From 7895590cf1f513f508132f8987fee8fef2759df7 Mon Sep 17 00:00:00 2001 From: Gert Doering Date: Sun, 24 May 2015 15:02:34 +0200 Subject: Disallow usage of --server-poll-timeout in --secret key mode. The internal machinery wants TLS for this to work, so just add this to the (long) list of options not allowed unless either --tls-client or --tls-server is active. For added sanity, add an ASSERT() call to the place where this combination caused a NULL ptr reference, and document the restriction. Fix trac #373 Signed-off-by: Gert Doering Acked-by: Steffan Karger Message-Id: <1432472554-24666-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/9736 (cherry picked from commit 6478c1f359e6b0ea2046d9e2801830753e53c06a) --- doc/openvpn.8 | 4 ++++ src/openvpn/forward.c | 1 + src/openvpn/options.c | 3 +++ 3 files changed, 8 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 00f0383..1e654bd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3735,6 +3735,10 @@ when polling possible remote servers to connect to in a round-robin fashion, spend no more than .B n seconds waiting for a response before trying the next server. +As this only makes sense in client-to-server setups, it cannot +be used in point-to-point setups using +.B \-\-secret +symmetrical key mode. .\"********************************************************* .TP .B \-\-explicit\-exit\-notify [n] diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 7f0d083..217fbb3 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -331,6 +331,7 @@ void check_server_poll_timeout_dowork (struct context *c) { event_timeout_reset (&c->c2.server_poll_interval); + ASSERT(c->c2.tls_multi); if (!tls_initial_packet_received (c->c2.tls_multi)) { msg (M_INFO, "Server poll timeout, restarting"); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index fdf8fba..ff4b07b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2337,6 +2337,9 @@ options_postprocess_verify_ce (const struct options *options, const struct conne MUST_BE_UNDEF (pkcs11_id); MUST_BE_UNDEF (pkcs11_id_management); #endif +#if P2MP + MUST_BE_UNDEF (server_poll_timeout); +#endif if (pull) msg (M_USAGE, err, "--pull"); -- cgit