From d2830839317bb7963d5e76cf3c2f713cb3aebae3 Mon Sep 17 00:00:00 2001 From: albertony <12441419+albertony@users.noreply.github.com> Date: Mon, 8 Nov 2021 21:55:14 +0100 Subject: [PATCH] Updated according to v2.4.0 --- Command-Line.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/Command-Line.md b/Command-Line.md index 930dde4..151fd8d 100644 --- a/Command-Line.md +++ b/Command-Line.md @@ -64,8 +64,8 @@ This will only effect command prompts opened after the change. The command line version of Barrier is a single client executable `barrierc.exe` and a single server executable `barriers.exe`. They both have a dependency to OpenSSL -libraries, `libeay32.dll` and `ssleay32.dll` (used for encryption with argument -`--enable-crypto`), as well as Microsoft Visual C++ runtime libraries. +libraries, `libeay32.dll` and `ssleay32.dll` (used for encryption, unless argument +`--disable-crypto`), as well as Microsoft Visual C++ runtime libraries. From an existing installation you can copy the necessary program files to a location of choice, to get a command line only portable (depending on configuration) @@ -79,12 +79,10 @@ ssleay32.dll ``` To be able to generate server certificate, you can also choose to include the OpenSSL -application itself (on the server), together with Barrier's predefined OpenSSL -configuration file: +application itself (on the server): ``` openssl.exe -barrier.conf ``` As long as you have the [Microsoft Visual C++ Redistributable for Visual Studio 2019](https://visualstudio.microsoft.com/downloads/) installed (or copy the necessary runtime libaries @@ -164,8 +162,10 @@ Options: -l --log write log messages to file. --no-tray disable the system tray icon. --enable-drag-drop enable file drag & drop. - --enable-crypto enable the crypto (ssl) plugin. + --enable-crypto enable the crypto (ssl) plugin (default, deprecated). + --disable-crypto disable the crypto (ssl) plugin. --profile-dir use named profile directory instead. + --drop-dir use named drop target directory instead. -f, --no-daemon run in the foreground. ``` @@ -193,8 +193,10 @@ Options: -l --log write log messages to file. --no-tray disable the system tray icon. --enable-drag-drop enable file drag & drop. - --enable-crypto enable the crypto (ssl) plugin. + --enable-crypto enable the crypto (ssl) plugin (default, deprecated). + --disable-crypto disable the crypto (ssl) plugin. --profile-dir use named profile directory instead. + --drop-dir use named drop target directory instead. -f, --no-daemon run in the foreground. --daemon run as a daemon. (*) ``` @@ -552,8 +554,8 @@ sections, `[General]` and `[internalConfig]`. ## SSL/TLS Configuration Barrier supports SSL/TLS encryption, by use of the `OpenSSL` library (included). -This must be anabled with command line argument `--enable-crypto`, and requires a -certificate and fingerprint to be configured. +Starting with version 2.4.0 this is enabled by default, but requires a certificate +and fingerprint. The SSL related configuration is kept in subdirectory "SSL" in the same user specific location as the [text file configuration](#text_config) is loaded from: By default @@ -604,7 +606,7 @@ SET OPENSSL_CONF=C:\Program Files\Barrier\barrier.conf SET RANDFILE=%LocalAppData%\Barrier\SSL\.rnd "C:\Program Files\Barrier\openssl.exe" req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:2048 -keyout "%LocalAppData%\Barrier\SSL\Barrier.pem" -out "%LocalAppData%\Barrier\SSL\Barrier.pem" IF EXIST "%RANDFILE%" DEL "%RANDFILE%" -FOR /F "tokens=2 delims=^=" %a in ('""C:\Program Files\Barrier\openssl.exe" x509 -fingerprint -sha1 -noout -in "%LocalAppData%\Barrier\SSL\Barrier.pem""') DO ECHO %a > "%LocalAppData%\Barrier\SSL\Fingerprints\Local.txt" +FOR /F "tokens=2 delims=^=" %a in ('""C:\Program Files\Barrier\openssl.exe" x509 -fingerprint -sha256 -noout -in "%LocalAppData%\Barrier\SSL\Barrier.pem""') DO ECHO %a > "%LocalAppData%\Barrier\SSL\Fingerprints\Local.txt" ``` Now, on any clients you must manually ensure there is a text file