00d908cc89
Avoid caching PEMs on disk ( #213 )
...
* TLSBox: Use OpenSSL calls that take in-memory cert / private key
* TLSBox: Add ability to compute MD5 hash for cert in memory
* OpenVPNSession: Remove disk caching of ca, cert and key
* Add test for computing MD5 hash for cert in memory
Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2021-10-13 10:51:14 +02:00
7f84d8338c
Upgrade Xcode project
2021-06-26 11:00:24 +02:00
d8ed0c7d41
Cleanup cached PEMs at the end of a Session
2021-03-01 13:11:51 +05:30
1343fa592f
Log time intervals better
2021-01-27 02:15:18 +01:00
e923382c81
Default to unspecified MTU
...
Hardcode control channel packets to 1000 bytes.
2020-12-28 16:04:15 +01:00
ba3ead13a3
Update copyright
2020-12-27 17:29:39 +01:00
a232af1100
Redefine generic Session.serverConfiguration()
...
For reuse in Session implementations.
2020-06-13 13:32:21 +02:00
93c24a96cf
Refactor with an error parameter in sessionDidStop
...
Both versions prevent clients from compiling, but this version
impacts less on existing codebase.
2020-05-09 12:09:03 +02:00
1cd00f9459
Call cancelTunnelWithError(_:) if a connection fails and won't be retried
2020-05-09 12:09:03 +02:00
1ceeb8ddbb
SAN host check ( #168 )
...
* Check if host is present in certificates SAN list
* Save .tlsServerHost error as .tlsServerVerification into last error
Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2020-05-09 00:02:16 +02:00
ffe7fc0a0a
Continue instead of early return on unknown key id
2020-04-10 13:35:12 +02:00
311015950e
Shut down on server "RESTART" control message
...
Fixes #131
2020-02-29 19:23:26 +01:00
f6d915e6dd
Reset rather than nil out Authenticator
...
For reuse in control channel.
2020-02-29 19:11:15 +01:00
a7aa78141e
Update copyright clause
2020-01-11 09:26:41 +01:00
2c8c2d20f8
Add comment about read failure not shutting down
2019-12-12 20:37:10 +01:00
88a1bdac06
Schedule ping block even just for timeout check
...
In case keepAliveInterval is not set.
2019-12-12 18:34:20 +01:00
e6f2f3e85a
Send pings at regular schedules
...
Also fixes coalescing schedules.
2019-12-12 18:34:20 +01:00
8ae92d29db
Log details about ping schedule
2019-12-12 14:00:43 +01:00
0f2bf8cf48
Fix non-existing variable in log
2019-12-12 09:34:08 +01:00
90c118a3d0
Warn about discarded received packets
2019-12-12 09:32:34 +01:00
66ae7973ae
Discard data with missing key, do not shut down
...
Probably more resilient to DoS.
2019-12-07 09:43:47 +01:00
7608ae2e3c
Expose server configuration via provider message
2019-10-23 10:27:51 +02:00
55f7e64f19
Allow keep alive timeout to be configured by the server or client
2019-09-30 11:54:29 -07:00
e0ab2a1ddb
Disconnect if HARD_RESET received while SOFT_RESET
...
Bad condition for .staleSession
Fixes #120
See 0f2234f1d1
2019-09-03 00:27:54 +02:00
de21adfef6
Beware of execution queue in write callbacks
...
self.link was not checked against in tunnel queue.
2019-08-23 09:15:59 +02:00
6b281711c7
Ignore errors from outdated link writes
...
Prevents async delegation after cleanup.
2019-08-23 09:15:57 +02:00
a4333eaafe
Revert ENOBUFS mitigation, do disconnect instead
...
Reverts #87 "fix"
2019-07-26 21:14:57 +02:00
aefeb252b3
Do not defer stop more than once
...
May cause multiple delegation and queue deadlock when a
reconnection is scheduled to trigger.
Fixes #106
2019-07-09 14:09:02 +02:00
2c56a8ea95
Send PUSH_REQUEST immediately after auth
...
First call would always fail otherwise.
2019-07-09 12:40:10 +02:00
40139cbef0
Replace key flag with session-wide isRenegotiating
...
Prevent new if one in progress.
Fixes #105
2019-07-09 12:17:12 +02:00
0f2234f1d1
Assume stale session if server sends HARD_RESET
...
When unsolicited.
2019-07-09 11:42:12 +02:00
be1081aad6
Nest subspecs by purpose
...
- Protocols
- Extra
2019-05-24 16:02:59 +02:00
Roopesh Chander
Davide De Rosa
Robert Patchett
Jaroslav_
Johan Kool