summaryrefslogtreecommitdiff
path: root/src/openvpn/init.c
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2019-02-20 14:11:46 +0100
committerBernhard Schmidt <berni@debian.org>2019-02-20 14:11:46 +0100
commit87356242baf10c8b2a94d9013e436ed2a0dada53 (patch)
treedd8c5f9774af74c20cdae579ac0f2d352a835e9e /src/openvpn/init.c
parent2c8e4bc4f9ab94e4d0b63341820d471af7c28c6c (diff)
New upstream version 2.4.7upstream/2.4.7
Diffstat (limited to 'src/openvpn/init.c')
-rw-r--r--src/openvpn/init.c42
1 files changed, 33 insertions, 9 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 6968c77..1cdef31 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -613,6 +613,31 @@ uninit_proxy(struct context *c)
uninit_proxy_dowork(c);
}
+/*
+ * Saves the initial state of NCP-regotiable
+ * options into a storage which persists over SIGUSR1.
+ */
+static void
+save_ncp_options(struct context *c)
+{
+#ifdef ENABLE_CRYPTO
+ c->c1.ciphername = c->options.ciphername;
+ c->c1.authname = c->options.authname;
+ c->c1.keysize = c->options.keysize;
+#endif
+}
+
+/* Restores NCP-negotiable options to original values */
+static void
+restore_ncp_options(struct context *c)
+{
+#ifdef ENABLE_CRYPTO
+ c->options.ciphername = c->c1.ciphername;
+ c->options.authname = c->c1.authname;
+ c->options.keysize = c->c1.keysize;
+#endif
+}
+
void
context_init_1(struct context *c)
{
@@ -622,6 +647,8 @@ context_init_1(struct context *c)
init_connection_list(c);
+ save_ncp_options(c);
+
#if defined(ENABLE_PKCS11)
if (c->first_time)
{
@@ -1017,6 +1044,7 @@ print_openssl_info(const struct options *options)
if (options->show_tls_ciphers)
{
show_available_tls_ciphers(options->cipher_list,
+ options->cipher_list_tls13,
options->tls_cert_profile);
}
if (options->show_curves)
@@ -1693,6 +1721,9 @@ do_open_tun(struct context *c)
if (c->c1.tuntap)
{
oldtunfd = c->c1.tuntap->fd;
+ free(c->c1.tuntap);
+ c->c1.tuntap = NULL;
+ c->c1.tuntap_owned = false;
}
#endif
@@ -2607,10 +2638,6 @@ do_init_crypto_tls_c1(struct context *c)
options->tls_crypt_inline, options->tls_server);
}
- c->c1.ciphername = options->ciphername;
- c->c1.authname = options->authname;
- c->c1.keysize = options->keysize;
-
#if 0 /* was: #if ENABLE_INLINE_FILES -- Note that enabling this code will break restarts */
if (options->priv_key_file_inline)
{
@@ -2622,11 +2649,6 @@ do_init_crypto_tls_c1(struct context *c)
else
{
msg(D_INIT_MEDIUM, "Re-using SSL/TLS context");
-
- /* Restore pre-NCP cipher options */
- c->options.ciphername = c->c1.ciphername;
- c->options.authname = c->c1.authname;
- c->options.keysize = c->c1.keysize;
}
}
@@ -4317,6 +4339,8 @@ close_instance(struct context *c)
/* free key schedules */
do_close_free_key_schedule(c, (c->mode == CM_P2P || c->mode == CM_TOP));
+ restore_ncp_options(c);
+
/* close TCP/UDP connection */
do_close_link_socket(c);