Skip to content

Commit

Permalink
Add warning if a p2p NCP client connects to a p2mp server
Browse files Browse the repository at this point in the history
Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7
Acked-by: Frank Lichtenheld <[email protected]>
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg27191.html
Signed-off-by: Gert Doering <[email protected]>
  • Loading branch information
schwabe authored and cron2 committed Oct 18, 2023
1 parent e8e5f8a commit 2574ae5
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 4 deletions.
9 changes: 9 additions & 0 deletions src/openvpn/multi.c
Original file line number Diff line number Diff line change
Expand Up @@ -1811,6 +1811,15 @@ multi_client_set_protocol_options(struct context *c)
return false;
}

/* Print a warning if we detect the client being in P2P mode and will
* not accept our pushed ciphers */
if (proto & IV_PROTO_NCP_P2P)
{
msg(M_WARN, "Note: peer reports running in P2P mode (no --pull/--client"
"option). It will not negotiate ciphers with this server. "
"Expect this connection to fail.");
}

if (proto & IV_PROTO_REQUEST_PUSH)
{
c->c2.push_request_received = true;
Expand Down
6 changes: 3 additions & 3 deletions src/openvpn/ssl_ncp.c
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
*/

/**
* @file Control Channel SSL/Data dynamic negotion Module
* @file Control Channel SSL/Data dynamic negotiation Module
* This file is split from ssl.c to be able to unit test it.
*/

Expand Down Expand Up @@ -258,8 +258,8 @@ ncp_get_best_cipher(const char *server_list, const char *peer_info,

const char *peer_ncp_list = tls_peer_ncp_list(peer_info, &gc_tmp);

/* non-NCP client without OCC? "assume nothing" */
/* For client doing the newer version of NCP (that send IV_CIPHER)
/* non-NCP clients without OCC? "assume nothing" */
/* For client doing the newer version of NCP (that send IV_CIPHERS)
* we cannot assume that they will accept remote_cipher */
if (remote_cipher == NULL
|| (peer_info && strstr(peer_info, "IV_CIPHERS=")))
Expand Down
2 changes: 1 addition & 1 deletion src/openvpn/ssl_ncp.h
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
*/

/**
* @file Control Channel SSL/Data dynamic negotion Module
* @file Control Channel SSL/Data dynamic negotiation Module
* This file is split from ssl.h to be able to unit test it.
*/

Expand Down

0 comments on commit 2574ae5

Please sign in to comment.