[Openvpn-devel] Fix tls-version-min default once again

Message ID	20211102042314.19113-1-selva.nair@gmail.com
State	Accepted
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 2 Nov 2021 00:23:14 -0400 Message-Id: <20211102042314.19113-1-selva.nair@gmail.com> MIME-Version: 1.0 preview: From: Selva Nair commit 51be733ba236610dff6a1c361cf59172db97473a claimed to correct this but did not do it properly. (my fault). The check whether tls-version-min is set by the user or not was still wrong. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.169 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.169 listed in wl.mailspike.net] Subject: [Openvpn-devel] [PATCH] Fix tls-version-min default once again Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel] Fix tls-version-min default once again \| expand [Openvpn-devel] Fix tls-version-min default once again

Message ID

20211102042314.19113-1-selva.nair@gmail.com

State

Accepted

Headers

From: selva.nair@gmail.com
To: openvpn-devel@lists.sourceforge.net
Date: Tue,  2 Nov 2021 00:23:14 -0400
Message-Id: <20211102042314.19113-1-selva.nair@gmail.com>
MIME-Version: 1.0
Subject: [Openvpn-devel] [PATCH] Fix tls-version-min default once again
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel] Fix tls-version-min default once again | expand

Commit Message

Selva Nair Nov. 1, 2021, 5:23 p.m. UTC

From: Selva Nair <selva.nair@gmail.com>

commit 51be733ba236610dff6a1c361cf59172db97473a
claimed to correct this but did not do it properly.
(my fault). The check whether tls-version-min is set
by the user or not was still wrong.

Hope this fixes it for good.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
 src/openvpn/options.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Gert Doering Nov. 5, 2021, 9:54 a.m. UTC | #1

Acked-by: Gert Doering <gert@greenie.muc.de>

Thanks.  The old one "looked good", but the MIN_MASK would have needed
a shift (indeed) and this way it's more readable anyway.

I have not tested this beyond "it compiles and passes make check".

Your patch has been applied to the master branch.

commit 3037d2bd348eb184ed924a590012a23f68a1b47f
Author: Selva Nair
Date:   Tue Nov 2 00:23:14 2021 -0400

     Fix tls-version-min default once again

     Signed-off-by: Selva Nair <selva.nair@gmail.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20211102042314.19113-1-selva.nair@gmail.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23091.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 4a5db8a6..6b15d898 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3165,7 +3165,9 @@  static void
 options_set_backwards_compatible_options(struct options *o)
 {
     /* TLS min version is not set */
-    if ((o->ssl_flags & SSLF_TLS_VERSION_MIN_MASK) == 0)
+    int tls_ver_min = (o->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT)
+                          & SSLF_TLS_VERSION_MIN_MASK;
+    if (tls_ver_min == 0)
     {
         int tls_ver_max = (o->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT)
                           & SSLF_TLS_VERSION_MAX_MASK;

[Openvpn-devel] Fix tls-version-min default once again

Commit Message

Comments

Patch