diff options
author | James Yonan <james@openvpn.net> | 2013-05-20 12:13:21 +0200 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2013-05-27 13:30:32 +0200 |
commit | eed9b8eec911a26a952f07ad18d4397c334ac089 (patch) | |
tree | 50b3522aa8d4faed67d6e195eae32d76daac9a69 /src/openvpn/init.c | |
parent | 14dfec07c91fc42df7ee4abeada104b4fb847f8f (diff) | |
download | openvpn-eed9b8eec911a26a952f07ad18d4397c334ac089.tar.gz openvpn-eed9b8eec911a26a952f07ad18d4397c334ac089.tar.xz openvpn-eed9b8eec911a26a952f07ad18d4397c334ac089.zip |
Always push basic set of peer info values to server.
On the client, allow certain peer info fields to be pushed even if
push-peer-info isn't specified in the config.
This is needed to allow the compression handshake to work correctly
(i.e. where the client indicates its support for LZO and/or Snappy).
Fields that have privacy implications such as Mac Address and UV_*
environment variables will not be pushed to the server as before unless
push-peer-info is specified by client config.
v1: equivalent to OpenVPN SVN r8225 (2.1.21c)
v2: distinguish 3 levels of peer-info detail
--push-peer-info specified --> send all we have
--pull specified --> send basic set, as per r8225
default --> send nothing (do not leak from server)
v3: undo extra whitespace changes in v1 and v2
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1369044801-7594-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7604
(cherry picked from commit 598e03f0e7bce434e501a9895819f2af0714d5f6)
Conflicts:
src/openvpn/ssl.c
Diffstat (limited to 'src/openvpn/init.c')
-rw-r--r-- | src/openvpn/init.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 5260d43..ce35e96 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2192,7 +2192,12 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) to.renegotiate_seconds = options->renegotiate_seconds; to.single_session = options->single_session; #ifdef ENABLE_PUSH_PEER_INFO - to.push_peer_info = options->push_peer_info; + if (options->push_peer_info) /* all there is */ + to.push_peer_info_detail = 2; + else if (options->pull) /* pull clients send some details */ + to.push_peer_info_detail = 1; + else /* default: no peer-info at all */ + to.push_peer_info_detail = 0; #endif /* should we not xmit any packets until we get an initial |