Added server-side --opt-verify option: clients that connect

with options that are incompatible with those of the server will be disconnected. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3505 e7ae566f-a301-0410-adde-c780ea21d3b5
author: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2008-11-18 03:22:52 +0000
committer: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2008-11-18 03:22:52 +0000
commit: 09cc9c81c8e57a21395de4848baaa8213627d3c6 (patch)
tree: 4d17f28cb5eaf0c24168282dd742c2da1c6b95cf /ssl.c
parent: Added --prng option to control PRNG (pseudo-random (diff)
download: openvpn-09cc9c81c8e57a21395de4848baaa8213627d3c6.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl.c b/ssl.c
index f289af0..c6caf2a 100644
--- a/ssl.c
+++ b/ssl.c
@@ -3465,6 +3465,11 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
       !options_cmp_equal (options, session->opt->remote_options))
     {
       options_warning (options, session->opt->remote_options);
+      if (session->opt->ssl_flags & SSLF_OPT_VERIFY)
+	{
+	  msg (D_TLS_ERRORS, "Option inconsistency warnings triggering disconnect due to --opt-verify");
+	  ks->authenticated = false;
+	}
     }
 #endif
author	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2008-11-18 03:22:52 +0000
committer	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2008-11-18 03:22:52 +0000
commit	09cc9c81c8e57a21395de4848baaa8213627d3c6 (patch)
tree	4d17f28cb5eaf0c24168282dd742c2da1c6b95cf /ssl.c
parent	Added --prng option to control PRNG (pseudo-random (diff)
download	openvpn-09cc9c81c8e57a21395de4848baaa8213627d3c6.tar.xz