Incompatible changes to the --dns server address and --dns server
exclude-domains options were introduced after the code for handling them
was released. Add and send a new IV_PROTO flag, so servers which act on
the flags set can differentiate between clients which have implemented
--dns and those which just support the new option. This enables them to
decide which variant of options to send to the client.
Change-Id: I975057c20c1457ef88111f8d142ca3fd2039d5ff
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <
20240725112248.21075-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28970.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
/* support for P_DATA_V2 */
int iv_proto = IV_PROTO_DATA_V2;
- /* support for the --dns option */
- iv_proto |= IV_PROTO_DNS_OPTION;
+ /* support for the latest --dns option */
+ iv_proto |= IV_PROTO_DNS_OPTION_V2;
/* support for exit notify via control channel */
iv_proto |= IV_PROTO_CC_EXIT_NOTIFY;
* result. */
#define IV_PROTO_NCP_P2P (1<<5)
-/** Supports the --dns option introduced in version 2.6 */
+/** Supports the --dns option introduced in version 2.6. Not sent anymore. */
#define IV_PROTO_DNS_OPTION (1<<6)
/** Support for explicit exit notify via control channel
/** Support to dynamic tls-crypt (renegotiation with TLS-EKM derived tls-crypt key) */
#define IV_PROTO_DYN_TLS_CRYPT (1<<9)
+/** Supports the --dns option after all the incompatible changes */
+#define IV_PROTO_DNS_OPTION_V2 (1<<11)
+
/* Default field in X509 to be username */
#define X509_USERNAME_FIELD_DEFAULT "CN"
projects / thirdparty / openvpn.git / commitdiff
