OpenVPN
Data Fields
tls_multi Struct Reference

Security parameter state for a single VPN tunnel. More...

#include <ssl_common.h>

Collaboration diagram for tls_multi:
Collaboration graph
[legend]

Data Fields

struct tls_options opt
 
struct key_statesave_ks
 
struct link_socket_actual to_link_addr
 
int n_sessions
 Number of sessions negotiated thus far. More...
 
enum multi_status multi_state
 
int n_hard_errors
 
int n_soft_errors
 
char * locked_cn
 
char * locked_username
 
struct cert_hash_setlocked_cert_hash_set
 
time_t tas_cache_last_update
 Time of last when we updated the cached state of tls_authentication_status deferred files. More...
 
unsigned int tas_cache_num_updates
 The number of times we updated the cache. More...
 
char * client_reason
 
char * peer_info
 
char * auth_token
 If server sends a generated auth-token, this is the token to use for future user/pass authentications in this session. More...
 
char * auth_token_initial
 The first auth-token we sent to a client. More...
 
uint32_t peer_id
 
bool use_peer_id
 
char * remote_ciphername
 cipher specified in peer's config file More...
 
bool remote_usescomp
 remote announced comp-lzo in OCC string More...
 
struct tls_session session [TM_SIZE]
 Array of tls_session objects representing control channel sessions with the remote peer. More...
 
int dco_keys_installed
 
int dco_peer_id
 This is the handle that DCO uses to identify this session with the kernel. More...
 
dco_context_tdco
 

Detailed Description

Security parameter state for a single VPN tunnel.

An active VPN tunnel running with TLS enabled has one tls_multi object, in which it stores all control channel and data channel security parameter state. This structure can contain multiple, possibly simultaneously active, tls_context objects to allow for interruption-less transitions during session renegotiations. Each tls_context represents one control channel session, which can span multiple data channel security parameter sessions stored in key_state structures.

Definition at line 590 of file ssl_common.h.

Field Documentation

◆ auth_token

char* tls_multi::auth_token

◆ auth_token_initial

char* tls_multi::auth_token_initial

The first auth-token we sent to a client.

We use this to remember the session ID and initial timestamp when generating new auth-token.

Definition at line 648 of file ssl_common.h.

Referenced by add_session_token_env(), auth_token_test_known_keys(), auth_token_test_random_keys(), auth_token_test_session_mismatch(), auth_token_test_timeout(), check_send_auth_token(), generate_auth_token(), resend_auth_token_renegotiation(), verify_auth_token(), verify_user_pass(), and wipe_auth_token().

◆ client_reason

char* tls_multi::client_reason

Definition at line 637 of file ssl_common.h.

Referenced by auth_set_client_reason(), check_tls(), and tls_client_reason().

◆ dco

dco_context_t* tls_multi::dco

Definition at line 692 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and do_open_tun().

◆ dco_keys_installed

int tls_multi::dco_keys_installed

Definition at line 682 of file ssl_common.h.

◆ dco_peer_id

int tls_multi::dco_peer_id

This is the handle that DCO uses to identify this session with the kernel.

We keep this separate as the normal peer_id can change during p2p NCP and we need to track the id that is really used.

Definition at line 690 of file ssl_common.h.

Referenced by check_dco_key_status(), multi_client_setup_dco_initial(), p2p_set_dco_keepalive(), process_incoming_dco(), and tls_multi_init().

◆ locked_cert_hash_set

struct cert_hash_set* tls_multi::locked_cert_hash_set

Definition at line 625 of file ssl_common.h.

Referenced by tls_lock_cert_hash_set(), tls_multi_free(), and verify_final_auth_checks().

◆ locked_cn

char* tls_multi::locked_cn

Definition at line 623 of file ssl_common.h.

Referenced by tls_lock_common_name(), tls_multi_free(), and verify_final_auth_checks().

◆ locked_username

char* tls_multi::locked_username

◆ multi_state

enum multi_status tls_multi::multi_state

◆ n_hard_errors

int tls_multi::n_hard_errors

Definition at line 617 of file ssl_common.h.

Referenced by check_tls_errors(), and tls_multi_process().

◆ n_sessions

int tls_multi::n_sessions

Number of sessions negotiated thus far.

Definition at line 610 of file ssl_common.h.

Referenced by multi_get_create_instance_udp(), tls_initial_packet_received(), and tls_pre_decrypt().

◆ n_soft_errors

int tls_multi::n_soft_errors

◆ opt

struct tls_options tls_multi::opt

◆ peer_id

uint32_t tls_multi::peer_id

◆ peer_info

char* tls_multi::peer_info

◆ remote_ciphername

char* tls_multi::remote_ciphername

cipher specified in peer's config file

Definition at line 669 of file ssl_common.h.

Referenced by check_pull_client_ncp(), key_method_2_read(), multi_client_set_protocol_options(), and tls_multi_free().

◆ remote_usescomp

bool tls_multi::remote_usescomp

remote announced comp-lzo in OCC string

Definition at line 670 of file ssl_common.h.

Referenced by key_method_2_read(), key_method_2_write(), and multi_client_connect_compress_migrate().

◆ save_ks

struct key_state* tls_multi::save_ks

◆ session

struct tls_session tls_multi::session[TM_SIZE]

◆ tas_cache_last_update

time_t tls_multi::tas_cache_last_update

Time of last when we updated the cached state of tls_authentication_status deferred files.

Definition at line 629 of file ssl_common.h.

Referenced by tls_authentication_status(), and tls_authentication_status_use_cache().

◆ tas_cache_num_updates

unsigned int tls_multi::tas_cache_num_updates

The number of times we updated the cache.

Definition at line 632 of file ssl_common.h.

Referenced by tls_authentication_status(), and tls_authentication_status_use_cache().

◆ to_link_addr

struct link_socket_actual tls_multi::to_link_addr

Definition at line 608 of file ssl_common.h.

Referenced by tls_multi_process().

◆ use_peer_id

bool tls_multi::use_peer_id

The documentation for this struct was generated from the following file: