From 223baa9c9b818e4c542a9037f190f53ce6f7af5c Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 22 May 2023 12:11:38 +0200 Subject: [PATCH] Fix CR_RESPONSE mangaement message using wrong key_id the management interface expects the management key id instead of the openvpn key id. In the past they often were the same for low ids which hid the bug quite well. Also do not pick uninitialised keystates (management key_id is not valid in these). Patch v2: do not add logging Change-Id: If9fa1165a0e886b570b3738546ed810a32367cbe Signed-off-by: Arne Schwabe Tested-By: Jemmy Wang Github: fixes OpenVPN/openvpn#359 Acked-by: Selva Nair Message-Id: <20230522101138.2842378-2-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26719.html Signed-off-by: Gert Doering --- src/openvpn/push.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/push.c b/src/openvpn/push.c index ddfc28b4d..01e7cd6e0 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -265,9 +265,9 @@ receive_cr_response(struct context *c, const struct buffer *buffer) struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE]; struct man_def_auth_context *mda = session->opt->mda_context; struct env_set *es = session->opt->es; - int key_id = get_primary_key(c->c2.tls_multi)->key_id; + unsigned int mda_key_id = get_primary_key(c->c2.tls_multi)->mda_key_id; - management_notify_client_cr_response(key_id, mda, es, m); + management_notify_client_cr_response(mda_key_id, mda, es, m); #endif #if ENABLE_PLUGIN verify_crresponse_plugin(c->c2.tls_multi, m); -- 2.47.3