Message ID | 20220722125122.2441814-1-arne@rfc2549.org |
---|---|
State | Changes Requested |
Headers | show |
Series | [Openvpn-devel] Error out if both remap-usr1 SIGHUP and config stdin are used | expand |
On Fri, Jul 22, 2022 at 02:51:22PM +0200, Arne Schwabe wrote: > OpenVPN for Android uses config stdin to avoid writing the config > file containing private keys to 'disk'. However using stdin means > that config cannot be reread using SIGHUP. While there might be other > corner cases that trigger SIGHUP, this is an obvious one, so we > error out if we detect this misconfiguration. > --- > src/openvpn/options.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/src/openvpn/options.c b/src/openvpn/options.c > index abda8c379..e56df7d4c 100644 > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -3680,6 +3680,12 @@ options_postprocess_mutate(struct options *o, struct env_set *es) > o->verify_hash_no_ca = true; > } > > + if (streq(o->config, "stdin") && o->remap_sigusr1 == SIGHUP) > + { > + MSG(M_USAGE, "Options 'config stdin' and 'remap-sigusr SIGHUP' are" > + "incompatible with each other."); FWIW, the option is called remap-usr1, not remap-sigusr. Regards,
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index abda8c379..e56df7d4c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3680,6 +3680,12 @@ options_postprocess_mutate(struct options *o, struct env_set *es) o->verify_hash_no_ca = true; } + if (streq(o->config, "stdin") && o->remap_sigusr1 == SIGHUP) + { + MSG(M_USAGE, "Options 'config stdin' and 'remap-sigusr SIGHUP' are" + "incompatible with each other."); + } + /* check if any option should force disabling DCO */ #if defined(TARGET_LINUX) o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o);