Hi, On Wed, Nov 23, 2016 at 11:58:49PM +0100, Steffan Karger wrote: > This will end up with the server and client using cipher bar (if the > server has --ncp-ciphers <somehting>:bar). The client-side poor-man's > NCP is already guarded by "if (c->options.ncp_enabled)" (in > do_deferred_options()).
Good point. Seems I was not very much awake anymore :-)
/* process (potentially pushed) crypto options */
if (c->options.pull)
{
struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE];
if (found & OPT_P_NCP)
{
msg (D_PUSH, "OPTIONS IMPORT: data channel crypto options modified");
}
else if (c->options.ncp_enabled)
{
tls_poor_mans_ncp(&c->options, c->c2.tls_multi->remote_ciphername);
}
... all fine, then.
thanks,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
