Fixed an issue where if reneg-sec was set to 0 on the client,

so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5
2024-09-20 12:02:28 +02:00 · 2010-03-06 15:38:23 +00:00 · 2010-03-06 15:38:23 +00:00 · 112e6704c9
commit 112e6704c9
parent 3a37ffbe89
1 changed files with 5 additions and 2 deletions
--- a/ssl.c
+++ b/ssl.c
@ -3702,9 +3702,12 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
 static int
 auth_deferred_expire_window (const struct tls_options *o)
 {
-  const int hw = o->handshake_window;
+  int ret = o->handshake_window;
  const int r2 = o->renegotiate_seconds / 2;
-  return min_int (hw, r2);
+
+  if (o->renegotiate_seconds && r2 < ret)
+    ret = r2;
+  return ret;
 }

 /*