Hi, On 31/10/2018 23:07, Steffan Karger wrote: > As reported by tincantech on the openvpn-devel IRC channel, a tls-crypt-v2 > client could be caused to trigger an assert in tls_crypt_wrap() because the > client key might not be correctly initialized after a reconnect attempt. > > This was caused by code that was written before the connection-block > tls-auth/tls-crypt logic was integrated (57d6f103), rebased on that change, > but not sufficiently changed to be compatible with the new logic. > > This commit fixes that bug. > > Note that I also moved the violating hunk of code to the same function > where the tls-auth and tls-crypt (v1) keys are initialized. Once moved > there, it is immediately clear that v2 didn't follow the same (new) logic. > > Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
Yeah, it probably was a "conflict" that went unnoticed. We now need to rely on the data stored in the Connection Entry (ce member of the options structure) as the tls-crypt* logic is "per connection block" and not global anymore. I performed some basic testing and all seems good. Thanks for fixing this! Acked-by: Antonio Quartulli <anto...@openvpn.net> -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
