Hi, has anyone ever used "--cipher" without an argument? If yes, what is the intended usage? It sort of "tells openvpn we want crypto!" but does not go into detail about it...
Normally, this would just be a random weird option, but I ran across
--cipher none --cipher
which first tells openvpn "nah, we do not want anything!" and sets
a pointer to NULL, and then tells openvpn "but please *do* use the
ciphers already setup!", which core dumps.
This is not remotely exploitable, so not a *security* issue, but a bit
stupid nonetheless - so I propose we just throw out "--cipher" with
no arguments (--cipher none, or --cipher bf-cbc would, of course,
continue to work).
Anyone having a good argument against it? JJK, do you happen to know
what this is about?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
