If an optional cipher was found at the end of --data-cipher that was
not available, it would reset the error and allow non optional ciphers
to be ignored.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
20211206150852.
3142891-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=
20211206150852.
3142891-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit
868433857fbf8d71515ac0ffecb98eae893515dc)
{
const char* optstr = optional ? "optional ": "";
msg(M_WARN, "Unsupported %scipher in --data-ciphers: %s", optstr, token);
- error_found = !optional;
+ error_found = error_found || !optional;
}
else
{
/* All unsupported should still yield an empty list */
assert_ptr_equal(mutate_ncp_cipher_list("?kugelfisch:?grasshopper", &gc), NULL);
+ /* If the last is optional, previous invalid ciphers should be ignored */
+ assert_ptr_equal(mutate_ncp_cipher_list("Vollbit:Littlebit:AES-256-CBC:BF-CBC:?nixbit", &gc), NULL);
+
/* For testing that with OpenSSL 1.1.0+ that also accepts ciphers in
* a different spelling the normalised cipher output is the same */
bool have_chacha_mixed_case = cipher_kt_get("ChaCha20-Poly1305");
projects / thirdparty / openvpn.git / commitdiff
