>
> Yes. Makes sense. The change makes it is a lot more clear. I think it is
> actually not equivalent but the new one is definitively the correct one.
>
I looked at the code again and I have to actually retract my ACK.
The previous code means P2P mode with static key or P2P mode without
--pull while the new condition means only P2P mode with static key.
The code that follows for that section should be better commented:
if (!o->ciphername)
{
o->ciphername = "BF-CBC";
}
else
{
o->enable_ncp_fallback = true;
}
return;
It basically condeses to having always a valid string in o->ciphername,
which is then used in static key code (which ignores data-ciphers) or
allowing falling back to the cipher explicitly set via --cipher if we
are in TLS mode (with NCP) but not to the implicit BF-CBC.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
