Security parameter state for a single VPN tunnel. More...
#include <ssl_common.h>
Data Fields | |
| struct tls_options | opt |
| struct key_state * | save_ks |
| struct link_socket_actual | to_link_addr |
| int | n_sessions |
| Number of sessions negotiated thus far. More... | |
| enum multi_status | multi_state |
| int | n_hard_errors |
| int | n_soft_errors |
| char * | locked_cn |
| char * | locked_username |
| struct cert_hash_set * | locked_cert_hash_set |
| time_t | tas_cache_last_update |
| Time of last when we updated the cached state of tls_authentication_status deferred files. More... | |
| unsigned int | tas_cache_num_updates |
| The number of times we updated the cache. More... | |
| char * | client_reason |
| char * | peer_info |
| char * | auth_token |
| If server sends a generated auth-token, this is the token to use for future user/pass authentications in this session. More... | |
| char * | auth_token_initial |
| The first auth-token we sent to a client. More... | |
| uint32_t | peer_id |
| bool | use_peer_id |
| char * | remote_ciphername |
| cipher specified in peer's config file More... | |
| bool | remote_usescomp |
| remote announced comp-lzo in OCC string More... | |
| struct tls_session | session [TM_SIZE] |
Array of tls_session objects representing control channel sessions with the remote peer. More... | |
| int | dco_keys_installed |
| int | dco_peer_id |
| This is the handle that DCO uses to identify this session with the kernel. More... | |
| dco_context_t * | dco |
Detailed Description
Security parameter state for a single VPN tunnel.
An active VPN tunnel running with TLS enabled has one tls_multi object, in which it stores all control channel and data channel security parameter state. This structure can contain multiple, possibly simultaneously active, tls_context objects to allow for interruption-less transitions during session renegotiations. Each tls_context represents one control channel session, which can span multiple data channel security parameter sessions stored in key_state structures.
Definition at line 590 of file ssl_common.h.
Field Documentation
◆ auth_token
| char* tls_multi::auth_token |
If server sends a generated auth-token, this is the token to use for future user/pass authentications in this session.
Definition at line 644 of file ssl_common.h.
Referenced by auth_token_basic_test(), auth_token_fail_invalid_key(), auth_token_test_empty_user(), auth_token_test_env(), auth_token_test_known_keys(), auth_token_test_random_keys(), auth_token_test_session_mismatch(), auth_token_test_timeout(), generate_auth_token(), prepare_auth_token_push_reply(), verify_user_pass(), and wipe_auth_token().
◆ auth_token_initial
| char* tls_multi::auth_token_initial |
The first auth-token we sent to a client.
We use this to remember the session ID and initial timestamp when generating new auth-token.
Definition at line 648 of file ssl_common.h.
Referenced by add_session_token_env(), auth_token_test_known_keys(), auth_token_test_random_keys(), auth_token_test_session_mismatch(), auth_token_test_timeout(), check_send_auth_token(), generate_auth_token(), resend_auth_token_renegotiation(), verify_auth_token(), verify_user_pass(), and wipe_auth_token().
◆ client_reason
| char* tls_multi::client_reason |
Definition at line 637 of file ssl_common.h.
Referenced by auth_set_client_reason(), check_tls(), and tls_client_reason().
◆ dco
| dco_context_t* tls_multi::dco |
Definition at line 692 of file ssl_common.h.
Referenced by do_init_crypto_tls(), and do_open_tun().
◆ dco_keys_installed
| int tls_multi::dco_keys_installed |
Definition at line 682 of file ssl_common.h.
◆ dco_peer_id
| int tls_multi::dco_peer_id |
This is the handle that DCO uses to identify this session with the kernel.
We keep this separate as the normal peer_id can change during p2p NCP and we need to track the id that is really used.
Definition at line 690 of file ssl_common.h.
Referenced by check_dco_key_status(), multi_client_setup_dco_initial(), p2p_set_dco_keepalive(), process_incoming_dco(), and tls_multi_init().
◆ locked_cert_hash_set
| struct cert_hash_set* tls_multi::locked_cert_hash_set |
Definition at line 625 of file ssl_common.h.
Referenced by tls_lock_cert_hash_set(), tls_multi_free(), and verify_final_auth_checks().
◆ locked_cn
| char* tls_multi::locked_cn |
Definition at line 623 of file ssl_common.h.
Referenced by tls_lock_common_name(), tls_multi_free(), and verify_final_auth_checks().
◆ locked_username
| char* tls_multi::locked_username |
Definition at line 624 of file ssl_common.h.
Referenced by check_send_auth_token(), tls_lock_username(), tls_multi_free(), and tls_username().
◆ multi_state
| enum multi_status tls_multi::multi_state |
Definition at line 612 of file ssl_common.h.
Referenced by connection_established(), do_up(), encrypt_sign(), management_client_auth(), multi_client_connect_late_setup(), multi_close_instance(), multi_connection_established(), multi_create_instance(), multi_process_post(), process_incoming_link_part1(), process_incoming_push_request(), session_move_active(), and tls_multi_process().
◆ n_hard_errors
| int tls_multi::n_hard_errors |
Definition at line 617 of file ssl_common.h.
Referenced by check_tls_errors(), and tls_multi_process().
◆ n_sessions
| int tls_multi::n_sessions |
Number of sessions negotiated thus far.
Definition at line 610 of file ssl_common.h.
Referenced by multi_get_create_instance_udp(), tls_initial_packet_received(), and tls_pre_decrypt().
◆ n_soft_errors
| int tls_multi::n_soft_errors |
Definition at line 618 of file ssl_common.h.
Referenced by check_tls_errors(), handle_data_channel_packet(), tls_multi_process(), and tls_pre_decrypt().
◆ opt
| struct tls_options tls_multi::opt |
Definition at line 596 of file ssl_common.h.
Referenced by add_session_token_env(), auth_token_fail_invalid_key(), auth_token_test_key_load(), auth_token_test_random_keys(), auth_token_test_timeout(), do_init_frame_tls(), generate_auth_token(), key_method_2_read(), key_method_2_write(), send_auth_pending_messages(), setup(), teardown(), tls_multi_init(), tls_multi_init_finalize(), tls_multi_init_set_options(), tls_multi_process(), tls_pre_decrypt(), tls_process(), tls_session_init(), tls_set_single_session(), and verify_auth_token().
◆ peer_id
| uint32_t tls_multi::peer_id |
Definition at line 666 of file ssl_common.h.
Referenced by do_deferred_options(), multi_assign_peer_id(), multi_close_instance(), multi_instance_string(), multi_print_status(), multi_process_float(), p2p_mode_ncp(), p2p_ncp_set_options(), prepare_push_reply(), tls_multi_init(), and tls_prepend_opcode_v2().
◆ peer_info
| char* tls_multi::peer_info |
Definition at line 643 of file ssl_common.h.
Referenced by do_deferred_p2p_ncp(), key_method_2_read(), key_state_check_auth_pending_file(), management_get_peer_info(), multi_client_connect_compress_migrate(), multi_client_set_protocol_options(), p2p_mode_ncp(), p2p_ncp_set_options(), prepare_push_reply(), send_auth_pending_messages(), and tls_multi_free().
◆ remote_ciphername
| char* tls_multi::remote_ciphername |
cipher specified in peer's config file
Definition at line 669 of file ssl_common.h.
Referenced by check_pull_client_ncp(), key_method_2_read(), multi_client_set_protocol_options(), and tls_multi_free().
◆ remote_usescomp
| bool tls_multi::remote_usescomp |
remote announced comp-lzo in OCC string
Definition at line 670 of file ssl_common.h.
Referenced by key_method_2_read(), key_method_2_write(), and multi_client_connect_compress_migrate().
◆ save_ks
| struct key_state* tls_multi::save_ks |
Definition at line 602 of file ssl_common.h.
Referenced by tls_post_encrypt(), tls_pre_encrypt(), tls_prepend_opcode_v1(), and tls_prepend_opcode_v2().
◆ session
| struct tls_session tls_multi::session[TM_SIZE] |
Array of tls_session objects representing control channel sessions with the remote peer.
Definition at line 675 of file ssl_common.h.
Referenced by auth_token_test_env(), check_send_auth_token(), do_deferred_options_part2(), do_deferred_p2p_ncp(), generate_auth_token(), get_key_scan(), get_primary_key(), management_client_pending_auth(), move_session(), multi_client_generate_tls_keys(), multi_get_create_instance_udp(), multi_process_post(), receive_cr_response(), send_auth_failed(), send_control_channel_string(), send_push_reply_auth_token(), setup(), tls_common_name(), tls_deauthenticate(), tls_lock_cert_hash_set(), tls_lock_common_name(), tls_multi_free(), tls_multi_init_finalize(), tls_multi_process(), tls_pre_decrypt(), tls_session_soft_reset(), tls_update_remote_addr(), verify_crresponse_plugin(), and verify_crresponse_script().
◆ tas_cache_last_update
| time_t tls_multi::tas_cache_last_update |
Time of last when we updated the cached state of tls_authentication_status deferred files.
Definition at line 629 of file ssl_common.h.
Referenced by tls_authentication_status(), and tls_authentication_status_use_cache().
◆ tas_cache_num_updates
| unsigned int tls_multi::tas_cache_num_updates |
The number of times we updated the cache.
Definition at line 632 of file ssl_common.h.
Referenced by tls_authentication_status(), and tls_authentication_status_use_cache().
◆ to_link_addr
| struct link_socket_actual tls_multi::to_link_addr |
Definition at line 608 of file ssl_common.h.
Referenced by tls_multi_process().
◆ use_peer_id
| bool tls_multi::use_peer_id |
Definition at line 667 of file ssl_common.h.
Referenced by do_deferred_options(), do_deferred_p2p_ncp(), encrypt_sign(), multi_client_set_protocol_options(), p2p_mode_ncp(), p2p_ncp_set_options(), and prepare_push_reply().
The documentation for this struct was generated from the following file:
- src/openvpn/ssl_common.h
