upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-05-28 04:03:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Mbed TLS: Error out if we have no valid tls-groups

Browse source 
Previously, when no valid groups were specified with the tls-groups
option, the Mbed TLS build of OpenVPN would start up and run, but fail
to complete a handshake, while the OpenSSL build would exit with an
error. This commit changes the behavior of the Mbed TLS build to match
the OpenSSL version.

Change-Id: Ica5f37e525c3812609021750ecd3986c1420e2a4
Signed-off-by: Max Fillinger <maximilian.fillinger@sentyron.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1633
Message-Id: <20260421055357.21708-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36699.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit b2e3e0f0cf)
This commit is contained in:
Max Fillinger 2026-04-21 07:53:50 +02:00 committed by Gert Doering
parent 6ad8be3f36
commit 573ccf82e9
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/openvpn/ssl_mbedtls.c
View file

@ -450,6 +450,12 @@ tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
}
}
/* Check if any groups were valid. */
if (i == 0)
{
msg(M_FATAL, "Error: All groups in \"%s\" are invalid or unsupported.", groups);
}
/* Recent mbedtls versions state that the list of groups must be terminated
* with 0. Older versions state that it must be terminated with MBEDTLS_ECP_DP_NONE
* which is also 0, so this works either way. */