Fixed an issue where if reneg-sec was set to 0 on the client,

so that the server-side value would take precedence,
the auth_deferred_expire_window function would incorrectly
return a window period of 0 seconds.  In this case, the
correct window period should be the handshake window
period.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/ssl.c b/ssl.c
index 82e04a3b9b71e016383b20cf9813069c9ce95de1..102b02e2da9615d8699fabffce4673d6aba6a538 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -3702,9 +3702,12 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
 static int
 auth_deferred_expire_window (const struct tls_options *o)
 {
-  const int hw = o->handshake_window;
+  int ret = o->handshake_window;
   const int r2 = o->renegotiate_seconds / 2;
-  return min_int (hw, r2);
+
+  if (o->renegotiate_seconds && r2 < ret)
+    ret = r2;
+  return ret;
 }
 
 /*