diff options
Diffstat (limited to 'src/openvpn/options.c')
| -rw-r--r-- | src/openvpn/options.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 772323d..4e19d7c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -7979,6 +7979,20 @@ add_option(struct options *options, } options->ncp_ciphers = p[1]; } + else if (streq(p[0], "key-derivation") && p[1]) + { + VERIFY_PERMISSION(OPT_P_NCP) +#ifdef HAVE_EXPORT_KEYING_MATERIAL + if (streq(p[1], "tls-ekm")) + { + options->data_channel_use_ekm = true; + } + else +#endif + { + msg(msglevel, "Unknown key-derivation method %s", p[1]); + } + } else if (streq(p[0], "ncp-disable") && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE); @@ -8707,6 +8721,11 @@ add_option(struct options *options, "\"EXPORTER\""); goto err; } + if (streq(p[1], EXPORT_KEY_DATA_LABEL)) + { + msg(msglevel, "Keying material exporter label must not be '" + EXPORT_KEY_DATA_LABEL "'."); + } if (ekm_length < 16 || ekm_length > 4095) { msg(msglevel, "Invalid keying material exporter length"); |