]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 136c5f0) | patch
Fix client NCP OCC fallback when server and client cipher are identical
authorArne Schwabe <arne@rfc2549.org>
Sun, 30 Aug 2020 13:14:40 +0000 (15:14 +0200)
committerGert Doering <gert@greenie.muc.de>
Sun, 30 Aug 2020 13:19:21 +0000 (15:19 +0200)
commit6ffe64e34004967a96514cc55abb22215fbe5640
treeee7acced30d2963962408f39327fc67c661dfc83tree
parent136c5f015c3e7eceecc07a45655d5da5616e9131commit | diff
Fix client NCP OCC fallback when server and client cipher are identical

If we do not get a cipher pushed we call tls_poor_mans_ncp to determine
whether we can use the server's cipher. Inherited from OpenVPN
2.4's code we only did this check when the ciphers were different.
Since OpenVPN 2.5 does not assume that our cipher we report in OCC
(options->ciphername) is always a valid cipher we always need to perform
this check.

V2: Only call tls_item_in_cipher_list if remote_cipher is non-null to
    avoid calling strcmp with NULL.

Reported-By: Rafael Gava <gava100@gmail.com>
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200830131440.10933-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20843.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/ssl_ncp.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git