j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
3096 commits 2 branches 0 tags 10 MiB
Commit graph

29 commits

Author SHA1 Message Date
Guus Sliepen
edc1efed3c Use AES256 and SHA256 by default for the legacy protocol. 
At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.
 2016-10-30 15:17:52 +01:00
Guus Sliepen
323c17e232 Ensure compatibility with OpenSSL 1.1.0. 2016-06-22 16:32:05 +02:00
Guus Sliepen
5cbc12b3d4 Explicitly mention that LibreSSL can be used as well. 
# Conflicts:
#	doc/tinc.texi
#	m4/openssl.m4
 2016-04-11 14:55:23 +02:00
Guus Sliepen
69689f908b We don't depend on ECDH functions from OpenSSL anymore. 2014-12-26 17:54:29 +01:00
Guus Sliepen
cb5c1b5986 Check whether OpenSSL has support for GCM. 2014-02-07 21:40:29 +01:00
Guus Sliepen
a851d8a9f6 Add autoconf checks for OpenSSL's elliptic curve functions. 2012-04-16 01:14:59 +02:00
Guus Sliepen
03b7118139 Reorder checks for libraries to allow ./configure LDFLAGS=-static. 
OpenSSL depends on libdl and libz. When linking dynamically, libcrypto will
automatically link with the other two libraries.  However, when linking
statically, these libraries need to be specified explicitly while linking.  By
moving the autoconf checks for libdl and libz before those for libcrypto, we
ensure the latter test will be done with the proper libraries.
 2011-05-13 12:37:26 +02:00
Guus Sliepen
dc887f5011 Ensure proper linking with OpenSSL with recent versions of MinGW. 2011-05-08 23:12:06 +02:00
Guus Sliepen
6e6b037ef4 Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL. 
The latter function disappeared, and wasn't actually used in tinc, so now we
check on a function that we do use.
 2011-05-08 21:06:06 +02:00
Guus Sliepen
ef92a5725c OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32. 2010-05-01 15:39:03 +02:00
Guus Sliepen
0912260755 Enable OpenSSL ENGINE, so crypto hardware gets used. Thanks to Andreas van Cranenburgh. 2005-11-16 10:45:11 +00:00
Guus Sliepen
fcd836c609 Remove autogen.sh, the autoreconf program does exactly that. 
Update everything for the latest autoconf and automake versions.
 2004-01-10 23:21:36 +00:00
Guus Sliepen
e898b930dc Use CPPFLAGS, LDFLAGS and LIBS as appropiate. 2003-10-06 16:05:30 +00:00
Guus Sliepen
4370b98bb1 Update configure scripts. 2003-07-29 11:50:39 +00:00
Guus Sliepen
81f5713ab7 - simplify configure.in 
- drop support for OpenSSL < 0.9.7
- add some missing definitions/includes
 2003-07-06 17:15:25 +00:00
Guus Sliepen
1783a3aaa9 Various fixes for autoconf and OpenSSL 0.9.7 and a missing header. 2003-01-17 00:43:58 +00:00
Guus Sliepen
8988b127e1 Autoconf cleanup. Works for both 2.13 and 2.53, although running autoconf 
2.53 still gives some errors.
 2002-06-11 11:03:17 +00:00
Guus Sliepen
f0aa9641e8 Merging of the entire pre5 branch. 2002-02-10 21:57:54 +00:00
Guus Sliepen
1e2bdc2b6d - Always use <openssl/include.h> instead of just <include.h> 
- Check if RAND_pseudo_bytes() exists, otherwise just use RAND_bytes()
 2001-07-04 08:41:36 +00:00
Guus Sliepen
9391efe4e8 Check for dlopen in standard libraries first (needed for DEC OSF). 2001-06-29 14:15:46 +00:00
Guus Sliepen
b1e97ece9c Check for and add -ldl. 2001-06-21 16:37:05 +00:00
Guus Sliepen
c5c02a0861 Changed drastically because it didn't work correctly: 
- Don't cache the --with-openssl-* option arguments
- Only search for openssl/*.h, the openssl include files include other
  files only from an openssl/ directory too
- Set CPPFLAGS before AC_CHECK_HEADERS
 2001-06-07 07:51:04 +00:00
Ivo Timmermans
3ff76eb10a Save RSA public and private keys to a separate file, instead of 
wanting to copy them into a configuration file.
 2000-11-28 23:12:57 +00:00
Ivo Timmermans
ef88db6312 Alter CFLAGS, somehow INCLUDES doesn't propagate properly. Still 
doesn't work exactly like it should, but getting there.
 2000-11-24 14:12:31 +00:00
Ivo Timmermans
6fb4a5b6be Also check for sha.h. 2000-11-15 01:02:30 +00:00
Ivo Timmermans
8eb60d0ccd Also check for rand.h and err.h. If any of these files does not 
exist, try the next alternative path.
 2000-11-15 00:57:26 +00:00
Ivo Timmermans
c467ee02d3 Oops, small error. 2000-11-14 23:02:08 +00:00
Ivo Timmermans
9ddb37cee0 Better checks for OpenSSL. I think it can now detect almost all conceivable installations. 2000-11-14 22:57:19 +00:00
Ivo Timmermans
5344832be1 Add a check for openssl that accepts explicit file locations. 2000-11-13 22:01:27 +00:00