AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-08 00:34:57 +03:00
Code Releases Activity

Support user-specified server trust chain

Browse Source
This commit is contained in:
domosekai
2021-07-21 07:02:42 +00:00
parent 1f40de2dda
commit 2761c1ca42
19 changed files with 437 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/Mayaqua/Network.c
View File

@ -5702,6 +5702,10 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
// Create a new SSL pipe with extended options
SSL_PIPE *NewSslPipeEx(bool server_mode, X *x, K *k, DH_CTX *dh, bool verify_peer, struct SslClientCertInfo *clientcert)
{
return NewSslPipeEx2(server_mode, x, k, NULL, dh, verify_peer, clientcert);
}
SSL_PIPE *NewSslPipeEx2(bool server_mode, X *x, K *k, LIST *chain, DH_CTX *dh, bool verify_peer, struct SslClientCertInfo *clientcert)
{
SSL_PIPE *s;
SSL *ssl;
@ -5715,7 +5719,24 @@ SSL_PIPE *NewSslPipeEx(bool server_mode, X *x, K *k, DH_CTX *dh, bool verify_pee
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); // For some reason pppd under linux doesn't like it
#endif
AddChainSslCertOnDirectory(ssl_ctx);
if (chain == NULL)
{
AddChainSslCertOnDirectory(ssl_ctx);
}
else
{
UINT i;
X *x;
LockList(chain);
{
for (i = 0;i < LIST_NUM(chain);i++)
{
x = LIST_DATA(chain, i);
AddChainSslCert(ssl_ctx, x);
}
}
UnlockList(chain);
}
if (dh != NULL)
{
@ -11641,6 +11662,10 @@ bool StartSSL(SOCK *sock, X *x, K *priv)
return StartSSLEx(sock, x, priv, 0, NULL);
}
bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname)
{
return StartSSLEx2(sock, x, priv, NULL, ssl_timeout, sni_hostname);
}
bool StartSSLEx2(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char *sni_hostname)
{
X509 *x509;
EVP_PKEY *key;
@ -11736,7 +11761,24 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname)
#endif
Unlock(openssl_lock);
AddChainSslCertOnDirectory(ssl_ctx);
if (chain == NULL)
{
AddChainSslCertOnDirectory(ssl_ctx);
}
else
{
UINT i;
X *x;
LockList(chain);
{
for (i = 0;i < LIST_NUM(chain);i++)
{
x = LIST_DATA(chain, i);
AddChainSslCert(ssl_ctx, x);
}
}
UnlockList(chain);
}
Lock(openssl_lock);
}