OpenVPN 3 Core Library
Loading...
Searching...
No Matches
tlsver.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// Parse the tls-version-min option.
13
14#pragma once
15
16#include <string>
17
18#include <openvpn/common/size.hpp>
19#include <openvpn/common/exception.hpp>
20#include <openvpn/common/options.hpp>
21
22namespace openvpn::TLSVersion {
23
24enum class Type
25{
26 UNDEF,
27 V1_0,
28 V1_1,
29 V1_2,
30 V1_3
31};
32
33inline bool operator<(const Type &A, const Type &B)
34{
35 return static_cast<int>(A) < static_cast<int>(B);
36}
37
38inline const std::string to_string(const Type version)
39{
40 switch (version)
41 {
42 case Type::UNDEF:
43 return "UNDEF";
44 case Type::V1_0:
45 return "V1_0";
46 case Type::V1_1:
47 return "V1_1";
48 case Type::V1_2:
49 return "V1_2";
50 case Type::V1_3:
51 return "V1_3";
52 default:
53 return "???";
54 }
55}
56
57inline Type parse_tls_version_min(const std::string &ver,
58 const bool or_highest,
59 const Type max_version)
60{
61 if (ver == "1.0" && Type::V1_0 <= max_version)
62 return Type::V1_0;
63 else if (ver == "1.1" && Type::V1_1 <= max_version)
64 return Type::V1_1;
65 else if (ver == "1.2" && Type::V1_2 <= max_version)
66 return Type::V1_2;
67 else if (ver == "1.3" && Type::V1_3 <= max_version)
68 return Type::V1_3;
69 else if (or_highest)
70 return max_version;
71 else
72 throw option_error(ERR_INVALID_OPTION_CRYPTO, "tls-version-min: unrecognized TLS version");
73}
74
75inline Type parse_tls_version_min(const OptionList &opt,
76 const std::string &relay_prefix,
77 const Type max_version)
78{
79 const Option *o = opt.get_ptr(relay_prefix + "tls-version-min");
80 if (o)
81 {
82 const std::string ver = o->get_optional(1, 16);
83 const bool or_highest = (o->get_optional(2, 16) == "or-highest");
84 return parse_tls_version_min(ver, or_highest, max_version);
85 }
86 return Type::UNDEF;
87}
88
89inline void apply_override(Type &tvm, const std::string &override)
90{
91 const Type orig = tvm;
92 Type newtvm = Type::UNDEF;
93
94 if (override.empty() || override == "default")
95 newtvm = tvm;
96 else if (override == "disabled")
97 tvm = Type::UNDEF;
98 else if (override == "tls_1_0")
99 newtvm = Type::V1_0;
100 else if (override == "tls_1_1")
101 newtvm = Type::V1_1;
102 else if (override == "tls_1_2")
103 newtvm = Type::V1_2;
104 else if (override == "tls_1_3")
105 newtvm = Type::V1_3;
106 else
107 throw option_error(ERR_INVALID_OPTION_CRYPTO, "tls-version-min: unrecognized override string");
108
109 if (newtvm > orig || newtvm == Type::UNDEF)
110 tvm = newtvm;
111
112 // OPENVPN_LOG("*** TLS-version-min before=" << to_string(orig) << " override=" << override << " after=" << to_string(tvm)); // fixme
113}
114} // namespace openvpn::TLSVersion
openvpn::OptionList::get_ptr
const Option * get_ptr(const std::string &name) const
Definition options.hpp:1186
openvpn::Option::get_optional
std::string get_optional(const size_t index, const size_t max_len) const
Definition options.hpp:194
openvpn::TLSVersion::operator<
bool operator<(const Type &A, const Type &B)
Definition tlsver.hpp:33
openvpn::TLSVersion::apply_override
void apply_override(Type &tvm, const std::string &override)
Definition tlsver.hpp:89
openvpn::TLSVersion::parse_tls_version_min
Type parse_tls_version_min(const std::string &ver, const bool or_highest, const Type max_version)
Definition tlsver.hpp:57