The NCP rework introduced a regression of sending a --cipher
command as part of the push message when the client does not
support NCP. This is is more a cosmetic issue since the client
will log that as warning in the log and ignore it.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/push.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 2183b74a..1c4f2033 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -472,9 +472,15 @@ prepare_push_reply(struct context *c, struct gc_arena *gc,
/*
* Push the selected cipher, at this point the cipher has been
- * already negotiated and been fixed
+ * already negotiated and been fixed.
+ *
+ * We avoid pushing the cipher to clients not supporting NCP
+ * to avoid error messages in their logs
*/
- push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername);
+ if (tls_peer_supports_ncp(c->c2.tls_multi->peer_info))
+ {
+ push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername);
+ }
return true;
}
--
2.26.2
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
