From patchwork Mon Nov 1 17:23:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2053 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 6O0mCHu9gGEVTgAAIUCqbw (envelope-from ) for ; Tue, 02 Nov 2021 00:24:27 -0400 Received: from proxy4.mail.iad3b.rsapps.net ([172.31.255.6]) by director8.mail.ord1d.rsapps.net with LMTP id aM4MCHu9gGFEdwAAfY0hYg (envelope-from ) for ; Tue, 02 Nov 2021 00:24:27 -0400 Received: from smtp9.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.iad3b.rsapps.net with LMTPS id 6KVcAXu9gGGzLAAA9crAow (envelope-from ) for ; Tue, 02 Nov 2021 00:24:27 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp9.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: c2f406d4-3b94-11ec-b34c-525400f4d366-1-1 Received: from [216.105.38.7] ([216.105.38.7:48276] helo=lists.sourceforge.net) by smtp9.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id E6/56-29784-97DB0816; Tue, 02 Nov 2021 00:24:26 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1mhlKY-0001aQ-S8; Tue, 02 Nov 2021 04:23:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mhlKY-0001aK-1W for openvpn-devel@lists.sourceforge.net; Tue, 02 Nov 2021 04:23:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=M69FfX8VsvT+OTZBbbVccRIDM9GvBFJSOKNVeBia1/4=; b=EYSYFa/CizVkbBIccgJQYEPdrr t17xdXlprAG6Hb9Ayptq8moj9isijsg8y0ubmcohsOJ3ZlP/SoI4ecRRpK8kRlfuNwScSFH169H1y o0yPynShTdg6ifWMu/n8qbdemytiFG1x7vb0KreGvyiLgQbdRAK6Jfv99ETF0DE/1Mww=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=M69FfX8VsvT+OTZBbbVccRIDM9GvBFJSOKNVeBia1/4=; b=S 1n9oTQIx1e8FzBtQBYpkwnTXF/3s9rIfxhVVIhqdHpLVvdKQNtwKKV73wp67vPO/7e92R/sR/f++4 DzhlM/9+q9oZeFlrubFK/ieG2WH9oVs1PHauCVhjS25adH4ctSIFbeaUcK+OgT9vMJZDGAKpBYlxs 4O+CcWR7iCR+Z9fg=; Received: from mail-qk1-f169.google.com ([209.85.222.169]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mhlKW-0002c7-Am for openvpn-devel@lists.sourceforge.net; Tue, 02 Nov 2021 04:23:24 +0000 Received: by mail-qk1-f169.google.com with SMTP id ay20so3278420qkb.7 for ; Mon, 01 Nov 2021 21:23:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=M69FfX8VsvT+OTZBbbVccRIDM9GvBFJSOKNVeBia1/4=; b=StHrevaKCXRr+f1bq476LV4hLViOnNz3mNVDimAuhXiBhEc/ZHmQPbBSgpEVdD1LJO /oBye3jmL88CUld8tpTvxrppXDQYRxW1kT1VlRJwUhKuVsS2WYURW+rih53/hE0r04g6 zS8YAEahbuEiWPY9wuXu+e3golugEdrfjHXnbJDiC7P1TO27p2tOr9eylnr0Dkh+27uM MLJunUmWvSFirwbDN1n7qZgvGoUkNaCmkDNylTDmgSBWk7Kespn5wD6dm68tEJBbEVW4 BbXyTca4TJtV/9MLLmx1CQE4J/75bPmrNNTrhpp9o/mZ+Ll3Fn6Q0pZmcqLFZXw5lDha x/Kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=M69FfX8VsvT+OTZBbbVccRIDM9GvBFJSOKNVeBia1/4=; b=mN9LT5Vi7S38DbSQzIFkmdahg9ySd6vfUhDGDnInEH3h1XjlxEbBFkBL2RFCK5rnTp 47Rv0HXcs9jz2er1sH4SeMnlgeogz9xz0swFwi4MRdxKQE9flpCx/Z4oIFtpaOkywTqx jXTQELwh8m3cNDpHm+k/MvVUUc83OC+jhnXG0Bsw9v2VeEgJXbdty7qrukhdV1w+qBpC 8jf7Txg7kWU8Q2G0bHGTwIPduv1SOe7u5aYoEEoG8ykBaoB3x/1jzHGdjFTxyUlIt5VU 7UO9AFAhxmNytezF9zS8VC/GUkx31ExL3/vthGjd6QC8q4j6LTB1mIRuQXbK6ElXttim RR0A== X-Gm-Message-State: AOAM530DSVh36rozaw3bU5Z98EZLvXd/OwJhADxPxAfspR36WpUQApnm OrgObOOrF1TnfRW3+Coa6ip1EzQECx0= X-Google-Smtp-Source: ABdhPJwz7K/ekVjSCViNw8LX/PsyOEdvP27jkjEASo6Y72d1RVz6SLk9IOLoiuPvfOU9Ry3jMUBSYA== X-Received: by 2002:a37:2e03:: with SMTP id u3mr27053548qkh.313.1635826998374; Mon, 01 Nov 2021 21:23:18 -0700 (PDT) Received: from uranus.home.sansel.ca (bras-vprn-tnhlon4053w-lp130-02-70-51-223-227.dsl.bell.ca. [70.51.223.227]) by smtp.gmail.com with ESMTPSA id e12sm3116277qtj.13.2021.11.01.21.23.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Nov 2021 21:23:18 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 2 Nov 2021 00:23:14 -0400 Message-Id: <20211102042314.19113-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair commit 51be733ba236610dff6a1c361cf59172db97473a claimed to correct this but did not do it properly. (my fault). The check whether tls-version-min is set by the user or not was still wrong. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.169 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.169 listed in wl.mailspike.net] X-Headers-End: 1mhlKW-0002c7-Am Subject: [Openvpn-devel] [PATCH] Fix tls-version-min default once again X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair commit 51be733ba236610dff6a1c361cf59172db97473a claimed to correct this but did not do it properly. (my fault). The check whether tls-version-min is set by the user or not was still wrong. Hope this fixes it for good. Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/options.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 4a5db8a6..6b15d898 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3165,7 +3165,9 @@ static void options_set_backwards_compatible_options(struct options *o) { /* TLS min version is not set */ - if ((o->ssl_flags & SSLF_TLS_VERSION_MIN_MASK) == 0) + int tls_ver_min = (o->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT) + & SSLF_TLS_VERSION_MIN_MASK; + if (tls_ver_min == 0) { int tls_ver_max = (o->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK;