Commit Graph

262 Commits

Author SHA1 Message Date
Davide De Rosa
5fb70b5bab Parse dhcp-option PROXY_HTTP* into Configuration 2019-04-12 08:10:47 +02:00
Davide De Rosa
26cec205a7 Move builder() to extension 2019-04-11 16:46:52 +02:00
Davide De Rosa
5df614b5e2 Fix incomplete builder() from Configuration
Adding a Configuration field is error-prone beyond reason...
2019-04-11 15:30:14 +02:00
Davide De Rosa
914864c31a Infer serverAddress from sessionConfiguration 2019-04-09 20:45:28 +02:00
Davide De Rosa
3fe9c6de6d Make hostname optional in ConnectionStrategy
Assume preferring resolved addresses.
2019-04-09 20:34:03 +02:00
Davide De Rosa
9f358d6326 Accept nil cipher/digest in AppExtension
Reorganize code for clarity.
2019-04-07 08:35:40 +02:00
Davide De Rosa
3717136bd9 Move EndpointProtocol Codable to Core spec 2019-04-05 00:46:45 +02:00
Davide De Rosa
5e2f9b59f1 Rename ParsingResult to Result
No need to prefix an inner class.
2019-04-04 19:22:22 +02:00
Davide De Rosa
7333ea226c Document ignored settings client-side 2019-04-04 18:51:06 +02:00
Davide De Rosa
8394fd0676 Rely on default ConfigurationBuilder.init() 2019-04-04 18:51:06 +02:00
Davide De Rosa
55534df6fa Work around cipher/digest/framing issues
- Make them optional
- Set default values inside SessionProxy

Fallback is not needed anywhere else.
2019-04-04 18:51:06 +02:00
Davide De Rosa
0d86bd20b6 Expose ConfigurationBuilder.init() 2019-04-04 18:51:06 +02:00
Davide De Rosa
4dc9539260 Rename OptionsError to ConfigurationError 2019-04-04 18:51:06 +02:00
Davide De Rosa
a2250686b6 Merge OptionsBundle into Configuration
FIXME: issues with non-optional .cipher and .compressionFraming

Because:

- No pushed cipher (nil) is NOT .aes128cbc
- No pushed framing (nil) is NOT .disabled

Breaks conditions on pushed cipher/framing via PUSH_REPLY.
2019-04-04 18:51:06 +02:00
Davide De Rosa
cfe61d5d40 Retain .endpointProtocols for migration
For deserialization of old format.
2019-04-04 13:10:33 +02:00
Davide De Rosa
7aec0637b2 Move endpoints inside SessionProxy.Configuration
Make optional.

TunnelKitProvider still gets hostname from .serverAddress rather
than SessionProxy.Configuration

Also drop useless Equatable implementations.
2019-04-04 13:09:50 +02:00
Davide De Rosa
e8396ec2cd Parse search domain from configuration
Fixes #77
2019-04-03 14:29:09 +02:00
Davide De Rosa
370e68aa3f Parse search domain from dhcp-option DOMAIN 2019-04-03 14:29:09 +02:00
Davide De Rosa
fe2ad52df0 Document OptionsBundle
Move most from SessionProxy.Configuration.
2019-04-03 13:34:08 +02:00
Davide De Rosa
f9ae3412a5 Move malformed error out of unrelated SessionError
Also give more detail about the reason.
2019-04-03 13:20:49 +02:00
Davide De Rosa
42232804ca Rename file to public entity 2019-04-03 13:19:47 +02:00
Davide De Rosa
49c805af52 Fix a few isHandled
Skip to exclude from strippedLines.
2019-04-03 13:19:47 +02:00
Davide De Rosa
9876c81de5 Parse PUSH_REPLY options in OptionsBundle
- auth-token
- peer-id
- Routing

Reorganize options by semantic.

Reuse OptionsBundle in PushReply.
2019-04-03 13:19:21 +02:00
Davide De Rosa
b9b9c4db60 Parse basic options in OptionsBundle
- Handle isEncrypted inside CryptoContainer
- Rename ParsingError to OptionsError

Reuse OptionsBundle in ConfigurationParser.
2019-04-03 13:19:16 +02:00
Davide De Rosa
e7dadefabb Generalize cipher regex 2019-04-03 12:20:53 +02:00
Davide De Rosa
d72b583900 Improve parsing of PUSH_REPLY prefix 2019-04-03 12:20:53 +02:00
Davide De Rosa
27901c991b Skip deinit documentation 2019-04-02 19:18:23 +02:00
Davide De Rosa
ccb6329f05 Don't parse a block begin while inside a block
If a PEM contained anything like <foobar>, the parser was doomed.

Fixes #78
2019-04-02 19:07:48 +02:00
Davide De Rosa
11fd418f82 Extend encrypted private key quick test
Test .ovpn didn't use an PKCS#8 key due to a slip-up. Fixing it
unveiled that isEncrypted returned false for PKCS#8 keys.

Fixes #80
2019-04-02 11:41:18 +02:00
Davide De Rosa
22f80735ca Strip certificate preamble
Fixes #78
2019-04-02 00:55:58 +02:00
Davide De Rosa
def622506b Check PKCS#1 via "Proc-Type" presence instead 2019-04-02 00:37:52 +02:00
Davide De Rosa
47b80d5361 Refactor to decrypt generic key 2019-04-02 00:31:54 +02:00
Davide De Rosa
a6387679f1 Update data count as soon as tunnel is up
Zero is better than nil.
2019-03-30 23:35:50 +01:00
Davide De Rosa
0bfc1e08eb Fix retarded Swift pointer API somehow 2019-03-30 23:18:45 +01:00
Davide De Rosa
207a4f063a Replace deprecated Data(bytes:) 2019-03-30 23:18:45 +01:00
Davide De Rosa
8dfd5f23c1 Handle unknown enum defaults 2019-03-30 23:18:45 +01:00
Davide De Rosa
5120bcae0a Migrate to Swift 5 2019-03-30 23:18:45 +01:00
Davide De Rosa
f686a0aee4 Fix Xcode warnings 2019-03-30 20:16:04 +01:00
Davide De Rosa
44fb5a5b48 Track data count in shared UserDefaults
Default disabled (dataCountInterval = 0).
2019-03-30 19:56:26 +01:00
Davide De Rosa
d03f1bd9af Fix checksEKU not propagated to TunnelKitProvider 2019-03-26 00:37:35 +01:00
Davide De Rosa
00c76f707f Throw specific error if unable to decrypt
Normally a bad passphrase.
2019-03-25 19:24:35 +01:00
Davide De Rosa
ffcccb5420 Throw specific error on missing passphrase
So that client can retry with a passphrase.
2019-03-25 18:49:53 +01:00
Davide De Rosa
b07ec88ff2 Add passphrase parameter to ConfigurationParser
Use it to decrypt encrypted PEMs.
2019-03-25 18:48:59 +01:00
Davide De Rosa
f37bfb3579 Implement RSA privkey decryption via OpenSSL 2019-03-25 18:45:00 +01:00
Davide De Rosa
53f3048674 Add missing documentation 2019-03-25 15:46:15 +01:00
Davide De Rosa
9c4d491a3b Make floating XXX a FIXME 2019-03-25 10:37:15 +01:00
Davide De Rosa
54a477ce67 Randomize endpoints in ConnectionStrategy
Fixes #76
2019-03-25 10:32:23 +01:00
Davide De Rosa
7ce31c3184 Parse randomize endpoints from --remote-random 2019-03-25 10:32:08 +01:00
Davide De Rosa
42227fcc00 Add SessionProxy.Configuration.randomizeEndpoint 2019-03-25 10:32:08 +01:00
Davide De Rosa
9c0205614b Disable rebind-on-float until a solid fix
Mitigates #75
2019-03-25 10:10:08 +01:00