summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl.h
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-12-07 13:14:25 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-12-07 13:14:25 +0100
commit820804a01d365f6d4f9305b9e072f8393f443fcb (patch)
treefa122587cf4af5ccd339fa4c127c5374ea9fe3b3 /src/openvpn/ssl.h
parent354d158b7ea85b6e60c0de67000b1673361904a0 (diff)
parentd53dba59e78da865c4fe820386ff2f4f76925f3b (diff)
Merge tag 'upstream/2.4_rc1'
Upstream version 2.4~rc1
Diffstat (limited to 'src/openvpn/ssl.h')
-rw-r--r--src/openvpn/ssl.h25
1 files changed, 17 insertions, 8 deletions
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index 777b621..c971b75 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -70,15 +70,8 @@
#define P_FIRST_OPCODE 1
#define P_LAST_OPCODE 9
-/* Should we aggregate TLS
- * acknowledgements, and tack them onto
- * control packets? */
-#define TLS_AGGREGATE_ACK
-
/*
- * If TLS_AGGREGATE_ACK, set the
- * max number of acknowledgments that
- * can "hitch a ride" on an outgoing
+ * Set the max number of acknowledgments that can "hitch a ride" on an outgoing
* non-P_ACK_V1 control packet.
*/
#define CONTROL_SEND_ACK_MAX 4
@@ -489,6 +482,15 @@ void tls_update_remote_addr (struct tls_multi *multi,
bool tls_session_update_crypto_params(struct tls_session *session,
const struct options *options, struct frame *frame);
+/**
+ * "Poor man's NCP": Use peer cipher if it is an allowed (NCP) cipher.
+ * Allows non-NCP peers to upgrade their cipher individually.
+ *
+ * Make sure to call tls_session_update_crypto_params() after calling this
+ * function.
+ */
+void tls_poor_mans_ncp(struct options *o, const char *remote_ciphername);
+
#ifdef MANAGEMENT_DEF_AUTH
static inline char *
tls_get_peer_info(const struct tls_multi *multi)
@@ -512,6 +514,13 @@ int tls_peer_info_ncp_ver(const char *peer_info);
*/
bool tls_check_ncp_cipher_list(const char *list);
+/**
+ * Return true iff item is present in the colon-separated zero-terminated
+ * cipher list.
+ */
+bool tls_item_in_cipher_list(const char *item, const char *list);
+
+
/*
* inline functions
*/