From: Steffan Karger Date: Sat, 19 Jan 2019 10:34:00 +0000 (+0100) Subject: Fix tls-auth/crypt in connection blocks with --persist-key X-Git-Tag: v2.5_beta1~347 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dcfc51457789d8a62ff8bd266dd3a3bf0a0c9763;p=thirdparty%2Fopenvpn.git Fix tls-auth/crypt in connection blocks with --persist-key If --persist-key was used, we would always try to pre-load the 'global' tls-auth/crypt file. That would result in using the wrong key (leading to a failed connection) or en error is there was to 'global' key: Sat Jan 19 11:09:01 2019 Cannot pre-load tls-auth keyfile ((null)) Sat Jan 19 11:09:01 2019 Exiting due to fatal error Fix that by loading loading the key from the current connection entry. Signed-off-by: Steffan Karger Acked-by: Arne Schwabe Message-Id: <20190119103400.12887-1-steffan@karger.me> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18123.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0cf8db767..bebd30059 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2863,11 +2863,11 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) { if (ce->tls_auth_file && !ce->tls_auth_file_inline) { - struct buffer in = buffer_read_from_file(o->tls_auth_file, &o->gc); + struct buffer in = buffer_read_from_file(ce->tls_auth_file, &o->gc); if (!buf_valid(&in)) { msg(M_FATAL, "Cannot pre-load tls-auth keyfile (%s)", - o->tls_auth_file); + ce->tls_auth_file); } ce->tls_auth_file = INLINE_FILE_TAG; @@ -2876,11 +2876,11 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) if (ce->tls_crypt_file && !ce->tls_crypt_inline) { - struct buffer in = buffer_read_from_file(o->tls_crypt_file, &o->gc); + struct buffer in = buffer_read_from_file(ce->tls_crypt_file, &o->gc); if (!buf_valid(&in)) { msg(M_FATAL, "Cannot pre-load tls-crypt keyfile (%s)", - o->tls_auth_file); + ce->tls_crypt_file); } ce->tls_crypt_file = INLINE_FILE_TAG;