Hi, On Sat, Sep 04, 2021 at 11:56:28AM +0200, Antonio Quartulli wrote: > diff --git a/src/openvpn/options.c b/src/openvpn/options.c > index f2fb6d64..6f6eb73d 100644 > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -850,6 +850,7 @@ init_options(struct options *o, const bool init_gc) > o->use_prediction_resistance = false; > #endif > o->tls_timeout = 2; > + o->ssl_flags = (TLS_VER_1_2 << SSLF_TLS_VERSION_MIN_SHIFT); > o->renegotiate_bytes = -1; > o->renegotiate_seconds = 3600; > o->renegotiate_seconds_min = -1;
This code confuses me. We now unconditionally initialize ssl_flags to
"TLS_VER_1_2"...
> @@ -3140,6 +3141,21 @@ need_compatibility_before(const struct options *o, int
> version)
> static void
> options_set_backwards_compatible_options(struct options *o)
> {
> + /* TLS min version is not set */
> + if ((o->ssl_flags & SSLF_TLS_VERSION_MIN_MASK) == 0)
> + {
... and then we check if that happens to be "0", so we can invoke the
compat handler...
The first hunk looks wrong.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
