
||||
@ -14281,7 +14268,7 @@ void ConnectThreadForTcp(THREAD *thread, void *param)
|
||||
|
||||
// Connecting process
|
||||
IPToStr(hostname, sizeof(hostname), &p->Ip);
|
||||
sock = ConnectEx3(hostname, p->Port, p->Timeout, p->CancelFlag, NULL, NULL, false, false, true);
|
||||
sock = ConnectEx3(hostname, p->Port, p->Timeout, p->CancelFlag, NULL, NULL, false, true);
|
||||
|
||||
if (sock != NULL && p->Tcp_TryStartSsl)
|
||||
{
|
||||
@ -14306,7 +14293,7 @@ void ConnectThreadForTcp(THREAD *thread, void *param)
|
||||
Unlock(p->CancelLock);
|
||||
|
||||
// Start the SSL communication
|
||||
ssl_ret = StartSSLEx(sock, NULL, NULL, p->Tcp_SslNoTls, 0, p->Hostname);
|
||||
ssl_ret = StartSSLEx(sock, NULL, NULL, 0, p->Hostname);
|
||||
|
||||
if (ssl_ret)
|
||||
{
|
||||
@ -14419,14 +14406,13 @@ SOCK *ConnectEx(char *hostname, UINT port, UINT timeout)
|
||||
}
|
||||
SOCK *ConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag)
|
||||
{
|
||||
return ConnectEx3(hostname, port, timeout, cancel_flag, NULL, NULL, false, false, true);
|
||||
return ConnectEx3(hostname, port, timeout, cancel_flag, NULL, NULL, false, true);
|
||||
}
|
||||
SOCK *ConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, bool no_get_hostname)
|
||||
SOCK *ConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool no_get_hostname)
|
||||
{
|
||||
return ConnectEx4(hostname, port, timeout, cancel_flag, nat_t_svc_name, nat_t_error_code, try_start_ssl, ssl_no_tls,
|
||||
no_get_hostname, NULL);
|
||||
return ConnectEx4(hostname, port, timeout, cancel_flag, nat_t_svc_name, nat_t_error_code, try_start_ssl, no_get_hostname, NULL);
|
||||
}
|
||||
SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, bool no_get_hostname, IP *ret_ip)
|
||||
SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool no_get_hostname, IP *ret_ip)
|
||||
{
|
||||
SOCK *sock;
|
||||
SOCKET s;
|
||||
@ -14605,7 +14591,6 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha
|
||||
p1.CancelFlag = &cancel_flag2;
|
||||
p1.FinishEvent = finish_event;
|
||||
p1.Tcp_TryStartSsl = try_start_ssl;
|
||||
p1.Tcp_SslNoTls = ssl_no_tls;
|
||||
p1.CancelLock = NewLock();
|
||||
|
||||
// p2: NAT-T
|
||||
|
||||
@ -250,7 +250,6 @@ struct SOCK_EVENT
|
||||
// SSL Accept Settings
|
||||
struct SSL_ACCEPT_SETTINGS
|
||||
{
|
||||
bool AcceptOnlyTls;
|
||||
bool Tls_Disable1_0;
|
||||
bool Tls_Disable1_1;
|
||||
bool Tls_Disable1_2;
|
||||
@ -927,7 +926,6 @@ struct CONNECT_TCP_RUDP_PARAM
|
||||
UINT RUdpProtocol;
|
||||
UINT Delay;
|
||||
bool Tcp_TryStartSsl;
|
||||
bool Tcp_SslNoTls;
|
||||
LOCK *CancelLock;
|
||||
SOCK *CancelDisconnectSock;
|
||||
bool Tcp_InNegotiation;
|
||||
@ -1271,8 +1269,8 @@ void CleanupSock(SOCK *s);
|
||||
SOCK *Connect(char *hostname, UINT port);
|
||||
SOCK *ConnectEx(char *hostname, UINT port, UINT timeout);
|
||||
SOCK *ConnectEx2(char *hostname, UINT port, UINT timeout, bool *cancel_flag);
|
||||
SOCK *ConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, bool no_get_hostname);
|
||||
SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool ssl_no_tls, bool no_get_hostname, IP *ret_ip);
|
||||
SOCK *ConnectEx3(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool no_get_hostname);
|
||||
SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, char *nat_t_svc_name, UINT *nat_t_error_code, bool try_start_ssl, bool no_get_hostname, IP *ret_ip);
|
||||
SOCKET ConnectTimeoutIPv4(IP *ip, UINT port, UINT timeout, bool *cancel_flag);
|
||||
void SetSocketSendRecvBufferSize(SOCKET s, UINT size);
|
||||
bool SetSocketBufferSize(SOCKET s, bool send, UINT size);
|
||||
@ -1295,7 +1293,7 @@ void SetNoNeedToRead(SOCK *sock);
|
||||
UINT SecureSend(SOCK *sock, void *data, UINT size);
|
||||
UINT SecureRecv(SOCK *sock, void *data, UINT size);
|
||||
bool StartSSL(SOCK *sock, X *x, K *priv);
|
||||
bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, char *sni_hostname);
|
||||
bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname);
|
||||
bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x);
|
||||
void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx);
|
||||
bool SendAll(SOCK *sock, void *data, UINT size, bool secure);
|
||||
|
||||
@ -1564,7 +1564,6 @@ BEGIN
|
||||
EDITTEXT E_RETRY_SPAN,318,251,41,11,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
|
||||
LTEXT "@S_RETRY_SPAN_2",S_RETRY_SPAN_2,364,252,72,9
|
||||
CONTROL "@R_INFINITE",R_INFINITE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,266,265,171,9
|
||||
CONTROL "@R_NOTLS1",R_NOTLS1,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,253,280,87,9
|
||||
PUSHBUTTON "@B_DETAIL",B_DETAIL,344,277,87,15
|
||||
DEFPUSHBUTTON "@IDOK",IDOK,308,300,64,17
|
||||
PUSHBUTTON "@IDCANCEL",IDCANCEL,380,300,64,17
|
||||
|
||||
@ -360,8 +360,6 @@
|
||||
#define B_IE 1087
|
||||
#define B_EXPORT 1088
|
||||
#define IDC_STATIC1 1088
|
||||
#define R_R_NOTLS1 1088
|
||||
#define R_NOTLS1 1088
|
||||
#define R_USE_PASSWORD 1089
|
||||
#define IDC_STATIC3 1089
|
||||
#define B_IMPORT2 1089
|
||||
|
||||
@ -2332,7 +2332,6 @@ S_RETRY_NUM_2 次
|
||||
S_RETRY_SPAN_1 重连间隔(&K):
|
||||
S_RETRY_SPAN_2 秒
|
||||
R_INFINITE 无限重连(总是保持 VPN 在线) (&I)
|
||||
R_NOTLS1 使用 SSL 3.0 (&1)
|
||||
B_DETAIL 高级设置(&D)...
|
||||
IDOK 确定(&O)
|
||||
IDCANCEL 取消
|
||||
|
||||
@ -2312,7 +2312,6 @@ S_RETRY_NUM_2 times
|
||||
S_RETRY_SPAN_1 Reconnect Interval:
|
||||
S_RETRY_SPAN_2 seconds
|
||||
R_INFINITE &Infinite Reconnects (Keep VPN Always Online)
|
||||
R_NOTLS1 Use SSL 3.0 (&1)
|
||||
B_DETAIL A&dvanced Settings...
|
||||
IDOK &OK
|
||||
IDCANCEL Cancel
|
||||
|
||||
@ -2317,7 +2317,6 @@ S_RETRY_NUM_2 回
|
||||
S_RETRY_SPAN_1 再接続間隔(&K):
|
||||
S_RETRY_SPAN_2 秒
|
||||
R_INFINITE 無限に再接続を試行する (常時接続) (&I)
|
||||
R_NOTLS1 SSL 3.0 を使用する(&1)
|
||||
B_DETAIL 高度な通信設定(&N)...
|
||||
IDOK &OK
|
||||
IDCANCEL キャンセル
|
||||
|
||||
@ -2312,7 +2312,6 @@ S_RETRY_NUM_2 회
|
||||
S_RETRY_SPAN_1 다시 연결 간격 (&K):
|
||||
S_RETRY_SPAN_2 초
|
||||
R_INFINITE 무한 재 연결을 시도하는 (상시 접속) (&I)
|
||||
R_NOTLS1 사용 SSL 3.0(&1)
|
||||
B_DETAIL 고급 통신 설정 (&N)...
|
||||
IDOK & OK
|
||||
IDCANCEL 취소
|
||||
|
||||
@ -2333,7 +2333,6 @@ S_RETRY_NUM_2 次
|
||||
S_RETRY_SPAN_1 重連間隔(&K):
|
||||
S_RETRY_SPAN_2 秒
|
||||
R_INFINITE 無限重連(總是保持 VPN 線上) (&I)
|
||||
R_NOTLS1 使用 SSL 3.0 (&1)
|
||||
B_DETAIL 進階設置(&D)...
|
||||
IDOK 確定(&O)
|
||||
IDCANCEL 取消
|
||||
|
||||
Loading…
Reference in New Issue
Block a user