1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-24 17:19:52 +03:00

OpenVPN: don't generate dummy certificates (#521)

* Cedar: don't generate dummy certificate

* hamcore: comment out <cert> and <key> in openvpn_sample.ovpn
This commit is contained in:
Davide Beatrici 2018-05-03 13:44:51 +02:00 committed by Moataz Elmasry
parent 13cadf6492
commit 59c817e0fc
2 changed files with 22 additions and 79 deletions

View File

@ -1113,11 +1113,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
UCHAR *zero_buffer;
UINT zero_buffer_size = 128 * 1024;
char name_tmp[MAX_SIZE];
X *dummy_x = NULL;
K *dummy_private_k = NULL;
K *dummy_public_k = NULL;
BUF *dummy_x_buf = NULL;
BUF *dummy_k_buf = NULL;
zero_buffer = ZeroMalloc(zero_buffer_size);
@ -1155,34 +1150,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
WriteBufChar(x_buf, 0);
SeekBufToBegin(x_buf);
// Generate a dummy certificate
if (x != NULL)
{
if (RsaGen(&dummy_private_k, &dummy_public_k, x->bits))
{
NAME *name;
wchar_t cn[128];
UniToStr64(cn, Rand64());
name = NewName(cn, cn, cn, L"US", NULL, NULL);
dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, GetDaysUntil2038Ex(), NULL);
FreeName(name);
dummy_x_buf = XToBuf(dummy_x, true);
SeekBufToEnd(dummy_x_buf);
WriteBufChar(dummy_x_buf, 0);
SeekBufToBegin(dummy_x_buf);
dummy_k_buf = KToBuf(dummy_private_k, true, NULL);
SeekBufToEnd(dummy_k_buf);
WriteBufChar(dummy_k_buf, 0);
SeekBufToBegin(dummy_k_buf);
}
}
FreeX(x);
Zero(hostname, sizeof(hostname));
Zero(tag_before_hostname, sizeof(tag_before_hostname));
@ -1300,18 +1267,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
"$CA$", x_buf->Buf, false);
}
if (dummy_x_buf != NULL)
{
ReplaceStrEx((char *)config_l3_buf->Buf, config_l3_buf->Size, (char *)config_l3_buf->Buf,
"$CERT$", dummy_x_buf->Buf, false);
}
if (dummy_k_buf != NULL)
{
ReplaceStrEx((char *)config_l3_buf->Buf, config_l3_buf->Size, (char *)config_l3_buf->Buf,
"$KEY$", dummy_k_buf->Buf, false);
}
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_remote_access_l3.ovpn", my_hostname);
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l3_buf->Buf, StrLen(config_l3_buf->Buf));
@ -1332,18 +1287,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
"$CA$", x_buf->Buf, false);
}
if (dummy_x_buf != NULL)
{
ReplaceStrEx((char *)config_l2_buf->Buf, config_l2_buf->Size, (char *)config_l2_buf->Buf,
"$CERT$", dummy_x_buf->Buf, false);
}
if (dummy_k_buf != NULL)
{
ReplaceStrEx((char *)config_l2_buf->Buf, config_l2_buf->Size, (char *)config_l2_buf->Buf,
"$KEY$", dummy_k_buf->Buf, false);
}
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_site_to_site_bridge_l2.ovpn", my_hostname);
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l2_buf->Buf, StrLen(config_l2_buf->Buf));
@ -1364,13 +1307,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
FreeBuf(readme_pdf_buf);
FreeBuf(x_buf);
FreeX(dummy_x);
FreeK(dummy_private_k);
FreeK(dummy_public_k);
FreeBuf(dummy_k_buf);
FreeBuf(dummy_x_buf);
Free(zero_buffer);
}

View File

@ -100,6 +100,12 @@ persist-key
persist-tun
client
verb 3
###############################################################################
# Authentication with credentials.
#
# Comment the line out in case you want to use the certificate authentication.
auth-user-pass
@ -117,21 +123,22 @@ $CA$
###############################################################################
# The client certificate file (dummy).
# Client certificate and key.
#
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.
<cert>
$CERT$
</cert>
<key>
$KEY$
</key>
# A pair of client certificate and private key is required in case you want to
# use the certificate authentication.
#
# To enable it, uncomment the lines below.
# Paste your certificate in the <cert> block and the key in the <key> one.
;<cert>
;-----BEGIN CERTIFICATE-----
;
;-----END CERTIFICATE-----
;</cert>
;<key>
;-----BEGIN RSA PRIVATE KEY-----
;
;-----END RSA PRIVATE KEY-----
;</key>