OpenVPN 3 Core Library
Loading...
Searching...
No Matches
tlsver.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// Parse the tls-version-min option.
13
14#pragma once
15
16#include <string>
17
18#include <openvpn/common/size.hpp>
19#include <openvpn/common/exception.hpp>
20#include <openvpn/common/options.hpp>
21
22namespace openvpn::TLSVersion {
23
24enum class Type
25{
26 UNDEF,
27 V1_0,
28 V1_1,
29 V1_2,
30 V1_3
31};
32
33inline bool operator<(const Type &A, const Type &B)
34{
35 return static_cast<int>(A) < static_cast<int>(B);
36}
37
38inline const std::string to_string(const Type version)
39{
40 switch (version)
41 {
42 case Type::UNDEF:
43 return "UNDEF";
44 case Type::V1_0:
45 return "V1_0";
46 case Type::V1_1:
47 return "V1_1";
48 case Type::V1_2:
49 return "V1_2";
50 case Type::V1_3:
51 return "V1_3";
52 default:
53 return "???";
54 }
55}
56
57inline Type parse_tls_version_min(const std::string &ver,
58 const bool or_highest,
59 const Type max_version)
60{
61 if (ver == "1.0" && Type::V1_0 <= max_version)
62 return Type::V1_0;
63 if (ver == "1.1" && Type::V1_1 <= max_version)
64 return Type::V1_1;
65 if (ver == "1.2" && Type::V1_2 <= max_version)
66 return Type::V1_2;
67 if (ver == "1.3" && Type::V1_3 <= max_version)
68 return Type::V1_3;
69 if (or_highest)
70 return max_version;
71 throw option_error(ERR_INVALID_OPTION_CRYPTO, "tls-version-min: unrecognized TLS version");
72}
73
74inline Type parse_tls_version_min(const OptionList &opt,
75 const std::string &relay_prefix,
76 const Type max_version)
77{
78 const Option *o = opt.get_ptr(relay_prefix + "tls-version-min");
79 if (o)
80 {
81 const std::string ver = o->get_optional(1, 16);
82 const bool or_highest = (o->get_optional(2, 16) == "or-highest");
83 return parse_tls_version_min(ver, or_highest, max_version);
84 }
85 return Type::UNDEF;
86}
87
88inline void apply_override(Type &tvm, const std::string &override)
89{
90 const Type orig = tvm;
91 Type newtvm = Type::UNDEF;
92
93 if (override.empty() || override == "default")
94 newtvm = tvm;
95 else if (override == "disabled")
96 tvm = Type::UNDEF;
97 else if (override == "tls_1_0")
98 newtvm = Type::V1_0;
99 else if (override == "tls_1_1")
100 newtvm = Type::V1_1;
101 else if (override == "tls_1_2")
102 newtvm = Type::V1_2;
103 else if (override == "tls_1_3")
104 newtvm = Type::V1_3;
105 else
106 throw option_error(ERR_INVALID_OPTION_CRYPTO, "tls-version-min: unrecognized override string");
107
108 if (newtvm > orig || newtvm == Type::UNDEF)
109 tvm = newtvm;
110
111 // OPENVPN_LOG("*** TLS-version-min before=" << to_string(orig) << " override=" << override << " after=" << to_string(tvm)); // fixme
112}
113} // namespace openvpn::TLSVersion
openvpn::OptionList::get_ptr
const Option * get_ptr(const std::string &name) const
Definition options.hpp:1174
openvpn::Option::get_optional
std::string get_optional(const size_t index, const size_t max_len) const
Definition options.hpp:191
openvpn::TLSVersion::operator<
bool operator<(const Type &A, const Type &B)
Definition tlsver.hpp:33
openvpn::TLSVersion::apply_override
void apply_override(Type &tvm, const std::string &override)
Definition tlsver.hpp:88
openvpn::TLSVersion::parse_tls_version_min
Type parse_tls_version_min(const std::string &ver, const bool or_highest, const Type max_version)
Definition tlsver.hpp:57