From: James Yonan <james@openvpn.net>
Date: Sat, 6 Mar 2010 15:38:23 +0000 (+0000)
Subject: Fixed an issue where if reneg-sec was set to 0 on the client,
X-Git-Tag: v2.2-beta1~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=112e6704c963841f65f2bdd958f289fd7e50f007;p=thirdparty%2Fopenvpn.git

Fixed an issue where if reneg-sec was set to 0 on the client,
so that the server-side value would take precedence,
the auth_deferred_expire_window function would incorrectly
return a window period of 0 seconds.  In this case, the
correct window period should be the handshake window
period.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5
---

diff --git a/ssl.c b/ssl.c
index 82e04a3b9..102b02e2d 100644
--- a/ssl.c
+++ b/ssl.c
@@ -3702,9 +3702,12 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
 static int
 auth_deferred_expire_window (const struct tls_options *o)
 {
-  const int hw = o->handshake_window;
+  int ret = o->handshake_window;
   const int r2 = o->renegotiate_seconds / 2;
-  return min_int (hw, r2);
+
+  if (o->renegotiate_seconds && r2 < ret)
+    ret = r2;
+  return ret;
 }
 
 /*