From 46fef91f5c30861e74528e2ea792f7ca18fd3258 Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Wed, 24 Nov 2021 11:40:53 +0100 Subject: [PATCH] Revert to TunnelKit with OpenSSL - Remove extra "Frameworks" in .appex - Restore TLS security level 0 - Disable Bitcode for OpenSSL to link properly --- Passepartout.xcodeproj/project.pbxproj | 47 ++++++++++++++++++- Passepartout/App/iOS/CHANGELOG.md | 4 ++ Passepartout/App/iOS/Info.plist | 2 +- Passepartout/App/macOS/CHANGELOG.md | 4 ++ Passepartout/App/macOS/Info.plist | 2 +- Passepartout/App/macOS/Launcher/Info.plist | 2 +- Passepartout/Tunnel/Info.plist | 2 +- PassepartoutCore/Package.swift | 2 +- .../Profiles/HostConnectionProfile.swift | 1 + 9 files changed, 59 insertions(+), 7 deletions(-) diff --git a/Passepartout.xcodeproj/project.pbxproj b/Passepartout.xcodeproj/project.pbxproj index 1f86d7c4..8abf9d08 100644 --- a/Passepartout.xcodeproj/project.pbxproj +++ b/Passepartout.xcodeproj/project.pbxproj @@ -738,6 +738,7 @@ 0E9AAACA259F806B003FAFF1 /* CopyFiles */, 0E5203C2259F5F3F00CBAB56 /* Embed App Extensions */, 0E5203F6259F60D600CBAB56 /* Embed Frameworks */, + 0EBEF139274E4DAE00EAC689 /* Drop Extra Frameworks In Extensions */, ); buildRules = ( ); @@ -782,6 +783,7 @@ 0E57F63620C83FC5008323CF /* Resources */, 0E3152B7223F9EF500F61841 /* Embed Frameworks */, 0EB2B14B2733FB6F007705AB /* Embed App Extensions */, + 0EBEF138274E4C7F00EAC689 /* Drop Extra Frameworks In Extensions */, ); buildRules = ( ); @@ -984,6 +986,45 @@ }; /* End PBXResourcesBuildPhase section */ +/* Begin PBXShellScriptBuildPhase section */ + 0EBEF138274E4C7F00EAC689 /* Drop Extra Frameworks In Extensions */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputFileListPaths = ( + ); + inputPaths = ( + ); + name = "Drop Extra Frameworks In Extensions"; + outputFileListPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "# Type a script or drag a script file from your workspace to insert its path.\nrm -rf \"${BUILT_PRODUCTS_DIR}/${PLUGINS_FOLDER_PATH}/PassepartoutTunnel.appex/Frameworks\"\n"; + }; + 0EBEF139274E4DAE00EAC689 /* Drop Extra Frameworks In Extensions */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputFileListPaths = ( + ); + inputPaths = ( + ); + name = "Drop Extra Frameworks In Extensions"; + outputFileListPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "# Type a script or drag a script file from your workspace to insert its path.\nrm -rf \"${BUILT_PRODUCTS_DIR}/${PLUGINS_FOLDER_PATH}/PassepartoutTunnel.appex/Contents/Frameworks\"\n"; + }; +/* End PBXShellScriptBuildPhase section */ + /* Begin PBXSourcesBuildPhase section */ 0E5202F3259F573500CBAB56 /* Sources */ = { isa = PBXSourcesBuildPhase; @@ -1385,8 +1426,9 @@ CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; CODE_SIGN_IDENTITY = "iPhone Developer"; - CURRENT_PROJECT_VERSION = 1058; + CURRENT_PROJECT_VERSION = 1065; DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_BITCODE = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu11; @@ -1450,8 +1492,9 @@ CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; CODE_SIGN_IDENTITY = "iPhone Developer"; - CURRENT_PROJECT_VERSION = 1058; + CURRENT_PROJECT_VERSION = 1065; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_BITCODE = NO; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu11; diff --git a/Passepartout/App/iOS/CHANGELOG.md b/Passepartout/App/iOS/CHANGELOG.md index c61cb1fa..8506753f 100644 --- a/Passepartout/App/iOS/CHANGELOG.md +++ b/Passepartout/App/iOS/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +### Changed + +- Revert to OpenSSL. + ### Fixed - Regression in TLS handshake on certain devices. diff --git a/Passepartout/App/iOS/Info.plist b/Passepartout/App/iOS/Info.plist index 0867336f..26135649 100644 --- a/Passepartout/App/iOS/Info.plist +++ b/Passepartout/App/iOS/Info.plist @@ -35,7 +35,7 @@ CFBundleShortVersionString 1.17.2 CFBundleVersion - 1058 + 1065 ITSAppUsesNonExemptEncryption LSRequiresIPhoneOS diff --git a/Passepartout/App/macOS/CHANGELOG.md b/Passepartout/App/macOS/CHANGELOG.md index e46ee3f9..ff11cb48 100644 --- a/Passepartout/App/macOS/CHANGELOG.md +++ b/Passepartout/App/macOS/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +### Changed + +- Revert to OpenSSL. + ### Fixed - Regression in TLS handshake on certain devices. diff --git a/Passepartout/App/macOS/Info.plist b/Passepartout/App/macOS/Info.plist index 266a17b1..44acaf36 100644 --- a/Passepartout/App/macOS/Info.plist +++ b/Passepartout/App/macOS/Info.plist @@ -34,7 +34,7 @@ CFBundleShortVersionString 1.17.2 CFBundleVersion - 1058 + 1065 ITSAppUsesNonExemptEncryption LSApplicationCategoryType diff --git a/Passepartout/App/macOS/Launcher/Info.plist b/Passepartout/App/macOS/Launcher/Info.plist index 0fefd978..ea39b53d 100644 --- a/Passepartout/App/macOS/Launcher/Info.plist +++ b/Passepartout/App/macOS/Launcher/Info.plist @@ -21,7 +21,7 @@ CFBundleShortVersionString 1.17.2 CFBundleVersion - 1058 + 1065 ITSAppUsesNonExemptEncryption LSApplicationCategoryType diff --git a/Passepartout/Tunnel/Info.plist b/Passepartout/Tunnel/Info.plist index f9217af5..4b146810 100644 --- a/Passepartout/Tunnel/Info.plist +++ b/Passepartout/Tunnel/Info.plist @@ -19,7 +19,7 @@ CFBundleShortVersionString 1.17.2 CFBundleVersion - 1058 + 1065 LSMinimumSystemVersion $(MACOSX_DEPLOYMENT_TARGET) NSExtension diff --git a/PassepartoutCore/Package.swift b/PassepartoutCore/Package.swift index 24a22fe4..cb1acb1f 100644 --- a/PassepartoutCore/Package.swift +++ b/PassepartoutCore/Package.swift @@ -22,7 +22,7 @@ let package = Package( // Dependencies declare other packages that this package depends on. // .package(url: /* package url */, from: "1.0.0"), // .package(name: "TunnelKit", url: "https://github.com/passepartoutvpn/tunnelkit", from: "4.0.1"), - .package(name: "TunnelKit", url: "https://github.com/passepartoutvpn/tunnelkit", .revision("c40863d36687c4d44985e7ba804cac41608038e0")), + .package(name: "TunnelKit", url: "https://github.com/passepartoutvpn/tunnelkit", .revision("b6d3cdc3b12a01816b9728b562c5cce700c8977b")), // .package(name: "TunnelKit", path: "../../tunnelkit"), .package(name: "Convenience", url: "https://github.com/keeshux/convenience", .revision("347105ec0ce27cd4255acf9875fd60ad1f213801")), .package(url: "https://github.com/Cocoanetics/Kvitto", from: "1.0.0") diff --git a/PassepartoutCore/Sources/PassepartoutCore/Model/Profiles/HostConnectionProfile.swift b/PassepartoutCore/Sources/PassepartoutCore/Model/Profiles/HostConnectionProfile.swift index 9501b2f7..d1a87af2 100644 --- a/PassepartoutCore/Sources/PassepartoutCore/Model/Profiles/HostConnectionProfile.swift +++ b/PassepartoutCore/Sources/PassepartoutCore/Model/Profiles/HostConnectionProfile.swift @@ -108,6 +108,7 @@ public class HostConnectionProfile: ConnectionProfile, Codable, Equatable { // forcibly override hostname with profile hostname (never nil) var sessionBuilder = builder.sessionConfiguration.builder() sessionBuilder.hostname = hostname + sessionBuilder.tlsSecurityLevel = 0 // lowest, tolerate widest range of certificates if sessionBuilder.mtu == nil { sessionBuilder.mtu = configuration.sessionConfiguration.mtu }