diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2017-10-12 10:12:04 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2017-10-12 10:12:04 +0200 |
| commit | 5c06a80f3c8d96e1fff453f081197d1692dd8a90 (patch) | |
| tree | 74679ec0a002f6f640f33983dceec549a369d414 | |
| parent | 81a5881063e3ccca83444d5423f7b36a9b037352 (diff) | |
| parent | c20e5ae97661f2c22256fdc8089ba50777352362 (diff) | |
| download | mullvadvpn-5c06a80f3c8d96e1fff453f081197d1692dd8a90.tar.xz mullvadvpn-5c06a80f3c8d96e1fff453f081197d1692dd8a90.zip | |
Merge branch 'verify-against-crl'
| -rw-r--r-- | talpid-core/src/process/openvpn.rs | 12 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/mod.rs | 9 |
2 files changed, 20 insertions, 1 deletions
diff --git a/talpid-core/src/process/openvpn.rs b/talpid-core/src/process/openvpn.rs index ac3e5911b1..0c534f63b9 100644 --- a/talpid-core/src/process/openvpn.rs +++ b/talpid-core/src/process/openvpn.rs @@ -36,6 +36,7 @@ pub struct OpenVpnCommand { remote: Option<net::Endpoint>, user_pass_path: Option<PathBuf>, ca: Option<PathBuf>, + crl: Option<PathBuf>, plugin: Option<(PathBuf, Vec<String>)>, log: Option<PathBuf>, } @@ -50,6 +51,7 @@ impl OpenVpnCommand { remote: None, user_pass_path: None, ca: None, + crl: None, plugin: None, log: None, } @@ -80,6 +82,12 @@ impl OpenVpnCommand { self } + /// Sets the path to the CRL (Certificate revocation list) file. + pub fn crl<P: AsRef<Path>>(&mut self, path: P) -> &mut Self { + self.crl = Some(path.as_ref().to_path_buf()); + self + } + /// Sets a plugin and its arguments that OpenVPN will be started with. pub fn plugin<P: AsRef<Path>>(&mut self, path: P, args: Vec<String>) -> &mut Self { self.plugin = Some((path.as_ref().to_path_buf(), args)); @@ -114,6 +122,10 @@ impl OpenVpnCommand { args.push(OsString::from("--ca")); args.push(OsString::from(ca.as_os_str())); } + if let Some(ref crl) = self.crl { + args.push(OsString::from("--crl-verify")); + args.push(OsString::from(crl.as_os_str())); + } if let Some((ref path, ref plugin_args)) = self.plugin { args.push(OsString::from("--plugin")); diff --git a/talpid-core/src/tunnel/mod.rs b/talpid-core/src/tunnel/mod.rs index 6ff4c7d2b9..9b42b64355 100644 --- a/talpid-core/src/tunnel/mod.rs +++ b/talpid-core/src/tunnel/mod.rs @@ -151,7 +151,8 @@ impl TunnelMonitor { } cmd.remote(remote) .user_pass(user_pass_file) - .ca(Self::get_ca_path()); + .ca(Self::get_ca_path()) + .crl(Self::get_crl_path()); if let Some(log) = log { cmd.log(log); } @@ -179,6 +180,12 @@ impl TunnelMonitor { .join("ca.crt") } + fn get_crl_path() -> PathBuf { + Self::get_install_dir() + .unwrap_or(PathBuf::from(".")) + .join("crl.pem") + } + fn get_plugin_path() -> Result<PathBuf> { let lib_ext = Self::get_library_extension().chain_err(|| ErrorKind::PluginNotFound)?; |