diff options
| author | Bernhard Schmidt <berni@debian.org> | 2019-02-20 14:11:51 +0100 |
|---|---|---|
| committer | Bernhard Schmidt <berni@debian.org> | 2019-02-20 14:11:51 +0100 |
| commit | 39ddb9cc8281bd239b94a3023da6329edb6718c1 (patch) | |
| tree | dc6a8e7f1018f59f088c5b06b48eb24efe17f22d /src/openvpn/init.c | |
| parent | d5078cc44b8919a25cb7507e9e6da1d66f25bb5b (diff) | |
| parent | 87356242baf10c8b2a94d9013e436ed2a0dada53 (diff) | |
Update upstream source from tag 'upstream/2.4.7'
Update to upstream version '2.4.7'
with Debian dir d01da6ef78dc8ce91265e8f319468f6c34d23af8
Diffstat (limited to 'src/openvpn/init.c')
| -rw-r--r-- | src/openvpn/init.c | 42 |
1 files changed, 33 insertions, 9 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 6968c77..1cdef31 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -613,6 +613,31 @@ uninit_proxy(struct context *c) uninit_proxy_dowork(c); } +/* + * Saves the initial state of NCP-regotiable + * options into a storage which persists over SIGUSR1. + */ +static void +save_ncp_options(struct context *c) +{ +#ifdef ENABLE_CRYPTO + c->c1.ciphername = c->options.ciphername; + c->c1.authname = c->options.authname; + c->c1.keysize = c->options.keysize; +#endif +} + +/* Restores NCP-negotiable options to original values */ +static void +restore_ncp_options(struct context *c) +{ +#ifdef ENABLE_CRYPTO + c->options.ciphername = c->c1.ciphername; + c->options.authname = c->c1.authname; + c->options.keysize = c->c1.keysize; +#endif +} + void context_init_1(struct context *c) { @@ -622,6 +647,8 @@ context_init_1(struct context *c) init_connection_list(c); + save_ncp_options(c); + #if defined(ENABLE_PKCS11) if (c->first_time) { @@ -1017,6 +1044,7 @@ print_openssl_info(const struct options *options) if (options->show_tls_ciphers) { show_available_tls_ciphers(options->cipher_list, + options->cipher_list_tls13, options->tls_cert_profile); } if (options->show_curves) @@ -1693,6 +1721,9 @@ do_open_tun(struct context *c) if (c->c1.tuntap) { oldtunfd = c->c1.tuntap->fd; + free(c->c1.tuntap); + c->c1.tuntap = NULL; + c->c1.tuntap_owned = false; } #endif @@ -2607,10 +2638,6 @@ do_init_crypto_tls_c1(struct context *c) options->tls_crypt_inline, options->tls_server); } - c->c1.ciphername = options->ciphername; - c->c1.authname = options->authname; - c->c1.keysize = options->keysize; - #if 0 /* was: #if ENABLE_INLINE_FILES -- Note that enabling this code will break restarts */ if (options->priv_key_file_inline) { @@ -2622,11 +2649,6 @@ do_init_crypto_tls_c1(struct context *c) else { msg(D_INIT_MEDIUM, "Re-using SSL/TLS context"); - - /* Restore pre-NCP cipher options */ - c->options.ciphername = c->c1.ciphername; - c->options.authname = c->c1.authname; - c->options.keysize = c->c1.keysize; } } @@ -4317,6 +4339,8 @@ close_instance(struct context *c) /* free key schedules */ do_close_free_key_schedule(c, (c->mode == CM_P2P || c->mode == CM_TOP)); + restore_ncp_options(c); + /* close TCP/UDP connection */ do_close_link_socket(c); |