AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00
Code Releases Activity

OpenVPN: don't generate dummy certificates (#521)

Browse Source 
* Cedar: don't generate dummy certificate

* hamcore: comment out <cert> and <key> in openvpn_sample.ovpn
This commit is contained in:
Davide Beatrici 2018-05-03 13:44:51 +02:00 committed by Moataz Elmasry
parent 13cadf6492
commit 59c817e0fc
2 changed files with 22 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/Cedar/Admin.c
View File

@ -1113,11 +1113,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
UCHAR *zero_buffer; UCHAR *zero_buffer;
UINT zero_buffer_size = 128 * 1024; UINT zero_buffer_size = 128 * 1024;
char name_tmp[MAX_SIZE]; char name_tmp[MAX_SIZE];
X *dummy_x = NULL;
K *dummy_private_k = NULL;
K *dummy_public_k = NULL;
BUF *dummy_x_buf = NULL;
BUF *dummy_k_buf = NULL;
zero_buffer = ZeroMalloc(zero_buffer_size); zero_buffer = ZeroMalloc(zero_buffer_size);
@ -1155,34 +1150,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
WriteBufChar(x_buf, 0); WriteBufChar(x_buf, 0);
SeekBufToBegin(x_buf); SeekBufToBegin(x_buf);
// Generate a dummy certificate
if (x != NULL)
{
if (RsaGen(&dummy_private_k, &dummy_public_k, x->bits))
{
NAME *name;
wchar_t cn[128];
UniToStr64(cn, Rand64());
name = NewName(cn, cn, cn, L"US", NULL, NULL);
dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, GetDaysUntil2038Ex(), NULL);
FreeName(name);
dummy_x_buf = XToBuf(dummy_x, true);
SeekBufToEnd(dummy_x_buf);
WriteBufChar(dummy_x_buf, 0);
SeekBufToBegin(dummy_x_buf);
dummy_k_buf = KToBuf(dummy_private_k, true, NULL);
SeekBufToEnd(dummy_k_buf);
WriteBufChar(dummy_k_buf, 0);
SeekBufToBegin(dummy_k_buf);
}
}
FreeX(x); FreeX(x);
Zero(hostname, sizeof(hostname)); Zero(hostname, sizeof(hostname));
Zero(tag_before_hostname, sizeof(tag_before_hostname)); Zero(tag_before_hostname, sizeof(tag_before_hostname));
@ -1300,18 +1267,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
"$CA$", x_buf->Buf, false); "$CA$", x_buf->Buf, false);
} }
if (dummy_x_buf != NULL)
{
ReplaceStrEx((char *)config_l3_buf->Buf, config_l3_buf->Size, (char *)config_l3_buf->Buf,
"$CERT$", dummy_x_buf->Buf, false);
}
if (dummy_k_buf != NULL)
{
ReplaceStrEx((char *)config_l3_buf->Buf, config_l3_buf->Size, (char *)config_l3_buf->Buf,
"$KEY$", dummy_k_buf->Buf, false);
}
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_remote_access_l3.ovpn", my_hostname); Format(name_tmp, sizeof(name_tmp), "%sopenvpn_remote_access_l3.ovpn", my_hostname);
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l3_buf->Buf, StrLen(config_l3_buf->Buf)); ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l3_buf->Buf, StrLen(config_l3_buf->Buf));
@ -1332,18 +1287,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
"$CA$", x_buf->Buf, false); "$CA$", x_buf->Buf, false);
} }
if (dummy_x_buf != NULL)
{
ReplaceStrEx((char *)config_l2_buf->Buf, config_l2_buf->Size, (char *)config_l2_buf->Buf,
"$CERT$", dummy_x_buf->Buf, false);
}
if (dummy_k_buf != NULL)
{
ReplaceStrEx((char *)config_l2_buf->Buf, config_l2_buf->Size, (char *)config_l2_buf->Buf,
"$KEY$", dummy_k_buf->Buf, false);
}
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_site_to_site_bridge_l2.ovpn", my_hostname); Format(name_tmp, sizeof(name_tmp), "%sopenvpn_site_to_site_bridge_l2.ovpn", my_hostname);
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l2_buf->Buf, StrLen(config_l2_buf->Buf)); ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l2_buf->Buf, StrLen(config_l2_buf->Buf));
@ -1364,13 +1307,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
FreeBuf(readme_pdf_buf); FreeBuf(readme_pdf_buf);
FreeBuf(x_buf); FreeBuf(x_buf);
FreeX(dummy_x);
FreeK(dummy_private_k);
FreeK(dummy_public_k);
FreeBuf(dummy_k_buf);
FreeBuf(dummy_x_buf);
Free(zero_buffer); Free(zero_buffer);
} }

37
src/bin/hamcore/openvpn_sample.ovpn
View File

@ -100,6 +100,12 @@ persist-key
persist-tun persist-tun
client client
verb 3 verb 3
###############################################################################
# Authentication with credentials.
#
# Comment the line out in case you want to use the certificate authentication.
auth-user-pass auth-user-pass
@ -117,21 +123,22 @@ $CA$
############################################################################### ###############################################################################
# The client certificate file (dummy). # Client certificate and key.
# #
# In some implementations of OpenVPN Client software # A pair of client certificate and private key is required in case you want to
# (for example: OpenVPN Client for iOS), # use the certificate authentication.
# a pair of client certificate and private key must be included on the #
# configuration file due to the limitation of the client. # To enable it, uncomment the lines below.
# So this sample configuration file has a dummy pair of client certificate # Paste your certificate in the <cert> block and the key in the <key> one.
# and private key as follows.
<cert>
$CERT$
</cert>
<key>
$KEY$
</key>
;<cert>
;-----BEGIN CERTIFICATE-----
;
;-----END CERTIFICATE-----
;</cert>
;<key>
;-----BEGIN RSA PRIVATE KEY-----
;
;-----END RSA PRIVATE KEY-----
;</key>