Hi, On Fri, Sep 15, 2017 at 11:53:59AM -0400, Selva wrote: > No it doesn't change any functionality. By not including OPT_P_CONNECTION > in the mask sent to verify permission the previous connection blacks check > is disabled. And this is done only when pull_mode is True.
I was totally misreading the code, apologies :-) - now I read up
on what OPT_P_CONNECTION *does*, and it's not a "normal" flag for
"this is not an acceptable option in this mode" but a "warning if..."
one.
[..]
> The key here is that check pull_mode to know that we are processing a
> pushed option.
What about moving the pull_mode check into verify_permission() so it
applies to all pushed option that could trigger the warning (as Arne
pointed out)?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
