Commit cb2e9218f2bc73f re-factored the internal file handling, but
somehow overlooked the --tls-crypt-v2 option processing. It was no
longer possible to load a configuration file with this key file inlined.
There where two issues here. First was that the OPT_P_INLINE flag was
not set, so the option parser rejected --tls-crypt-v2 as inline capable.
Second issue was that the 'streq(p[1], INLINE_FILE_TAG)' check makes no
longer sense, as at this point p[1] contains the file contents. Instead
use the is_inline flag.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/options.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a37106ce..56c9e411 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -8324,22 +8324,16 @@ add_option(struct options *options,
}
else if (streq(p[0], "tls-crypt-v2") && p[1] && !p[3])
{
- VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION);
+ VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION|OPT_P_INLINE);
if (permission_mask & OPT_P_GENERAL)
{
- if (streq(p[1], INLINE_FILE_TAG) && p[2])
- {
- options->tls_crypt_v2_file_inline = p[2];
- }
options->tls_crypt_v2_file = p[1];
+ options->tls_crypt_v2_file_inline = is_inline;
}
else if (permission_mask & OPT_P_CONNECTION)
{
- if (streq(p[1], INLINE_FILE_TAG) && p[2])
- {
- options->ce.tls_crypt_v2_file_inline = p[2];
- }
options->ce.tls_crypt_v2_file = p[1];
+ options->ce.tls_crypt_v2_file_inline = is_inline;
}
}
else if (streq(p[0], "tls-crypt-v2-verify") && p[1] && !p[2])
--
2.26.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
