summaryrefslogtreecommitdiff
path: root/src/openvpn/init.c
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-04-19 15:52:38 +0200
committerBernhard Schmidt <berni@debian.org>2020-04-19 15:52:38 +0200
commit7728a9676dc67128c9adf56bc1d31a4e5b815b26 (patch)
treeae25e1ac822e848183a4e61eac8d5c53f520f128 /src/openvpn/init.c
parentf90a78a23c77c840b764b0a95732f3ee3738ef99 (diff)
parent620785fe268a1221c1ba7a9cb5a70f3140a4f1ca (diff)
Update upstream source from tag 'upstream/2.4.9'
Update to upstream version '2.4.9' with Debian dir b64ac777b141e10bd0a11149a47506fd704401b8
Diffstat (limited to 'src/openvpn/init.c')
-rw-r--r--src/openvpn/init.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index d3785ca..8bac74f 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2294,9 +2294,16 @@ do_deferred_options(struct context *c, const unsigned int found)
{
tls_poor_mans_ncp(&c->options, c->c2.tls_multi->remote_ciphername);
}
- /* Do not regenerate keys if server sends an extra push reply */
- if (!session->key[KS_PRIMARY].crypto_options.key_ctx_bi.initialized
- && !tls_session_update_crypto_params(session, &c->options, &c->c2.frame))
+ struct frame *frame_fragment = NULL;
+#ifdef ENABLE_FRAGMENT
+ if (c->options.ce.fragment)
+ {
+ frame_fragment = &c->c2.frame_fragment;
+ }
+#endif
+
+ if (!tls_session_update_crypto_params(session, &c->options, &c->c2.frame,
+ frame_fragment))
{
msg(D_TLS_ERRORS, "OPTIONS ERROR: failed to import crypto options");
return false;
@@ -3035,6 +3042,7 @@ do_init_frame(struct context *c)
*/
c->c2.frame_fragment = c->c2.frame;
frame_subtract_extra(&c->c2.frame_fragment, &c->c2.frame_fragment_omit);
+ c->c2.frame_fragment_initial = c->c2.frame_fragment;
#endif
#if defined(ENABLE_FRAGMENT) && defined(ENABLE_OCC)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 16:16:45 +0000