mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
OpenVPN: don't generate dummy certificates (#521)
* Cedar: don't generate dummy certificate * hamcore: comment out <cert> and <key> in openvpn_sample.ovpn
This commit is contained in:
parent
13cadf6492
commit
59c817e0fc
@ -1113,11 +1113,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
|||||||
UCHAR *zero_buffer;
|
UCHAR *zero_buffer;
|
||||||
UINT zero_buffer_size = 128 * 1024;
|
UINT zero_buffer_size = 128 * 1024;
|
||||||
char name_tmp[MAX_SIZE];
|
char name_tmp[MAX_SIZE];
|
||||||
X *dummy_x = NULL;
|
|
||||||
K *dummy_private_k = NULL;
|
|
||||||
K *dummy_public_k = NULL;
|
|
||||||
BUF *dummy_x_buf = NULL;
|
|
||||||
BUF *dummy_k_buf = NULL;
|
|
||||||
|
|
||||||
zero_buffer = ZeroMalloc(zero_buffer_size);
|
zero_buffer = ZeroMalloc(zero_buffer_size);
|
||||||
|
|
||||||
@ -1155,34 +1150,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
|||||||
WriteBufChar(x_buf, 0);
|
WriteBufChar(x_buf, 0);
|
||||||
SeekBufToBegin(x_buf);
|
SeekBufToBegin(x_buf);
|
||||||
|
|
||||||
// Generate a dummy certificate
|
|
||||||
if (x != NULL)
|
|
||||||
{
|
|
||||||
if (RsaGen(&dummy_private_k, &dummy_public_k, x->bits))
|
|
||||||
{
|
|
||||||
NAME *name;
|
|
||||||
wchar_t cn[128];
|
|
||||||
|
|
||||||
UniToStr64(cn, Rand64());
|
|
||||||
|
|
||||||
name = NewName(cn, cn, cn, L"US", NULL, NULL);
|
|
||||||
|
|
||||||
dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, GetDaysUntil2038Ex(), NULL);
|
|
||||||
|
|
||||||
FreeName(name);
|
|
||||||
|
|
||||||
dummy_x_buf = XToBuf(dummy_x, true);
|
|
||||||
SeekBufToEnd(dummy_x_buf);
|
|
||||||
WriteBufChar(dummy_x_buf, 0);
|
|
||||||
SeekBufToBegin(dummy_x_buf);
|
|
||||||
|
|
||||||
dummy_k_buf = KToBuf(dummy_private_k, true, NULL);
|
|
||||||
SeekBufToEnd(dummy_k_buf);
|
|
||||||
WriteBufChar(dummy_k_buf, 0);
|
|
||||||
SeekBufToBegin(dummy_k_buf);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
FreeX(x);
|
FreeX(x);
|
||||||
Zero(hostname, sizeof(hostname));
|
Zero(hostname, sizeof(hostname));
|
||||||
Zero(tag_before_hostname, sizeof(tag_before_hostname));
|
Zero(tag_before_hostname, sizeof(tag_before_hostname));
|
||||||
@ -1300,18 +1267,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
|||||||
"$CA$", x_buf->Buf, false);
|
"$CA$", x_buf->Buf, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dummy_x_buf != NULL)
|
|
||||||
{
|
|
||||||
ReplaceStrEx((char *)config_l3_buf->Buf, config_l3_buf->Size, (char *)config_l3_buf->Buf,
|
|
||||||
"$CERT$", dummy_x_buf->Buf, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (dummy_k_buf != NULL)
|
|
||||||
{
|
|
||||||
ReplaceStrEx((char *)config_l3_buf->Buf, config_l3_buf->Size, (char *)config_l3_buf->Buf,
|
|
||||||
"$KEY$", dummy_k_buf->Buf, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_remote_access_l3.ovpn", my_hostname);
|
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_remote_access_l3.ovpn", my_hostname);
|
||||||
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l3_buf->Buf, StrLen(config_l3_buf->Buf));
|
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l3_buf->Buf, StrLen(config_l3_buf->Buf));
|
||||||
|
|
||||||
@ -1332,18 +1287,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
|||||||
"$CA$", x_buf->Buf, false);
|
"$CA$", x_buf->Buf, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dummy_x_buf != NULL)
|
|
||||||
{
|
|
||||||
ReplaceStrEx((char *)config_l2_buf->Buf, config_l2_buf->Size, (char *)config_l2_buf->Buf,
|
|
||||||
"$CERT$", dummy_x_buf->Buf, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (dummy_k_buf != NULL)
|
|
||||||
{
|
|
||||||
ReplaceStrEx((char *)config_l2_buf->Buf, config_l2_buf->Size, (char *)config_l2_buf->Buf,
|
|
||||||
"$KEY$", dummy_k_buf->Buf, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_site_to_site_bridge_l2.ovpn", my_hostname);
|
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_site_to_site_bridge_l2.ovpn", my_hostname);
|
||||||
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l2_buf->Buf, StrLen(config_l2_buf->Buf));
|
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l2_buf->Buf, StrLen(config_l2_buf->Buf));
|
||||||
|
|
||||||
@ -1364,13 +1307,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
|||||||
FreeBuf(readme_pdf_buf);
|
FreeBuf(readme_pdf_buf);
|
||||||
FreeBuf(x_buf);
|
FreeBuf(x_buf);
|
||||||
|
|
||||||
FreeX(dummy_x);
|
|
||||||
FreeK(dummy_private_k);
|
|
||||||
FreeK(dummy_public_k);
|
|
||||||
|
|
||||||
FreeBuf(dummy_k_buf);
|
|
||||||
FreeBuf(dummy_x_buf);
|
|
||||||
|
|
||||||
Free(zero_buffer);
|
Free(zero_buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -100,6 +100,12 @@ persist-key
|
|||||||
persist-tun
|
persist-tun
|
||||||
client
|
client
|
||||||
verb 3
|
verb 3
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Authentication with credentials.
|
||||||
|
#
|
||||||
|
# Comment the line out in case you want to use the certificate authentication.
|
||||||
|
|
||||||
auth-user-pass
|
auth-user-pass
|
||||||
|
|
||||||
|
|
||||||
@ -117,21 +123,22 @@ $CA$
|
|||||||
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# The client certificate file (dummy).
|
# Client certificate and key.
|
||||||
#
|
#
|
||||||
# In some implementations of OpenVPN Client software
|
# A pair of client certificate and private key is required in case you want to
|
||||||
# (for example: OpenVPN Client for iOS),
|
# use the certificate authentication.
|
||||||
# a pair of client certificate and private key must be included on the
|
#
|
||||||
# configuration file due to the limitation of the client.
|
# To enable it, uncomment the lines below.
|
||||||
# So this sample configuration file has a dummy pair of client certificate
|
# Paste your certificate in the <cert> block and the key in the <key> one.
|
||||||
# and private key as follows.
|
|
||||||
|
|
||||||
<cert>
|
|
||||||
$CERT$
|
|
||||||
</cert>
|
|
||||||
|
|
||||||
<key>
|
|
||||||
$KEY$
|
|
||||||
</key>
|
|
||||||
|
|
||||||
|
;<cert>
|
||||||
|
;-----BEGIN CERTIFICATE-----
|
||||||
|
;
|
||||||
|
;-----END CERTIFICATE-----
|
||||||
|
;</cert>
|
||||||
|
|
||||||
|
;<key>
|
||||||
|
;-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
;
|
||||||
|
;-----END RSA PRIVATE KEY-----
|
||||||
|
;</key>
|
||||||
|
Loading…
Reference in New Issue
Block a user