aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-12-05 04:00:00 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-12-05 04:00:00 +0000
commitbed73623cdfc21c3fb9742f47935598705860254 (patch)
treea5ad20c653f4c1887e4c478e5b4f325e92a6340a
parentPatch to support --topology subnet on Mac OS X (Mathias Sundman). (diff)
downloadopenvpn-bed73623cdfc21c3fb9742f47935598705860254.tar.xz
Fixed segfault that occurred if remote_cert_eku is undefined and no
server certificate verification method was enabled. Don't declare pkcs11 variables in struct options unless pkcs11 support is enabled. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@833 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--init.c2
-rw-r--r--options.h4
2 files changed, 5 insertions, 1 deletions
diff --git a/init.c b/init.c
index 20b6d8b..b4ff6cd 100644
--- a/init.c
+++ b/init.c
@@ -1671,7 +1671,7 @@ do_option_warnings (struct context *c)
&& !o->tls_verify
&& !o->tls_remote
&& !(o->ns_cert_type & NS_SSL_SERVER)
- && !o->remote_cert_eku[0])
+ && (o->remote_cert_eku == NULL || !o->remote_cert_eku[0]))
msg (M_WARN, "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.");
#endif
#endif
diff --git a/options.h b/options.h
index 32e511c..3c3c202 100644
--- a/options.h
+++ b/options.h
@@ -396,6 +396,8 @@ struct options
int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */
unsigned remote_cert_ku[MAX_PARMS];
const char *remote_cert_eku;
+
+#ifdef ENABLE_PKCS11
const char *pkcs11_providers[MAX_PARMS];
const char *pkcs11_sign_mode[MAX_PARMS];
const char *pkcs11_slot_type;
@@ -405,6 +407,8 @@ struct options
int pkcs11_pin_cache_period;
bool pkcs11_protected_authentication;
bool pkcs11_cert_private;
+#endif
+
#ifdef WIN32
const char *cryptoapi_cert;
#endif