From 112e6704c963841f65f2bdd958f289fd7e50f007 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Sat, 6 Mar 2010 15:38:23 +0000
Subject: Fixed an issue where if reneg-sec was set to 0 on the client, so that
 the server-side value would take precedence, the auth_deferred_expire_window
 function would incorrectly return a window period of 0 seconds.  In this
 case, the correct window period should be the handshake window period.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 ssl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ssl.c')

diff --git a/ssl.c b/ssl.c
index 82e04a3..102b02e 100644
--- a/ssl.c
+++ b/ssl.c
@@ -3702,9 +3702,12 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
 static int
 auth_deferred_expire_window (const struct tls_options *o)
 {
-  const int hw = o->handshake_window;
+  int ret = o->handshake_window;
   const int r2 = o->renegotiate_seconds / 2;
-  return min_int (hw, r2);
+
+  if (o->renegotiate_seconds && r2 < ret)
+    ret = r2;
+  return ret;
 }
 
 /*
-- 
cgit