upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-05-28 04:03:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

make --tls-remote compatible with pre 2.3 configs

Browse source 
In openvpn 2.3.0 the semantics of the --tls-remote option changed.
That broke more configurations than anticipated. To not break
configurations that use --tls-remote with a legacy OpenSSL style DN
anymore, it is now detected when such a DN is configured. When
necessary the --compat-names option is then automatically enabled.

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1361526263-1740-3-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7366
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit ad532bba89)
This commit is contained in:
Heiko Hund 2013-02-22 10:44:21 +01:00 committed by Gert Doering
parent c86d09c7c1
commit 0f92b3b417
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/openvpn/options.c
View file

@ -6528,6 +6528,12 @@ add_option (struct options *options,
else if (streq (p[0], "tls-remote") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
/*
* Enable legacy openvpn format for DNs that have not been converted
* yet and X.509 common names (not containing an '=' or ', ')
*/
if (p[1][0] == '/' || !strchr (p[1], '=') || !strstr (p[1], ", "))
compat_flag (COMPAT_FLAG_SET | COMPAT_NAMES);
options->tls_remote = p[1];
}
else if (streq (p[0], "ns-cert-type") && p[1])