summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_ncp.c
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-09-01 16:53:32 +0200
committerBernhard Schmidt <berni@debian.org>2020-09-01 16:53:32 +0200
commit886dccf631de661ea1b4c8017de98b88b93d7f1c (patch)
tree2f74f9b3f93a35591ffdb305e3e2876cbb9a0c1d /src/openvpn/ssl_ncp.c
parent9ce71e1c58a83737b045861173254911fda9a76a (diff)
parent57f0b7b331088e489e93ae89ee0aed98381d8806 (diff)
Update upstream source from tag 'upstream/2.5_beta3'
Update to upstream version '2.5~beta3' with Debian dir 08bf4b8b33e73a97458e7fd53ec989aa541745cd
Diffstat (limited to 'src/openvpn/ssl_ncp.c')
-rw-r--r--src/openvpn/ssl_ncp.c20
1 files changed, 9 insertions, 11 deletions
diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c
index f522b8f..5549639 100644
--- a/src/openvpn/ssl_ncp.c
+++ b/src/openvpn/ssl_ncp.c
@@ -269,14 +269,11 @@ static bool
tls_poor_mans_ncp(struct options *o, const char *remote_ciphername)
{
if (remote_ciphername
- && 0 != strcmp(o->ciphername, remote_ciphername))
+ && tls_item_in_cipher_list(remote_ciphername, o->ncp_ciphers))
{
- if (tls_item_in_cipher_list(remote_ciphername, o->ncp_ciphers))
- {
- o->ciphername = string_alloc(remote_ciphername, &o->gc);
- msg(D_TLS_DEBUG_LOW, "Using peer cipher '%s'", o->ciphername);
- return true;
- }
+ o->ciphername = string_alloc(remote_ciphername, &o->gc);
+ msg(D_TLS_DEBUG_LOW, "Using peer cipher '%s'", o->ciphername);
+ return true;
}
return false;
}
@@ -296,13 +293,14 @@ check_pull_client_ncp(struct context *c, const int found)
}
/* If the server did not push a --cipher, we will switch to the
* remote cipher if it is in our ncp-ciphers list */
- bool useremotecipher = tls_poor_mans_ncp(&c->options,
- c->c2.tls_multi->remote_ciphername);
-
+ if(tls_poor_mans_ncp(&c->options, c->c2.tls_multi->remote_ciphername))
+ {
+ return true;
+ }
/* We could not figure out the peer's cipher but we have fallback
* enabled */
- if (!useremotecipher && c->options.enable_ncp_fallback)
+ if (!c->c2.tls_multi->remote_ciphername && c->options.enable_ncp_fallback)
{
return true;
}