On 21/03/2021 13:56, Arne Schwabe wrote:
Am 20.03.21 um 14:20 schrieb David Sommerseth:On 19/03/2021 16:31, Arne Schwabe wrote:This option allow migration to a non compression server config while still retraining compatibility with client that have a compression setting in their config.For existing setups that used to have comp-lzo no or another compression setting in their configs it is a difficult to migrate to a setup without compression without replacing all client configs at once especially if OpenVPN 2.3 or earlier clients are in the mix that do not support pushing stub-v2. Even with OpenVPN 2.4 and later clients that support pushing this is not a satisfying solution as the clients log occ mismatches and the "push stub-v2" needs to be in the server config "forever". Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- doc/man-sections/protocol-options.rst | 12 +++- src/openvpn/comp.h | 1 + src/openvpn/multi.c | 41 +++++++++++++ src/openvpn/options.c | 6 ++ src/openvpn/ssl.c | 34 ++++++++++- src/openvpn/ssl_common.h | 1 + src/openvpn/ssl_util.c | 43 ++++++++++++++ src/openvpn/ssl_util.h | 15 +++++ tests/unit_tests/openvpn/Makefile.am | 14 ++++- tests/unit_tests/openvpn/test_misc.c | 83 +++++++++++++++++++++++++++ 10 files changed, 245 insertions(+), 5 deletions(-) create mode 100644 tests/unit_tests/openvpn/test_misc.cThis fails compiling: ../../../src/openvpn/ssl.c: In function ‘key_method_2_write’: ../../../src/openvpn/ssl.c:2280:13: error: ‘multi’ undeclared (first use in this function) if (multi->remote_usescomp && session->opt->mode == MODE_SERVER ^~~~~ ../../../src/openvpn/ssl.c:2280:13: note: each undeclared identifier is reported only once for each function it appears in make[3]: *** [Makefile:742: ssl.o] Error 1Oh the fun of rebasing. The multi argument was added by another patch. Can you just the small patch to review the rest of the patch?: static bool -key_method_2_write(struct buffer *buf, struct tls_session *session) +key_method_2_write(struct buffer *buf, struct tls_multi *multi, struct tls_session *session) { struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */ @@ -2856,7 +2856,7 @@ tls_process(struct tls_multi *multi, if (!buf->len && ((ks->state == S_START && !session->opt->server) || (ks->state == S_GOT_KEY && session->opt->server))) { - if (!key_method_2_write(buf, session)) + if (!key_method_2_write(buf, multi, session)) { goto error; }
I'll give this a spin and continue the review. Thx! -- kind regards, David Sommerseth OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel