diff options
author | Gert Doering | 2016-08-22 22:24:47 +0200 |
---|---|---|
committer | David Sommerseth | 2016-08-23 12:41:06 +0200 |
commit | d90249f73353c175ed9e7dd0a450cd084a729e20 (patch) | |
tree | bc5132ac5bb17738a75d677d28db3837de88436c /src/openvpn/options.c | |
parent | e9d64bc03742c96a3d7fe2a473c43d40e5ba2001 (diff) | |
download | openvpn-d90249f73353c175ed9e7dd0a450cd084a729e20.zip openvpn-d90249f73353c175ed9e7dd0a450cd084a729e20.tar.gz |
Fix problems with NCP and --inetd.
NCP only works with --pull or --mode server, leading to breakage
in --inetd mode (because that has --tls-server, but not --mode server,
but clients can still ask for PUSH_REQUEST).
Fix by turning off o->ncp_enable unless (pull or mode server), and
double-fix by logging an appropriate message and refusing to change
ciphers if the server has already set up its keys.
v2: wrap long msg() text lines
Trac: 715
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: 1471897487-8354-1-git-send-email-gert@greenie.muc.de
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg00060.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Diffstat (limited to 'src/openvpn/options.c')
-rw-r--r-- | src/openvpn/options.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index c100d4c..e052042 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2614,6 +2614,15 @@ options_postprocess_mutate (struct options *o) if (streq (o->dh_file, "none")) o->dh_file = NULL; } + + /* cipher negotiation (NCP) currently assumes --pull or --mode server */ + if ( o->ncp_enabled && + ! (o->pull || o->mode == MODE_SERVER) ) + { + msg( M_WARN, "disabling NCP mode (--ncp-disable) because not " + "in P2MP client or server mode" ); + o->ncp_enabled = false; + } #endif #if ENABLE_MANAGEMENT |