diff options
author | Arne Schwabe | 2020-07-17 15:47:37 +0200 |
---|---|---|
committer | Gert Doering | 2020-07-22 08:58:59 +0200 |
commit | 4b59e2644a978074f0eed492d6541ba7b30b01a7 (patch) | |
tree | 37a1a6ec80458ad61ef0a0e7eb82f07613870c93 /src | |
parent | e6c86b24dbe8b001dfc8b9e9c4fad95e0f5973d4 (diff) | |
download | openvpn-4b59e2644a978074f0eed492d6541ba7b30b01a7.zip openvpn-4b59e2644a978074f0eed492d6541ba7b30b01a7.tar.gz |
Avoid sending --cipher to clients not supporting NCP
The NCP rework introduced a regression of sending a --cipher
command as part of the push message when the client does not
support NCP. This is is more a cosmetic issue since the client
will log that as warning in the log and ignore it.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200717134739.21168-7-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20437.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/openvpn/push.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 2183b74..1c4f203 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -472,9 +472,15 @@ prepare_push_reply(struct context *c, struct gc_arena *gc, /* * Push the selected cipher, at this point the cipher has been - * already negotiated and been fixed + * already negotiated and been fixed. + * + * We avoid pushing the cipher to clients not supporting NCP + * to avoid error messages in their logs */ - push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername); + if (tls_peer_supports_ncp(c->c2.tls_multi->peer_info)) + { + push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername); + } return true; } |