AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-06 07:44:57 +03:00
Code Releases Activity

v4.11-9506-beta

Browse Source
This commit is contained in:
dnobori
2014-10-23 01:00:30 +09:00
parent 10d4b2c43d
commit 2b3a4d0b75
281 changed files with 315 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/Mayaqua/Network.c
View File

@ -231,7 +231,7 @@ static LIST *host_ip_address_cache = NULL;
static bool disable_gethostname_by_accept = false;
static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA";
static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA";
static LIST *ip_clients = NULL;
static LIST *local_mac_list = NULL;
@ -243,6 +243,8 @@ static UINT rand_port_numbers[256] = {0};
static bool g_use_privateip_file = false;
static bool g_source_ip_validation_force_disable = false;
static DH_CTX *dh_1024 = NULL;
typedef struct PRIVATE_IP_SUBNET
{
UINT Ip, Mask, Ip2;
@ -12772,7 +12774,14 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
{
if (sock->ServerMode)
{
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
if (sock->AcceptOnlyTls == false)
{
SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
}
else
{
SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_method());
}
Unlock(openssl_lock);
AddChainSslCertOnDirectory(ssl_ctx);
@ -17402,6 +17411,19 @@ void UnlockDnsCache()
UnlockList(DnsCache);
}
// DH temp key callback
DH *TmpDhCallback(SSL *ssl, int is_export, int keylength)
{
DH *ret = NULL;
if (dh_1024 != NULL)
{
ret = dh_1024->dh;
}
return ret;
}
// Create the SSL_CTX
struct ssl_ctx_st *NewSSLCtx(bool server_mode)
{
@ -17418,6 +17440,8 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
}
#endif // SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_CTX_set_tmp_dh_callback(ctx, TmpDhCallback);
return ctx;
}
@ -17488,6 +17512,8 @@ void InitNetwork()
disable_cache = false;
dh_1024 = DhNewGroup2();
Zero(rand_port_numbers, sizeof(rand_port_numbers));
}
@ -17852,6 +17878,12 @@ void SetCurrentGlobalIP(IP *ip, bool ipv6)
void FreeNetwork()
{
if (dh_1024 != NULL)
{
DhFree(dh_1024);
dh_1024 = NULL;
}
// Release of thread-related
FreeWaitThread();

1
src/Mayaqua/Network.h
View File

@ -305,6 +305,7 @@ struct SOCK
IP Reverse_MyServerGlobalIp; // Self global IP address when using the reverse socket
UINT Reverse_MyServerPort; // Self port number when using the reverse socket
UCHAR Ssl_Init_Async_SendAlert[2]; // Initial state of SSL send_alert
bool AcceptOnlyTls; // Accept only TLS (disable SSLv3)
#ifdef ENABLE_SSL_LOGGING
// SSL Logging (for debug)