summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_ncp.c
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-10-28 19:46:08 +0100
committerBernhard Schmidt <berni@debian.org>2020-10-28 19:46:08 +0100
commit8231554c9f1ba25cb4e698ad5cfb3a56b258610a (patch)
tree029108888123856ca13e34c612d4dd4845c2b6c3 /src/openvpn/ssl_ncp.c
parent5bac5f7608a14e0989e95db1a1da2e65d9322127 (diff)
parent76fee93e6fe89e5575bae2840b585d2f025b9050 (diff)
Merge tag 'debian/2.5.0-1' into buster-backports
openvpn Debian release 2.5.0-1
Diffstat (limited to 'src/openvpn/ssl_ncp.c')
-rw-r--r--src/openvpn/ssl_ncp.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c
index 5549639..45bddbe 100644
--- a/src/openvpn/ssl_ncp.c
+++ b/src/openvpn/ssl_ncp.c
@@ -110,7 +110,15 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
* e.g. replacing AeS-128-gCm with AES-128-GCM
*/
const cipher_kt_t *ktc = cipher_kt_get(token);
- if (!ktc)
+ if (strcmp(token, "none") == 0)
+ {
+ msg(M_WARN, "WARNING: cipher 'none' specified for --data-ciphers. "
+ "This allows negotiation of NO encryption and "
+ "tunnelled data WILL then be transmitted in clear text "
+ "over the network! "
+ "PLEASE DO RECONSIDER THIS SETTING!");
+ }
+ if (!ktc && strcmp(token, "none") != 0)
{
msg(M_WARN, "Unsupported cipher in --data-ciphers: %s", token);
error_found = true;
@@ -118,6 +126,12 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
else
{
const char *ovpn_cipher_name = cipher_kt_name(ktc);
+ if (ktc == NULL)
+ {
+ /* NULL resolves to [null-cipher] but we need none for
+ * data-ciphers */
+ ovpn_cipher_name = "none";
+ }
if (buf_len(&new_list)> 0)
{
@@ -325,4 +339,4 @@ check_pull_client_ncp(struct context *c, const int found)
"to this server.");
return false;
}
-} \ No newline at end of file
+}