diff options
author | Heiko Hund <heiko.hund@sophos.com> | 2013-02-22 10:44:21 +0100 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2013-03-07 20:31:31 +0100 |
commit | 0f92b3b4170dab29aaf5cb4e6a0d00d37bf418b4 (patch) | |
tree | fe045e5ab82db9c511447b3799177c752c31ac2e /src/openvpn/options.c | |
parent | c86d09c7c115eeda96ea0b2a400c3ce57bd90292 (diff) | |
download | openvpn-0f92b3b4170dab29aaf5cb4e6a0d00d37bf418b4.tar.gz openvpn-0f92b3b4170dab29aaf5cb4e6a0d00d37bf418b4.tar.xz openvpn-0f92b3b4170dab29aaf5cb4e6a0d00d37bf418b4.zip |
make --tls-remote compatible with pre 2.3 configs
In openvpn 2.3.0 the semantics of the --tls-remote option changed.
That broke more configurations than anticipated. To not break
configurations that use --tls-remote with a legacy OpenSSL style DN
anymore, it is now detected when such a DN is configured. When
necessary the --compat-names option is then automatically enabled.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1361526263-1740-3-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7366
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit ad532bba896875e56488e69ec16212a77787c57b)
Diffstat (limited to 'src/openvpn/options.c')
-rw-r--r-- | src/openvpn/options.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index dd38bc9..7fda76f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6528,6 +6528,12 @@ add_option (struct options *options, else if (streq (p[0], "tls-remote") && p[1]) { VERIFY_PERMISSION (OPT_P_GENERAL); + /* + * Enable legacy openvpn format for DNs that have not been converted + * yet and X.509 common names (not containing an '=' or ', ') + */ + if (p[1][0] == '/' || !strchr (p[1], '=') || !strstr (p[1], ", ")) + compat_flag (COMPAT_FLAG_SET | COMPAT_NAMES); options->tls_remote = p[1]; } else if (streq (p[0], "ns-cert-type") && p[1]) |