diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2009-10-25 15:51:04 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2009-10-25 15:51:04 +0000 |
commit | ec4a500bb4f0c642fb4e013387d97aab3c516372 (patch) | |
tree | c56bc3a8991d0afe025e946f8a6b61296487dde7 /multi.c | |
parent | Change to doval valgrind script. The openvpn command parameter is now (diff) | |
download | openvpn-ec4a500bb4f0c642fb4e013387d97aab3c516372.tar.xz |
On server, lock client-provided certs against mid-session TLS
renegotiations -- this is similer to how the common name is also
locked.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5105 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | multi.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1458,8 +1458,9 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi ASSERT (mi->context.c1.tuntap); - /* lock down the common name so it can't change during future TLS renegotiations */ + /* lock down the common name and cert hashes so they can't change during future TLS renegotiations */ tls_lock_common_name (mi->context.c2.tls_multi); + tls_lock_cert_hash_set (mi->context.c2.tls_multi); /* generate a msg() prefix for this client instance */ generate_prefix (mi); |