Your patch has been applied to the master branch.
As discussed with Antonion on IRC, we have no real testbed to test this
code change ("connect to server A that pushes options, disconnect, then
connect to server B that *does not* push anything"). I did some manual
tests with
- a client config that has multiple <connection> entries, to servers
that push different cipher settings or have OCC or nothing.
- using the client management interface and SIGHUP/SIGUSR1, remote SKIP,
remote ACCEPT to "walk to the next server"
- talk to a NCP enabled server, which pushes "cipher AES-256-GCM"
- then talk to a 2.3 server with --enable-small, which does not
understand NCP or OCC -> client falls back to o->ciphername
(by means of data-cipher-fallback), using "cipher BF-CBC",
*if properly restored*
- using SIGUSR1, things actually break (server A pushes "compress lz4",
server B does not do that, but the client still is in "LZ4 mode",
logs "Bad LZ4 decompression header byte: 250"). But this is an older
issue (my test candidate is f6dca235ae560597, which is before this
patch set) - and Arne already found that this is is because we neglect
to *save* compression settings in options_pre_pull...
- using SIGHUP, things work
In addition to this, the patch survived a very close stare-at-code and
extensive t_client runs :-)
commit 7064ccb9fd3578c0b25713b1c8e620ad9449f7f4
Author: Arne Schwabe
Date: Wed Mar 17 17:00:37 2021 +0100
Move NCP saving and restore to the prepush restore code
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: Antonio Quartulli <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg21674.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
