Merge branch 'reject-encrypted-certificate-key'
This commit is contained in:
commit
2a1a72e719
|
@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
### Added
|
||||
|
||||
- Explicit rejection of encrypted client certificate keys. [#15](https://github.com/keeshux/passepartout-ios/issues/15)
|
||||
- Attach .ovpn when reporting a connectivity issue, stripped of sensitive data. [#13](https://github.com/keeshux/passepartout-ios/pull/13)
|
||||
- iTunes File Sharing (skythedesu). [#14](https://github.com/keeshux/passepartout-ios/pull/14)
|
||||
- Tunnel failure reporting in UI. [#8](https://github.com/keeshux/passepartout-ios/pull/8)
|
||||
|
|
|
@ -99,6 +99,10 @@ extension TunnelKitProvider.Configuration {
|
|||
var tlsKeyLines: [Substring]?
|
||||
var tlsWrap: SessionProxy.TLSWrap?
|
||||
|
||||
var currentBlockName: String?
|
||||
var currentBlock: [String] = []
|
||||
var unsupportedError: ApplicationError? = nil
|
||||
|
||||
log.verbose("Configuration file:")
|
||||
for line in lines {
|
||||
log.verbose(line)
|
||||
|
@ -111,10 +115,6 @@ extension TunnelKitProvider.Configuration {
|
|||
}
|
||||
}
|
||||
|
||||
var currentBlockName: String?
|
||||
var currentBlock: [String] = []
|
||||
var unsupportedError: ApplicationError? = nil
|
||||
|
||||
Regex.blockBegin.enumerateComponents(in: line) {
|
||||
isHandled = true
|
||||
let tag = $0.first!
|
||||
|
@ -145,7 +145,11 @@ extension TunnelKitProvider.Configuration {
|
|||
clientCertificate = CryptoContainer(pem: currentBlock.joined(separator: "\n"))
|
||||
|
||||
case "key":
|
||||
clientKey = CryptoContainer(pem: currentBlock.joined(separator: "\n"))
|
||||
let container = CryptoContainer(pem: currentBlock.joined(separator: "\n"))
|
||||
clientKey = container
|
||||
if container.isEncrypted {
|
||||
unsupportedError = ApplicationError.unsupportedConfiguration(option: "encrypted client certificate key")
|
||||
}
|
||||
|
||||
case "tls-auth":
|
||||
tlsKeyLines = currentBlock.map { Substring($0) }
|
||||
|
@ -382,3 +386,9 @@ private extension NSRegularExpression {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
extension CryptoContainer {
|
||||
var isEncrypted: Bool {
|
||||
return pem.contains("ENCRYPTED")
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue