git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Sun, 28 Mar 2021 12:02:41 +0000 (14:02 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 20 Apr 2021 09:39:10 +0000 (11:39 +0200)
commit	a005044be9ca77ee8a47cb65a603d0b1c41b99f4
tree	51e205b720921570b0413dcda31f2b0099588eb7	tree
parent	0767d5b447044e4cdcfd198058aef1f85f63bbe6	commit \| diff

Fix condition to generate session keys

When OpenVPN sees a new (SSL) connection via HARD_RESET or SOFT_RESET with
the same port/ip as an existing session, it will give it the slot of the
renegotiation session (TM_UNTRUSTED). And when the authentication
succeeds it will replace the current session. In the case of a SOFT_RESET
this a renegotiation and we will generated data channel keys at the of
key_method_2_write function as key-id > 0.

For a HARD RESET the key-id is 0. Since we already have gone through
connect stages and set context_auth to CAS_SUCCEEDED, we don't
call all the connect stages again, and therefore also never call
multi_client_generate_tls_keys for this session.

This commit changes postponing the key generation to be done only if
the multi_connect has not yet been finished.

Patch V2: Explain better in the commit message why this change is done.

Trac: #1316

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210328120241.27605-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21873.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>