diff options
author | Arne Schwabe | 2023-05-22 12:11:38 +0200 |
---|---|---|
committer | Gert Doering | 2023-07-07 18:17:45 +0200 |
commit | 0caf0389454c75ae9dfeda096a820446d2d1a926 (patch) | |
tree | b3ef15c5e8cbb6d08d94b43ff7459a3692b8e97c | |
parent | cbf295ab42affcbdc09261cf3a39eb1d3d9f9cb2 (diff) | |
download | openvpn-0caf0389454c75ae9dfeda096a820446d2d1a926.zip openvpn-0caf0389454c75ae9dfeda096a820446d2d1a926.tar.gz |
Fix CR_RESPONSE mangaement message using wrong key_id
the management interface expects the management key id instead
of the openvpn key id. In the past they often were the same for low ids
which hid the bug quite well.
Also do not pick uninitialised keystates (management key_id is not valid
in these).
Patch v2: do not add logging
Change-Id: If9fa1165a0e886b570b3738546ed810a32367cbe
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Tested-By: Jemmy Wang
Github: fixes OpenVPN/openvpn#359
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20230522101138.2842378-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26719.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 223baa9c9b818e4c542a9037f190f53ce6f7af5c)
-rw-r--r-- | src/openvpn/push.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 8e96271..8f0a534 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -267,9 +267,9 @@ receive_cr_response(struct context *c, const struct buffer *buffer) struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE]; struct man_def_auth_context *mda = session->opt->mda_context; struct env_set *es = session->opt->es; - int key_id = get_primary_key(c->c2.tls_multi)->key_id; + unsigned int mda_key_id = get_primary_key(c->c2.tls_multi)->mda_key_id; - management_notify_client_cr_response(key_id, mda, es, m); + management_notify_client_cr_response(mda_key_id, mda, es, m); #endif #if ENABLE_PLUGIN verify_crresponse_plugin(c->c2.tls_multi, m); |