Hi, On 08/05/2020 13:42, David Sommerseth wrote: > A configuration file using --persist-key and with inlined --tls-auth or > --tls-crypt files was failing in check_file_access(). The file argument > to check_file_access() contained the key file and not the file name. > > This was because check_file_access_inline() which calls > check_file_access() if the file is not inlined was told the file was not > an inline file. > > The reason the check_file_access_inline() was misled was due to a prior > option_postprocess_mutate() call puts these key files into a connection > block entry in option_postprocess_mutate_ce(). OpenVPN was modified a > long while ago to always use connection blocks in the option structure > for simplicity. So the "root" key files would be transferred into a > connection entry in this method. > > When --persist-key is used, option_postprocess_mutate_ce() will load the > key file and "convert" the option into an inline option. But in > commit cb2e9218f2bc73fa2 this logic had lost the "inline indicator". The > result was that the connection entry had the key file content stored in > the object but was "tagged" as a normal file (name) not an inline file. > > Signed-off-by: David Sommerseth <dav...@openvpn.net>
Thanks for fixing my bugs :-) Unfortunately the code has changed a bit since the issue of v1 until v11...so these nasty errors sneaked in. Acked-by: Antonio Quartulli <a...@unstable.cc> -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
