passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Catch errors on CA MD5 calculation (PIA only)

This commit is contained in:
Davide De Rosa 2019-02-25 23:29:02 +01:00
parent d1b5c94be9
commit 8fe43269ab
3 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
TunnelKit/Sources/Core/SessionProxy.swift
View File

@ -613,7 +613,13 @@ public class SessionProxy {
private func hardResetPayload() -> Data? { private func hardResetPayload() -> Data? {
guard !(configuration.usesPIAPatches ?? false) else { guard !(configuration.usesPIAPatches ?? false) else {
let caMD5 = TLSBox.md5(forCertificatePath: caURL.path) let caMD5: String
do {
caMD5 = try TLSBox.md5(forCertificatePath: caURL.path)
} catch {
log.error("CA MD5 could not be computed, skipping custom HARD_RESET")
return nil
}
log.debug("CA MD5 is: \(caMD5)") log.debug("CA MD5 is: \(caMD5)")
return try? PIAHardReset( return try? PIAHardReset(
caMd5Digest: caMD5, caMd5Digest: caMD5,

2
TunnelKit/Sources/Core/TLSBox.h
View File

@ -51,7 +51,7 @@ extern NSString *const TLSBoxPeerVerificationErrorNotification;
// //
@interface TLSBox : NSObject @interface TLSBox : NSObject
+ (NSString *)md5ForCertificatePath:(NSString *)path; + (nullable NSString *)md5ForCertificatePath:(NSString *)path error:(NSError **)error;
- (instancetype)initWithCAPath:(NSString *)caPath - (instancetype)initWithCAPath:(NSString *)caPath
clientCertificatePath:(nullable NSString *)clientCertificatePath clientCertificatePath:(nullable NSString *)clientCertificatePath

9
TunnelKit/Sources/Core/TLSBox.m
View File

@ -80,14 +80,21 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) {
@implementation TLSBox @implementation TLSBox
+ (NSString *)md5ForCertificatePath:(NSString *)path + (NSString *)md5ForCertificatePath:(NSString *)path error:(NSError * _Nullable __autoreleasing * _Nullable)error
{ {
const EVP_MD *alg = EVP_get_digestbyname("MD5"); const EVP_MD *alg = EVP_get_digestbyname("MD5");
uint8_t md[16]; uint8_t md[16];
unsigned int len; unsigned int len;
FILE *pem = fopen([path cStringUsingEncoding:NSASCIIStringEncoding], "r"); FILE *pem = fopen([path cStringUsingEncoding:NSASCIIStringEncoding], "r");
if (!pem) {
return NULL;
}
X509 *cert = PEM_read_X509(pem, NULL, NULL, NULL); X509 *cert = PEM_read_X509(pem, NULL, NULL, NULL);
if (!cert) {
fclose(pem);
return NULL;
}
X509_digest(cert, alg, md, &len); X509_digest(cert, alg, md, &len);
X509_free(cert); X509_free(cert);
fclose(pem); fclose(pem);