OpenVPN
Data Fields
tls_options Struct Reference

#include <ssl_common.h>

Collaboration diagram for tls_options:
Collaboration graph
[legend]

Data Fields

struct tls_root_ctx ssl_ctx
 
struct key_type key_type
 
bool server
 
bool xmit_hold
 
const char * local_options
 
const char * remote_options
 
bool single_session
 
bool disable_occ
 
int mode
 
bool pull
 
int push_peer_info_detail
 The detail of info we push in peer info. More...
 
int transition_window
 
int handshake_window
 
interval_t packet_timeout
 
int renegotiate_bytes
 
int renegotiate_packets
 
interval_t renegotiate_seconds
 
const char * verify_command
 
int verify_x509_type
 
const char * verify_x509_name
 
const char * crl_file
 
bool crl_file_inline
 
int ns_cert_type
 
unsigned remote_cert_ku [MAX_PARMS]
 
const char * remote_cert_eku
 
struct verify_hash_listverify_hash
 
int verify_hash_depth
 
bool verify_hash_no_ca
 
hash_algo_type verify_hash_algo
 
char * x509_username_field [2]
 
unsigned int crypto_flags
 
int replay_window
 
int replay_time
 
bool tcp_mode
 
const char * config_ciphername
 
const char * config_ncp_ciphers
 
bool tls_crypt_v2
 
const char * tls_crypt_v2_verify_script
 
struct tls_wrap_ctx tls_wrap
 TLS handshake wrapping state. More...
 
struct frame frame
 
const char * auth_user_pass_verify_script
 
const char * client_crresponse_script
 
bool auth_user_pass_verify_script_via_file
 
const char * tmp_dir
 
const char * export_peer_cert_dir
 
const char * auth_user_pass_file
 
bool auth_user_pass_file_inline
 
bool auth_token_generate
 Generate auth-tokens on successful user/pass auth,seet via options->auth_token_generate. More...
 
bool auth_token_call_auth
 always call normal authentication More...
 
unsigned int auth_token_lifetime
 
unsigned int auth_token_renewal
 
struct key_ctx auth_token_key
 
const char * client_config_dir_exclusive
 
struct env_setes
 
openvpn_net_ctx_tnet_ctx
 
const struct plugin_listplugins
 
unsigned int ssl_flags
 
struct man_def_auth_contextmda_context
 
const struct x509_trackx509_track
 
const struct static_challenge_infosci
 
int gremlin
 
const char * ekm_label
 
size_t ekm_label_size
 
size_t ekm_size
 
bool dco_enabled
 Whether keys have to be installed in DCO or not. More...
 

Detailed Description

Definition at line 293 of file ssl_common.h.

Field Documentation

◆ auth_token_call_auth

bool tls_options::auth_token_call_auth

always call normal authentication

Definition at line 384 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ auth_token_generate

bool tls_options::auth_token_generate

Generate auth-tokens on successful user/pass auth,seet via options->auth_token_generate.

Definition at line 381 of file ssl_common.h.

Referenced by add_session_token_env(), do_init_crypto_tls(), and setup().

◆ auth_token_key

struct key_ctx tls_options::auth_token_key

Definition at line 388 of file ssl_common.h.

Referenced by auth_token_fail_invalid_key(), auth_token_test_key_load(), auth_token_test_random_keys(), do_init_crypto_tls(), generate_auth_token(), setup(), teardown(), and verify_auth_token().

◆ auth_token_lifetime

unsigned int tls_options::auth_token_lifetime

Definition at line 385 of file ssl_common.h.

Referenced by auth_token_test_timeout(), do_init_crypto_tls(), setup(), and verify_auth_token().

◆ auth_token_renewal

unsigned int tls_options::auth_token_renewal

Definition at line 386 of file ssl_common.h.

Referenced by auth_token_test_timeout(), do_init_crypto_tls(), and setup().

◆ auth_user_pass_file

const char* tls_options::auth_user_pass_file

Definition at line 378 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ auth_user_pass_file_inline

bool tls_options::auth_user_pass_file_inline

Definition at line 379 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ auth_user_pass_verify_script

const char* tls_options::auth_user_pass_verify_script

Definition at line 373 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ auth_user_pass_verify_script_via_file

bool tls_options::auth_user_pass_verify_script_via_file

Definition at line 375 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ client_config_dir_exclusive

const char* tls_options::client_config_dir_exclusive

Definition at line 391 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ client_crresponse_script

const char* tls_options::client_crresponse_script

Definition at line 374 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ config_ciphername

const char* tls_options::config_ciphername

Definition at line 361 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ config_ncp_ciphers

const char* tls_options::config_ncp_ciphers

Definition at line 362 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ crl_file

const char* tls_options::crl_file

Definition at line 339 of file ssl_common.h.

Referenced by do_init_crypto_tls(), tls_verify_crl_missing(), and verify_cert().

◆ crl_file_inline

bool tls_options::crl_file_inline

Definition at line 340 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ crypto_flags

unsigned int tls_options::crypto_flags

Definition at line 355 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ dco_enabled

bool tls_options::dco_enabled

Whether keys have to be installed in DCO or not.

Definition at line 435 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ disable_occ

bool tls_options::disable_occ

Definition at line 314 of file ssl_common.h.

◆ ekm_label

const char* tls_options::ekm_label

Definition at line 431 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ ekm_label_size

size_t tls_options::ekm_label_size

Definition at line 432 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ ekm_size

size_t tls_options::ekm_size

Definition at line 433 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ es

struct env_set* tls_options::es

Definition at line 394 of file ssl_common.h.

Referenced by do_init_crypto_tls(), key_state_gen_auth_control_files(), and verify_cert().

◆ export_peer_cert_dir

const char* tls_options::export_peer_cert_dir

Definition at line 377 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_cert().

◆ frame

struct frame tls_options::frame

Definition at line 370 of file ssl_common.h.

Referenced by do_init_frame_tls(), test_tls_crypt_secure_reneg_key(), tls_auth_standalone_init(), tls_multi_init_finalize(), and tls_process().

◆ gremlin

int tls_options::gremlin

Definition at line 428 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and tls_multi_process().

◆ handshake_window

int tls_options::handshake_window

Definition at line 329 of file ssl_common.h.

Referenced by auth_deferred_expire_window(), do_init_crypto_tls(), and send_auth_pending_messages().

◆ key_type

struct key_type tls_options::key_type

Definition at line 299 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ local_options

const char* tls_options::local_options

Definition at line 309 of file ssl_common.h.

Referenced by tls_multi_init_set_options().

◆ mda_context

struct man_def_auth_context* tls_options::mda_context

Definition at line 418 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ mode

int tls_options::mode

Definition at line 315 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ net_ctx

openvpn_net_ctx_t* tls_options::net_ctx

Definition at line 395 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ ns_cert_type

int tls_options::ns_cert_type

Definition at line 341 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_peer_cert().

◆ packet_timeout

interval_t tls_options::packet_timeout

Definition at line 330 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ plugins

const struct plugin_list* tls_options::plugins

Definition at line 396 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_cert().

◆ pull

bool tls_options::pull

Definition at line 316 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ push_peer_info_detail

int tls_options::push_peer_info_detail

The detail of info we push in peer info.

0 - nothing at all, P2MP server only 1 - only the most basic information to negotiate cipher and features for P2P NCP 2 - normal setting for clients 3 - full information including "sensitive data" like IV_HWADDR enabled by –push-peer-info

Definition at line 327 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ remote_cert_eku

const char* tls_options::remote_cert_eku

Definition at line 343 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_peer_cert().

◆ remote_cert_ku

unsigned tls_options::remote_cert_ku[MAX_PARMS]

Definition at line 342 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_peer_cert().

◆ remote_options

const char* tls_options::remote_options

Definition at line 310 of file ssl_common.h.

Referenced by tls_multi_init_set_options().

◆ renegotiate_bytes

int tls_options::renegotiate_bytes

Definition at line 331 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ renegotiate_packets

int tls_options::renegotiate_packets

Definition at line 332 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ renegotiate_seconds

interval_t tls_options::renegotiate_seconds

Definition at line 333 of file ssl_common.h.

Referenced by auth_deferred_expire_window(), auth_token_test_timeout(), do_init_crypto_tls(), send_auth_pending_messages(), and setup().

◆ replay_time

int tls_options::replay_time

Definition at line 358 of file ssl_common.h.

Referenced by do_init_crypto_tls(), test_tls_crypt_secure_reneg_key(), and tls_auth_standalone_init().

◆ replay_window

int tls_options::replay_window

Definition at line 357 of file ssl_common.h.

Referenced by do_init_crypto_tls(), test_tls_crypt_secure_reneg_key(), and tls_auth_standalone_init().

◆ sci

const struct static_challenge_info* tls_options::sci

Definition at line 424 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ server

bool tls_options::server

Definition at line 302 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and tls_pre_decrypt().

◆ single_session

bool tls_options::single_session

Definition at line 313 of file ssl_common.h.

Referenced by do_init_crypto_tls(), tls_multi_process(), tls_pre_decrypt(), and tls_set_single_session().

◆ ssl_ctx

struct tls_root_ctx tls_options::ssl_ctx

Definition at line 296 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and tls_verify_crl_missing().

◆ ssl_flags

unsigned int tls_options::ssl_flags

Definition at line 415 of file ssl_common.h.

Referenced by do_init_crypto_tls(), tls_verify_crl_missing(), and verify_cert().

◆ tcp_mode

bool tls_options::tcp_mode

Definition at line 359 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ tls_crypt_v2

bool tls_options::tls_crypt_v2

Definition at line 364 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ tls_crypt_v2_verify_script

const char* tls_options::tls_crypt_v2_verify_script

Definition at line 365 of file ssl_common.h.

Referenced by do_init_crypto_tls(), tls_crypt_v2_extract_client_key(), and tls_crypt_v2_verify_metadata().

◆ tls_wrap

struct tls_wrap_ctx tls_options::tls_wrap

TLS handshake wrapping state.

Definition at line 368 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and tls_auth_standalone_init().

◆ tmp_dir

const char* tls_options::tmp_dir

Definition at line 376 of file ssl_common.h.

Referenced by do_init_crypto_tls(), key_state_gen_auth_control_files(), and tls_crypt_v2_verify_metadata().

◆ transition_window

int tls_options::transition_window

Definition at line 328 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ verify_command

const char* tls_options::verify_command

Definition at line 336 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_cert().

◆ verify_hash

struct verify_hash_list* tls_options::verify_hash

Definition at line 344 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_cert().

◆ verify_hash_algo

hash_algo_type tls_options::verify_hash_algo

Definition at line 347 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_cert().

◆ verify_hash_depth

int tls_options::verify_hash_depth

Definition at line 345 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_cert().

◆ verify_hash_no_ca

bool tls_options::verify_hash_no_ca

Definition at line 346 of file ssl_common.h.

Referenced by do_init_crypto_tls().

◆ verify_x509_name

const char* tls_options::verify_x509_name

Definition at line 338 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_peer_cert().

◆ verify_x509_type

int tls_options::verify_x509_type

Definition at line 337 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_peer_cert().

◆ x509_track

const struct x509_track* tls_options::x509_track

Definition at line 421 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_cert().

◆ x509_username_field

char* tls_options::x509_username_field[2]

Definition at line 351 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and verify_cert().

◆ xmit_hold

bool tls_options::xmit_hold

Definition at line 305 of file ssl_common.h.

Referenced by do_init_crypto_tls().

The documentation for this struct was generated from the following file:
Generated by   doxygen 1.8.17