[Openvpn-devel,0/2] Make cryptoapicert work with TLS 1.2

Message ID 1515378076-5774-1-git-send-email-selva.nair@gmail.com
Headers show


Selva Nair Jan. 7, 2018, 3:21 p.m. UTC
From: Selva Nair <selva.nair@gmail.com>


I am not sure how receptive the crypto maintaineres are to the
idea of adding more code into cryptoapi.c, but here goes:

I've been wanting to add TLS 1.2 support for certs in the
Windows cert store using management external key. But that's
a lot more work than extending cryptoapicert support. And,
rather surprsingly, it turns out that the CNG API for signing is
easy to use (well after some groping in the dark..) and doesn't
take much to implement.

So these patches..

The first patch is not really related and to make the existing code
"openssl-1.1 ready" (missed by past patches as no one probably builds
Windows binary with 1.1..).

The second patch is not dependent on this, but close-by code paths
are touched by both.


Selva Nair (2):
  Bring cryptoapi.c upto speed with openssl 1.1
  TLS v1.2 support for cryptoapicert -- RSA only

 configure.ac                 |   1 +
 src/openvpn/Makefile.am      |   2 +-
 src/openvpn/cryptoapi.c      | 155 ++++++++++++++++++++++++++++++++++---------
 src/openvpn/openssl_compat.h |  14 ++++
 src/openvpn/options.c        |  18 -----
 5 files changed, 140 insertions(+), 50 deletions(-)