Am 24.08.22 um 13:38 schrieb Frank Lichtenheld:
On Wed, Aug 24, 2022 at 12:46:07PM +0200, Arne Schwabe wrote:
With delayed data key generation now with deferred auth, NCP and similar
mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown
much too frequent and confuses a lot of people.
This also removes the dead code of printing multi not ready keys and
replace it with an assert.
Factor out printing of error messages into an extra function to make
the code easier to understand and also to only call into that function
in the case that a key is not found and avoid the overhead.
Patch v2: fix comparing key_id to state value, improve message
Okay, less confusing. But I still don't understand why we loop over all keys
without checking the ks->key_id?
Seems to be an oversight, you are right. Will send a v3.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
