Am 10.11.19 um 10:55 schrieb David Sommerseth:
> On 09/11/2019 16:46, Steffan Karger wrote:
>>> static void
>>> add_option(struct options *options,
>>> @@ -7322,29 +7339,78 @@ add_option(struct options *options,
>>> }
>>> #endif
>>> #if defined(USE_COMP)
>>> + else if (streq(p[0], "allow-compression") && p[1] && !p[2])
>>> + {
>>> + VERIFY_PERMISSION(OPT_P_GENERAL);
>>> +
>>> + if (streq(p[1], "no"))
>>> + {
>>> + options->comp.flags =
>>> + COMP_F_ALLOW_STUB_ONLY|COMP_F_ADVERTISE_STUBS_ONLY;
>>> + if (comp_non_stub_enabled(&options->comp))
>>> + {
>>> + msg(msglevel, "'--allow-compression no' conflicts with "
>>> + " enabling compression");
>>> + }
>> Should this check not be moved to the postprocess checks? This will now
>> only trigger is comp was first set, and allow-compression later in the
>> config, not the other way around.
>
> What about pushed options? It's too long time since I looked at the option
> parsing code paths last time, so I don't remember all the quirks here.For pushed options msglevel will be warning so you get a warning when the server tries to enable compression but it will not error out. The server pushing a compression when the client does not advertise the IV_ for that algorithm is an error in the server config. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
