Am 24.06.22 um 10:37 schrieb Antonio Quartulli:
+ ASSERT(!primary || primary->dco_status != DCO_NOT_INSTALLED);
It would to be good to explain this assertion. I just spend too long understanding it and I understand the code. Something along the lines that we expect that primary key has been installed before here.
This code might also be subject to very unlikely (maybe not even possible) race condition.
When deferred auth is active and the deferred auth just happens at the edge of the window before timing out tls_select_encryption_key /might/ already return the new key without it having been a valid secondary key before. But maybe we fail for the timeout check before.
Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
