diff options
| author | Vladislav Grishenko <themiron@mail.ru> | 2017-11-28 06:14:39 +0500 |
|---|---|---|
| committer | Vladislav Grishenko <themiron@mail.ru> | 2017-12-30 22:48:43 +0500 |
| commit | 0ac7701588db59aeb443f0b26bee0a3cb9ebb7b4 (patch) | |
| tree | 9a24f5c220df57ac3118a07bbc2d39dd3f50b495 /accel-pppd/accel-ppp.conf | |
| parent | ebc291f26c82248b5a1250c751d6d8f9623b09ae (diff) | |
| download | accel-ppp-0ac7701588db59aeb443f0b26bee0a3cb9ebb7b4.tar.gz accel-ppp-0ac7701588db59aeb443f0b26bee0a3cb9ebb7b4.zip | |
sstp: implement Crypto Binding's Certificate hash & proto checking per 3.3.5.2.3
Warning: config options are changed aligned with general accel-ppp style.
Following cases, including no-openssl build are supported:
ssl | ssl-pemfile | behavior
1 set get both sha1 & sha256 from the certificate
0 set get both sha1 & sha256 from the certificate
0 unset use cert-hash-sha1 and/or cert-hash-sha256 hex options
no-openssl use cert-hash-sha1 and/or cert-hash-sha256 hex options
cert-hash-sha1 and/or cert-hash-sha256 hex options override certificate's,
so it's possible to turn certficate hash verification off with just empty
values (default).
Diffstat (limited to 'accel-pppd/accel-ppp.conf')
| -rw-r--r-- | accel-pppd/accel-ppp.conf | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index ee9f7f5c..a4a4a714 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -110,10 +110,13 @@ verbose=1 [sstp] verbose=1 +#cert-hash-proto=sha1,sha256 +#cert-hash-sha1= +#cert-hash-sha256= #ssl=1 -#ssl_ciphers=HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 -#ssl_ca_file=/etc/ssl/sstp-ca.crt -#ssl_pemfile=/etc/ssl/sstp.pem +#ssl-ciphers=HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 +#ssl-ca-file=/etc/ssl/sstp-ca.crt +#ssl-pemfile=/etc/ssl/sstp.pem #timeout=60 #hello-interval=60 #ip-pool=sstp |