This prepares for extending this function with the HMAC based session ID
check.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/mudp.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 4fbe3c1a3..910268333 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -39,6 +39,20 @@
#include <sys/inotify.h>
#endif
+static bool
+do_pre_decrypt_check(struct multi_context *m)
+{
+ if (!m->top.c2.tls_auth_standalone)
+ {
+ return false;
+ }
+ if (!tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from,
&m->top.c2.buf))
+ {
+ return false;
+ }
+ return true;
+}
+
/*
* Get a client instance based on real address. If
* the instance doesn't exist, create it while
@@ -95,8 +109,7 @@ multi_get_create_instance_udp(struct multi_context *m, bool
*floated)
}
if (!mi)
{
- if (!m->top.c2.tls_auth_standalone
- || tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone,
&m->top.c2.from, &m->top.c2.buf))
+ if (do_pre_decrypt_check(m))
{
if (frequency_limit_event_allowed(m->new_connection_limiter))
{
--
2.32.0 (Apple Git-132)
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
