diff options
author | Parménides GV <parmegv@sdf.org> | 2015-01-31 01:19:49 +0100 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2015-01-31 01:19:49 +0100 |
commit | c95a21a736fadb46685e051064b0ec1efdae667a (patch) | |
tree | 90c4af22d047b7297a66a9e623c86c5af63b12f6 /app/openvpn/src/openvpn/multi.c | |
parent | 1a4643dc08a86dcd9650afa2255945df14445f2d (diff) |
Updated ics-openvpn to rev 1020.
Improved build.gradle script.
Diffstat (limited to 'app/openvpn/src/openvpn/multi.c')
-rw-r--r-- | app/openvpn/src/openvpn/multi.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/app/openvpn/src/openvpn/multi.c b/app/openvpn/src/openvpn/multi.c index 90b3d2dc..b3688594 100644 --- a/app/openvpn/src/openvpn/multi.c +++ b/app/openvpn/src/openvpn/multi.c @@ -2125,17 +2125,20 @@ void multi_process_float (struct multi_context* m, struct multi_instance* mi) const uint32_t hv = hash_value (hash, &real); struct hash_bucket *bucket = hash_bucket (hash, hv); + /* make sure that we don't float to an address taken by another client */ struct hash_element *he = hash_lookup_fast (hash, bucket, &real, hv); if (he) { struct multi_instance *ex_mi = (struct multi_instance *) he->value; - const char *cn = tls_common_name (mi->context.c2.tls_multi, true); - const char *ex_cn = tls_common_name (ex_mi->context.c2.tls_multi, true); - if (cn && ex_cn && strcmp (cn, ex_cn)) + struct tls_multi *m1 = mi->context.c2.tls_multi; + struct tls_multi *m2 = ex_mi->context.c2.tls_multi; + + /* do not float if target address is taken by client with another cert */ + if (!cert_hash_compare(m1->locked_cert_hash_set, m2->locked_cert_hash_set)) { - msg (D_MULTI_MEDIUM, "prevent float to %s", - multi_instance_string (ex_mi, false, &gc)); + msg (D_MULTI_MEDIUM, "Disallow float to an address taken by another client %s", + multi_instance_string (ex_mi, false, &gc)); mi->context.c2.buf.len = 0; |