]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b70b2fc) | patch
Refactor NCP-negotiable options handling
authorLev Stipakov <lev@openvpn.net>
Thu, 20 Sep 2018 13:12:34 +0000 (16:12 +0300)
committerGert Doering <gert@greenie.muc.de>
Fri, 5 Oct 2018 09:51:17 +0000 (11:51 +0200)
commit5fa25eeb7fefdbb17ad639d72fe46f393989159f
treefa0fbed5d092e8e4b182db12ffc49eac0b32e16etree
parentb70b2fc248147c1e7f22042e75fcd0a03d912151commit | diff
Refactor NCP-negotiable options handling

NCP negotiation can alter options. On reconnect
client sends possibly altered options while server
expects original values. This leads to warnings
in log and, if server uses --opt-verify, breaks
reconnect.

Fix by decouple setting/unsetting NCP options from
the state of TLS context. At startup (and once per sighup)
we load original values to c->c1, which persists over
sigusr1 (restart). When tearing tunnel down we restore
(possibly altered) options back to original values.

Trac: #1105

Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1537449154-26879-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17477.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/init.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git