git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Antonio Quartulli <a@unstable.cc>
	Sun, 8 Jul 2018 02:45:17 +0000 (10:45 +0800)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 24 Jul 2018 12:20:46 +0000 (14:20 +0200)
commit	5817b49b4ca39f86eabb092c562b72d46d5509f7
tree	02bf6338071ee1013232515f05f89765c8ef3551	tree
parent	a5d35a01dcf73e6a93f59d687adb6e5be38c7750	commit \| diff

crypto: always reload tls-auth/crypt key contexts

In preparation to having tls-auth/crypt keys per connection
block, it is important to ensure that such material is always
reloaded upon SIGUSR1, no matter if `persist-key` was specified
or not.

This is required because when moving from one remote to the
other the key may change and thus the key context needs to
be refreshed.

To ensure that the `persist-key` logic will still work
as expected, the tls-auth/crypt key is pre-loaded so that
the keyfile is not required at runtime.

Trac: #720
Cc: Steffan Karger <steffan@karger.me>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20180708024517.27108-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17237.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/buffer.c		diff \| blob \| blame \| history
src/openvpn/buffer.h		diff \| blob \| blame \| history
src/openvpn/crypto.c		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
tests/unit_tests/openvpn/Makefile.am		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_buffer.c		diff \| blob \| blame \| history