diff options
author | Arne Schwabe | 2022-09-14 18:50:41 +0200 |
---|---|---|
committer | Gert Doering | 2022-09-18 16:30:32 +0200 |
commit | 179b3728b71013413885e453e477997f5a396f78 (patch) | |
tree | 1200443c055887f569a9956bf1908decba20e44f /src/openvpn/ssl.c | |
parent | 5ac33a88b10584c3e52dc0c01dad2571b75be239 (diff) | |
download | openvpn-179b3728b71013413885e453e477997f5a396f78.zip openvpn-179b3728b71013413885e453e477997f5a396f78.tar.gz |
Implement exit notification via control channel
Current exit notification relies on data channel messages with specific
prefix. Adding these to new data channel modules (DCO) adds unncessary
complexity for the data for messages that from their idea belong to the
control channel anyway.
This patch adds announcing support for control channel and sending/receving
it. We use the simple EXIT message for this.
Patch v2: add comment about protocol-flags to be not a user visible option,
fix various grammar mistakes, remove unused argument to
receive_exit_message
Patch v3: rename data_channel_crypto_flags to imported_protocol_flags
add tls-ekm to protocol-flags.
Patch v4: rebase, use a buffer for the code that prepares the push reply
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220914165041.2658423-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25209.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl.c')
-rw-r--r-- | src/openvpn/ssl.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 33e145b..d3f7a02 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1719,7 +1719,7 @@ tls_session_update_crypto_params(struct tls_multi *multi, } /* Import crypto settings that might be set by pull/push */ - session->opt->crypto_flags |= options->data_channel_crypto_flags; + session->opt->crypto_flags |= options->imported_protocol_flags; return tls_session_update_crypto_params_do_work(multi, session, options, frame, frame_fragment, lsi); @@ -1969,6 +1969,9 @@ push_peer_info(struct buffer *buf, struct tls_session *session) /* support for the --dns option */ iv_proto |= IV_PROTO_DNS_OPTION; + /* support for exit notify via control channel */ + iv_proto |= IV_PROTO_CC_EXIT_NOTIFY; + /* support for receiving push_reply before sending * push request, also signal that the client wants * to get push-reply messages without without requiring a round |