Am 26.07.20 um 01:51 schrieb Arne Schwabe: > When a server sends a client a push request, the client will reply > with a push reply. The reply is bogus and almost empty since almost > all the options that are normally set (remote ip etc) are unset. > > I checked 2.4 and master and this does not have any security implications > or other bugs but it is still better to refuse this. > > This code also refactors the method to get rid of the ret variable to > make the code flow easier to understand.
On further discussion on IRC, retract this patch. The tls-server/tls-client pair as a p2p pair with one side (does not even need to be the one with tls-server) can have multiple "push xy" in the config. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
