If --persist-key was used, we would always try to pre-load the 'global'
tls-auth/crypt file. That would result in using the wrong key (leading
to a failed connection) or en error is there was to 'global' key:
Sat Jan 19 11:09:01 2019 Cannot pre-load tls-auth keyfile ((null))
Sat Jan 19 11:09:01 2019 Exiting due to fatal error
Fix that by loading loading the key from the current connection entry.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <
20190119103400.12887-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18123.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
{
if (ce->tls_auth_file && !ce->tls_auth_file_inline)
{
- struct buffer in = buffer_read_from_file(o->tls_auth_file, &o->gc);
+ struct buffer in = buffer_read_from_file(ce->tls_auth_file, &o->gc);
if (!buf_valid(&in))
{
msg(M_FATAL, "Cannot pre-load tls-auth keyfile (%s)",
- o->tls_auth_file);
+ ce->tls_auth_file);
}
ce->tls_auth_file = INLINE_FILE_TAG;
if (ce->tls_crypt_file && !ce->tls_crypt_inline)
{
- struct buffer in = buffer_read_from_file(o->tls_crypt_file, &o->gc);
+ struct buffer in = buffer_read_from_file(ce->tls_crypt_file, &o->gc);
if (!buf_valid(&in))
{
msg(M_FATAL, "Cannot pre-load tls-crypt keyfile (%s)",
- o->tls_auth_file);
+ ce->tls_crypt_file);
}
ce->tls_crypt_file = INLINE_FILE_TAG;
projects / thirdparty / openvpn.git / commitdiff
