265aca0829
Make EKU verification optional in TLSBox
2019-02-25 11:16:26 +01:00
8f328709c8
Wrap TKP.Configuration fields in SP.Configuration
...
Take credentials out of SP.Configuration. Makes sense as they
never appear in e.g. an .ovpn file.
2018-10-25 18:34:03 +02:00
d6e27938bc
Make usesPIAPatches optional
...
For compatible decoding.
2018-10-25 18:34:03 +02:00
197d29042c
Take a cache URL in SessionProxy to store PEMs
2018-10-25 18:34:03 +02:00
ae85337e91
Mask log.debug
2018-10-24 18:47:41 +02:00
b1a79d6451
Shut down on server-initiated HARD_RESET
...
Session is stale and not recoverable (lame duck).
2018-10-24 12:31:37 +02:00
0b79ce4194
Handle server-initiated SOFT_RESET
2018-10-24 12:22:47 +02:00
c32185b524
Review/complete mapping to ProviderError
...
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
2018-10-23 23:44:25 +02:00
f5d9720b01
Halt TLS on internal failure
2018-10-23 23:44:25 +02:00
f725779e0e
Convert ct pulling to try/catch
2018-10-23 22:47:04 +02:00
28d9f3ee68
Add crypt strategy
2018-10-19 17:06:29 +02:00
8ccc4c08a5
Add auth strategy
2018-10-19 16:20:56 +02:00
66735ec118
Prepare API to enable TLS wrapping
...
Extensible TLSWrap parameter.
2018-10-19 16:11:35 +02:00
9b785084e2
Customize HARD_RESET payload when PIA-patched
2018-10-18 13:31:11 +02:00
98c5a015f3
Split endpoint and credentials
...
Basically drop AuthenticatedEndpoint.
2018-10-06 16:22:02 +02:00
09210b727a
Use compression framing description
2018-09-28 08:40:14 +02:00
668474d75c
Indent negotiated parameters in log
2018-09-21 19:53:38 +02:00
1099d9adbf
Improve control channel log readability
...
- Use consistent convention in id logging.
- Describe packet codes.
- Encapsulate packet logging.
2018-09-20 09:00:11 +02:00
ce94a594f9
Bring code/key deserialization into serializer
...
Duplicates first byte parsing but makes testing more meaningful,
because there's no need to provide a bogus code/key pair.
2018-09-20 08:59:50 +02:00
11cb312c02
Move control channel logic to PlainSerializer
2018-09-19 22:04:52 +02:00
3608860b9d
Move sessionId and remoteSessionId
2018-09-19 22:04:52 +02:00
1573b2070a
Move control queue management
...
- Out packets
- In packets
- Acks
2018-09-19 22:04:52 +02:00
e6dd4de472
Move control data parsing
2018-09-19 22:04:52 +02:00
19ce7de819
Encapsulate control state into ControlChannel
...
First step: variables + mutating funcs.
2018-09-19 22:04:52 +02:00
d80c0b5460
Move in/out states to a generic struct
2018-09-19 22:04:52 +02:00
2bd9484a43
Move ControlPacket serialization to Obj-C
...
Additionally, make sessionId non-optional in control packets. They
must have it, therefore treat a missing sessionId as a programming
error instead.
Reuse routines for acks to make PacketMacros the only point of
packets serialization.
2018-09-19 22:04:52 +02:00
92dbb57666
Revert CommonPacket name to ControlPacket
2018-09-19 22:04:52 +02:00
915638b163
Log negotiated parms at info level
...
Useful when debug disabled.
2018-09-12 15:48:47 +02:00
4af0ce8739
Refactor duplicate keep-alive code
2018-09-09 00:52:16 +02:00
3a02557b5e
Override keep-alive with pushed interval
2018-09-09 00:52:16 +02:00
01f65b2a7e
Always shut down on known tunnel error
...
Not recoverable by default (e.g algorithm mismatch).
2018-09-08 00:10:35 +02:00
ecbad85b4a
Discard 0 keep-alive interval
2018-09-08 00:06:19 +02:00
e5918d1b05
Override framing with pushed if available
2018-09-07 15:11:44 +02:00
55cdd6227c
Interpret 0 reneg seconds as never
2018-09-07 14:58:56 +02:00
3543f7aab3
Omit sensitive data from PUSH_REPLY log
...
Namely auth-token.
2018-09-02 12:48:45 +02:00
81eb18619d
Pick cipher from PUSH_REPLY if present
2018-09-02 02:09:20 +02:00
31e694859f
Cache aggregated PushReply object
...
- authToken
- peerId
- cipher
Retain across soft resets.
2018-09-02 02:09:20 +02:00
e900454504
Share connection completion code
...
Across hard and soft reset.
2018-09-02 02:09:20 +02:00
c930cda065
Consolidate DataPath with new flow
2018-09-02 02:09:20 +02:00
c01ac7e1e3
Postpone keys setup until after PUSH_REPLY
...
And rename to setupEncryption() for ambiguity with SessionKey.
2018-09-02 02:09:20 +02:00
5bf7813d56
Forward compound SessionReply to delegate
...
Improves extensibility.
2018-08-30 18:02:12 +02:00
209889b9d2
Make compression framing an enum option
...
- Disabled: no framing (default)
- CompLZO: NO_COMPRESS
- Compress: NO_COMPRESS_SWAP
2018-08-30 12:43:36 +02:00
a4c109a916
Bridge client cert from SessionProxy to TLSBox
2018-08-28 12:55:27 +02:00
b7a48d4f4f
Support client certificate in TLSBox
2018-08-28 12:55:27 +02:00
b172f79719
Re-license with proper per-file notices
...
Clarify explicitly the author/extent of the fork, with proper
credit to the original project's license and copyright holder.
2018-08-28 12:53:14 +02:00
9f54e624ee
Expose LZO framing option
2018-08-24 00:27:45 +02:00
fe7a2c6941
Drop a few old commented lines
2018-08-23 18:51:36 +02:00
2459fe1bfd
Move a few classes inside SessionProxy
...
- Authenticator
- EncryptionBridge (formerly EncryptionProxy)
- PushReply
- SessionKey
They only make sense there. Content unchanged.
2018-08-23 18:51:36 +02:00
6d5e9f68a9
Move cipher/digest enums to Core
...
Restrict choice to supported OpenSSL algorithms.
2018-08-23 18:51:36 +02:00
8a9e99e6a9
Wrap SessionProxy configuration in a builder
2018-08-23 18:51:36 +02:00
Davide De Rosa