The current approach of checking a string buffer is a bit clunky and
also not very extensible. Refactor this by collecting the flags in
a buffer.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/push.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 0a66902a8..989316130 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -647,14 +647,18 @@ prepare_push_reply(struct context *c, struct gc_arena *gc,
}
}
+ struct buffer proto_flags = alloc_buf_gc(128, gc);
+
if (o->imported_protocol_flags & CO_USE_CC_EXIT_NOTIFY)
{
- const char *ekm = "";
+ buf_printf(&proto_flags, " cc-exit");
+
+ /* if the cc exit flag is supported, pushing tls-ekm via protocol-flags
+ * is also supported */
if (o->imported_protocol_flags & CO_USE_TLS_KEY_MATERIAL_EXPORT)
{
- ekm = " tls-ekm";
+ buf_printf(&proto_flags, " tls-ekm");
}
- push_option_fmt(gc, push_list, M_USAGE, "protocol-flags cc-exit%s",
ekm);
}
else if (o->imported_protocol_flags & CO_USE_TLS_KEY_MATERIAL_EXPORT)
{
@@ -662,6 +666,10 @@ prepare_push_reply(struct context *c, struct gc_arena *gc,
}
+ if (buf_len(&proto_flags) > 0)
+ {
+ push_option_fmt(gc, push_list, M_USAGE, "protocol-flags%s",
buf_str(&proto_flags));
+ }
return true;
}
--
2.32.1 (Apple Git-133)
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
