Hi,
On 27/04/2021 12:21, Arne Schwabe wrote:
>
>>
>>> @@ -369,7 +369,7 @@ bool
>>> send_auth_pending_messages(struct tls_multi *tls_multi, const char *extra,
>>> unsigned int timeout)
>>> {
>>> - struct key_state *ks = &tls_multi->session[TM_ACTIVE].key[KS_PRIMARY];
>>> + struct key_state *ks = get_key_scan(tls_multi, 0);
>>
>> why not calling get_primary_key() here and in all other spots where we
>> ask for the 0th key in the scan?
>>
>
> This function needs a non-const variant and get_primary_key returns a
> const struct.
>
>
Right, I missed that.
>>> +/** gets an item of \c key_state objects in the
>>> + * order they should be scanned by data
>>> + * channel modules. */
>>> +static inline const struct key_state *
>>> +get_primary_key(const struct tls_multi *multi)
>>> +{
>>> + return &multi->session[TM_ACTIVE].key[KS_PRIMARY];
>>> +}
>>
>> Why not implementing this as get_key_scan(multi, 0); ?
>>
>
> That breaks the constness of the argument.
I have seen that there is only one place where we call get_primary_key()
with a const argument and that is tls_test_payload_len().
However, I think what you came up with is still the easiest
thing...unless somebody else comes up with a smarter idea.
Maybe in the future we'll be able to clean this up further.
For me the patch looks good as it is.
Compile rig is happy.
Basic connectivity test and renegotiation test with OpenSSL passed.
Acked-by: Antonio Quartulli <anto...@openvpn.net>
Regards,
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
