Squashed 'OpenVPN Adapter/Vendors/openvpn/' changes from e6d68831a..35bbca799

35bbca799 Merged in OVPN3-184-generate-warning (pull request #1)
a73d2ce68 Merged in antonio/OVPN3-169-pure-ssl-transport (pull request #3)
8d7f5f3c1 Merged in feature/docker (pull request #2)
d9b5055cd [OVPN3-169] cli.cpp: compile with -DOPENVPN_TLS_LINK when requested
2d99bbfea [OVPN3-169] cliopt.hpp: add support for TLS transport module
62c8461d2 [OVPN3-169] tcpcli.hpp: add runtime support for TLSLink
e0e76bb28 [OVPN3-169] tcplink: introduce LinkBase abstract class
a71014d40 [OVPN3-169] tcplink: create LinkCommon class and inherit from it
cfd6df5bc build system: fix 'git apply'
3e49de7de [OVPN3-210] ovpncli: handle "allow-name-constraints" for OpenSSL
08d72bd76 [OVPN3-184] mbedtls: handle Name Constraints
40c70113d [OVPN3-184] Add mbedTLS patch
ef8d11f34 [OVPN3-169] OpenSSL: implement write_ciphertext_unbuffered() function
37dc86378 [OVPN3-169] mbedTLS: implement write_ciphertext_unbuffered() function
5834ed401 [OVPN3-169] SSLAPI: add write_ciphertext_unbuffered() function
071050b5f vars-linux-dbg: update linux debug profile
5bbfe68c3 [OVPN3-169] Protocol: add support for TLS transport protocol type
dc12d3189 [OVPN3-223] build: add docker images

git-subtree-dir: OpenVPN Adapter/Vendors/openvpn
git-subtree-split: 35bbca799dfa3fbe8e17f8d6e94c3946c397b593

openvpn/transport/client/tcpcli.hpp

@@ -29,6 +29,9 @@
 #include <openvpn/io/io.hpp>
 
 #include <openvpn/transport/tcplink.hpp>
+#ifdef OPENVPN_TLS_LINK
+#include <openvpn/transport/tlslink.hpp>
+#endif
 #include <openvpn/transport/client/transbase.hpp>
 #include <openvpn/transport/socket_protect.hpp>
 #include <openvpn/client/remotelist.hpp>
@@ -48,6 +51,10 @@ namespace openvpn {
 
       SocketProtect* socket_protect;
 
+#ifdef OPENVPN_TLS_LINK
+      bool use_tls = false;
+#endif
+
 #ifdef OPENVPN_GREMLIN
       Gremlin::Config::Ptr gremlin_config;
 #endif
@@ -72,9 +79,12 @@ namespace openvpn {
       typedef RCPtr<Client> Ptr;
 
       typedef Link<openvpn_io::ip::tcp, Client*, false> LinkImpl;
+#ifdef OPENVPN_TLS_LINK
+      typedef TLSLink<openvpn_io::ip::tcp, Client*, false> LinkImplTLS;
+#endif
 
       friend class ClientConfig;         // calls constructor
-      friend LinkImpl;                   // calls tcp_read_handler
+      friend LinkImpl::Base;             // calls tcp_read_handler
 
     public:
       virtual void transport_start()
@@ -207,24 +217,24 @@ namespace openvpn {
 	  return false;
       }
 
-      void tcp_eof_handler() // called by LinkImpl
+      void tcp_eof_handler() // called by LinkImpl::Base
       {
 	config->stats->error(Error::NETWORK_EOF_ERROR);
 	tcp_error_handler("NETWORK_EOF_ERROR");
       }
 
-      bool tcp_read_handler(BufferAllocated& buf) // called by LinkImpl
+      bool tcp_read_handler(BufferAllocated& buf) // called by LinkImpl::Base
       {
 	parent->transport_recv(buf);
 	return !stop_requeueing;
       }
 
-      void tcp_write_queue_needs_send() // called by LinkImpl
+      void tcp_write_queue_needs_send() // called by LinkImpl::Base
       {
 	parent->transport_needs_send();
       }
 
-      void tcp_error_handler(const char *error) // called by LinkImpl
+      void tcp_error_handler(const char *error) // called by LinkImpl::Base
       {
 	std::ostringstream os;
 	os << "Transport error on '" << server_host << ": " << error;
@@ -302,12 +312,35 @@ namespace openvpn {
 	  {
 	    if (!error)
 	      {
-		impl.reset(new LinkImpl(this,
-					socket,
-					0, // // send_queue_max_size is unlimited because we regulate size in cliproto.hpp
-					config->free_list_max_size,
-					(*config->frame)[Frame::READ_LINK_TCP],
-					config->stats));
+#ifdef OPENVPN_TLS_LINK
+		if (config->use_tls)
+		{
+		  SSLLib::SSLAPI::Config::Ptr ssl_conf;
+		  ssl_conf.reset(new SSLLib::SSLAPI::Config());
+		  ssl_conf->set_mode(Mode(Mode::CLIENT));
+		  ssl_conf->set_flags(SSLConst::LOG_VERIFY_STATUS|SSLConst::NO_VERIFY_PEER);
+		  ssl_conf->set_local_cert_enabled(false);
+		  ssl_conf->set_frame(config->frame);
+		  ssl_conf->set_rng(new SSLLib::RandomAPI(false));
+
+		  impl.reset(new LinkImplTLS(this,
+					     io_context,
+					     socket,
+					     0,
+					     config->free_list_max_size,
+					     config->frame,
+					     config->stats,
+					     ssl_conf->new_factory()));
+		}
+		else
+#endif
+		  impl.reset(new LinkImpl(this,
+					  socket,
+					  0, // send_queue_max_size is unlimited because we regulate size in cliproto.hpp
+					  config->free_list_max_size,
+					  (*config->frame)[Frame::READ_LINK_TCP],
+					  config->stats));
+
 #ifdef OPENVPN_GREMLIN
 		impl->gremlin_config(config->gremlin_config);
 #endif
@@ -334,9 +367,9 @@ namespace openvpn {
       openvpn_io::ip::tcp::socket socket;
       ClientConfig::Ptr config;
       TransportClientParent* parent;
-      LinkImpl::Ptr impl;
+      LinkBase::Ptr impl;
       openvpn_io::ip::tcp::resolver resolver;
-      LinkImpl::protocol::endpoint server_endpoint;
+      LinkImpl::Base::protocol::endpoint server_endpoint;
       bool halt;
       bool stop_requeueing;
     };