On Wed, Oct 12, 2016 at 3:32 AM, Steffan Karger <stef...@karger.me> wrote:
> Currently, if --ncp-ciphers contains an invalid cipher, OpenVPN will only
> error out when that cipher is selected by negotiation. That's not very
> friendly to the user, so check the list on startup, and give a clear error
> message immediately.
>
> This patches changes the cipher_kt_get() to let the caller decide what
> action to take if no valid cipher was found. This enables us to print all
> invalid ciphers in the list, instead of just the first invalid cipher.
>
> This should fix trac #737.
>
> v2: improve tls_check_ncp_cipher_list() with Selva's review suggestions.
>
> Signed-off-by: Steffan Karger <stef...@karger.me>
> ---
> src/openvpn/crypto.c | 5 +++++
> src/openvpn/crypto_backend.h | 3 ++-
> src/openvpn/crypto_mbedtls.c | 15 ++++++++++-----
> src/openvpn/crypto_openssl.c | 17 ++++++++++++-----
> src/openvpn/options.c | 5 +++++
> src/openvpn/ssl.c | 22 ++++++++++++++++++++++
> src/openvpn/ssl.h | 9 +++++++++
> 7 files changed, 65 insertions(+), 11 deletions(-)
Looks good now. ACK.
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
