]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 21a307d) | patch
Refactor NCP-negotiable options handling
authorLev Stipakov <lev@openvpn.net>
Thu, 20 Sep 2018 13:12:34 +0000 (16:12 +0300)
committerGert Doering <gert@greenie.muc.de>
Fri, 5 Oct 2018 10:00:37 +0000 (12:00 +0200)
commitd2ff5164e68e5101b1da2d2d818e23eb7851dc9f
tree532ac880931c6792bd14ac574b227f7eee57b396tree
parent21a307dd7252a066f204dee52a4cf569a4a48a1dcommit | diff
Refactor NCP-negotiable options handling

NCP negotiation can alter options. On reconnect
client sends possibly altered options while server
expects original values. This leads to warnings
in log and, if server uses --opt-verify, breaks
reconnect.

Fix by decouple setting/unsetting NCP options from
the state of TLS context. At startup (and once per sighup)
we load original values to c->c1, which persists over
sigusr1 (restart). When tearing tunnel down we restore
(possibly altered) options back to original values.

Trac: #1105

Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1537449154-26879-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17477.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5fa25eeb7fefdbb17ad639d72fe46f393989159f)
src/openvpn/init.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git