OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-10 05:59:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
openvpn/doc/doxygen/doc_data_crypto.h
Steffan Karger ec828db63f Remove ENABLE_SSL define (and --disable-ssl configure option) 
Remove the --disable-ssl configure option and accompanying ENABLE_SSL
defines in the master/2.4 branch, to reduce the code and testing
complexity a bit.

This does not remove to runtime option to run without SSL, just the compile
time option to not include any SSL-related code.

During the community meeting in November 2014 there were no objections
amongst he developers present. Also, this has been announced on the -users
and -devel mailing lists two weeks ago, without any response whatsoever.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <54A4248A.1090501@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9371
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2014-12-31 17:36:54 +01:00

74 lines
3.2 KiB
C
Raw Blame History

/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file
* Data Channel Crypto module documentation file.
*/
/**
* @addtogroup data_crypto Data Channel Crypto module
*
* The Data Channel Crypto Module performs cryptographic operations on
* data channel packets.
*
* @par Security parameters
* This module is merely the user of a VPN tunnel's security parameters.
* It does not perform the negotiation and setup of the security
* parameters, nor the %key generation involved. These actions are done
* by the \link control_processor Control Channel Processor\endlink. This
* module receives the appropriate security parameters from that module in
* the form of a \c crypto_options structure when they are necessary for
* processing a packet.
*
* @par Packet processing functions
* This module receives data channel packets from the \link data_control
* Data Channel Control module\endlink and processes them according to the
* security parameters of the packet's VPN tunnel. The \link data_control
* Data Channel Control module\endlink uses the following interface
* functions:
* - For packets which will be sent to a remote OpenVPN peer:
* - \c tls_pre_encrypt()
* - \c openvpn_encrypt()
* - \c tls_post_encrypt()
* - For packets which have been received from a remote OpenVPN peer:
* - \c tls_pre_decrypt() (documented as part of the \link
* external_multiplexer External Multiplexer\endlink)
* - \c openvpn_decrypt()
*
* @par Settings that control this module's activity
* Whether or not the Data Channel Crypto module is active depends on the
* compile-time \c ENABLE_CRYPTO preprocessor macro. How it processes packets
* received from the \link data_control Data Channel Control module\endlink at
* runtime depends on the associated \c crypto_options structure. To perform
* cryptographic operations, the \c crypto_options.key_ctx_bi must contain the
* correct cipher and HMAC security parameters for the direction the packet is
* traveling in.
*
* @par Crypto algorithms
* This module uses the crypto algorithm implementations of the external
* crypto library (currently either OpenSSL (default), or PolarSSL).
*/
Reference in New Issue View Git Blame Copy Permalink