[Openvpn-devel] Fix tls-auth mismatch OCC message when tls-cryptv2 is used.

Message ID 20201211125957.7764-1-arne@rfc2549.org
State New
Headers show
Series
  • [Openvpn-devel] Fix tls-auth mismatch OCC message when tls-cryptv2 is used.
Related show

Commit Message

Arne Schwabe Dec. 11, 2020, 12:59 p.m.
A server with tls-cryptv2 and tls-auth produces the warning:

  WARNING: 'tls-auth' is present in local config but missing in remote config, local='tls-auth'"

The tls-auth option has no argument so the strpefix with the space
included does not match it.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/options.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Steffan Karger Dec. 13, 2020, 8:36 a.m. | #1
Hi,

On 11-12-2020 13:59, Arne Schwabe wrote:
> A server with tls-cryptv2 and tls-auth produces the warning:
> 
>   WARNING: 'tls-auth' is present in local config but missing in remote config, local='tls-auth'"
> 
> The tls-auth option has no argument so the strpefix with the space
> included does not match it.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> ---
>  src/openvpn/options.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index d824cbad..d9d492b2 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -4138,7 +4138,7 @@ options_warning_safe_scan2(const int msglevel,
>      if (strprefix(p1, "key-method ")
>          || strprefix(p1, "keydir ")
>          || strprefix(p1, "proto ")
> -        || strprefix(p1, "tls-auth ")
> +        || streq(p1, "tls-auth")
>          || strprefix(p1, "tun-ipv6")
>          || strprefix(p1, "cipher "))
>      {
> 

Thanks for fixing this.

Acked-by: Steffan Karger <steffan@karger.me>

-Steffan

Patch

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index d824cbad..d9d492b2 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4138,7 +4138,7 @@  options_warning_safe_scan2(const int msglevel,
     if (strprefix(p1, "key-method ")
         || strprefix(p1, "keydir ")
         || strprefix(p1, "proto ")
-        || strprefix(p1, "tls-auth ")
+        || streq(p1, "tls-auth")
         || strprefix(p1, "tun-ipv6")
         || strprefix(p1, "cipher "))
     {