1 files changed, 29 insertions, 26 deletions

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index f86bdd3..9953079 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -42,31 +42,6 @@
 
 static char push_reply_cmd[] = "PUSH_REPLY";
 
-/**
- * Add an option to the given push list by providing a format string.
- *
- * The string added to the push options is allocated in o->gc, so the caller
- * does not have to preserve anything.
- *
- * @param gc        GC arena where options are allocated
- * @param push_list Push list containing options
- * @param msglevel  The message level to use when printing errors
- * @param fmt       Format string for the option
- * @param ...       Format string arguments
- *
- * @return true on success, false on failure.
- */
-static bool push_option_fmt(struct gc_arena *gc, struct push_list *push_list,
-			    int msglevel, const char *fmt, ...)
-#ifdef __GNUC__
-#if __USE_MINGW_ANSI_STDIO
-    __attribute__ ((format (gnu_printf, 4, 5)))
-#else
-    __attribute__ ((format (__printf__, 4, 5)))
-#endif
-#endif
-    ;
-
 /*
  * Auth username/password
  *
@@ -177,6 +152,30 @@ server_pushed_signal (struct context *c, const struct buffer *buffer, const bool
 }
 
 #if P2MP_SERVER
+/**
+ * Add an option to the given push list by providing a format string.
+ *
+ * The string added to the push options is allocated in o->gc, so the caller
+ * does not have to preserve anything.
+ *
+ * @param gc        GC arena where options are allocated
+ * @param push_list Push list containing options
+ * @param msglevel  The message level to use when printing errors
+ * @param fmt       Format string for the option
+ * @param ...       Format string arguments
+ *
+ * @return true on success, false on failure.
+ */
+static bool push_option_fmt(struct gc_arena *gc, struct push_list *push_list,
+			    int msglevel, const char *fmt, ...)
+#ifdef __GNUC__
+#if __USE_MINGW_ANSI_STDIO
+    __attribute__ ((format (gnu_printf, 4, 5)))
+#else
+    __attribute__ ((format (__printf__, 4, 5)))
+#endif
+#endif
+    ;
 
 /*
  * Send auth failed message from server to client.
@@ -263,7 +262,7 @@ incoming_push_message (struct context *c, const struct buffer *buffer)
 	      !tls_session_update_crypto_params (session, &c->options,
 		  &c->c2.frame))
 	    {
-	      msg (D_TLS_ERRORS, "TLS Error: server generate_key_expansion failed");
+	      msg (D_TLS_ERRORS, "TLS Error: initializing data channel failed");
 	      goto error;
 	    }
 	}
@@ -371,6 +370,10 @@ prepare_push_reply (struct context *c, struct gc_arena *gc,
 	  push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername);
 	}
     }
+  else if (o->ncp_enabled)
+    {
+      tls_poor_mans_ncp (o, tls_multi->remote_ciphername);
+    }
 
   /* If server uses --auth-gen-token and we have an auth token
    * to send to the client