From e6153d9f6d13a2c08afb4cdcc406e50265ad35fe Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Fri, 14 Jan 2022 23:08:14 +0000 Subject: [PATCH] Minor tidy-up Signed-off-by: Richard T Bonhomme --- .github/workflows/blank.yml | 3 ++- EasyTLS-Change.log | 4 ++-- easytls | 10 +++++----- easytls-client-connect.sh | 11 +++-------- easytls-client-connect.vars-example | 23 +++++++++++------------ easytls-client-disconnect.sh | 11 +++-------- easytls-client-disconnect.vars-example | 19 ++++++++----------- easytls-cryptv2-verify.sh | 10 +++++----- easytls-cryptv2-verify.vars-example | 8 ++++---- easytls-op-test.bat | 8 +------- 10 files changed, 44 insertions(+), 63 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index e659b93..9891d9d 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -38,7 +38,8 @@ jobs: # run: | # echo Add other actions to build, # echo test, and deploy your project. - # This workflow contains a single job called "build" + # This workflow contains a single job called "build" + wtest: # The type of runner that the job will run on runs-on: windows-latest diff --git a/EasyTLS-Change.log b/EasyTLS-Change.log index 3212ac5..c02b307 100644 --- a/EasyTLS-Change.log +++ b/EasyTLS-Change.log @@ -2,7 +2,7 @@ https://github.com/TinCanTech/easy-tls Change log: Version 2.7.0 -* TBD +* 2022-01-14 - Commit Switch to fast hash routine Commit b5baffdf19f23b217a29e4a11dbf8a380b03cb21 This is approximately 28% faster than wiscii_hash @@ -11,7 +11,7 @@ Version 2.7.0 Add Client-Group keys to standard TLS-Crypt-V2 Server-keys Version 2.6.0 -* 2021-12-13 +* 2021-12-13 - Commit 28936a49805e241ec10c848648aa52675ee7472c Introduce easytls-tctip.lib (Optional library) Commit f85e95e4bdd4a6d74bb180a8859206e1452f5aa1 Shared IPv4/6 address functions diff --git a/easytls b/easytls index d622591..6b1cb7b 100755 --- a/easytls +++ b/easytls @@ -9141,18 +9141,18 @@ main () empty_ok=1 FILE_HASH_DISABLED=1 ;; - -b|--base-dir) - EASYTLS_base_dir="${val}" - ;; -t|--tmp-dir) EASYTLS_tmp_dir="${val}" ;; - -e|--ersabin-dir) - EASYTLS_ersabin_dir="${val}" + -b|--base-dir) + EASYTLS_base_dir="${val}" ;; -o|--ovpnbin-dir) EASYTLS_ovpnbin_dir="${val}" ;; + -e|--ersabin-dir) + EASYTLS_ersabin_dir="${val}" + ;; -*) fatal_opt "Unknown option: ${opt}" shift diff --git a/easytls-client-connect.sh b/easytls-client-connect.sh index cf6b6e3..1b9ca18 100755 --- a/easytls-client-connect.sh +++ b/easytls-client-connect.sh @@ -16,11 +16,6 @@ copyright () # This code is released under version 2 of the GNU GPL # See LICENSE of this project for full licensing details. # -# Acknowledgement: -# syzzer: https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt -# -# Lock client connections to specific client devices. -# VERBATUM_COPYRIGHT_HEADER_INCLUDE_NEGOTIABLE } @@ -919,12 +914,12 @@ while [ -n "${1}" ]; do EASYTLS_VARS_FILE="${val}" ;; esac ;; - -b|--base-dir) - EASYTLS_base_dir="${val}" - ;; -t|--tmp-dir) EASYTLS_tmp_dir="${val}" ;; + -b|--base-dir) + EASYTLS_base_dir="${val}" + ;; -o|--openvpn-bin-dir) EASYTLS_ovpnbin_dir="${val}" ;; diff --git a/easytls-client-connect.vars-example b/easytls-client-connect.vars-example index 1dffc75..c21cdb1 100644 --- a/easytls-client-connect.vars-example +++ b/easytls-client-connect.vars-example @@ -11,31 +11,30 @@ #ENFORCE_CRYPT_V2=1 #ENFORCE_KEY_HWADDR=1 #PEER_IP_MATCH=1 + +# Openvpn dynamic client options #EASYTLS_DYN_OPTS_FILE=/etc/openvpn/server/easytls-dyn-opts -# One of these directories MUST exist +# Set a specific temporary directory #EASYTLS_tmp_dir=/tmp #EASYTLS_tmp_dir=/Windows/Temp +# Connection tracking #ENABLE_CONN_TRAC=1 # Also requires easytls-client-disconnect.sh #VERBOSE_CONN_TRAC=1 #ENABLE_CONN_TRAC_STATS=1 -# Be careful .. +# Enable tlskey-status tracking +#EASYTLS_TLSKEY_STATUS=1 + +# Fine tune lock time-out +#LOCK_TIMEOUT=30 + +# Debug tools #FATAL_CONN_TRAC=1 #FATAL_CONN_TRAC_2=1 #POOL_EXHAUST_FATAL=1 #POOL_EXHAUST_KILL_CLIENT=1 - -# Enable tlskey-status tracking -#EASYTLS_TLSKEY_STATUS=1 - -# Enable kill server mode #ENABLE_KILL_SERVER=1 - -# Write environment to temporary log file #WRITE_ENV=1 -# Fine tune lock time-out -#LOCK_TIMEOUT=30 - diff --git a/easytls-client-disconnect.sh b/easytls-client-disconnect.sh index bb2a4cb..984f45d 100755 --- a/easytls-client-disconnect.sh +++ b/easytls-client-disconnect.sh @@ -16,11 +16,6 @@ copyright () # This code is released under version 2 of the GNU GPL # See LICENSE of this project for full licensing details. # -# Acknowledgement: -# syzzer: https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt -# -# Lock client connections to specific client devices. -# VERBATUM_COPYRIGHT_HEADER_INCLUDE_NEGOTIABLE } @@ -644,12 +639,12 @@ while [ -n "${1}" ]; do EASYTLS_VARS_FILE="${val}" ;; esac ;; - -b|--base-dir) - EASYTLS_base_dir="${val}" - ;; -t|--tmp-dir) EASYTLS_tmp_dir="${val}" ;; + -b|--base-dir) + EASYTLS_base_dir="${val}" + ;; -o|--openvpn-bin-dir) EASYTLS_ovpnbin_dir="${val}" ;; diff --git a/easytls-client-disconnect.vars-example b/easytls-client-disconnect.vars-example index 91aac55..79eda7d 100644 --- a/easytls-client-disconnect.vars-example +++ b/easytls-client-disconnect.vars-example @@ -3,6 +3,11 @@ #EASYTLS_VERBOSE=1 +# Set a specific temporary directory +#EASYTLS_tmp_dir=/tmp +#EASYTLS_tmp_dir=/Windows/Temp + +# Connection tracking #ENABLE_CONN_TRAC=1 # Also requires easytls-client-disconnect.sh #VERBOSE_CONN_TRAC=1 #ENABLE_CONN_TRAC_STATS=1 @@ -11,19 +16,11 @@ #EASYTLS_TLSKEY_STATUS=1 #ENABLE_STALE_LOG=1 -# One of these directories MUST exist -#EASYTLS_tmp_dir=/tmp -#EASYTLS_tmp_dir=/Windows/Temp +# Fine tune lock time-out +#LOCK_TIMEOUT=30 -# be careful.. +# Debug tools #FATAL_CONN_TRAC=1 - -# Enable kill server mode #ENABLE_KILL_SERVER=1 - -# Write environment to temporary log file #WRITE_ENV=1 -# Fine tune lock time-out -#LOCK_TIMEOUT=30 - diff --git a/easytls-cryptv2-verify.sh b/easytls-cryptv2-verify.sh index a64c801..905fa70 100755 --- a/easytls-cryptv2-verify.sh +++ b/easytls-cryptv2-verify.sh @@ -958,18 +958,18 @@ while [ -n "${1}" ]; do -p|--preload-id) PRELOAD_CA_ID="${val}" ;; - -b|--base-dir) - EASYTLS_base_dir="${val}" - ;; -t|--tmp-dir) EASYTLS_tmp_dir="${val}" ;; - -e|--easyrsa-bin-dir) - EASYTLS_ersabin_dir="${val}" + -b|--base-dir) + EASYTLS_base_dir="${val}" ;; -o|--openvpn-bin-dir) EASYTLS_ovpnbin_dir="${val}" ;; + -e|--easyrsa-bin-dir) + EASYTLS_ersabin_dir="${val}" + ;; *) warn_die "Unknown option: ${1}" ;; diff --git a/easytls-cryptv2-verify.vars-example b/easytls-cryptv2-verify.vars-example index f773a51..ded3bf2 100644 --- a/easytls-cryptv2-verify.vars-example +++ b/easytls-cryptv2-verify.vars-example @@ -31,20 +31,20 @@ #X509_METHOD=3 # Preload CA-ID -#PRELOAD_CA_ID='paste the CA-ID here' +#PRELOAD_CA_ID= # Enable/disable kill_client mode #ENABLE_KILL_CLIENT=1 # Set a specific temporary directory -#EASYTLS_tmp_dir='/tmp' # *nix -#EASYTLS_tmp_dir='C:/Windows/Temp' # Win +#EASYTLS_tmp_dir=/tmp # *nix +#EASYTLS_tmp_dir=C:/Windows/Temp # Win # If easytls-cryptv2-verify.sh is run stand alone then use this #EASYTLS_STAND_ALONE=1 # Hash algorithm -#EASYTLS_HASH_ALGO='SHA256' +#EASYTLS_HASH_ALGO=SHA256 # Write environment to temporary log file #WRITE_ENV=1 diff --git a/easytls-op-test.bat b/easytls-op-test.bat index feff3e9..32396ba 100644 --- a/easytls-op-test.bat +++ b/easytls-op-test.bat @@ -13,12 +13,6 @@ REM REM This code is released under version 2 of the GNU GPL REM See LICENSE of this project for full licensing details. REM -REM Acknowledgement: -REM This utility is "written in the style of" and "borrows heavily from" Easy-RSA -REM -REM Easy-TLS is inspired by syzzer -REM See: https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt -REM REM VERBATUM_COPYRIGHT_HEADER_INCLUDE_NEGOTIABLE set @@ -56,7 +50,7 @@ IF ERRORLEVEL 0 SET SH_EXIT=0 REM X509 certificate revoked IF ERRORLEVEL 1 SET SH_EXIT=1 -ECHO * Verified expected errors: 54 +ECHO * Verified expected errors: 42 ECHO SH_EXIT: %SH_EXIT% EXIT /B %SH_EXIT%