Menu
▾
▴
Re: [Openvpn-devel] [PATCH] Fix --management-external-key in 2.3alpha
|
From: David S. <ope...@to...> - 2012-06-28 19:33:28
|
On 28/06/12 19:44, Arne Schwabe wrote:
>
> Just a quick patch which fixes --management-external-key, which I need
> for a cleaner way to access Android key store.
>
(please, don't attach the patches as attachments - rather send them as plain text mail, easier to review and far easier for me to process these patches afterwards when including them - git send-email is easy to set up, which does everything correct instantly)
I think I found a bug in your patch ...
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 367c1bc..a5f323d 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2709,6 +2709,9 @@ options_postprocess_filechecks (struct options *options)
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->cert_file, R_OK, "--cert");
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->extra_certs_file, R_OK,
"--extra-certs");
+#ifdef MANAGMENT_EXTERNAL_KEY
+ if(!(options->management_flags | MF_EXTERNAL_KEY))
^^^
I believe this should the '|' should be '&' instead. At least, it doesn't work so well when I don't change it.
What do you think?
My tests are:
./src/openvpn/openvpn --dev tun --tls-client --ca sample/sample-keys/ca.crt --cert sample/sample-keys/client.crt --management 127.0.0.1 1234 --remote 127.0.0.1 --key non-existing-file
(this should fail with a "file not found" error)
and
./src/openvpn/openvpn --dev tun --tls-client --ca sample/sample-keys/ca.crt --cert sample/sample-keys/client.crt --management 127.0.0.1 1234 --remote 127.0.0.1 --key non-existing-file --management-external-key
But ... is it expected to pass --key if you use --management-external-key? I probably don't know enough about this --management-external-key feature, so I might be wrong.
kind regards,
David Sommerseth
|
