diff options
author | Gert Doering <gert@greenie.muc.de> | 2015-05-24 15:02:34 +0200 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2015-05-24 21:30:37 +0200 |
commit | 7895590cf1f513f508132f8987fee8fef2759df7 (patch) | |
tree | 7f34e3a47acecc0aaa9f84302d3584c04627e9bc | |
parent | 1009df7d51f3fb7f898b2155aa62b8f0336e49e6 (diff) | |
download | openvpn-7895590cf1f513f508132f8987fee8fef2759df7.tar.gz openvpn-7895590cf1f513f508132f8987fee8fef2759df7.tar.xz openvpn-7895590cf1f513f508132f8987fee8fef2759df7.zip |
Disallow usage of --server-poll-timeout in --secret key mode.
The internal machinery wants TLS for this to work, so just add this
to the (long) list of options not allowed unless either --tls-client
or --tls-server is active. For added sanity, add an ASSERT() call
to the place where this combination caused a NULL ptr reference, and
document the restriction.
Fix trac #373
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1432472554-24666-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9736
(cherry picked from commit 6478c1f359e6b0ea2046d9e2801830753e53c06a)
-rw-r--r-- | doc/openvpn.8 | 4 | ||||
-rw-r--r-- | src/openvpn/forward.c | 1 | ||||
-rw-r--r-- | src/openvpn/options.c | 3 |
3 files changed, 8 insertions, 0 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 00f0383..1e654bd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3735,6 +3735,10 @@ when polling possible remote servers to connect to in a round-robin fashion, spend no more than .B n seconds waiting for a response before trying the next server. +As this only makes sense in client-to-server setups, it cannot +be used in point-to-point setups using +.B \-\-secret +symmetrical key mode. .\"********************************************************* .TP .B \-\-explicit\-exit\-notify [n] diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 7f0d083..217fbb3 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -331,6 +331,7 @@ void check_server_poll_timeout_dowork (struct context *c) { event_timeout_reset (&c->c2.server_poll_interval); + ASSERT(c->c2.tls_multi); if (!tls_initial_packet_received (c->c2.tls_multi)) { msg (M_INFO, "Server poll timeout, restarting"); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index fdf8fba..ff4b07b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2337,6 +2337,9 @@ options_postprocess_verify_ce (const struct options *options, const struct conne MUST_BE_UNDEF (pkcs11_id); MUST_BE_UNDEF (pkcs11_id_management); #endif +#if P2MP + MUST_BE_UNDEF (server_poll_timeout); +#endif if (pull) msg (M_USAGE, err, "--pull"); |