From: Selva Nair <selva.nair@gmail.com>
Date: Fri, 17 Jun 2016 02:54:53 +0000 (-0400)
Subject: Fix management-external-cert option parsing error
X-Git-Tag: v2.4_alpha1~62
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d023fb661cca578dc977c9bd5e7d681de15e38a3;p=thirdparty%2Fopenvpn.git

Fix management-external-cert option parsing error

 - Allow --management-external-cert as an alternative to --cert
 - Also make sure --cert and --management-external-cert are not
   both specified, and clarify in the man page that the latter
   must be used with --management-external-key.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1466132093-1178-1-git-send-email-selva.nair@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11929
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index c2169cf9d..ac8036ffb 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2650,6 +2650,7 @@ option (client-only).
 .B certificate-hint
 is an arbitrary string which is passed to a management
 interface client as an argument of NEED-CERTIFICATE notification.
+Requires \-\-management\-external\-key.
 .\"*********************************************************
 .TP
 .B \-\-management\-forget\-disconnect
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index c6477932d..3adeb155f 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2263,6 +2263,13 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
 	   {
 		 msg (M_USAGE, "--key and --management-external-key are mutually exclusive");
 	   }
+	 else if((options->management_flags & MF_EXTERNAL_CERT))
+	   {
+		 if (options->cert_file)
+		   msg (M_USAGE, "--cert and --management-external-cert are mutually exclusive");
+		 else if(!(options->management_flags & MF_EXTERNAL_KEY))
+		   msg (M_USAGE, "--management-external-cert must be used with --management-external-key");
+	   }
 	 else
 #endif
 #ifdef ENABLE_CRYPTOAPI
@@ -2318,14 +2325,14 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
 	  if (pull)
 	    {
 
-	      const int sum = (options->cert_file != NULL) +
+	      const int sum =
 #ifdef MANAGMENT_EXTERNAL_KEY
-			((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY));
+		((options->cert_file != NULL) || (options->management_flags & MF_EXTERNAL_CERT))    +
+		((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY));
 #else
-		    (options->priv_key_file != NULL);
+		(options->cert_file != NULL) + (options->priv_key_file != NULL);
 #endif
 
-
 	      if (sum == 0)
 		{
 #if P2MP