git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Tue, 1 Nov 2016 19:06:47 +0000 (20:06 +0100)
committer	David Sommerseth <davids@openvpn.net>
	Wed, 16 Nov 2016 15:09:49 +0000 (16:09 +0100)
commit	129d2924bb4179b7df4a157a0443c45f2279e92d
tree	56b38e9d6323b110724a83ab218e6e1fb2623530	tree
parent	b59fc7f42137a0474c069ab226c4d67c148e504f	commit \| diff

Restore pre-NCP cipher options on SIGUSR1

As reported by debbie10t on the openvpn-devel list (Message-ID:
<326b8ff7-39a6-1974-c0b0-82fd2abdc7b7@gmail.com>), an NCP client will
attempt to reconnect with the previously pushed cipher, instead of the
cipher from the config file, after a sigusr1 restart.  This can be a
problem when the server is reconfigured (as debbie10t explainted), or when
roaming to a differently-configured server.  Fix this by restoring the
cipher options from the config file after a sigusr1 restart.

This makes the cipher options behaviour different from other pushable
options, because those are also cached until a sighup restart.  We might
want to change this behaviour in general, but for now let's just fix the
issue at hand.

v2: also cache and restore keysize, as that parameter is relevant too.
v3: inherit cached cipher options from parent context.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1478027207-28651-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12869.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/openvpn.h		diff \| blob \| blame \| history