From patchwork Fri Sep  3 23:56:23 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 1937
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id kHFvAiBDM2FLLwAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 04 Sep 2021 05:57:52 -0400
Received: from proxy14.mail.ord1d.rsapps.net ([172.30.191.6])
	by director14.mail.ord1d.rsapps.net with LMTP
	id GMURAiBDM2GAQwAAeJ7fFg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 04 Sep 2021 05:57:52 -0400
Received: from smtp27.gate.ord1c ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy14.mail.ord1d.rsapps.net with LMTPS
	id oWuPDSFDM2GZWAAAtEH5vw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 04 Sep 2021 05:57:53 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp27.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Suspicious-Flag: YES
X-Classification-ID: 91264a74-0d66-11ec-9e95-b8ca3a655ab8-1-1
Received: from [216.105.38.7] ([216.105.38.7:51600]
 helo=lists.sourceforge.net)
	by smtp27.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 66/7B-23229-F1343316; Sat, 04 Sep 2021 05:57:51 -0400
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1mMSPh-0000dl-TP; Sat, 04 Sep 2021 09:56:41 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3)
 (envelope-from <a@unstable.cc>) id 1mMSPg-0000de-Gv
 for openvpn-devel@lists.sourceforge.net; Sat, 04 Sep 2021 09:56:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=gWWnPzeJDv9uqo5dAkN8V9q1Ew41jJnpceLFP5LqwFY=; b=Qiq5DkV/snRuUrgF8p3UdcC4GP
 Sx9H1CjI7/YUMrpDLD+zZ2wUPFtnCJiR3bZM1K72bio/PHI/3WfkaXMwH3onlPm6L/8qG2prjJCV7
 4QILu9n5q83Y1zQ1tsx58m+4h9K63rkuT5OMOMxjmudIwC3wBRdXqX9HSOVbnD9gDWBQ=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=gWWnPzeJDv9uqo5dAkN8V9q1Ew41jJnpceLFP5LqwFY=; b=mlq7srn4eDiiIk4TimEfWaNxZT
 A3kxp9bHqfA0IKK+OQHocGFa3qUMCL6AzbyeXuIuPccYUoKfuxqitvCcPjDr1N+v8toLbG2mVBoJP
 5YXOSPCUi0eWt/ARnpCfbEcKZUiGXGI1iMTSutzh81s1Mu3Tss3Cws1EMFNcbiqA8G4U=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3)
 id 1mMSPf-00EOLi-HI
 for openvpn-devel@lists.sourceforge.net; Sat, 04 Sep 2021 09:56:40 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  4 Sep 2021 11:56:23 +0200
Message-Id: <20210904095629.6273-2-a@unstable.cc>
In-Reply-To: <20210904095629.6273-1-a@unstable.cc>
References: <20210904095629.6273-1-a@unstable.cc>
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  The new condition is equivalent to the old one, but easier
 to grasp. Also add message to inform uset that cipher negotiation, in this
 case, it indeed disabled. Signed-off-by: Arne Schwabe <arne@rfc2549.org>
 Signed-off-by: Antonio Quartulli <a@unstable.cc> --- src/openvpn/options.c
 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
 Content analysis details:   (0.0 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-Headers-End: 1mMSPf-00EOLi-HI
Subject: [Openvpn-devel] [PATCH 1/7] simplify condition detecting pure P2P
 mode
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

The new condition is equivalent to the old one, but easier to grasp.

Also add message to inform uset that cipher negotiation, in this case,
it indeed disabled.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-By: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/options.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 00ba6044..0d6b85cf 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3076,8 +3076,12 @@ options_postprocess_verify(const struct options *o)
 static void
 options_postprocess_cipher(struct options *o)
 {
-    if (!o->pull && !(o->mode == MODE_SERVER))
+    if (!o->tls_server && !o->tls_client)
     {
+        /* we are in the classic P2P mode */
+        msg(M_WARN, "Cipher negotiation is disabled since TLS "
+                    "mode is not enabled");
+
         /* If the cipher is not set, use the old default of BF-CBC. We will
          * warn that this is deprecated on cipher initialisation, no need
          * to warn here as well */