Hi, On Tue, Jul 19, 2022 at 10:07:15AM +0200, Antonio Quartulli wrote: > A server may push options that are not compatible with DCO. > In this case we should log a message and bail out. > > Signed-off-by: Antonio Quartulli <a...@unstable.cc>
This patch is fine as it is, but during discussion we found a missing
case - a server pushing "compress <something>".
There's basically (at least) 3 ways to handle this - so bringing this up for
discussion, and a future patch
- add "compress" to check_dco_pull_options()
- extend dco_check_option_conflict() to set "allow-compression no" (this
will make openvpn refuse all incoming "compress" configs on its own)
- or extend dco_check_option_conflict() to make "allow-compression asym/yes"
disable DCO
I tend to option 3 - default for allow-compression is "no" anyway with
2.6, so if you have this in your config, compression could show up in
a ccd/ file or pushed -> no DCO for you.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
