On 18-06-17 11:22, Gert Doering wrote:
> The NCP (data channel crypto negotiation) code on the client side waits
> for an incoming PUSH_REPLY before setting up the data channel crypto
> parameters, because the PUSH_REPLY could contain a "cipher xxx" setting.
>
> In the particular case of a empty PUSH_REPLY message, the relevant code
> bits was not called because "we have not received any options, do not
> bother to look into it in more detail" - so, ciphers were not set up,
> resulting in an error message like this:
>
> Key [AF_INET]... [0] not initialized (yet), dropping packet.
>
> Remove that check, always init the crypto layer on PUSH_REPLY.
>
> Trac: #903
>
> Signed-off-by: Gert Doering <g...@greenie.muc.de>
> ---
> src/openvpn/init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/openvpn/init.c b/src/openvpn/init.c
> index 2532cf8..91ab28e 100644
> --- a/src/openvpn/init.c
> +++ b/src/openvpn/init.c
> @@ -1925,7 +1925,7 @@ do_up(struct context *c, bool pulled_options, unsigned
> int option_types_found)
> {
> reset_coarse_timers(c);
>
> - if (pulled_options && option_types_found)
> + if (pulled_options)
> {
> if (!do_deferred_options(c, option_types_found))
> {
>
ACK - this allows the NCP code in do_deferred_options() to do what it
wanted to.
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
