diff options
author | Arne Schwabe | 2023-03-01 14:53:53 +0100 |
---|---|---|
committer | Gert Doering | 2023-03-20 17:25:37 +0100 |
commit | da083c3b9bc1b5720a4dcbef9c32bbbbec0dcce6 (patch) | |
tree | 66925a7aaa4683430a80e31fbf52014397c015f5 /.travis.yml | |
parent | 31279f71ab4124516fd0c2143f67a0c3f008ad20 (diff) | |
download | openvpn-da083c3b9bc1b5720a4dcbef9c32bbbbec0dcce6.zip openvpn-da083c3b9bc1b5720a4dcbef9c32bbbbec0dcce6.tar.gz |
Make sending plain text control message session aware
The control messages coming from auth pending should always be on the
session that triggered them (i.e. INITIAL or ACTIVE) and not always on the
active session. Rework the code path that trigger those messsages from
management and plugin/script to specify the TLS session.
We only support the two TLS sessions that are supposed to be active. TLS
sessions in any lame slot (TM_LAME or KS_LAME) are not considered to be
candidates for sending messages as these slots only serve to keep key
material around.
Unfortunately, this fix requires the management interface to be changed
to allow including the specific session the messages should to go to. As
there are very few users of this interface with auth-pending, I made this
a hard change instead of adding hacky workaround code that is not always
working correctly anyway.
send_control_channel_string() will continue to only use the primary session
and key but the current users of that (push replys and exit notification)
already require the established session to be the active one, so there
no changes needed at the moment.
Github: fixes OpenVPN/openvpn#256
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230301135353.2811069-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26320.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a261e173341f8e68505a6ab5a413d09b0797a459)
Diffstat (limited to '.travis.yml')
0 files changed, 0 insertions, 0 deletions