diff options
author | Heiko Hund <heiko.hund@sophos.com> | 2013-02-22 10:44:21 +0100 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2013-03-07 20:22:58 +0100 |
commit | ad532bba896875e56488e69ec16212a77787c57b (patch) | |
tree | 1c157e15339454928b1df2f826200da75000c3a4 /src/openvpn/options.c | |
parent | 26b0433c4a642f8d2197f3fd371759f0047bd0bd (diff) | |
download | openvpn-ad532bba896875e56488e69ec16212a77787c57b.tar.gz openvpn-ad532bba896875e56488e69ec16212a77787c57b.tar.xz openvpn-ad532bba896875e56488e69ec16212a77787c57b.zip |
make --tls-remote compatible with pre 2.3 configs
In openvpn 2.3.0 the semantics of the --tls-remote option changed.
That broke more configurations than anticipated. To not break
configurations that use --tls-remote with a legacy OpenSSL style DN
anymore, it is now detected when such a DN is configured. When
necessary the --compat-names option is then automatically enabled.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1361526263-1740-3-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7366
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/options.c')
-rw-r--r-- | src/openvpn/options.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index dd38bc9..7fda76f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6528,6 +6528,12 @@ add_option (struct options *options, else if (streq (p[0], "tls-remote") && p[1]) { VERIFY_PERMISSION (OPT_P_GENERAL); + /* + * Enable legacy openvpn format for DNs that have not been converted + * yet and X.509 common names (not containing an '=' or ', ') + */ + if (p[1][0] == '/' || !strchr (p[1], '=') || !strstr (p[1], ", ")) + compat_flag (COMPAT_FLAG_SET | COMPAT_NAMES); options->tls_remote = p[1]; } else if (streq (p[0], "ns-cert-type") && p[1]) |