Message ID | 20200717134739.21168-7-arne@rfc2549.org |
---|---|
State | Accepted |
Delegated to: | Gert Doering |
Headers | show |
Series | [Openvpn-devel,1/9] Indicate that a client is in pull mode in IV_PROTO | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> Verify by staring at the testbed. 2.2/2.3 clients or 2.4 or master with --ncp-disable won't get cipher pushed, the rest will. Works! Your patch has been applied to the master branch. commit 4b59e2644a978074f0eed492d6541ba7b30b01a7 Author: Arne Schwabe Date: Fri Jul 17 15:47:37 2020 +0200 Avoid sending --cipher to clients not supporting NCP Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200717134739.21168-7-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20437.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 2183b74a..1c4f2033 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -472,9 +472,15 @@ prepare_push_reply(struct context *c, struct gc_arena *gc, /* * Push the selected cipher, at this point the cipher has been - * already negotiated and been fixed + * already negotiated and been fixed. + * + * We avoid pushing the cipher to clients not supporting NCP + * to avoid error messages in their logs */ - push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername); + if (tls_peer_supports_ncp(c->c2.tls_multi->peer_info)) + { + push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername); + } return true; }
The NCP rework introduced a regression of sending a --cipher command as part of the push message when the client does not support NCP. This is is more a cosmetic issue since the client will log that as warning in the log and ignore it. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/push.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)