Am 19.05.23 um 15:45 schrieb Selva Nair:
Hi,
While this bugfix should be merged, I'm a conflicted about the way these
two patches are split up. It just makes reviewing harder than it should
be. They actually form two independent changes but with one half
intersecting with the other for no
This function allows us to map from a management key id to a key structure
and also allows this function to be reused.
Patch v2: add message when key is not found.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_common.h | 20
src/openvpn/ssl_verify.c | 23
the management interface expects the management key id instead
of the openvpn key id. In the past they often were the same for low ids
which hid the bug quite well.
Also do not pick uninitialised keystates (management key_id is not valid
in these).
Patch v2: do not add logging
Change-Id:
While it might be clear to people being (too?) well versed in
typical crypto applications that an authentication failure probably
mean wrong decryption key, this is not really obvious for the typical
user/server admin.
Change-Id: If0f0e7d53f915d39ab69c43dc73bb9c26ae9
Signed-off-by: Arne