Merge commit '86cc97e55fe346502462284d2e636a2b3708163e' as 'Sources/OpenVPN3'

2026-04-24 00:00:05 +08:00 · 2020-02-24 14:43:11 +03:00
parent 133b3756e6 86cc97e55f
commit 32f1555929
655 changed files with 146468 additions and 0 deletions
@@ -0,0 +1,84 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2017 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef OPENVPN_SSL_SSLCONSTS_H
+#define OPENVPN_SSL_SSLCONSTS_H
+
+namespace openvpn {
+  namespace SSLConst {
+
+    // Special return values from SSL read/write methods
+    enum {
+      // Indicates that no cleartext data is available now (until
+      // more ciphertext is pushed into the SSL engine).
+      SHOULD_RETRY = -1,
+
+      // Return value from read_cleartext indicating that peer
+      // has sent a Close Notify message.
+      PEER_CLOSE_NOTIFY = -2,
+    };
+
+    // SSL config flags
+    enum {
+      // Show SSL status and cert chain in verify method
+      LOG_VERIFY_STATUS=(1<<0),
+
+      // Disable peer verification
+      NO_VERIFY_PEER=(1<<1),
+
+      // [client only] Enable client-side SNI (Server Name Indication)
+      // when hostname is provided
+      ENABLE_CLIENT_SNI=(1<<2),
+
+      // [client only] Don't require that the hostname matches
+      // the common name in the certificate.
+      NO_VERIFY_HOSTNAME=(1<<3),
+
+      // [server only] Don't automatically fail connections on
+      // bad peer cert.  Succeed the connection, but pass the
+      // fail status data via AuthCert so the higher layers
+      // can handle it.
+      DEFERRED_CERT_VERIFY=(1<<4),
+
+      // [server only] When running as a server, require that
+      // clients that connect to us have their certificate
+      // purpose set to server.
+      SERVER_TO_SERVER=(1<<5),
+
+      // Peer certificate is optional
+      PEER_CERT_OPTIONAL=(1<<6),
+
+      // [server only] Send a list of client CAs to the client
+      SEND_CLIENT_CA_LIST=(1<<7),
+
+      // last flag marker
+      LAST=(1<<8)
+    };
+
+    // filter all but SSL flags
+    inline unsigned int ssl_flags(const unsigned int flags)
+    {
+      return flags & (LAST-1);
+    }
+  }
+}
+
+#endif