Index: head/security/openvpn/Makefile =================================================================== --- head/security/openvpn/Makefile (revision 373751) +++ head/security/openvpn/Makefile (revision 373752) @@ -1,104 +1,103 @@ # Created by: Matthias Andree # $FreeBSD$ PORTNAME= openvpn -DISTVERSION= 2.3.5 -PORTREVISION= 1 +DISTVERSION= 2.3.6 CATEGORIES= security net MASTER_SITES= http://swupdate.openvpn.net/community/releases/ \ http://build.openvpn.net/downloads/releases/ MAINTAINER= mandree@FreeBSD.org COMMENT= Secure IP/Ethernet tunnel daemon LICENSE= GPLv2 CONFLICTS_INSTALL= openvpn-2.[!3].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* GNU_CONFIGURE= yes USES= libtool pkgconfig shebangfix tar:xz SHEBANG_FILES= sample/sample-scripts/verify-cn \ sample/sample-scripts/auth-pam.pl \ sample/sample-scripts/ucn.pl # let OpenVPN's configure script pick up the requisite libraries: CPPFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib OPTIONS_DEFINE= PW_SAVE PKCS11 EASYRSA DOCS EXAMPLES OPTIONS_DEFAULT= EASYRSA OPENSSL OPTIONS_SINGLE= SSL OPTIONS_SINGLE_SSL= OPENSSL POLARSSL PW_SAVE_DESC= Interactive passwords may be read from a file PKCS11_DESC= Use security/pkcs11-helper EASYRSA_DESC= Install security/easy-rsa RSA helper package POLARSSL_DESC= SSL/TLS support via PolarSSL EASYRSA_RUN_DEPENDS= easy-rsa>=0:${PORTSDIR}/security/easy-rsa PKCS11_LIB_DEPENDS= libpkcs11-helper.so:${PORTSDIR}/security/pkcs11-helper PKCS11_CONFIGURE_ENABLE= pkcs11 PW_SAVE_CONFIGURE_ENABLE= password-save .include .if ${PORT_OPTIONS:MPOLARSSL} LIB_DEPENDS+= libpolarssl.so:${PORTSDIR}/security/polarssl CONFIGURE_ARGS+= --with-crypto-library=polarssl .else USE_OPENSSL= yes CONFIGURE_ARGS+= --with-crypto-library=openssl .endif USE_RC_SUBR= openvpn USE_LDCONFIG= ${PREFIX}/lib SUB_FILES= pkg-message .include .ifdef (LOG_OPENVPN) CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} .endif LIB_DEPENDS+= liblzo2.so:${PORTSDIR}/archivers/lzo2 PORTDOCS= * PORTEXAMPLES= * pre-configure: .ifdef (LOG_OPENVPN) @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" .else @${ECHO} "" @${ECHO} "You may use the following build options:" @${ECHO} "" @${ECHO} " LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}" @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_LOCAL6" @${ECHO} "" .endif post-build: @# self-tests here .if !defined(WITHOUT_CHECK) @${ECHO} ; ${ECHO} "### Note that you can skip these lengthy selftests with WITHOUT_CHECK=yes ###" ; ${ECHO} cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} ${MAKE_ARGS} check .endif post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so ${MKDIR} ${STAGEDIR}${PREFIX}/include .if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${STAGEDIR}${DOCSDIR}/ .for i in AUTHORS ChangeLog PORTS ${INSTALL_MAN} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/ .endfor .endif .if ${PORT_OPTIONS:MEXAMPLES} (cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/) ${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/* .endif .include Index: head/security/openvpn/distinfo =================================================================== --- head/security/openvpn/distinfo (revision 373751) +++ head/security/openvpn/distinfo (revision 373752) @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.3.5.tar.xz) = 7ac286f09ed4981358ce01907993dc29f69b34d3652de2b70ca9b8b2a056b684 -SIZE (openvpn-2.3.5.tar.xz) = 794788 +SHA256 (openvpn-2.3.6.tar.xz) = adae2ef34c9225347a844683b88caa87cde0979b7f2390fd1776db0eb51510ed +SIZE (openvpn-2.3.6.tar.xz) = 809348 Index: head/security/openvpn/files/patch-0004-Modernize-sample-keys-and-sample-configs =================================================================== --- head/security/openvpn/files/patch-0004-Modernize-sample-keys-and-sample-configs (revision 373751) +++ head/security/openvpn/files/patch-0004-Modernize-sample-keys-and-sample-configs (nonexistent) @@ -1,1493 +0,0 @@ -From b77c27a1d945d740c7e7f6b64b1227d5d9077aa5 Mon Sep 17 00:00:00 2001 -From: Steffan Karger -Date: Thu, 23 Oct 2014 00:14:29 +0200 -Subject: [PATCH 4/4] Modernize sample keys and sample configs - -I kept most of the certificate properties equal to the old -certs, since some people's test scripts might rely on them (and -it does not require any creativity from my part). - -Changes: - * Add script to generate fresh test/sample keys - (but keep sample keys in git for simple testing) - * Switch from 1024 to 4096 bits RSA CA - * Switch from 1024 to 2048 bits client/server RSA keys - * Switch from 1024 to 2048 bits Diffie-Hellman parameters - * Generate EC client and server cert, but sign with RSA CA - (lets us test EC <-> RSA interoperability) - * Remove 3DES cipher from 'sample' config - * Add 'remote-cert-tls server' to client config - * Update config files to deprecate nsCertType in favour of the - keyUsage and extendedKeyUsage extensions. - * Make naming more consistent - -Signed-off-by: Steffan Karger -Acked-by: Gert Doering -Message-Id: <54721611.4020103@karger.me> -URL: http://article.gmane.org/gmane.network.openvpn.devel/9271 -Signed-off-by: Gert Doering ---- - sample/sample-config-files/client.conf | 17 ++-- - sample/sample-config-files/loopback-client | 2 +- - sample/sample-config-files/loopback-server | 3 +- - sample/sample-config-files/server.conf | 6 +- - sample/sample-config-files/tls-office.conf | 2 +- - sample/sample-keys/.gitignore | 1 + - sample/sample-keys/README | 21 +++-- - sample/sample-keys/ca.crt | 48 ++++++---- - sample/sample-keys/ca.key | 67 ++++++++++---- - sample/sample-keys/client-ec.crt | 85 ++++++++++++++++++ - sample/sample-keys/client-ec.key | 5 ++ - sample/sample-keys/client-pass.key | 30 +++++++ - sample/sample-keys/client.crt | 126 +++++++++++++++++--------- - sample/sample-keys/client.key | 43 +++++---- - sample/sample-keys/client.p12 | Bin 0 -> 4533 bytes - sample/sample-keys/dh1024.pem | 5 -- - sample/sample-keys/dh2048.pem | 8 ++ - sample/sample-keys/gen-sample-keys.sh | 75 ++++++++++++++++ - sample/sample-keys/openssl.cnf | 139 +++++++++++++++++++++++++++++ - sample/sample-keys/pass.crt | 65 -------------- - sample/sample-keys/pass.key | 18 ---- - sample/sample-keys/pkcs12.p12 | Bin 2685 -> 0 bytes - sample/sample-keys/server-ec.crt | 96 ++++++++++++++++++++ - sample/sample-keys/server-ec.key | 5 ++ - sample/sample-keys/server.crt | 130 ++++++++++++++++++--------- - sample/sample-keys/server.key | 43 +++++---- - 26 files changed, 781 insertions(+), 259 deletions(-) - create mode 100644 sample/sample-keys/.gitignore - create mode 100644 sample/sample-keys/client-ec.crt - create mode 100644 sample/sample-keys/client-ec.key - create mode 100644 sample/sample-keys/client-pass.key - create mode 100644 sample/sample-keys/client.p12 - delete mode 100644 sample/sample-keys/dh1024.pem - create mode 100644 sample/sample-keys/dh2048.pem - create mode 100755 sample/sample-keys/gen-sample-keys.sh - create mode 100644 sample/sample-keys/openssl.cnf - delete mode 100644 sample/sample-keys/pass.crt - delete mode 100644 sample/sample-keys/pass.key - delete mode 100644 sample/sample-keys/pkcs12.p12 - create mode 100644 sample/sample-keys/server-ec.crt - create mode 100644 sample/sample-keys/server-ec.key - -diff --git ./sample/sample-config-files/client.conf ./sample/sample-config-files/client.conf -index 58b2038..050ef60 100644 ---- ./sample/sample-config-files/client.conf -+++ ./sample/sample-config-files/client.conf -@@ -89,18 +89,19 @@ ca ca.crt - cert client.crt - key client.key - --# Verify server certificate by checking --# that the certicate has the nsCertType --# field set to "server". This is an --# important precaution to protect against -+# Verify server certificate by checking that the -+# certicate has the correct key usage set. -+# This is an important precaution to protect against - # a potential attack discussed here: - # http://openvpn.net/howto.html#mitm - # - # To use this feature, you will need to generate --# your server certificates with the nsCertType --# field set to "server". The build-key-server --# script in the easy-rsa folder will do this. --ns-cert-type server -+# your server certificates with the keyUsage set to -+# digitalSignature, keyEncipherment -+# and the extendedKeyUsage to -+# serverAuth -+# EasyRSA can do this for you. -+remote-cert-tls server - - # If a tls-auth key is used on the server - # then every client must also have the key. -diff --git ./sample/sample-config-files/loopback-client ./sample/sample-config-files/loopback-client -index d7f59e6..ebbd1cf 100644 ---- ./sample/sample-config-files/loopback-client -+++ ./sample/sample-config-files/loopback-client -@@ -17,9 +17,9 @@ dev null - verb 3 - reneg-sec 10 - tls-client -+remote-cert-tls server - ca sample-keys/ca.crt - key sample-keys/client.key - cert sample-keys/client.crt --cipher DES-EDE3-CBC - ping 1 - inactive 120 10000000 -diff --git ./sample/sample-config-files/loopback-server ./sample/sample-config-files/loopback-server -index 9d21bce..8cb97be 100644 ---- ./sample/sample-config-files/loopback-server -+++ ./sample/sample-config-files/loopback-server -@@ -17,10 +17,9 @@ dev null - verb 3 - reneg-sec 10 - tls-server --dh sample-keys/dh1024.pem -+dh sample-keys/dh2048.pem - ca sample-keys/ca.crt - key sample-keys/server.key - cert sample-keys/server.crt --cipher DES-EDE3-CBC - ping 1 - inactive 120 10000000 -diff --git ./sample/sample-config-files/server.conf ./sample/sample-config-files/server.conf -index 467d5b8..701be3c 100644 ---- ./sample/sample-config-files/server.conf -+++ ./sample/sample-config-files/server.conf -@@ -81,10 +81,8 @@ key server.key # This file should be kept secret - - # Diffie hellman parameters. - # Generate your own with: --# openssl dhparam -out dh1024.pem 1024 --# Substitute 2048 for 1024 if you are using --# 2048 bit keys. --dh dh1024.pem -+# openssl dhparam -out dh2048.pem 2048 -+dh dh2048.pem - - # Network topology - # Should be subnet (addressing via IP) -diff --git ./sample/sample-config-files/tls-office.conf ./sample/sample-config-files/tls-office.conf -index f790f46..d196144 100644 ---- ./sample/sample-config-files/tls-office.conf -+++ ./sample/sample-config-files/tls-office.conf -@@ -26,7 +26,7 @@ up ./office.up - tls-server - - # Diffie-Hellman Parameters (tls-server only) --dh dh1024.pem -+dh dh2048.pem - - # Certificate Authority file - ca my-ca.crt -diff --git ./sample/sample-keys/.gitignore ./sample/sample-keys/.gitignore -new file mode 100644 -index 0000000..f148752 ---- /dev/null -+++ ./sample/sample-keys/.gitignore -@@ -0,0 +1 @@ -+sample-ca/ -diff --git ./sample/sample-keys/README ./sample/sample-keys/README -index 1cd473a..66dd945 100644 ---- ./sample/sample-keys/README -+++ ./sample/sample-keys/README -@@ -1,14 +1,19 @@ --Sample RSA keys. -+Sample RSA and EC keys. - --See the examples section of the man page --for usage examples. -+Run ./gen-sample-keys.sh to generate fresh test keys. -+ -+See the examples section of the man page for usage examples. - - NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY. - DON'T USE THEM FOR ANY REAL WORK BECAUSE - THEY ARE TOTALLY INSECURE! - --ca.{crt,key} -- sample CA key/cert --client.{crt,key} -- sample client key/cert --server.{crt,key} -- sample server key/cert (nsCertType=server) --pass.{crt,key} -- sample client key/cert with password-encrypted key -- password = "password" -+ca.{crt,key} -- sample CA key/cert -+server.{crt,key} -- sample server key/cert -+client.{crt,key} -- sample client key/cert -+client-pass.key -- sample client key with password-encrypted key -+ password = "password" -+client.p12 -- sample client pkcs12 bundle -+ password = "password" -+client-ec.{crt,key} -- sample elliptic curve client key/cert -+server-ec.{crt,key} -- sample elliptic curve server key/cert -diff --git ./sample/sample-keys/ca.crt ./sample/sample-keys/ca.crt -index e063ccc..a11bafa 100644 ---- ./sample/sample-keys/ca.crt -+++ ./sample/sample-keys/ca.crt -@@ -1,19 +1,35 @@ - -----BEGIN CERTIFICATE----- --MIIDBjCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL -+MIIGKDCCBBCgAwIBAgIJAKFO3vqQ8q6BMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV -+BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM -+T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w -+HhcNMTQxMDIyMjE1OTUyWhcNMjQxMDE5MjE1OTUyWjBmMQswCQYDVQQGEwJLRzEL - MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy --NTE0NDA1NVoXDTE0MTEyMzE0NDA1NVowZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgT --Ak5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAf --BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCBnzANBgkqhkiG9w0BAQEF --AAOBjQAwgYkCgYEAqPjWJnesPu6bR/iec4FMz3opVaPdBHxg+ORKNmrnVZPh0t8/ --ZT34KXkYoI9B82scurp8UlZVXG8JdUsz+yai8ti9+g7vcuyKUtcCIjn0HLgmdPu5 --gFX25lB0pXw+XIU031dOfPvtROdG5YZN5yCErgCy7TE7zntLnkEDuRmyU6cCAwEA --AaOBwzCBwDAdBgNVHQ4EFgQUiaZg47rqPq/8ZH9MvYzSSI3gzEYwgZAGA1UdIwSB --iDCBhYAUiaZg47rqPq/8ZH9MvYzSSI3gzEahaqRoMGYxCzAJBgNVBAYTAktHMQsw --CQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQTi1U --RVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CAQAwDAYDVR0T --BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBfJoiWYrYdjM0mKPEzUQk0nLYTovBP --I0es/2rfGrin1zbcFY+4dhVBd1E/StebnG+CP8r7QeEIwu7x8gYDdOLLsZn+2vBL --e4jNU1ClI6Q0L7jrzhhunQ5mAaZztVyYwFB15odYcdN2iO0tP7jtEsvrRqxICNy3 --8itzViPTf5W4sA== -+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq -+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsJVPCqt3vtoDW2U0DII1QIh2Qs0dqh88 -+8nivxAIm2LTq93e9fJhsq3P/UVYAYSeCIrekXypR0EQgSgcNTvGBMe20BoHO5yvb -+GjKPmjfLj6XRotCOGy8EDl/hLgRY9efiA8wsVfuvF2q/FblyJQPR/gPiDtTmUiqF -+qXa7AJmMrqFsnWppOuGd7Qc6aTsae4TF1e/gUTCTraa7NeHowDaKhdyFmEEnCYR5 -+CeUsx2JlFWAH8PCrxBpHYbmGyvS0kH3+rQkaSM/Pzc2bS4ayHaOYRK5XsGq8XiNG -+KTTLnSaCdPeHsI+3xMHmEh+u5Og2DFGgvyD22gde6W2ezvEKCUDrzR7bsnYqqyUy -+n7LxnkPXGyvR52T06G8KzLKQRmDlPIXhzKMO07qkHmIonXTdF7YI1azwHpAtN4dS -+rUe1bvjiTSoEsQPfOAyvD0RMK/CBfgEZUzAB50e/IlbZ84c0DJfUMOm4xCyft1HF -+YpYeyCf5dxoIjweCPOoP426+aTXM7kqq0ieIr6YxnKV6OGGLKEY+VNZh1DS7enqV -+HP5i8eimyuUYPoQhbK9xtDGMgghnc6Hn8BldPMcvz98HdTEH4rBfA3yNuCxLSNow -+4jJuLjNXh2QeiUtWtkXja7ec+P7VqKTduJoRaX7cs+8E3ImigiRnvmK+npk7Nt1y -+YE9hBRhSoLsCAwEAAaOB2DCB1TAdBgNVHQ4EFgQUK0DlyX319JY46S/jL9lAZMmO -+BZswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJ -+BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE -+ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h -+aW6CCQChTt76kPKugTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG -+9w0BAQsFAAOCAgEABc77f4C4P8fIS+V8qCJmVNSDU44UZBc+D+J6ZTgW8JeOHUIj -+Bh++XDg3gwat7pIWQ8AU5R7h+fpBI9n3dadyIsMHGwSogHY9Gw7di2RVtSFajEth -+rvrq0JbzpwoYedMh84sJ2qI/DGKW9/Is9+O52fR+3z3dY3gNRDPQ5675BQ5CQW9I -+AJgLOqzD8Q0qrXYi7HaEqzNx6p7RDTuhFgvTd+vS5d5+28Z5fm2umnq+GKHF8W5P -+ylp2Js119FTVO7brusAMKPe5emc7tC2ov8OFFemQvfHR41PLryap2VD81IOgmt/J -+kX/j/y5KGux5HZ3lxXqdJbKcAq4NKYQT0mCkRD4l6szaCEJ+k0SiM9DdTcBDefhR -+9q+pCOyMh7d8QjQ1075mF7T+PGkZQUW1DUjEfrZhICnKgq+iEoUmM0Ee5WtRqcnu -+5BTGQ2mSfc6rV+Vr+eYXqcg7Nxb3vFXYSTod1UhefonVqwdmyJ2sC79zp36Tbo2+ -+65NW2WJK7KzPUyOJU0U9bcu0utvDOvGWmG+aHbymJgcoFzvZmlXqMXn97pSFn4jV -+y3SLRgJXOw1QLXL2Y5abcuoBVr4gCOxxk2vBeVxOMRXNqSWZOFIF1bu/PxuDA+Sa -+hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw= - -----END CERTIFICATE----- -diff --git ./sample/sample-keys/ca.key ./sample/sample-keys/ca.key -index b4bf792..8b11bc2 100644 ---- ./sample/sample-keys/ca.key -+++ ./sample/sample-keys/ca.key -@@ -1,15 +1,52 @@ -------BEGIN RSA PRIVATE KEY----- --MIICXQIBAAKBgQCo+NYmd6w+7ptH+J5zgUzPeilVo90EfGD45Eo2audVk+HS3z9l --PfgpeRigj0Hzaxy6unxSVlVcbwl1SzP7JqLy2L36Du9y7IpS1wIiOfQcuCZ0+7mA --VfbmUHSlfD5chTTfV058++1E50blhk3nIISuALLtMTvOe0ueQQO5GbJTpwIDAQAB --AoGAQuVREyWp4bhhbZr2UFBOco2ws6EOLWp4kdD/uI+WSoEjlHKiDJj+GJ1CrL5K --o+4yD5MpCQf4/4FOQ0ukprfjJpDwDinTG6vzuWSLTHNiTgvksW3vy7IsNMJx97hT --4D2QOOl9HhA50Qqg70teMPYXOgLRMVsdCIV7p7zDNy4nM+ECQQDX8m5ZcQmPtUDA --38dPTfpL4U7kMB94FItJYH/Lk5kMW1/J33xymNhL+BHaG064ol9n2ubGW4XEO5t2 --qE1IOsVpAkEAyE/x/OBVSI1s75aYGlEwMd87p3qaDdtXT7WzujjRY7r8Y1ynkMU6 --GtMeneBX/lk4BY/6I+5bhAzce+hqhaXejwJBAL5Wg+c4GApf41xdogqHm7doNyYw --OHyZ9w9NDDc+uGbI30xLPSCxEe0cEXgiG6foDpm2uzRZFTWaqHPU8pFYpAkCQGNX --cpWM0/7VVK9Fqk1y8knpgfY/UWOJ4jU/0dCLGR0ywLSuYNPlXDmtdkOp3TnhGW14 --x/9F2NEWZ8pzq1B4wHUCQQC5ztD4m/rpiIpinoewUJODoeBJXYBKqx1+mdrALCq6 --ESvK1WRiusMaY3xmsdv4J2TB5iUPryELbn3jU12WGcQc -------END RSA PRIVATE KEY----- -+-----BEGIN PRIVATE KEY----- -+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCwlU8Kq3e+2gNb -+ZTQMgjVAiHZCzR2qHzzyeK/EAibYtOr3d718mGyrc/9RVgBhJ4Iit6RfKlHQRCBK -+Bw1O8YEx7bQGgc7nK9saMo+aN8uPpdGi0I4bLwQOX+EuBFj15+IDzCxV+68Xar8V -+uXIlA9H+A+IO1OZSKoWpdrsAmYyuoWydamk64Z3tBzppOxp7hMXV7+BRMJOtprs1 -+4ejANoqF3IWYQScJhHkJ5SzHYmUVYAfw8KvEGkdhuYbK9LSQff6tCRpIz8/NzZtL -+hrIdo5hErlewarxeI0YpNMudJoJ094ewj7fEweYSH67k6DYMUaC/IPbaB17pbZ7O -+8QoJQOvNHtuydiqrJTKfsvGeQ9cbK9HnZPTobwrMspBGYOU8heHMow7TuqQeYiid -+dN0XtgjVrPAekC03h1KtR7Vu+OJNKgSxA984DK8PREwr8IF+ARlTMAHnR78iVtnz -+hzQMl9Qw6bjELJ+3UcVilh7IJ/l3GgiPB4I86g/jbr5pNczuSqrSJ4ivpjGcpXo4 -+YYsoRj5U1mHUNLt6epUc/mLx6KbK5Rg+hCFsr3G0MYyCCGdzoefwGV08xy/P3wd1 -+MQfisF8DfI24LEtI2jDiMm4uM1eHZB6JS1a2ReNrt5z4/tWopN24mhFpftyz7wTc -+iaKCJGe+Yr6emTs23XJgT2EFGFKguwIDAQABAoICAQCEYPqnihI0PqZjnwQdGIQp -+g+P8gl7pyY9cS0OhUueicEbyDI8+V9qn0kcmx61zKDY0Jq4QNd6tnlUCijTc6Mot -+DwF2G1xsC4GvKxZiy89MOkhloanXETEeQZzDbbjvaM4UgL0AHLWPfZQRCjxbKXkE -+0A5phgvAr2YSvBLHCVXhGN0fScXnwXouVsvgVdGtpcTWdIUa+KrNdQBGDbz6VCkW -+31I76SQFy40d8PPX6ZjUJHDvnM14LycySO6XOkofRIVnXTqaOUiVBb2VKj5fX+Ro -+ILdWZz4d6J3RiGXYwyTr4SGVKLjgxWfgUGZB7x+NrqgugNzuaLYrkuWKSEN42nWq -+yoP6x6xtbAsmB6Fvdqwm/d8BmLhUweaVc0L7AYzXNsOBuT3kubJHMmu3Jv4xgyWk -+l/MAGJQc7i7QQweGgsYZgR8WlbkWkSFpUcgQBDzDibb6nsD2jnYijQrnrrmiEjEI -+R7MO551V+nFw9utiM8U9WIWwqzY0d98ujWkGjVe7uz9ZBVyg0DEAEj/zRi9T54aG -+1V6CB2Cjyw+HzzsDw7yWroWzo4U9YfjbPKCoBsXlqQFLFwY8oL6mEZ7UOobaV1Zl -+WtuHyYw3UNFxuSGPPyxJkFePIQLLvfKvh2R+V0DrT3UJRoKKlt9RejRSN0tOh0Cm -+2YD6d7T/DXnQHomIQKhKEQKCAQEA3sgsDg0eKDK8pUyVE+9wW5kql12nTzpBtnCM -+eg5J9OJcXKhCD/NIyUTIMXoMvZQpLwGUAYLgu4gE04zKWHDouf7MRSFltD5LJ7F2 -+7nuYKHZXk0BhgMhdnQot3FKcOMrKCnZcM+RWX9ZJa8wO6whCaYCw7DtS0SSVODQk -+9EwAgX6/Hq60V7ujPZJCyNd3o0bIdAA/0AQRTZUADP3AHgUzh71aysYJt+UKt1v0 -+Xc7l6hn7Dn7Ewzpf+WdZ2pV7d3JUSBVKiTDxLV904nDBNOxjMhz0rW01ojR6bzpn -+XhkFPqnmh+yEYGRgfSAAzkvSsSJEAtBFSicupA/6n83Lo2YvswKCAQEAyumuxP4Z -+a7s8x8DFba7vuQ+KVxpkKgEz1sxnGRNQJm18/ss/Y5JiaLFYT3E72VkQfBQ2ngu+ -+GrJL3OhiNhzy1KLGS6mrwULtKiuud5MMQDL0Pvkncr9NTy4rBnWzhp2XyPeETu8n -+JpL2i2OK6lY/lgpBckXuap9gAl0fXk+y+BkZ71OoYaGnKpPjs+Xcq/qgPgZ7O3NW -+1g+Bd2AVPSxQpXjuy5rgtQURCN733vkNBzFedKREx7Z6l8UPlK/Exuc7BMIHfn5V -+dd0R3Th+82fkMNVJz6MKmHJ6CJI53M7co/YdAvIkxOFRIPGbO3arL2R69nRgAZBE -+zLawx1JJTRIG2QKCAQATtZXgMFzopYR3A011FAvWrrhL5+czZS4HG/Hxom38kkIl -+mGUv0BAybjlf1zJlW0RBelxDvfZv4Nq8dIo6RNLyEY601v2OcqxneJXTB3AwtDeP -+OXTm1dMiX5IrGcvkYlx5jHsfxCW4GNcqCEWRmYt2lgIRBDaRdjEVZdeXHVo2GqaB -+6mbeFCWe/t+VsSpOcaauTI9YseNt/66fd5uVjFRAwAnWQqr9b/AAxMvbuMAyc9X4 -+NFLoCrQO9ovGgM8JhD3cmrWbaY8MupM2rU8KhZdJCbLD3ROPpCDo0jvu4TvLjXBt -+ugkEFh1LNJedqKudLDDkJtTaeJjxvtAnbyeC7zltAoIBAC9TIyzUqq8io0FfZ2x2 -+cXiy9CvuftABKcr+L0l85KOhw5ZVZvpdKNCMFDGrEi9WA28886QWzwbA8Mqb9FP0 -+mnoXYLJC50kSx+ee+nju9dt/RtHtIFM15N0DwosmJnHODZmUiOo0AuiPPCs0UzDm -+Xrwqtirlvn5ln2nNuEQxyGbuy8qys0HaBvf6OBA8GySNNpRgxJsQAn+4bBSgdzOm -+Q0TkmKUqASCXBusPvbXmVjCIRiRkL5p4p8z/6+tct0NAqNYqPr80zc/IeKMkyw8P -++vucszNXLmBxyp53JEGoiXNAMnH+ca7tchOB5hePTMun3rneWInk0PcB4OcL/QaZ -+nrkCggEBAN67+SvcWtM1BoLXSz5/apFAE+DicCv94PrvMBOhfvu1oBrElR1rBjiN -+2B83SktkF4WhCXr10GP+RUpjaqPBtT7NW4r3fL5B8EPsHeabL+pg9e6wG1rH8GqG -+toWecmfC9uqK7l1A59h5Oveq5K19bZTRZRjQtv2e4KQknlJR6cwy+TGUU5kAUlMt -+vcivyjzxc0UQwq7zKktJq+xW/TZiSLgd3B32p0sXX378qFUJ4SO2UZ1OCh8R7PY1 -+Fx25K/89Q1yGdbYiXb/Dx0a2WB9rP+b6alMl/dxPdqDKj2QXXkdh8+yvhVpQTyZw -+B1RaqQXwzqrCH0F/vw3lRceYhcQvzcQ= -+-----END PRIVATE KEY----- -diff --git ./sample/sample-keys/client-ec.crt ./sample/sample-keys/client-ec.crt -new file mode 100644 -index 0000000..759daba ---- /dev/null -+++ ./sample/sample-keys/client-ec.crt -@@ -0,0 +1,85 @@ -+Certificate: -+ Data: -+ Version: 3 (0x2) -+ Serial Number: 4 (0x4) -+ Signature Algorithm: sha256WithRSAEncryption -+ Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -+ Validity -+ Not Before: Oct 22 21:59:53 2014 GMT -+ Not After : Oct 19 21:59:53 2024 GMT -+ Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client-EC/emailAddress=me@myhost.mydomain -+ Subject Public Key Info: -+ Public Key Algorithm: id-ecPublicKey -+ Public-Key: (256 bit) -+ pub: -+ 04:3b:ce:62:5d:6f:87:82:75:24:c2:58:f5:0e:88: -+ 4d:57:0d:06:b2:71:88:87:58:19:bb:de:5f:7f:52: -+ 62:51:a2:48:91:83:48:91:90:3e:87:02:0f:15:51: -+ f9:68:97:12:0a:fd:d2:3c:87:83:4b:65:54:00:44: -+ 8d:28:76:49:05 -+ ASN1 OID: secp256k1 -+ X509v3 extensions: -+ X509v3 Basic Constraints: -+ CA:FALSE -+ X509v3 Subject Key Identifier: -+ 64:F6:49:88:E7:74:C1:AB:A5:FA:4F:2B:71:3C:25:13:3D:C8:94:C5 -+ X509v3 Authority Key Identifier: -+ keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B -+ DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -+ serial:A1:4E:DE:FA:90:F2:AE:81 -+ -+ Signature Algorithm: sha256WithRSAEncryption -+ 32:3d:f0:08:67:dd:03:73:76:cc:76:52:0a:f6:97:d1:c6:fa: -+ 5f:d3:e6:28:c9:75:a7:08:a8:34:49:69:cf:eb:ab:da:86:b3: -+ 2e:65:17:ee:7e:b6:b5:6b:15:0b:dc:11:3a:b9:5a:b3:80:b8: -+ bb:f4:6c:cf:88:3a:10:83:7e:10:a0:82:87:6e:06:ec:78:62: -+ d4:d1:44:27:dd:2c:19:d8:1a:a1:ae:f4:a0:00:7f:53:5a:40: -+ 8a:c2:83:77:4b:26:7d:53:b0:d3:0f:2f:7c:28:70:ef:74:58: -+ 5b:de:81:94:4c:63:19:f0:79:cb:6c:b2:ec:32:1b:4b:e4:62: -+ 22:4f:ad:ac:4a:6f:a9:6e:c4:2a:8d:8a:88:19:09:fd:88:93: -+ 3c:27:4d:91:95:ff:57:84:13:fd:4a:68:db:20:df:10:e6:81: -+ 1d:fd:e7:1d:35:fb:19:02:dd:b5:5f:a0:c1:07:ec:74:b4:ef: -+ 8b:f9:33:9a:f2:a6:3b:6e:b6:4a:52:ab:5d:99:76:64:62:c4: -+ d5:3a:c6:81:8d:eb:c8:4b:02:af:e1:ca:60:e9:8d:c7:a9:2b: -+ ea:4f:56:31:d3:9a:11:c2:9c:83:5c:a2:8d:98:fe:cc:a5:ad: -+ 1f:51:c4:6e:cf:ff:a0:51:64:c8:7f:7f:32:05:4c:8d:7f:bf: -+ b8:ed:e5:81:5f:81:bd:1d:9b:3f:8a:83:27:26:b4:69:84:8b: -+ e5:d9:ea:fd:08:a8:aa:e4:3a:dc:29:4d:80:6c:13:f7:45:ce: -+ 92:f2:a9:f3:5f:90:83:d6:23:0f:50:e5:40:09:4c:6b:f2:73: -+ aa:d8:49:a7:a9:81:6e:bb:f2:e4:a5:7f:19:39:1d:65:f3:11: -+ 97:b1:2b:7c:2f:36:77:7f:75:fd:88:44:90:7c:f2:33:8d:cd: -+ 2c:f6:76:60:33:d3:f4:b3:8c:81:d7:85:89:cc:d7:d5:2c:94: -+ a9:31:3f:d3:63:a7:dc:82:3f:0a:d8:c5:71:97:69:3b:c1:69: -+ cb:f0:1b:be:15:c0:be:aa:fd:e8:13:2c:0c:3f:72:7b:7d:9c: -+ 3b:7f:b8:82:36:4b:ad:4d:16:19:b9:1c:b3:2d:d7:5f:8b:f8: -+ 14:ce:d4:13:e5:82:7a:1d:40:28:08:65:4a:19:d7:7a:35:09: -+ db:36:48:4b:96:44:bd:1f:12:b2:39:08:1e:5b:66:25:9b:e0: -+ 16:d3:79:05:e3:f6:90:da:95:95:33:a1:53:a8:3c:a9:f0:b2: -+ f5:d0:aa:80:a0:96:ca:8c:45:62:c2:74:04:91:68:27:fb:e9: -+ 97:be:3a:87:8a:85:28:2d:6e:a9:60:9b:63:ba:65:98:5e:bb: -+ 02:ee:ac:ba:be:f6:42:26 -+-----BEGIN CERTIFICATE----- -+MIIESTCCAjGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -+MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy -+MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -+Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDlRlc3QtQ2xpZW50 -+LUVDMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wVjAQBgcqhkjO -+PQIBBgUrgQQACgNCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm73l9/UmJRokiR -+g0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkFo4HIMIHFMAkGA1UdEwQCMAAw -+HQYDVR0OBBYEFGT2SYjndMGrpfpPK3E8JRM9yJTFMIGYBgNVHSMEgZAwgY2AFCtA -+5cl99fSWOOkv4y/ZQGTJjgWboWqkaDBmMQswCQYDVQQGEwJLRzELMAkGA1UECBMC -+TkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4tVEVTVDEhMB8G -+CSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkAoU7e+pDyroEwDQYJKoZI -+hvcNAQELBQADggIBADI98Ahn3QNzdsx2Ugr2l9HG+l/T5ijJdacIqDRJac/rq9qG -+sy5lF+5+trVrFQvcETq5WrOAuLv0bM+IOhCDfhCggoduBux4YtTRRCfdLBnYGqGu -+9KAAf1NaQIrCg3dLJn1TsNMPL3wocO90WFvegZRMYxnwectssuwyG0vkYiJPraxK -+b6luxCqNiogZCf2IkzwnTZGV/1eEE/1KaNsg3xDmgR395x01+xkC3bVfoMEH7HS0 -+74v5M5rypjtutkpSq12ZdmRixNU6xoGN68hLAq/hymDpjcepK+pPVjHTmhHCnINc -+oo2Y/sylrR9RxG7P/6BRZMh/fzIFTI1/v7jt5YFfgb0dmz+KgycmtGmEi+XZ6v0I -+qKrkOtwpTYBsE/dFzpLyqfNfkIPWIw9Q5UAJTGvyc6rYSaepgW678uSlfxk5HWXz -+EZexK3wvNnd/df2IRJB88jONzSz2dmAz0/SzjIHXhYnM19UslKkxP9Njp9yCPwrY -+xXGXaTvBacvwG74VwL6q/egTLAw/cnt9nDt/uII2S61NFhm5HLMt11+L+BTO1BPl -+gnodQCgIZUoZ13o1Cds2SEuWRL0fErI5CB5bZiWb4BbTeQXj9pDalZUzoVOoPKnw -+svXQqoCglsqMRWLCdASRaCf76Ze+OoeKhSgtbqlgm2O6ZZheuwLurLq+9kIm -+-----END CERTIFICATE----- -diff --git ./sample/sample-keys/client-ec.key ./sample/sample-keys/client-ec.key -new file mode 100644 -index 0000000..8131380 ---- /dev/null -+++ ./sample/sample-keys/client-ec.key -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQg2RVk/d0yok086M9bLPIi -+eu4DfcBUwphOnkje1/7VSY+hRANCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm7 -+3l9/UmJRokiRg0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkF -+-----END PRIVATE KEY----- -diff --git ./sample/sample-keys/client-pass.key ./sample/sample-keys/client-pass.key -new file mode 100644 -index 0000000..2bb8d4e ---- /dev/null -+++ ./sample/sample-keys/client-pass.key -@@ -0,0 +1,30 @@ -+-----BEGIN RSA PRIVATE KEY----- -+Proc-Type: 4,ENCRYPTED -+DEK-Info: AES-256-CBC,ECC1F209896FC2621233FFF6F1FFD045 -+ -+i6t7VKTyNNELTvrBO464e02nFg9rvYwumxd0sfqcPtaKmRK2mrZmEd/Xh0Nv1WyB -+PyuJo78qQixAtxObRbkSNINzTr5C8IDrE6+wQYCJinvO54U0o+ksv0tsyLngz1cb -+is8ZqHXrRgJ3qGFQWmFRtFKFQvSXOTDX3fLkEB53HfeblQCxBCnJ82Sp7ivnVR/j -+Q8qQRy1RMbzIN0trEGf0Zi4tHEvXL1u7Y+olQzSlmWWaQt20hhXUOMLhMtlRsAo7 -+AwjlE94JjAfJ1q1dwIcRN4c9Lk8GkiX6w7nDpRACDpk2S8ifCqi69eGe4+g7owhL -+74bgs64PmM9a2sNXy1v6WE3c/t6sSrZiMvrGsqMo4sBlrQ9WXe0Naon7heBkPcdS -+px0YJjnyBXHMIH+ASmALSJ5JXq9vt2xRFf0dOsGapxhP+7bZJ5Pwyk/yUu5uHFbM -+/aBemlrZJzlKeYiiwpwx2whQAtDwN41zMG+r27EzSU/AaDV40NPiwwycpWt/Bp1e -+z1ag0JuS0an+PK4jmREtzT5U5BeAVM91x8YttOPpmUIpahAa1zwdYPRAIkbmPJ4z -+ZH+9YoPH4hoBQKdIhshYktjdI++xNiKXAUGUz5YoX8S68SsLdmKvhnQ7fu5VvOkA -+2pb7taXGy7zfn+a/fWauhuceV9HPlAXMIu3GsssODoNly3vpcFeiMySKppygJ3Eg -+A3o9n8UepD+jXflKG/R/t7U3hT6LqSIvQWqBqYMEVFMCNzSsJ/ce/4veFvx343zT -+qdxuzYqyiXM74cynpfqHdVa9SFICTesNdVDI0FdOXhSQ4bHJc7Xp9FFJdS0lMRw4 -+ACwKxvs8lo4Gx1WFyCqH5OxosKtDHQYzdUJfSWVJlhhOFR3GncR9qSe3O5fkhJfs -+TALnC+xTJyCkSB2k0/bxVLIhlkPdCwzsrN/B6X2CDBdg0mQIo0LaPzGF8VneM20d -+XebYn751XSiL3HKyq8G5AEFwj9AO3Q8gKuP2fPoWdngJ2GT+mt1m2fIw9Igu39J0 -+ZMegyUN0wSIiA5AkgryK9U+PJEiJmLzOJ/NGr7E5tPF18eZWapK4KZ8TXC4RNiye -+g+apGa+xZJz2VQp/Mrcdj9D4UDJFQjrvKaS0PXJDoYUXFBoMv3rxijzRVxlhhuJY -+yZ0At+UqZD5wpuWW6DRrgJIpy0HNhbaLmgsU0Co0HKviB0x8hvMJbi/uCoPTOdPz -+sPB7CN2i3oXe7xw1HfSTSFWb4leqjlKwNgfV42ox0QUjkkADeeuY+56g/B2+QmdE -+vXrc6sDwfNUwRUzeMn8yfum/aW1y/wrqF/qPTBQqFd85vlzS+NfXIKDg04cAljTu -++2BLzvizh9Bb68iG4PykNXbjbAir1EbQG1tCzq1eKhERjgrxdv6+XqAmvchMCeL5 -+L6hvfQFBPCo/4xnMpU5wooFarO/kGdKlGr5rXOydgfL618Td18BIX+FHQFb3zzVU -+y2NR4++DslJAZgAU+512zzpW1m3JtaRoyqyoLE2YFPlW804Xc1PBB3Ix6Wyzcegy -+D4qMk5qxjBkXEsBBSCYfVbWoMBeMhnvxkz0b9wkPtAW/jEJCB2Kkn/5yMC0DkePO -+-----END RSA PRIVATE KEY----- -diff --git ./sample/sample-keys/client.crt ./sample/sample-keys/client.crt -index c047446..1744cb2 100644 ---- ./sample/sample-keys/client.crt -+++ ./sample/sample-keys/client.crt -@@ -2,64 +2,102 @@ Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) -- Signature Algorithm: md5WithRSAEncryption -+ Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity -- Not Before: Nov 25 14:46:49 2004 GMT -- Not After : Nov 23 14:46:49 2014 GMT -+ Not Before: Oct 22 21:59:53 2014 GMT -+ Not After : Oct 19 21:59:53 2024 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption -- RSA Public Key: (1024 bit) -- Modulus (1024 bit): -- 00:d2:12:5c:c6:4d:13:34:ae:cf:fa:ab:fe:cb:de: -- 8c:f1:4b:4a:95:28:60:87:82:2c:b8:c1:e5:8e:c6: -- 5d:11:58:61:a4:a5:f1:42:d7:86:74:6c:9d:9c:7a: -- f0:3a:5c:29:e6:53:3b:5e:6d:d8:f0:45:06:2c:23: -- ee:09:bc:02:8f:0e:b8:d5:33:1f:c3:4a:11:02:48: -- 0b:cc:4b:ad:6e:74:e0:a2:53:b1:d6:cc:89:b9:e2: -- 6f:db:15:b3:19:1e:57:04:79:48:3a:da:76:31:fc: -- bf:d3:34:21:e7:32:d8:9e:06:4e:be:f3:e3:79:b0: -- 54:fd:d1:42:32:aa:3e:7a:c1 -+ Public-Key: (2048 bit) -+ Modulus: -+ 00:ec:65:8f:e9:12:c2:1a:5b:e6:56:2a:08:a9:82: -+ 3a:2d:44:78:a3:00:3b:b0:9f:e7:27:10:40:93:ef: -+ f1:cc:3e:a0:aa:04:a2:80:1b:13:a9:e6:fe:81:d6: -+ 70:90:a8:d8:d4:de:30:d8:35:00:d2:be:62:f0:48: -+ da:fc:15:8d:c4:c6:6d:0b:99:f1:2b:83:00:0a:d3: -+ 2a:23:0b:e5:cd:f9:35:df:43:61:15:72:ad:95:98: -+ f6:73:21:41:5e:a0:dd:47:27:a0:d5:9a:d4:41:a8: -+ 1c:1d:57:20:71:17:8f:f7:28:9e:3e:07:ce:ec:d5: -+ 0e:42:4f:1e:74:47:8e:47:9d:d2:14:28:27:2c:14: -+ 10:f5:d1:96:b5:93:74:84:ef:f9:04:de:8d:4a:6f: -+ df:77:ab:ea:d1:58:d3:44:fe:5a:04:01:ff:06:7a: -+ 97:f7:fd:e3:57:48:e1:f0:df:40:13:9f:66:23:5a: -+ e3:55:54:3d:54:39:ee:00:f9:12:f1:d2:df:74:2e: -+ ba:d7:f0:8d:c6:dd:18:58:1c:93:22:0b:75:fa:a8: -+ d6:e0:b5:2f:2d:b9:d4:fe:b9:4f:86:e2:75:48:16: -+ 60:fb:3f:c9:b4:30:42:29:fb:3b:b3:2b:b9:59:81: -+ 6a:46:f3:45:83:bf:fd:d5:1a:ff:37:0c:6f:5b:fd: -+ 61:f1 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE -- Netscape Comment: -- OpenSSL Generated Certificate - X509v3 Subject Key Identifier: -- 17:B7:3F:C7:62:A0:A9:FD:A4:31:0E:58:D7:D9:94:7B:4B:3F:CB:56 -+ D2:B4:36:0F:B1:FC:DD:A5:EA:2A:F7:C7:23:89:FA:E3:FA:7A:44:1D - X509v3 Authority Key Identifier: -- keyid:89:A6:60:E3:BA:EA:3E:AF:FC:64:7F:4C:BD:8C:D2:48:8D:E0:CC:46 -+ keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -- serial:00 -+ serial:A1:4E:DE:FA:90:F2:AE:81 - -- Signature Algorithm: md5WithRSAEncryption -- 61:c6:d1:fa:24:0f:c7:be:09:3b:d8:04:17:63:31:17:07:f9: -- 56:99:af:4c:67:fa:db:cb:94:cf:55:a5:7b:16:20:8b:42:64: -- 13:23:62:45:28:93:5e:36:f7:db:02:95:a1:e9:fd:e3:0f:8d: -- 73:a1:7b:0e:55:78:4d:a5:c4:b7:22:12:a0:ee:55:e0:b8:0e: -- c9:9b:12:e3:b0:ef:9b:68:93:57:6e:6c:ad:16:68:8e:8d:30: -- 33:fe:2a:1b:c3:03:8f:b6:0a:2d:0c:b1:3c:bb:f9:58:3f:8c: -- 81:59:6b:14:dd:62:b5:c2:93:ed:5d:c6:19:0f:9b:4b:52:b3: -- 7c:78 -+ Signature Algorithm: sha256WithRSAEncryption -+ 7f:e0:fe:84:a7:ec:df:62:a5:cd:3c:c1:e6:42:b1:31:12:f0: -+ b9:da:a7:9e:3f:bd:96:52:b6:fc:55:74:64:3e:e4:ff:7e:aa: -+ f7:3e:06:18:5f:73:85:f8:c8:e0:67:1b:4d:97:ca:05:d0:37: -+ 07:33:64:9b:e6:78:77:14:9a:55:bb:2a:ac:c3:7f:c9:15:08: -+ 83:5c:c8:c2:61:d3:71:4c:05:0b:2b:cb:a3:87:6d:a0:32:ed: -+ b0:b3:27:97:4a:55:8d:01:2a:30:56:68:ab:f2:da:5c:10:73: -+ c9:aa:0a:9c:4b:4c:a0:5b:51:6e:0a:7e:6c:53:80:b0:00:e1: -+ 1e:9a:4c:0a:37:9e:20:89:bc:c5:e5:79:58:b7:45:ff:d3:c4: -+ a1:fd:d9:78:3d:45:16:74:df:82:44:1d:1d:81:50:5a:b9:32: -+ 4c:e2:4f:3f:0e:3a:65:5a:64:83:3b:29:31:c4:99:88:bc:c5: -+ 84:39:f2:19:12:e1:66:d0:ea:fb:75:b1:d2:27:be:91:59:a3: -+ 2b:09:d5:5c:bf:46:8e:d6:67:d6:0b:ec:da:ab:f0:80:19:87: -+ 64:07:a9:77:b1:5e:0c:e2:c5:1d:6a:ac:5d:23:f3:30:75:36: -+ 4e:ca:c3:4e:b0:4d:8c:2c:ce:52:61:63:de:d5:f5:ef:ef:0a: -+ 6b:23:25:26:3c:3a:f2:c3:c2:16:19:3f:a9:32:ba:68:f9:c9: -+ 12:3c:3e:c6:1f:ff:9b:4e:f4:90:b0:63:f5:d1:33:00:30:5a: -+ e8:24:fa:35:44:9b:6a:80:f3:a6:cc:7b:3c:73:5f:50:c4:30: -+ 71:d8:74:90:27:0a:01:4e:a5:5e:b1:f8:da:c2:61:81:11:ae: -+ 29:a3:8f:fa:7e:4c:4e:62:b1:00:de:92:e3:8f:6a:2e:da:d9: -+ 38:5d:6b:7c:0d:e4:01:aa:c8:c6:6d:8b:cd:c0:c8:6e:e4:57: -+ 21:8a:f6:46:30:d9:ad:51:a1:87:96:a6:53:c9:1e:c6:bb:c3: -+ eb:55:fe:8c:d6:5c:d5:c6:f3:ca:b0:60:d2:d4:2a:1f:88:94: -+ d3:4c:1a:da:0c:94:fe:c1:5d:0d:2a:db:99:29:5d:f6:dd:16: -+ c4:c8:4d:74:9e:80:d9:d0:aa:ed:7b:e3:30:e4:47:d8:f5:15: -+ c1:71:b8:c6:fd:ee:fc:9e:b2:5f:b5:b7:92:ed:ff:ca:37:f6: -+ c7:82:b4:54:13:9b:83:cd:87:8b:7e:64:f6:2e:54:3a:22:b1: -+ c5:c1:f4:a5:25:53:9a:4d:a8:0f:e7:35:4b:89:df:19:83:66: -+ 64:d9:db:d1:61:2b:24:1b:1d:44:44:fb:49:30:87:b7:49:23: -+ 08:02:8a:e0:25:f3:f4:43 - -----BEGIN CERTIFICATE----- --MIIDNTCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL -+MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL - MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy --NTE0NDY0OVoXDTE0MTEyMzE0NDY0OVowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -+VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy -+MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT - Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50 --MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wgZ8wDQYJKoZIhvcN --AQEBBQADgY0AMIGJAoGBANISXMZNEzSuz/qr/svejPFLSpUoYIeCLLjB5Y7GXRFY --YaSl8ULXhnRsnZx68DpcKeZTO15t2PBFBiwj7gm8Ao8OuNUzH8NKEQJIC8xLrW50 --4KJTsdbMibnib9sVsxkeVwR5SDradjH8v9M0Iecy2J4GTr7z43mwVP3RQjKqPnrB --AgMBAAGjge4wgeswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH --ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBe3P8dioKn9pDEOWNfZlHtL --P8tWMIGQBgNVHSMEgYgwgYWAFImmYOO66j6v/GR/TL2M0kiN4MxGoWqkaDBmMQsw --CQYDVQQGEwJLRzELMAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNV --BAoTDE9wZW5WUE4tVEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9t --YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAGHG0fokD8e+CTvYBBdjMRcH+VaZr0xn --+tvLlM9VpXsWIItCZBMjYkUok14299sClaHp/eMPjXOhew5VeE2lxLciEqDuVeC4 --DsmbEuOw75tok1dubK0WaI6NMDP+KhvDA4+2Ci0MsTy7+Vg/jIFZaxTdYrXCk+1d --xhkPm0tSs3x4 -+MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 -+DQEBAQUAA4IBDwAwggEKAoIBAQDsZY/pEsIaW+ZWKgipgjotRHijADuwn+cnEECT -+7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLwSNr8FY3Exm0LmfErgwAK0yoj -+C+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwdVyBxF4/3KJ4+B87s1Q5CTx50 -+R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rRWNNE/loEAf8Gepf3/eNXSOHw -+30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhYHJMiC3X6qNbgtS8tudT+uU+G -+4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83DG9b/WHxAgMBAAGjgcgwgcUw -+CQYDVR0TBAIwADAdBgNVHQ4EFgQU0rQ2D7H83aXqKvfHI4n64/p6RB0wgZgGA1Ud -+IwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJBgNVBAYTAktH -+MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ -+Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQChTt76 -+kPKugTANBgkqhkiG9w0BAQsFAAOCAgEAf+D+hKfs32KlzTzB5kKxMRLwudqnnj+9 -+llK2/FV0ZD7k/36q9z4GGF9zhfjI4GcbTZfKBdA3BzNkm+Z4dxSaVbsqrMN/yRUI -+g1zIwmHTcUwFCyvLo4dtoDLtsLMnl0pVjQEqMFZoq/LaXBBzyaoKnEtMoFtRbgp+ -+bFOAsADhHppMCjeeIIm8xeV5WLdF/9PEof3ZeD1FFnTfgkQdHYFQWrkyTOJPPw46 -+ZVpkgzspMcSZiLzFhDnyGRLhZtDq+3Wx0ie+kVmjKwnVXL9GjtZn1gvs2qvwgBmH -+ZAepd7FeDOLFHWqsXSPzMHU2TsrDTrBNjCzOUmFj3tX17+8KayMlJjw68sPCFhk/ -+qTK6aPnJEjw+xh//m070kLBj9dEzADBa6CT6NUSbaoDzpsx7PHNfUMQwcdh0kCcK -+AU6lXrH42sJhgRGuKaOP+n5MTmKxAN6S449qLtrZOF1rfA3kAarIxm2LzcDIbuRX -+IYr2RjDZrVGhh5amU8kexrvD61X+jNZc1cbzyrBg0tQqH4iU00wa2gyU/sFdDSrb -+mSld9t0WxMhNdJ6A2dCq7XvjMORH2PUVwXG4xv3u/J6yX7W3ku3/yjf2x4K0VBOb -+g82Hi35k9i5UOiKxxcH0pSVTmk2oD+c1S4nfGYNmZNnb0WErJBsdRET7STCHt0kj -+CAKK4CXz9EM= - -----END CERTIFICATE----- -diff --git ./sample/sample-keys/client.key ./sample/sample-keys/client.key -index 17b9509..6d31489 100644 ---- ./sample/sample-keys/client.key -+++ ./sample/sample-keys/client.key -@@ -1,15 +1,28 @@ -------BEGIN RSA PRIVATE KEY----- --MIICXAIBAAKBgQDSElzGTRM0rs/6q/7L3ozxS0qVKGCHgiy4weWOxl0RWGGkpfFC --14Z0bJ2cevA6XCnmUztebdjwRQYsI+4JvAKPDrjVMx/DShECSAvMS61udOCiU7HW --zIm54m/bFbMZHlcEeUg62nYx/L/TNCHnMtieBk6+8+N5sFT90UIyqj56wQIDAQAB --AoGBAK8RoIGekCfym99DYYfTg9A/t/tQeAnWYaDj7oSrKbqf1lgZ91OGPEZgkoVr --KzLnxf9uU+bhUs8CJx+4HdO8/L9rAJA+oD9QNuMp0elN4AKuEGE1Eq3a0e3cmgPI --+VIoXM6WVAGgK9I03Zu/UerYQ/DdXWGOIsKhFe8qyQoG9pKxAkEA9ld6O9MHQt3d --JAjJkgCNn4psozxjrfLWy2huXd3H3CRqGMjLITDGzdkVSgXjHokBYroi0+TZTu4M --ulJSJaWwBQJBANpO2DAexH2zRHw5Z6QyeEVxz7B3/FzU4GgJx9BH+FSBh+F0G5Ln --ir5Vst8vZ/LGcgpYjHQLNAvZVgUjiQ4Y6I0CQGvwMJL+CHR4GmmroAblTyjU0n1D --/Lk/anZ+L73Za7U+D28ErFzCrpmLwRRKOBYtGfpUbOZDpCQ9kj4hy/TLALECQCcL --9ysUNbzt9Y/qjJkX1d9F7gn4TBEmmkTBixW76bTjvjQbGlt6Qpyso2O8DPGlgPxM --vkJ7RoHgC7y7kGYPGnkCQBVxSNGIjLx4NQBgN4HD0y4+fars1PTUGnckBcS4npb9 --onLNyerBlWdBwbARyBS7WPIbyyf5VCrn3yIqWxaARO0= -------END RSA PRIVATE KEY----- -+-----BEGIN PRIVATE KEY----- -+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsZY/pEsIaW+ZW -+KgipgjotRHijADuwn+cnEECT7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLw -+SNr8FY3Exm0LmfErgwAK0yojC+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwd -+VyBxF4/3KJ4+B87s1Q5CTx50R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rR -+WNNE/loEAf8Gepf3/eNXSOHw30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhY -+HJMiC3X6qNbgtS8tudT+uU+G4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83 -+DG9b/WHxAgMBAAECggEBAIOdaCpUD02trOh8LqZxowJhBOl7z7/ex0uweMPk67LT -+i5AdVHwOlzwZJ8oSIknoOBEMRBWcLQEojt1JMuL2/R95emzjIKshHHzqZKNulFvB -+TIUpdnwChTKtH0mqUkLlPU3Ienty4IpNlpmfUKimfbkWHERdBJBHbtDsTABhdo3X -+9pCF/yRKqJS2Fy/Mkl3gv1y/NB1OL4Jhl7vQbf+kmgfQN2qdOVe2BOKQ8NlPUDmE -+/1XNIDaE3s6uvUaoFfwowzsCCwN2/8QrRMMKkjvV+lEVtNmQdYxj5Xj5IwS0vkK0 -+6icsngW87cpZxxc1zsRWcSTloy5ohub4FgKhlolmigECgYEA+cBlxzLvaMzMlBQY -+kCac9KQMvVL+DIFHlZA5i5L/9pRVp4JJwj3GUoehFJoFhsxnKr8HZyLwBKlCmUVm -+VxnshRWiAU18emUmeAtSGawlAS3QXhikVZDdd/L20YusLT+DXV81wlKR97/r9+17 -+klQOLkSdPm9wcMDOWMNHX8bUg8kCgYEA8k+hQv6+TR/+Beao2IIctFtw/EauaJiJ -+wW5ql1cpCLPMAOQUvjs0Km3zqctfBF8mUjdkcyJ4uhL9FZtfywY22EtRIXOJ/8VR -+we65mVo6RLR8YVM54sihanuFOnlyF9LIBWB+9pUfh1/Y7DSebh7W73uxhAxQhi3Y -+QwfIQIFd8OkCgYBalH4VXhLYhpaYCiXSej6ot6rrK2N6c5Tb2MAWMA1nh+r84tMP -+gMoh+pDgYPAqMI4mQbxUmqZEeoLuBe6VHpDav7rPECRaW781AJ4ZM4cEQ3Jz/inz -+4qOAMn10CF081/Ez9ykPPlU0bsYNWHNd4eB2xWnmUBKOwk7UgJatVPaUiQKBgQCI -+f18CVGpzG9CHFnaK8FCnMNOm6VIaTcNcGY0mD81nv5Dt943P054BQMsAHTY7SjZW -+HioRyZtkhonXAB2oSqnekh7zzxgv4sG5k3ct8evdBCcE1FNJc2eqikZ0uDETRoOy -+s7cRxNNr+QxDkyikM+80HOPU1PMPgwfOSrX90GJQ8QKBgEBKohGMV/sNa4t14Iau -+qO8aagoqh/68K9GFXljsl3/iCSa964HIEREtW09Qz1w3dotEgp2w8bsDa+OwWrLy -+0SY7T5jRViM3cDWRlUBLrGGiL0FiwsfqiRiji60y19erJgrgyGVIb1kIgIBRkgFM -+2MMweASzTmZcri4PA/5C0HYb -+-----END PRIVATE KEY----- -diff --git ./sample/sample-keys/client.p12 ./sample/sample-keys/client.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..8458c79770a08e832e10205ae1c43e8059cca082 -GIT binary patch -literal 4533 -zcmV;m5lZebf)TL-0Ru3C5qAa&Duzgg_YDCD0ic2rXas^0WH5peU@(FV7X}F`hDe6@ -z4FLxRpn?ntFoFyO0s#Opf(!iy2`Yw2hW8Bt2LUh~1_~;MNQUKZ1!3FrYzVTx;+~<9X -zHC&0kC=Q)Zxu{oL`xLM;b_oD>(X&8Ta-#O3&p;;Aa3+^0d5fSLOs3>{(_@SyxHDGK -z2?mB_IU!{$1Sf&CfNA0|znHybfRqP5blsg?Z{1w#hHzm2WPm@-k>~Fs9L`8P!8d0* -zf18!wochm&3uJ;eC{gw3d+=?v`?TP`azbPA8uS#SvF>zu7QrQ#$t<4KatJksK>dI* -ziMISYR+%EKGJw7P#F#ep~$fBbb6Y*_W)JH+UB%-XoF0lb%KM36b^Ml3z -zdI#>W)o{)xhylZ4OHKChQ3@qS{v(AQB@VaJ?ARCe`Ss=S%-q5T5+I3#R#G1YJlYRV -zDTZ`@`U38{@bSL;>xUioK!F94XIBfJNFiIhM&9nvb{1l0O6GqR&cLY4NFEuZS(DxH -z=W!uJ(?gK8gs^*{5_cl5Z(=wW&Q)XqS-~>m0O$kp(m_Cz>zwzHL-IYyDH=}xGVl+4 -zq3STnMt7Am$3#DF7{7%Lk3imYa+y7?D;AsNHiG -znYdO(f@M<&g*jh|95N+F -zs_~5PPb?@91h)&uXAR5t`>ZG>Uz4i)rF)c|;osz49745f=)!}UDtm5M!ZPf8NHf-q -zBu9VT(aN+vpUdkJ*gO8FPMV2QD1&zIpdi0sGch)W2;I$z%}w_LA6?gziR|D2-^A$7 -zK+7hz{knM@Bqwfx3dirENcVSGhV{VXU4Jr29-tm$-2M^>mnD_r5Lj>iwRX!<9CFRg -z9{(YStoDvOuR@(O4i9CiwMU(U-1=C!cAqZ-t@IfXDXxcbaLeLYLcmYuyDc37)@bc} -zgo@WkW=MyVE1)F@B()zN_MxMHwJS(AR3ip3I+3Rm(|=OM&()I982?Ca-YME*$jcai -z5>TYla+%{gDkflN^F;$b#Qn!EsPXE?fs@D=SdVMjI=w_}8&SK!u012g>$5F;owS>RW$?|5{~rl&$f}d%d>$9i -z7(P0*PhMARQef&fdz)sTC$;%$WGWRFUiOQ+WO;A%{B*ZINIEs08%b-Fb1;6M5Z<_`ge4ELfx*V8?Qo?OBP -zB?YAsG0gnH96b5g@>h2#}&DOvoiL8%)<~q7ehzHh_`~a2Izn=bjHq;TkMIoDt-) -z$u8yg;zHv$;?HL0J6h2aH`EK>az+?|SAZS7*?6)?BsZ8yxec)dO^fx~b|xRBKv@!> -zN|H@j@OZPg_Xe6%y9Pyj1HI_jCpGGJ+r}qJ(Qm^(w#q#n4;fGT9J)MId6%;& -zhPes$n_zQIQ!}^}4G`^Wz7CGC@!ARFDKj^9@L!~Q664CYzu=8Ev-yow*fp9UOsLHG -z-BXcmrr~=}pV<`ImbU@e;g_=@a)XeuKL1x92`ruL2r&K(ct*Kk@IjesmCfch -zG_=`43h3M^{O*UA{yi2s5fjtWXMOov>#rUwy(A49RjMsrwLLq>wy(A6bJnieJpm*K -zLL!(_!FKzh-$!YZdEcBK1F(>@we-M9%w^x#=H#}9Lc8NQX2580FRsm3z}$v|1;BqjKiO00Ft{;FSiOWy|y=&D|>#PfODLKzOym9LWY;M#(= -z`T4NzCiGy4Je$gf+HwRg2c<5NBvatkdmb+(-NL)S<-&!Jq+i>}L3McC!=`WXZgNw}W3)t-k4o9(UzHmA -zq`4KU&&3!B$jn*}C9IgPAZDOKa4d3Z!m^>_uvW(Gg?u{!Zc28~KnlZY| -zW>Ouf -zWGfR@9_i5T8$;AzQkfiya1EQ_>+Bl-?jKt}^_7hPmkxyS@d~^h=708E3`{=Wth%v- -z?@iOBIjVj4-#bcG%9d)#)>ITY*E8dBUmpjRV)C+>Jt32pJ`o-1#>e3Um|*mUJl)zl -zzj+A{saen+`EP}bD_BH@It(cb-`Ha9p{rll@#k}4#rAwI;U5&{_(dvPfry4r*OR(g -zir1=%D70<3l-Vmdno7L-k9AWle8;LS6163q{gLqZK?WsvR6Z`rzHr@Mc&6F6kj#?qqpe;SHD(h=!j(z@^CR=i=KDGw>Bgokqi9zPX(uX -z|8`K|fAgElC|rkyhB5@b+@}LZAfPl$+hDkByi%)V5=IaI1H{6vl7?ZBye!AqHLicO -zaCsg%BIm|>MA3R@|GjKRc3d&Xa4bb>L3UelPWRoILk&ICGoo4lwV@zP{{fLLaZL&+ -znSPhW04KckjD)a}19>2aT|WH_ltW=y7#46Gu!-xzwtb6TmG$I_MlQkGWG4!7F2!_C -z^ngv5DN5VpziF0tnU2m8BpCW*8j$_TsVU%Wf(C_FTqJpP%DVRx*1n=yY6jVZP^~&u -zj+O<-)gVFOKz}2cqLfZKD1W%|44A(?o?C-zVkbOT+V1eU!Th4e58g?qy0IDLgSs@( -z>a3QZ_~$!6a_yYA03n@Qdp;&JCvDXIMz74j$40}k$6D5*AIe~-NPq>l=p{+`{qB*E -z)dA_uyb!%xms+1|*hgXfvXAI&FoFd^1_>&LNQUt!ahU6DYjl -zj#2E$@cqS#ot;itB65=}T$c#Fvn6>(Hu7jv5#?nqND^i{4Z%>zfnT?a?P>WmWgPqNu -zt;=6U3*t>n)oqy#bCFo89J#H&5w(j6)Gb05d4Wuav-;Ae*N4CvCH7Bf7qsT7$-eiNbQFjxma-5lFy&Kf -zuGdIbq=SxP#B5y9i$6kWIXa%j=^H(Q8<pKX1|T1Ncg_%F+OOU1K%=lJvk25edtPll^?C8iOY4l+gHVw-jwS{5 -zc1H%A0AcxAK4?I%10%GT9KyndW;=S4Hs$Bt3ppdV?5;*?C+IU>_jrB|%iA@^j-Ydr -zP#Vq!z4lf1B59em!RbNV^|P^F7)gXU({v-B^T{ObdazrO(+w5OWS;WuWNRLYYIn{T -z*P_`Mm4F+5C)d0&C_P&q3l;Vwjmo9lrsR8}rTM}q1!7wAp-KZ++#udhr|@C8HVGgC -z^(J(Wa- -zy{M9YD^`ZYTH01LwfQ?{ZuZQ~vaO&Jq$O&~PN%MO(9m%~EMFTMC(A&MRujojT{YuB -z`u5e(@~|Ph<w_vbRv_LVvmsQhWA5OYqtUvR -zb2`hE@>8knqkGmwqPuasz=MUx2NN7PM|$lkN60Vj_=3UYPSr6ZIGje(Qd3rIw(m)l~LebaOD9`;d#2Rt>_%?X| -z;FA9GDiVuwAnk9Bh!BAEfMz{Mdq$b`Xzrmam}W60Fe3&DDuzgg_YDCF6)_eB6jtCP -zdB1(YHnjhMGVV2R_)j7)j4&}UAutIB1uG5%0vZJX1Qaaz-GykChO4Gdh~Eic3wrIs -TMJxme++Sbdrv3y90s;sCVF#Wx - -literal 0 -HcmV?d00001 - -diff --git ./sample/sample-keys/dh1024.pem ./sample/sample-keys/dh1024.pem -deleted file mode 100644 -index 7ce05f0..0000000 ---- ./sample/sample-keys/dh1024.pem -+++ /dev/null -@@ -1,5 +0,0 @@ -------BEGIN DH PARAMETERS----- --MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh --1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32 --9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC -------END DH PARAMETERS----- -diff --git ./sample/sample-keys/dh2048.pem ./sample/sample-keys/dh2048.pem -new file mode 100644 -index 0000000..8eda59a ---- /dev/null -+++ ./sample/sample-keys/dh2048.pem -@@ -0,0 +1,8 @@ -+-----BEGIN DH PARAMETERS----- -+MIIBCAKCAQEArdnA32xujHPlPI+jPffHSoMUZ+b5gRz1H1Lw9//Gugm5TAsRiYrB -+t2BDSsMKvAjyqN+i5SJv4TOk98kRRKB27iPvyXmiL945VaDQl/UehCySjYlGFUjW -+9nuo+JwQxeSbw0TLiSYoYJZQ8X1CxPl9mgJl277O4cW1Gc8I/bWa+ipU/4K5wv3h -+GI8nt+6A0jN3M/KebotMP101G4k0l0qsY4oRMTmP+z3oAP0qU9NZ1jiuMFVzRlNp -+5FdYF7ctrH+tBF+QmyT4SRKSED4wE4oX6gp420NaBhIEQifIj75wlMDtxQlpkN+x -+QkjsEbPlaPKHGQ4uupssChVUi8IM2yq5EwIBAg== -+-----END DH PARAMETERS----- -diff --git ./sample/sample-keys/gen-sample-keys.sh ./sample/sample-keys/gen-sample-keys.sh -new file mode 100755 -index 0000000..414687e ---- /dev/null -+++ ./sample/sample-keys/gen-sample-keys.sh -@@ -0,0 +1,75 @@ -+#!/bin/sh -+# -+# Run this script to set up a test CA, and test key-certificate pair for a -+# server, and various clients. -+# -+# Copyright (C) 2014 Steffan Karger -+set -eu -+ -+command -v openssl >/dev/null 2>&1 || { echo >&2 "Unable to find openssl. Please make sure openssl is installed and in your path."; exit 1; } -+ -+if [ ! -f openssl.cnf ] -+then -+ echo "Please run this script from the sample directory" -+ exit 1 -+fi -+ -+# Create required directories and files -+mkdir -p sample-ca -+rm -f sample-ca/index.txt -+touch sample-ca/index.txt -+echo "01" > sample-ca/serial -+ -+# Generate CA key and cert -+openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \ -+ -extensions easyrsa_ca -keyout sample-ca/ca.key -out sample-ca/ca.crt \ -+ -subj "/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain" \ -+ -config openssl.cnf -+ -+# Create server key and cert -+openssl req -new -nodes -config openssl.cnf -extensions server \ -+ -keyout sample-ca/server.key -out sample-ca/server.csr \ -+ -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain" -+openssl ca -batch -config openssl.cnf -extensions server \ -+ -out sample-ca/server.crt -in sample-ca/server.csr -+ -+# Create client key and cert -+openssl req -new -nodes -config openssl.cnf \ -+ -keyout sample-ca/client.key -out sample-ca/client.csr \ -+ -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain" -+openssl ca -batch -config openssl.cnf \ -+ -out sample-ca/client.crt -in sample-ca/client.csr -+ -+# Create password protected key file -+openssl rsa -aes256 -passout pass:password \ -+ -in sample-ca/client.key -out sample-ca/client-pass.key -+ -+# Create pkcs#12 client bundle -+openssl pkcs12 -export -nodes -password pass:password \ -+ -out sample-ca/client.p12 -inkey sample-ca/client.key \ -+ -in sample-ca/client.crt -certfile sample-ca/ca.crt -+ -+ -+# Create EC server and client cert (signed by 'regular' RSA CA) -+openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1 -+ -+openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \ -+ -extensions server \ -+ -keyout sample-ca/server-ec.key -out sample-ca/server-ec.csr \ -+ -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server-EC/emailAddress=me@myhost.mydomain" -+openssl ca -batch -config openssl.cnf -extensions server \ -+ -out sample-ca/server-ec.crt -in sample-ca/server-ec.csr -+ -+openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \ -+ -keyout sample-ca/client-ec.key -out sample-ca/client-ec.csr \ -+ -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client-EC/emailAddress=me@myhost.mydomain" -+openssl ca -batch -config openssl.cnf \ -+ -out sample-ca/client-ec.crt -in sample-ca/client-ec.csr -+ -+# Generate DH parameters -+openssl dhparam -out dh2048.pem 2048 -+ -+# Copy keys and certs to working directory -+cp sample-ca/*.key . -+cp sample-ca/*.crt . -+cp sample-ca/*.p12 . -diff --git ./sample/sample-keys/openssl.cnf ./sample/sample-keys/openssl.cnf -new file mode 100644 -index 0000000..aabfd48 ---- /dev/null -+++ ./sample/sample-keys/openssl.cnf -@@ -0,0 +1,139 @@ -+# Heavily borrowed from EasyRSA 3, for use with OpenSSL 1.0.* -+ -+#################################################################### -+[ ca ] -+default_ca = CA_default # The default ca section -+ -+#################################################################### -+[ CA_default ] -+ -+dir = sample-ca # Where everything is kept -+certs = $dir # Where the issued certs are kept -+crl_dir = $dir # Where the issued crl are kept -+database = $dir/index.txt # database index file. -+new_certs_dir = $dir # default place for new certs. -+ -+certificate = $dir/ca.crt # The CA certificate -+serial = $dir/serial # The current serial number -+crl = $dir/crl.pem # The current CRL -+private_key = $dir/ca.key # The private key -+RANDFILE = $dir/.rand # private random number file -+ -+x509_extensions = basic_exts # The extentions to add to the cert -+ -+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA -+# is designed for will. In return, we get the Issuer attached to CRLs. -+crl_extensions = crl_ext -+ -+default_days = 3650 # how long to certify for -+default_crl_days= 30 # how long before next CRL -+default_md = sha256 # use public key default MD -+preserve = no # keep passed DN ordering -+ -+# A few difference way of specifying how similar the request should look -+# For type CA, the listed attributes must be the same, and the optional -+# and supplied fields are just that :-) -+policy = policy_anything -+ -+# For the 'anything' policy, which defines allowed DN fields -+[ policy_anything ] -+countryName = optional -+stateOrProvinceName = optional -+localityName = optional -+organizationName = optional -+organizationalUnitName = optional -+commonName = supplied -+name = optional -+emailAddress = optional -+ -+#################################################################### -+# Easy-RSA request handling -+# We key off $DN_MODE to determine how to format the DN -+[ req ] -+default_bits = 2048 -+default_keyfile = privkey.pem -+default_md = sha256 -+distinguished_name = cn_only -+x509_extensions = easyrsa_ca # The extentions to add to the self signed cert -+ -+# A placeholder to handle the $EXTRA_EXTS feature: -+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it -+ -+#################################################################### -+# Easy-RSA DN (Subject) handling -+ -+# Easy-RSA DN for cn_only support: -+[ cn_only ] -+commonName = Common Name (eg: your user, host, or server name) -+commonName_max = 64 -+commonName_default = changeme -+ -+# Easy-RSA DN for org support: -+[ org ] -+countryName = Country Name (2 letter code) -+countryName_default = KG -+countryName_min = 2 -+countryName_max = 2 -+ -+stateOrProvinceName = State or Province Name (full name) -+stateOrProvinceName_default = NA -+ -+localityName = Locality Name (eg, city) -+localityName_default = BISHKEK -+ -+0.organizationName = Organization Name (eg, company) -+0.organizationName_default = OpenVPN-TEST -+ -+organizationalUnitName = Organizational Unit Name (eg, section) -+organizationalUnitName_default = -+ -+commonName = Common Name (eg: your user, host, or server name) -+commonName_max = 64 -+commonName_default = -+ -+emailAddress = Email Address -+emailAddress_default = me@myhost.mydomain -+emailAddress_max = 64 -+ -+#################################################################### -+ -+[ basic_exts ] -+basicConstraints = CA:FALSE -+subjectKeyIdentifier = hash -+authorityKeyIdentifier = keyid,issuer:always -+ -+# The Easy-RSA CA extensions -+[ easyrsa_ca ] -+ -+# PKIX recommendations: -+ -+subjectKeyIdentifier=hash -+authorityKeyIdentifier=keyid:always,issuer:always -+ -+# This could be marked critical, but it's nice to support reading by any -+# broken clients who attempt to do so. -+basicConstraints = CA:true -+ -+# Limit key usage to CA tasks. If you really want to use the generated pair as -+# a self-signed cert, comment this out. -+keyUsage = cRLSign, keyCertSign -+ -+# CRL extensions. -+[ crl_ext ] -+ -+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. -+ -+# issuerAltName=issuer:copy -+authorityKeyIdentifier=keyid:always,issuer:always -+ -+ -+# Server extensions. -+[ server ] -+ -+basicConstraints = CA:FALSE -+nsCertType = server -+nsComment = "OpenSSL Generated Server Certificate" -+subjectKeyIdentifier = hash -+authorityKeyIdentifier = keyid,issuer:always -+extendedKeyUsage = serverAuth -+keyUsage = digitalSignature, keyEncipherment -diff --git ./sample/sample-keys/pass.crt ./sample/sample-keys/pass.crt -deleted file mode 100644 -index 8bb7b17..0000000 ---- ./sample/sample-keys/pass.crt -+++ /dev/null -@@ -1,65 +0,0 @@ --Certificate: -- Data: -- Version: 3 (0x2) -- Serial Number: 3 (0x3) -- Signature Algorithm: md5WithRSAEncryption -- Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -- Validity -- Not Before: Nov 25 14:48:55 2004 GMT -- Not After : Nov 23 14:48:55 2014 GMT -- Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client-Password/emailAddress=me@myhost.mydomain -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- RSA Public Key: (1024 bit) -- Modulus (1024 bit): -- 00:ca:b4:05:67:7b:51:c1:d2:fe:21:57:b1:a5:57: -- 5c:c0:86:38:05:a8:91:cf:e7:a4:bd:7a:76:d8:3b: -- cf:fe:f3:78:65:24:d6:72:7d:1b:6d:b6:da:04:f2: -- a8:f6:b4:04:78:d2:24:a7:21:2f:ca:29:46:96:0f: -- 0b:91:31:66:1e:4d:22:9a:5d:05:17:99:9c:a0:7e: -- e0:2a:be:78:0c:a1:b9:d4:04:c4:ec:f8:61:79:62: -- b5:52:2d:f5:41:af:db:9f:8c:ab:08:1b:b7:95:b8: -- c1:f0:29:d3:da:fb:00:3f:8e:5c:27:e3:8d:fa:ee: -- dc:b4:3b:0b:8b:e0:ab:c1:c1 -- Exponent: 65537 (0x10001) -- X509v3 extensions: -- X509v3 Basic Constraints: -- CA:FALSE -- Netscape Comment: -- OpenSSL Generated Certificate -- X509v3 Subject Key Identifier: -- 40:57:F1:8C:9C:86:B2:DA:E0:3F:A7:B8:D7:85:43:45:07:8A:40:73 -- X509v3 Authority Key Identifier: -- keyid:89:A6:60:E3:BA:EA:3E:AF:FC:64:7F:4C:BD:8C:D2:48:8D:E0:CC:46 -- DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain -- serial:00 -- -- Signature Algorithm: md5WithRSAEncryption -- a5:79:72:7f:a2:08:28:8e:66:da:e1:d0:be:bb:97:3d:65:9f: -- ab:1e:19:ac:f1:66:44:14:8f:4e:7c:eb:ea:1e:2f:57:ea:44: -- 46:4c:b9:56:5b:c0:0c:58:d2:45:87:26:6d:82:de:8c:64:b8: -- 8b:22:61:61:c6:68:36:08:9d:5a:fd:2f:e5:21:e1:a2:0c:7f: -- 3e:ca:e1:06:ea:9f:81:62:3d:a0:ce:f1:1e:0d:ab:86:89:ed: -- 9a:89:34:32:c9:e9:6d:7d:f5:11:c3:5d:7e:a5:f7:f1:a6:83: -- 77:1b:94:67:d9:0f:5c:ac:0e:08:4a:88:98:65:49:eb:66:9e: -- 2d:28 -------BEGIN CERTIFICATE----- --MIIDPjCCAqegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL --MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t --VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy --NTE0NDg1NVoXDTE0MTEyMzE0NDg1NVowczELMAkGA1UEBhMCS0cxCzAJBgNVBAgT --Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxHTAbBgNVBAMTFFRlc3QtQ2xpZW50 --LVBhc3N3b3JkMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wgZ8w --DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMq0BWd7UcHS/iFXsaVXXMCGOAWokc/n --pL16dtg7z/7zeGUk1nJ9G2222gTyqPa0BHjSJKchL8opRpYPC5ExZh5NIppdBReZ --nKB+4Cq+eAyhudQExOz4YXlitVIt9UGv25+Mqwgbt5W4wfAp09r7AD+OXCfjjfru --3LQ7C4vgq8HBAgMBAAGjge4wgeswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd --T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEBX8YychrLa --4D+nuNeFQ0UHikBzMIGQBgNVHSMEgYgwgYWAFImmYOO66j6v/GR/TL2M0kiN4MxG --oWqkaDBmMQswCQYDVQQGEwJLRzELMAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hL --RUsxFTATBgNVBAoTDE9wZW5WUE4tVEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlo --b3N0Lm15ZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAKV5cn+iCCiOZtrh0L67 --lz1ln6seGazxZkQUj0586+oeL1fqREZMuVZbwAxY0kWHJm2C3oxkuIsiYWHGaDYI --nVr9L+Uh4aIMfz7K4Qbqn4FiPaDO8R4Nq4aJ7ZqJNDLJ6W199RHDXX6l9/Gmg3cb --lGfZD1ysDghKiJhlSetmni0o -------END CERTIFICATE----- -diff --git ./sample/sample-keys/pass.key ./sample/sample-keys/pass.key -deleted file mode 100644 -index 4916364..0000000 ---- ./sample/sample-keys/pass.key -+++ /dev/null -@@ -1,18 +0,0 @@ -------BEGIN RSA PRIVATE KEY----- --Proc-Type: 4,ENCRYPTED --DEK-Info: DES-EDE3-CBC,959F7365DBBFDB77 -- --nGm57l+rR/8dAZOHL/1x/6dt11zUca7rphjsgw6XRnSf3M/CWmHvHVjApWcNLEs5 --SWNMp1xfUogtGzsKoMBbnlZLDA7RVHUYD6dVMyCpc64UjzT08LmdZhtQYLAKmlUC --PT1VXS4Ae+SrqCPUqJkw1xP3kr0F1EVCXNu0nhOBAuuTGOS7PPEyW2N+k4nRHtsR --IaPp8GCuIeoR6CdymTFTq6d/GeCiEcyrUM4BNrG4GtRRrURxxOrzQFEOS5sjBPSg --Km1lwa6zBQFRLg9dKjRBL4teKuPY5Z2Nmpcml/aN4CkdkVEso4lW6/UHLE/joOMQ --0MdpdYtu8wnt1WI/Z4immQfl3MF+QcPMkqXXzCEhGG/5SbAo89KC46UXvu1Z5OhS --8XFHhvYBivOYWgZ3XUQqyZ0ulF60mFX7aE1Ph/eEbhWBHmU39hGjxzop1UoPwqLx --ahvtfvCkR3ZeqlWO9SHzCA3MlrKwQ1p1UL6nG6AJhNN9jSevH6by+8wr07NBZOqX --fJx+J/8EdVsUCFG2UJxPwM83ZSwAsvKRqph6CuWEl9ndUb7rw6khmRIoY0Iz3LbU --1MlcDoJNcJas6lYDr1UeFSk86g0SiGCHXZIqsjyUgq6HIy4YrAYiQUthnlF8tp2Q --nNQBPLo1GsHf0dC2MqKfDFASu7ST+Bl+yajHcIiUXvUJPxWbjkWYG9Q2p2ZBLzZD --uqeRr66OKxTzUS4go/QbHDNsAulXl61gQIEOdZw5uy/Jl11kyAI6EQbzmehagKdH --EshTgKp8ks62y0bBHgy3FMKyidJ5Hm58ZDhBxrwN0w+vhRoTGOepTA== -------END RSA PRIVATE KEY----- -diff --git ./sample/sample-keys/pkcs12.p12 ./sample/sample-keys/pkcs12.p12 -deleted file mode 100644 -index 253d4081a3aeffab7d17e8c0a308ee1e85d6456f..0000000000000000000000000000000000000000 -GIT binary patch -literal 0 -HcmV?d00001 - -literal 2685 -zcmY+FX*3j!8pmgb83vhTUnbc_G)!b{*|LOW9U`x+nHmjQ1`%T)*8*R!qdL -z42fKOorCYJc=T4J+l;Z>x@72{LvCNkwZ7MJ{eDgmCW|XX+3GT!YUko$TXTGuE6Cmo -z9@F-=9<6!6cWi%@u>Dp-$JP2s6t=kvz6-OMl@~mEaEXG22le(Tfl@yhU{VQ#pue@v -z$S`$H)k#B#icbEdGUTOJNtg8r2HVyl~u|5a%& -z|9r54eca0dbeyd4`o{LK4N|e%U2!+rmvxC_ve9`q;d+UYx?t$mH)yUk-qpOnl`yp` -z6mivqIZ>KlXGlc!9*DRZGrJ8ENY!3w!PQRJQYJN)m0bubO9Gq)!dpG`51#4fNteWj -z)Uy{{o)tgT)cfGn@(n)(as)Oir2jGwc=aG2L+~IbIcV%&c5G|@P{*{Jd?#H>P7lkl -zqLP8(ve$BRfwQ=WmCMw1W!aWKiK;iH%ej(rhXL~D<1btDIJpqh`U$seQ1fvjn;X@~ -zYBzzfQFps3x>N1~k|{r05Ej#luDsl5o+E5o6W}y((|9?EHOt+r>fDQx&b7jzQ$DN> -zB}mx=v1cW#Y}5;W1wVL}RxO)q&@+=uH(=%CV{+~qJFCmm>+q;_TVOBY$s0EFSdS;7 -z&mqBKauOn(=lG*zP=4q^v2<1rBH%Edi*`-;3;k~BXqk@hzD0o_VXVQwVwfjD`Zs~A -z*lzbtkpmn`Yh@Gtz7 -zEdZh~R0=kRsU4vUgW$I1u@|raEQEzz&hBqHEtEs$w^vz4cAHezuzgvmuh)lb`_LM{yoz0Ij*wf}VZB9stQ6roq -zhXDK5d)_MN2W5P|{wWcWta=?Is<$R6Ihym*+(~37OaRsIhbf-b8ck`;d~mN-TmSKH -zAkCx?E}l3w*$}9L3^26R;TBK#i@n|Af(ggGixifT9?AFEFm1R)6{ia%&96Y_^kl1WMq;EV3-lRXEM}xv(^O~!7!1)I|9!h9%_2p<}KW$RKr|`YcLw} -z0 -zVEA183^cHZa*3$N9%A*|4roE^WV?ltK2PQvtg$I&eq(wH*W%4sXR2^rp@?LgRIi$c -z6%zNK^m$$X@&e`@P3O2H0YrU%8V)t=MmkiK;#rsB0!5%g)<#Kehh}i@<=mHXsKMvG -z>eU}MNQy!ZO;oXNw(nZ+J6q@)D4;l+}O_xHM_Z5tKoRYcpNO)&2;YaS1hNtXHcG&rv)Y1tsGBu -zH@@nN^V!H%fJ=zM7xONAJ@hLH*$%sBw&?k)KQXv{!oF~wZcUek*9AzOQ5GBOcPsmu -zx>J0`U(5@9N3B>CkbfL4%WYBl*?wB7@VbDxSU7fg+%J1>zfC|fk<4tarku$KHFg`) -z32;tRbzJ8+W1aCRdY>%w%VrGgsHNyd4EbT#Qqh=VeTVcd!bI2!ts#EONaY-#AwEJ$ -zmV8E7g}dIaW$9T6mz_@2(aI>^megR`|b;##4x0GX*bjvl8tur0T -zFi`8aRMRgtF^;s*U;`8O&uP@e(S@36;o#rX^|4v%b5bALTjthLt;I)IZQOg5sH58X -z@3eD>)V+B%k!v42GexdYt2hT)KhBqlrh)t$to8;ngHput4!Yrk-gY=}e^$|C-Y@i= -z-l_T>3@=KG>-JMVvEsG%_OrA4k@ZYjRLbqC$RFdzXTFsv^5fJuNl`nhSt&uYLCr>Z -z%rdbJyB06(7buBJ`C6EtGF<4J?VJGCxLiP)aL?oQ96Llg9qZ6=h3stpHJ6e={Ewg1 -zK+RSh?@GwJkQg&4zkgxJv+S4#fuv~Wlw&XBTWrIZVu_7~R1 -z1hL~0b#})ulH*=gO69)OAwLx|pJlgtw5t9Z)?-pY?gb~g{M^?K=_s7xMG!!{|06^S -z0kp(O0L`7?>64j&u>MDnEI`mnn12Fa{GT-${#f&L#3IK5UMTvHHBZjN(4|GIJ8#*0 -zEL~S%gL8a#5P7p0Bg+ozfQ|)o`WbEdFq=Pn+~*x}eSHDn>}0 -za#bssC46DP>glYKit?*q(ylFaU(}~Odzjx2#k+auqmLOM8@t)YFzplKD0QtM(F_Uu -zRHv^yDq*$`c$xNo;O1uEWTg5NnUR9^wRyLx4G&J3O$l?Ff&Sgd*Ux|{yu}Tc_kRAx -zZ4_A@4NuEp$)Ek?$5BMzMT0ZfU+`%1_OIaTg-c`D3Utjws&do{_7d*j_LS6U+DKir -z@E6#p!oOstM}_SmVJ?vyvMMumfm9By?=?AtkFJ4R`)DJQf3HPtrO>CLF*ghb-Z{VT -z@&g3d`$hMvAw9wa-+X=cZug%2QLG(iT8okLHeD64iE06J24#}WG;%v0qN;o~J#X}X -zYrX|$IsBw!A%gBYC6=L-yXI_1c) -z+V2@}l1I9@^i#Ub8wuxSinPw-x7vv^wsW3}5xqf+AKwPmn+)MXcW9$*)7 -Date: Sat, 8 Nov 2014 11:15:08 +0100 -Subject: [PATCH 1/4] Fix assertion error when using --cipher none - -Some commits ago, the cipher mode checks were cleaned up to -remove code duplication (and fix the issue in #471), but broke -'--cipher none' (reported in #473). This commit fixes that. - -Signed-off-by: Steffan Karger -Acked-by: Arne Schwabe -Message-Id: <545DED2C.5070002@karger.me> -URL: http://article.gmane.org/gmane.network.openvpn.devel/9217 -Signed-off-by: Gert Doering -(cherry picked from commit 4e93e6dc88f4d904a4f2eb90140472a8d8fd68d0) ---- - src/openvpn/crypto_backend.h | 6 +++--- - src/openvpn/crypto_openssl.c | 4 ++-- - src/openvpn/crypto_polarssl.c | 4 ++-- - 3 files changed, 7 insertions(+), 7 deletions(-) - -diff --git ./src/openvpn/crypto_backend.h ./src/openvpn/crypto_backend.h -index bc067a7..8749878 100644 ---- ./src/openvpn/crypto_backend.h -+++ ./src/openvpn/crypto_backend.h -@@ -223,7 +223,7 @@ int cipher_kt_block_size (const cipher_kt_t *cipher_kt); - /** - * Returns the mode that the cipher runs in. - * -- * @param cipher_kt Static cipher parameters -+ * @param cipher_kt Static cipher parameters. May not be NULL. - * - * @return Cipher mode, either \c OPENVPN_MODE_CBC, \c - * OPENVPN_MODE_OFB or \c OPENVPN_MODE_CFB -@@ -233,7 +233,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt); - /** - * Check if the supplied cipher is a supported CBC mode cipher. - * -- * @param cipher Static cipher parameters. May not be NULL. -+ * @param cipher Static cipher parameters. - * - * @return true iff the cipher is a CBC mode cipher. - */ -@@ -243,7 +243,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) - /** - * Check if the supplied cipher is a supported OFB or CFB mode cipher. - * -- * @param cipher Static cipher parameters. May not be NULL. -+ * @param cipher Static cipher parameters. - * - * @return true iff the cipher is a OFB or CFB mode cipher. - */ -diff --git ./src/openvpn/crypto_openssl.c ./src/openvpn/crypto_openssl.c -index 4067701..348bdee 100644 ---- ./src/openvpn/crypto_openssl.c -+++ ./src/openvpn/crypto_openssl.c -@@ -527,7 +527,7 @@ cipher_kt_mode (const EVP_CIPHER *cipher_kt) - bool - cipher_kt_mode_cbc(const cipher_kt_t *cipher) - { -- return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC -+ return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC - #ifdef EVP_CIPH_FLAG_AEAD_CIPHER - /* Exclude AEAD cipher modes, they require a different API */ - && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) -@@ -538,7 +538,7 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher) - bool - cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) - { -- return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || -+ return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || - cipher_kt_mode(cipher) == OPENVPN_MODE_CFB) - #ifdef EVP_CIPH_FLAG_AEAD_CIPHER - /* Exclude AEAD cipher modes, they require a different API */ -diff --git ./src/openvpn/crypto_polarssl.c ./src/openvpn/crypto_polarssl.c -index 8bf8d8d..af79029 100644 ---- ./src/openvpn/crypto_polarssl.c -+++ ./src/openvpn/crypto_polarssl.c -@@ -419,13 +419,13 @@ cipher_kt_mode (const cipher_info_t *cipher_kt) - bool - cipher_kt_mode_cbc(const cipher_kt_t *cipher) - { -- return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC; -+ return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC; - } - - bool - cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) - { -- return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || -+ return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || - cipher_kt_mode(cipher) == OPENVPN_MODE_CFB); - } - --- -1.9.1 - Property changes on: head/security/openvpn/files/patch-0001-Fix-assertion-error-when-using-cipher-none ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/openvpn/files/patch-0003-Fix-to-shaper-documentation-on-the-man-page =================================================================== --- head/security/openvpn/files/patch-0003-Fix-to-shaper-documentation-on-the-man-page (revision 373751) +++ head/security/openvpn/files/patch-0003-Fix-to-shaper-documentation-on-the-man-page (nonexistent) @@ -1,35 +0,0 @@ -From e9b07dc92f0827aa58b8aeef736480ba1fa47e95 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= -Date: Fri, 21 Nov 2014 12:09:45 +0200 -Subject: [PATCH 3/4] Fix to --shaper documentation on the man-page -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Trac: #413 -Trac-URL: https://community.openvpn.net/openvpn/ticket/413 -Signed-off-by: Samuli Seppänen -Acked-by: Gert Doering -Message-Id: <1416564585-14546-1-git-send-email-samuli@openvpn.net> -URL: http://article.gmane.org/gmane.network.openvpn.devel/9254 -Signed-off-by: Gert Doering -(cherry picked from commit 245831b9bb096c9139b28612f13609606f105cd5) ---- - doc/openvpn.8 | 1 + - 1 file changed, 1 insertion(+) - -diff --git ./doc/openvpn.8 ./doc/openvpn.8 -index d75bb76..1fd53b0 100644 ---- ./doc/openvpn.8 -+++ ./doc/openvpn.8 -@@ -1429,6 +1429,7 @@ Currently defaults to 100. - Limit bandwidth of outgoing tunnel data to - .B n - bytes per second on the TCP/UDP port. -+Note that this will only work if mode is set to p2p. - If you want to limit the bandwidth - in both directions, use this option on both peers. - --- -1.9.1 - Property changes on: head/security/openvpn/files/patch-0003-Fix-to-shaper-documentation-on-the-man-page ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property