From: Arne Schwabe Date: Sat, 11 Jul 2020 09:36:42 +0000 (+0200) Subject: Allow changing fallback cipher from ccd files/client-connect X-Git-Tag: v2.5_beta1~78 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6168f53d6b7274026d4f392a22e64524a9b264d6;p=thirdparty%2Fopenvpn.git Allow changing fallback cipher from ccd files/client-connect This allows to control the fallback cipher that is used when the client/server do have any common cipher on a per client basis. The patch is similar to Steffan's [PATCH v4] Allow changing cipher from a ccd file. Steffan's old patch also moves the cipher negotiation to multi_established_connection() which I independently discovered and implemented in commit 5e78bf66fa9 (Extract process_incoming_push_reply from process_incoming_push_msg) Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20200711093655.23686-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20281.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/options.c b/src/openvpn/options.c index b93fd4fec..bf2760e1e 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -7892,7 +7892,7 @@ add_option(struct options *options, } else if (streq(p[0], "cipher") && p[1] && !p[2]) { - VERIFY_PERMISSION(OPT_P_NCP); + VERIFY_PERMISSION(OPT_P_NCP|OPT_P_INSTANCE); options->ciphername = p[1]; } else if (streq(p[0], "ncp-ciphers") && p[1] && !p[2]) diff --git a/src/openvpn/options.h b/src/openvpn/options.h index c83a46aa6..c37006d3c 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -677,7 +677,7 @@ struct options #define OPT_P_MTU (1<<14) /* TODO */ #define OPT_P_NICE (1<<15) #define OPT_P_PUSH (1<<16) -#define OPT_P_INSTANCE (1<<17) +#define OPT_P_INSTANCE (1<<17) /**< allowed in ccd, client-connect etc*/ #define OPT_P_CONFIG (1<<18) #define OPT_P_EXPLICIT_NOTIFY (1<<19) #define OPT_P_ECHO (1<<20)