Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
bugfix: condition for incomplete ESP config with GP was inverted
Fixes #227. Messed this up in https://gitlab.com/openconnect/openconnect/-/commit/edb1591f313167df4b708123e338975335b55203

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
dlenski committed Mar 7, 2021
1 parent ca7bc36 commit 2dd0cba
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion gpst.c
Expand Up @@ -601,7 +601,7 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_
else if (!xmlnode_get_val(member, "ipsec-mode", &s) && strcmp(s, "esp-tunnel"))
vpn_progress(vpninfo, PRG_ERR, _("GlobalProtect config sent ipsec-mode=%s (expected esp-tunnel)\n"), s);
}
if (vpninfo->esp_enc > 0 && vpninfo->esp_hmac > 0 && vpninfo->enc_key_len > 0 && vpninfo->hmac_key_len > 0)
if (!(vpninfo->esp_enc > 0 && vpninfo->esp_hmac > 0 && vpninfo->enc_key_len > 0 && vpninfo->hmac_key_len > 0))
vpn_progress(vpninfo, PRG_ERR, "Server's ESP configuration is incomplete or uses unknown algorithms.\n");
else if (openconnect_setup_esp_keys(vpninfo, 0))
vpn_progress(vpninfo, PRG_ERR, "Failed to setup ESP keys.\n");
Expand Down

0 comments on commit 2dd0cba

Please sign in to comment.