Fixed an issue where if reneg-sec was set to 0 on the client,

so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5
author: James Yonan <james@openvpn.net> 2010-03-06 15:38:23 +0000
committer: James Yonan <james@openvpn.net> 2010-03-06 15:38:23 +0000
commit: 112e6704c963841f65f2bdd958f289fd7e50f007 (patch)
tree: 50062a463c9d502bef130a4ff39e66d5745a3480
parent: 3a37ffbe898b05d28a2eb52122e2a3ea43970690 (diff)
download: openvpn-112e6704c963841f65f2bdd958f289fd7e50f007.tar.gz
openvpn-112e6704c963841f65f2bdd958f289fd7e50f007.tar.xz
openvpn-112e6704c963841f65f2bdd958f289fd7e50f007.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/ssl.c b/ssl.c
index 82e04a3..102b02e 100644
--- a/ssl.c
+++ b/ssl.c
@@ -3702,9 +3702,12 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
 static int
 auth_deferred_expire_window (const struct tls_options *o)
 {
-  const int hw = o->handshake_window;
+  int ret = o->handshake_window;
   const int r2 = o->renegotiate_seconds / 2;
-  return min_int (hw, r2);
+
+  if (o->renegotiate_seconds && r2 < ret)
+    ret = r2;
+  return ret;
 }
 
 /*
author	James Yonan <james@openvpn.net>	2010-03-06 15:38:23 +0000
committer	James Yonan <james@openvpn.net>	2010-03-06 15:38:23 +0000
commit	112e6704c963841f65f2bdd958f289fd7e50f007 (patch)
tree	50062a463c9d502bef130a4ff39e66d5745a3480
parent	3a37ffbe898b05d28a2eb52122e2a3ea43970690 (diff)
download	openvpn-112e6704c963841f65f2bdd958f289fd7e50f007.tar.gz openvpn-112e6704c963841f65f2bdd958f289fd7e50f007.tar.xz openvpn-112e6704c963841f65f2bdd958f289fd7e50f007.zip