The NCP (data channel crypto negotiation) code on the client side waits
for an incoming PUSH_REPLY before setting up the data channel crypto
parameters, because the PUSH_REPLY could contain a "cipher xxx" setting.
In the particular case of a empty PUSH_REPLY message, the relevant code
bits was not called because "we have not received any options, do not
bother to look into it in more detail" - so, ciphers were not set up,
resulting in an error message like this:
Key [AF_INET]... [0] not initialized (yet), dropping packet.
Remove that check, always init the crypto layer on PUSH_REPLY.
Trac: #903
Signed-off-by: Gert Doering <[email protected]>
---
src/openvpn/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2532cf8..91ab28e 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1925,7 +1925,7 @@ do_up(struct context *c, bool pulled_options, unsigned
int option_types_found)
{
reset_coarse_timers(c);
- if (pulled_options && option_types_found)
+ if (pulled_options)
{
if (!do_deferred_options(c, option_types_found))
{
--
2.10.2
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
