OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-09 05:31:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow PKCS12 file content to be included inline in configuration file,

Browse Source 
rendered as base64.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6412 e7ae566f-a301-0410-adde-c780ea21d3b5
This commit is contained in:
James Yonan 2010-08-29 05:24:15 +00:00
parent 5f866d914c
commit 2e8ff6c1bd
3 changed files with 39 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
options.c
View File

@ -5680,6 +5680,12 @@ add_option (struct options *options,
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->pkcs12_file = p[1];
#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->pkcs12_file_inline = p[2];
}
#endif
}
else if (streq (p[0], "askpass"))
{

1
options.h
View File

@ -473,6 +473,7 @@ struct options
const char *cert_file_inline;
char *priv_key_file_inline;
const char *dh_file_inline;
const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
#endif
int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */

42
ssl.c
View File

@ -1514,23 +1514,41 @@ init_ssl (const struct options *options)
if (options->pkcs12_file)
{
/* Use PKCS #12 file for key, cert and CA certs */
/* Use PKCS #12 file for key, cert and CA certs */
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
PKCS12 *p12=NULL;
int i;
char password[256];
/* Load the PKCS #12 file */
if (!(fp = fopen(options->pkcs12_file, "rb")))
msg (M_SSLERR, "Error opening file %s", options->pkcs12_file);
p12 = d2i_PKCS12_fp(fp, NULL);
fclose (fp);
if (!p12) msg (M_SSLERR, "Error reading PKCS#12 file %s", options->pkcs12_file);
#if ENABLE_INLINE_FILES
if (!strcmp (options->pkcs12_file, INLINE_FILE_TAG) && options->pkcs12_file_inline)
{
BIO *b64 = BIO_new (BIO_f_base64());
BIO *bio = BIO_new_mem_buf ((void *)options->pkcs12_file_inline, (int)strlen(options->pkcs12_file_inline));
ASSERT(b64 && bio);
BIO_push (b64, bio);
p12 = d2i_PKCS12_bio(b64, NULL);
if (!p12)
msg (M_SSLERR, "Error reading inline PKCS#12 file");
BIO_free (b64);
BIO_free (bio);
}
else
#endif
{
/* Load the PKCS #12 file */
if (!(fp = fopen(options->pkcs12_file, "rb")))
msg (M_SSLERR, "Error opening file %s", options->pkcs12_file);
p12 = d2i_PKCS12_fp(fp, NULL);
fclose (fp);
if (!p12)
msg (M_SSLERR, "Error reading PKCS#12 file %s", options->pkcs12_file);
}
/* Parse the PKCS #12 file */
if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))
{
@ -1539,8 +1557,12 @@ init_ssl (const struct options *options)
ca = NULL;
if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
{
#ifdef ENABLE_MANAGEMENT
if (management && (ERR_GET_REASON (ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
#endif
PKCS12_free(p12);
msg (M_WARN|M_SSL, "Error parsing PKCS#12 file %s", options->pkcs12_file);
msg (M_INFO, "OpenSSL ERROR code: %d", (ERR_GET_REASON (ERR_peek_error()))); // fixme
goto err;
}
}