mirror of
https://github.com/OpenVPN/openvpn.git
synced 2026-04-15 22:20:38 -04:00
Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
The NCP (data channel crypto negotiation) code on the client side waits
for an incoming PUSH_REPLY before setting up the data channel crypto
parameters, because the PUSH_REPLY could contain a "cipher xxx" setting.
In the particular case of a empty PUSH_REPLY message, the relevant code
bits was not called because "we have not received any options, do not
bother to look into it in more detail" - so, ciphers were not set up,
resulting in an error message like this:
Key [AF_INET]... [0] not initialized (yet), dropping packet.
Remove that check, always init the crypto layer on PUSH_REPLY.
Trac: #903
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170618092244.8801-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14856.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Gert Doering
parent
0776a8c60f
commit
bd230079d9
1 changed files with 1 additions and 1 deletions
|
|
@ -1925,7 +1925,7 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
|
|||
{
|
||||
reset_coarse_timers(c);
|
||||
|
||||
if (pulled_options && option_types_found)
|
||||
if (pulled_options)
|
||||
{
|
||||
if (!do_deferred_options(c, option_types_found))
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue