Hi,
On Mon, Aug 02, 2021 at 01:55:21PM +0200, Arne Schwabe wrote:
> +static void
> +options_set_backwards_compatible_options(struct options *o)
> +{
> + /* TLS min version is not set */
> + if ((o->ssl_flags & SSLF_TLS_VERSION_MIN_MASK) == 0)
> + {
> + if (!need_compatibility(o, 203070))
[..]
> + else if (streq(p[0], "compat-mode") && p[1] && !p[3])
> + {
> + unsigned int major, minor, patch;
> + if (!(sscanf(p[1], "%u.%u.%u", &major, &minor, &patch) == 3))
> + {
> + msg(msglevel, "cannot parse version number for -compat-mode:
> %s", p[1]);
> + goto err;
> + }
> +
> + options->backwards_compatible = major * 10000 + minor * 100 + patch;
> + }
I think the math is wrong here.
If I try this out with "9.9.9", I arrive at 9*10000+9*100+9 = 90909, which
is way below "203070". So whatever you specify here will always cause
"enable backwards compat before 2.3.7".
Thus, NAK on v2...
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
