@@ -268,15 +268,11 @@ ncp_get_best_cipher(const char *server_list, const char *peer_info,
static bool
tls_poor_mans_ncp(struct options *o, const char *remote_ciphername)
{
- if (remote_ciphername
- && 0 != strcmp(o->ciphername, remote_ciphername))
+ if (tls_item_in_cipher_list(remote_ciphername, o->ncp_ciphers))
{
- if (tls_item_in_cipher_list(remote_ciphername, o->ncp_ciphers))
- {
- o->ciphername = string_alloc(remote_ciphername, &o->gc);
- msg(D_TLS_DEBUG_LOW, "Using peer cipher '%s'", o->ciphername);
- return true;
- }
+ o->ciphername = string_alloc(remote_ciphername, &o->gc);
+ msg(D_TLS_DEBUG_LOW, "Using peer cipher '%s'", o->ciphername);
+ return true;
}
return false;
}
If we do not get a cipher pushed we call tls_poor_mans_ncp to determine if we can use the cipher that the server uses. Left over from OpenVPN 2.4's code we only did this check when the ciphers were different. Since OpenVPN 2.5 does not assume that our cipher we report in OCC (options->ciphername) is always a valid cipher we always need to the check. Reported-By: Rafael Gava <gava100@gmail.com> Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/ssl_ncp.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-)