OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-07 20:55:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

Manually reformat some long trailing comments

Browse Source 
When trying to reformat the code with a formatter
that actually checks line-lengths, these never
come out nice otherwise.

Change-Id: I7f0ba2261b61f6eed511cbd8bb2e880d774d1365
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250505105449.18826-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31561.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Frank Lichtenheld 2025-05-05 12:54:43 +02:00 committed by Gert Doering
parent b736e3fa98
commit eef30e6e72
9 changed files with 152 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sample/sample-plugins/simple/base64.c
View File

@ -31,10 +31,14 @@
#define PLUGIN_NAME "base64.c"
/* Exported plug-in v3 API functions */
plugin_log_t ovpn_log = NULL; /**< Pointer to the OpenVPN log function. See plugin_log() */
plugin_vlog_t ovpn_vlog = NULL; /**< Pointer to the OpenVPN vlog function. See plugin_vlog() */
plugin_base64_encode_t ovpn_base64_encode = NULL; /**< Pointer to the openvpn_base64_encode () function */
plugin_base64_decode_t ovpn_base64_decode = NULL; /**< Pointer to the openvpn_base64_decode () function */
/** Pointer to the OpenVPN log function. See plugin_log() */
plugin_log_t ovpn_log = NULL;
/** Pointer to the OpenVPN vlog function. See plugin_vlog() */
plugin_vlog_t ovpn_vlog = NULL;
/** Pointer to the openvpn_base64_encode () function */
plugin_base64_encode_t ovpn_base64_encode = NULL;
/** Pointer to the openvpn_base64_decode () function */
plugin_base64_decode_t ovpn_base64_decode = NULL;
/**
* Search the environment pointer for a specific env var name

32
src/openvpn/comp.h
View File

@ -36,20 +36,27 @@
#define COMP_F_ADAPTIVE (1<<0) / * COMP_ALG_LZO only * /
#define COMP_F_ALLOW_COMPRESS (1<<1) / * not only incoming is compressed but also outgoing * /
*/
#define COMP_F_SWAP (1<<2) /* initial command byte is swapped with last byte in buffer to preserve payload alignment */
#define COMP_F_ADVERTISE_STUBS_ONLY (1<<3) /* tell server that we only support compression stubs */
#define COMP_F_ALLOW_STUB_ONLY (1<<4) /* Only accept stub compression, even with COMP_F_ADVERTISE_STUBS_ONLY
* we still accept other compressions to be pushed */
#define COMP_F_MIGRATE (1<<5) /* push stub-v2 or comp-lzo no when we see a client with comp-lzo in occ */
#define COMP_F_ALLOW_ASYM (1<<6) /* Compression was explicitly set to allow asymetric compression */
#define COMP_F_ALLOW_NOCOMP_ONLY (1<<7) /* Do not allow compression framing (breaks DCO) */
/** initial command byte is swapped with last byte in buffer to preserve payload alignment */
#define COMP_F_SWAP (1<<2)
/** tell server that we only support compression stubs */
#define COMP_F_ADVERTISE_STUBS_ONLY (1<<3)
/** Only accept stub compression, even with COMP_F_ADVERTISE_STUBS_ONLY
* we still accept other compressions to be pushed */
#define COMP_F_ALLOW_STUB_ONLY (1<<4)
/** push stub-v2 or comp-lzo no when we see a client with comp-lzo in occ */
#define COMP_F_MIGRATE (1<<5)
/** Compression was explicitly set to allow asymetric compression */
#define COMP_F_ALLOW_ASYM (1<<6)
/** Do not allow compression framing (breaks DCO) */
#define COMP_F_ALLOW_NOCOMP_ONLY (1<<7)
/* algorithms */
#define COMP_ALG_UNDEF 0
#define COMP_ALG_STUB 1 /* support compression command byte and framing without actual compression */
#define COMP_ALG_LZO 2 /* LZO algorithm */
#define COMP_ALG_SNAPPY 3 /* Snappy algorithm (no longer supported) */
#define COMP_ALG_LZ4 4 /* LZ4 algorithm */
/** support compression command byte and framing without actual compression */
#define COMP_ALG_STUB 1
#define COMP_ALG_LZO 2 /**< LZO algorithm */
#define COMP_ALG_SNAPPY 3 /**< Snappy algorithm (no longer supported) */
#define COMP_ALG_LZ4 4 /**< LZ4 algorithm */
/* algorithm v2 */
@ -106,7 +113,8 @@ check_compression_settings_valid(struct compress_options *info, int msglevel);
#define LZO_COMPRESS_BYTE 0x66
#define LZ4_COMPRESS_BYTE 0x69
#define NO_COMPRESS_BYTE 0xFA
#define NO_COMPRESS_BYTE_SWAP 0xFB /* to maintain payload alignment, replace this byte with last byte of packet */
/** to maintain payload alignment, replace this byte with last byte of packet */
#define NO_COMPRESS_BYTE_SWAP 0xFB
/* V2 on wire code */
#define COMP_ALGV2_INDICATOR_BYTE 0x50

6
src/openvpn/errlevel.h
View File

@ -143,7 +143,7 @@
#define D_PACKET_TRUNC_DEBUG LOGLEV(7, 70, M_DEBUG) /* PACKET_TRUNCATION_CHECK verbose */
#define D_PING LOGLEV(7, 70, M_DEBUG) /* PING send/receive messages */
#define D_PS_PROXY_DEBUG LOGLEV(7, 70, M_DEBUG) /* port share proxy debug */
#define D_TLS_KEYSELECT LOGLEV(7, 70, M_DEBUG) /* show information on key selection for data channel */
#define D_TLS_KEYSELECT LOGLEV(7, 70, M_DEBUG) /* show key selection for data channel */
#define D_ARGV_PARSE_CMD LOGLEV(7, 70, M_DEBUG) /* show parse_line() errors in argv_parse_cmd */
#define D_CRYPTO_DEBUG LOGLEV(7, 70, M_DEBUG) /* show detailed info from crypto.c routines */
#define D_PID_DEBUG LOGLEV(7, 70, M_DEBUG) /* show packet-id debugging info */
@ -153,7 +153,7 @@
#define D_VLAN_DEBUG LOGLEV(7, 74, M_DEBUG) /* show VLAN tagging/untagging debug info */
#define D_HANDSHAKE_VERBOSE LOGLEV(8, 70, M_DEBUG) /* show detailed description of each handshake */
#define D_HANDSHAKE_VERBOSE LOGLEV(8, 70, M_DEBUG) /* show detailed description of handshake */
#define D_TLS_DEBUG_MED LOGLEV(8, 70, M_DEBUG) /* limited info from tls_session routines */
#define D_INTERVAL LOGLEV(8, 70, M_DEBUG) /* show interval.h debugging info */
#define D_SCHEDULER LOGLEV(8, 70, M_DEBUG) /* show scheduler debugging info */
@ -168,7 +168,7 @@
#define D_PACKET_CONTENT LOGLEV(9, 70, M_DEBUG) /* show before/after encryption packet content */
#define D_TLS_NO_SEND_KEY LOGLEV(9, 70, M_DEBUG) /* show when no data channel send-key exists */
#define D_PID_PERSIST_DEBUG LOGLEV(9, 70, M_DEBUG) /* show packet-id persist debugging info */
#define D_LINK_RW_VERBOSE LOGLEV(9, 70, M_DEBUG) /* show link reads/writes with greater verbosity */
#define D_LINK_RW_VERBOSE LOGLEV(9, 70, M_DEBUG) /* increase link reads/writes verbosity */
#define D_STREAM_DEBUG LOGLEV(9, 70, M_DEBUG) /* show TCP stream debug info */
#define D_WIN32_IO LOGLEV(9, 70, M_DEBUG) /* win32 I/O debugging info */
#define D_PKCS11_DEBUG LOGLEV(9, 70, M_DEBUG) /* show PKCS#11 debugging */

109
src/openvpn/fragment.h
View File

@ -92,25 +92,28 @@ struct fragment {
* List of fragment structures for reassembling multiple incoming packets
* concurrently.
*/
struct fragment_list {
int seq_id; /**< Highest fragmentation sequence ID of
* the packets currently being
* reassembled. */
int index; /**< Index of the packet being reassembled
* with the highest fragmentation
* sequence ID into the \c
* fragment_list.fragments array. */
struct fragment_list
{
/** Highest fragmentation sequence ID of
* the packets currently being
* reassembled. */
int seq_id;
/** Index of the packet being reassembled
* with the highest fragmentation
* sequence ID into the \c
* fragment_list.fragments array. */
int index;
/** Array of reassembly structures, each can contain one whole packet.
*
* The fragmentation sequence IDs of the packets being reassembled in
* this array are linearly increasing. \c
* fragment_list.fragments[fragment_list.index] has an ID of \c
* fragment_list.seq_id. This means that one of these \c fragment_list
* structures can at any one time contain at most packets with the
* fragmentation sequence IDs in the range \c fragment_list.seq_id \c -
* \c N_FRAG_BUF \c + \c 1 to \c fragment_list.seq_id, inclusive.
*/
/** Array of reassembly structures, each can contain one whole packet.
*
* The fragmentation sequence IDs of the packets being reassembled in
* this array are linearly increasing. \c
* fragment_list.fragments[fragment_list.index] has an ID of \c
* fragment_list.seq_id. This means that one of these \c fragment_list
* structures can at any one time contain at most packets with the
* fragmentation sequence IDs in the range \c fragment_list.seq_id \c -
* \c N_FRAG_BUF \c + \c 1 to \c fragment_list.seq_id, inclusive.
*/
struct fragment fragments[N_FRAG_BUF];
};
@ -149,9 +152,7 @@ struct fragment_master {
* the remote OpenVPN peer can determine
* which parts belong to which original
* packet. */
#define MAX_FRAG_PKT_SIZE 65536
/**< (Not used) Maximum packet size before
* fragmenting. */
#define MAX_FRAG_PKT_SIZE 65536 /**< (Not used) Maximum packet size before fragmenting. */
int outgoing_frag_size; /**< Size in bytes of each part to be
* sent, except for the last part which
* may be smaller.
@ -183,45 +184,37 @@ struct fragment_master {
/**************************************************************************/
/** @name Fragment header
* @todo Add description of %fragment header format.
*//** @{ *//*************************************/
*/
/** @{ */ /*************************************/
typedef uint32_t fragment_header_type;
/**< Fragmentation information is stored in
* a 32-bit packet header. */
/**< Fragmentation information is stored in a 32-bit packet header. */
#define hton_fragment_header_type(x) htonl(x)
/**< Convert a fragment_header_type from
* host to network order. */
/**< Convert a fragment_header_type from host to network order. */
#define ntoh_fragment_header_type(x) ntohl(x)
/**< Convert a \c fragment_header_type
* from network to host order. */
/**< Convert a \c fragment_header_type from network to host order. */
#define FRAG_TYPE_MASK 0x00000003
/**< Bit mask for %fragment type info. */
#define FRAG_TYPE_SHIFT 0 /**< Bit shift for %fragment type info. */
#define FRAG_TYPE_MASK 0x00000003 /**< Bit mask for %fragment type info. */
#define FRAG_TYPE_SHIFT 0 /**< Bit shift for %fragment type info. */
#define FRAG_WHOLE 0 /**< Fragment type indicating packet is
* whole. */
#define FRAG_YES_NOTLAST 1 /**< Fragment type indicating packet is
* part of a fragmented packet, but not
* the last part in the sequence. */
#define FRAG_YES_LAST 2 /**< Fragment type indicating packet is
* the last part in the sequence of
* parts. */
#define FRAG_TEST 3 /**< Fragment type not implemented yet.
* In the future might be used as a
* control packet for establishing MTU
* size. */
#define FRAG_WHOLE 0 /**< Fragment type indicating packet is whole. */
#define FRAG_YES_NOTLAST 1
/**< Fragment type indicating packet is part of a fragmented packet, but not
* the last part in the sequence. */
#define FRAG_YES_LAST 2
/**< Fragment type indicating packet is the last part in the sequence of parts. */
#define FRAG_TEST 3
/**< Fragment type not implemented yet.
* In the future might be used as a control packet for establishing MTU size. */
#define FRAG_SEQ_ID_MASK 0x000000ff
/**< Bit mask for %fragment sequence ID. */
#define FRAG_SEQ_ID_SHIFT 2 /**< Bit shift for %fragment sequence ID. */
#define FRAG_SEQ_ID_MASK 0x000000ff /**< Bit mask for %fragment sequence ID. */
#define FRAG_SEQ_ID_SHIFT 2 /**< Bit shift for %fragment sequence ID. */
#define FRAG_ID_MASK 0x0000001f /**< Bit mask for %fragment ID. */
#define FRAG_ID_SHIFT 10 /**< Bit shift for %fragment ID. */
#define FRAG_ID_MASK 0x0000001f
/**< Bit mask for %fragment ID. */
#define FRAG_ID_SHIFT 10
/**< Bit shift for %fragment ID. */
/*
* FRAG_SIZE 14 bits
@ -232,12 +225,10 @@ typedef uint32_t fragment_header_type;
* max_frag_size is only sent over the wire if FRAG_LAST is set. Otherwise it is assumed
* to be the actual %fragment size received.
*/
#define FRAG_SIZE_MASK 0x00003fff
/**< Bit mask for %fragment size. */
#define FRAG_SIZE_SHIFT 15
/**< Bit shift for %fragment size. */
#define FRAG_SIZE_ROUND_SHIFT 2 /**< Bit shift for %fragment size rounding. */
#define FRAG_SIZE_ROUND_MASK ((1 << FRAG_SIZE_ROUND_SHIFT) - 1)
#define FRAG_SIZE_MASK 0x00003fff /**< Bit mask for %fragment size. */
#define FRAG_SIZE_SHIFT 15 /**< Bit shift for %fragment size. */
#define FRAG_SIZE_ROUND_SHIFT 2 /**< Bit shift for %fragment size rounding. */
#define FRAG_SIZE_ROUND_MASK ((1 << FRAG_SIZE_ROUND_SHIFT) - 1)
/**< Bit mask for %fragment size rounding. */
/*
@ -245,10 +236,8 @@ typedef uint32_t fragment_header_type;
*
* IF FRAG_WHOLE or FRAG_YES_NOTLAST, these 16 bits are available (not currently used)
*/
#define FRAG_EXTRA_MASK 0x0000ffff
/**< Bit mask for extra bits. */
#define FRAG_EXTRA_SHIFT 15
/**< Bit shift for extra bits. */
#define FRAG_EXTRA_MASK 0x0000ffff /**< Bit mask for extra bits. */
#define FRAG_EXTRA_SHIFT 15 /**< Bit shift for extra bits. */
/** @} name Fragment header *//********************************************/

9
src/openvpn/init.c
View File

@ -983,7 +983,8 @@ init_options_dev(struct options *options)
{
if (!options->dev && options->dev_node)
{
char *dev_node = string_alloc(options->dev_node, NULL); /* POSIX basename() implementations may modify its arguments */
/* POSIX basename() implementations may modify its arguments */
char *dev_node = string_alloc(options->dev_node, NULL);
options->dev = basename(dev_node);
}
}
@ -2572,12 +2573,14 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
}
else
{
initialization_sequence_completed(c, error_flags); /* client/p2p --route-delay undefined */
/* client/p2p --route-delay undefined */
initialization_sequence_completed(c, error_flags);
}
}
else if (c->options.mode == MODE_POINT_TO_POINT)
{
initialization_sequence_completed(c, error_flags); /* client/p2p restart with --persist-tun */
/* client/p2p restart with --persist-tun */
initialization_sequence_completed(c, error_flags);
}
tls_print_deferred_options_results(c);

9
src/openvpn/manage.c
View File

@ -3447,7 +3447,8 @@ management_event_loop_n_seconds(struct management *man, int sec)
const bool standalone_disabled_save = man->persist.standalone_disabled;
time_t expire = 0;
man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
/* This is so M_CLIENT messages will be correctly passed through msg() */
man->persist.standalone_disabled = false;
/* set expire time */
update_time();
@ -3510,7 +3511,8 @@ management_query_user_pass(struct management *man,
unsigned int up_query_mode = 0;
const char *sc = NULL;
ret = true;
man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
/* This is so M_CLIENT messages will be correctly passed through msg() */
man->persist.standalone_disabled = false;
man->persist.special_state_msg = NULL;
CLEAR(man->connection.up_query);
@ -3634,7 +3636,8 @@ management_query_multiline(struct management *man,
if (man_standalone_ok(man))
{
man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
/* This is so M_CLIENT messages will be correctly passed through msg() */
man->persist.standalone_disabled = false;
man->persist.special_state_msg = NULL;
*state = EKS_SOLICIT;

12
src/openvpn/misc.h
View File

@ -114,12 +114,14 @@ struct static_challenge_info {};
#define GET_USER_PASS_NEED_STR (1<<5)
#define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6)
#define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */
#define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */
#define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /**< CRV1 protocol -- dynamic challenge */
#define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /**< SCRV1 protocol -- static challenge */
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /**< SCRV1 protocol -- echo response */
#define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT (1<<11) /* indicates password and response should be concatenated */
/** indicates that auth_file is actually inline creds */
#define GET_USER_PASS_INLINE_CREDS (1<<10)
/** indicates password and response should be concatenated */
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT (1<<11)
/**
* Retrieves the user credentials from various sources depending on the flags.

3
src/openvpn/options.c
View File

@ -853,7 +853,8 @@ init_options(struct options *o, const bool init_gc)
o->tuntap_options.ip_win32_type = IPW32_SET_DHCP_MASQ;
#endif
o->tuntap_options.dhcp_lease_time = 31536000; /* one year */
o->tuntap_options.dhcp_masq_offset = 0; /* use network address as internal DHCP server address */
/* use network address as internal DHCP server address */
o->tuntap_options.dhcp_masq_offset = 0;
o->route_method = ROUTE_METHOD_ADAPTIVE;
o->block_outside_dns = false;
o->windows_driver = WINDOWS_DRIVER_UNSPECIFIED;

94
src/openvpn/ssl_common.h
View File

@ -75,10 +75,10 @@
*
* @{
*/
#define S_ERROR (-2) /**< Error state. */
#define S_ERROR_PRE (-1) /**< Error state but try to send out alerts
* before killing the keystore and moving
* it to S_ERROR */
#define S_ERROR (-2) /**< Error state. */
#define S_ERROR_PRE (-1) /**< Error state but try to send out alerts
* before killing the keystore and moving
* it to S_ERROR */
#define S_UNDEF 0 /**< Undefined state, used after a \c
* key_state is cleaned up. */
#define S_INITIAL 1 /**< Initial \c key_state state after
@ -567,18 +567,22 @@ struct tls_session
* tls_session reaches S_ACTIVE, this state machine moves to CAS_PENDING (server)
* or CAS_CONNECT_DONE (client/p2p) as clients skip the stages associated with
* connect scripts/plugins */
enum multi_status {
enum multi_status
{
CAS_NOT_CONNECTED,
CAS_WAITING_AUTH, /**< Initial TLS connection established but deferred auth is not yet finished */
CAS_PENDING, /**< Options import (Connect script/plugin, ccd,...) */
CAS_PENDING_DEFERRED, /**< Waiting on an async option import handler */
CAS_PENDING_DEFERRED_PARTIAL, /**< at least handler succeeded but another is still pending */
CAS_FAILED, /**< Option import failed or explicitly denied the client */
CAS_WAITING_OPTIONS_IMPORT, /**< client with pull or p2p waiting for first time options import */
CAS_RECONNECT_PENDING, /**< session has already successful established (CAS_CONNECT_DONE)
* but has a reconnect and needs to redo some initialisation, this state is
* similar CAS_WAITING_OPTIONS_IMPORT but skips a few things. The normal connection
* skips this step. */
CAS_WAITING_AUTH, /**< Initial TLS connection established but deferred auth is not yet finished
*/
CAS_PENDING, /**< Options import (Connect script/plugin, ccd,...) */
CAS_PENDING_DEFERRED, /**< Waiting on an async option import handler */
CAS_PENDING_DEFERRED_PARTIAL, /**< at least handler succeeded but another is still pending */
CAS_FAILED, /**< Option import failed or explicitly denied the client */
CAS_WAITING_OPTIONS_IMPORT, /**< client with pull or p2p waiting for first time options import
*/
/** session has already successful established (CAS_CONNECT_DONE) but has a
* reconnect and needs to redo some initialisation, this state is similar
* CAS_WAITING_OPTIONS_IMPORT but skips a few things. The normal connection
* skips this step. */
CAS_RECONNECT_PENDING,
CAS_CONNECT_DONE,
};
@ -626,8 +630,9 @@ struct tls_multi
int n_hard_errors; /* errors due to TLS negotiation failure */
int n_soft_errors; /* errors due to unrecognized or failed-to-authenticate incoming packets */
/*
* Our locked common name, username, and cert hashes (cannot change during the life of this tls_multi object)
/**
* Our locked common name, username, and cert hashes
* (cannot change during the life of this tls_multi object)
*/
char *locked_cn;
@ -642,43 +647,46 @@ struct tls_multi
struct cert_hash_set *locked_cert_hash_set;
/** Time of last when we updated the cached state of
/**
* Time of last when we updated the cached state of
* tls_authentication_status deferred files */
time_t tas_cache_last_update;
/** The number of times we updated the cache */
unsigned int tas_cache_num_updates;
/*
* An error message to send to client on AUTH_FAILED
*/
/** An error message to send to client on AUTH_FAILED */
char *client_reason;
/*
/**
* A multi-line string of general-purpose info received from peer
* over control channel.
*/
char *peer_info;
char *auth_token; /**< If server sends a generated auth-token,
* this is the token to use for future
* user/pass authentications in this session.
*/
char *auth_token_initial;
/**< The first auth-token we sent to a client. We use this to remember
/**
* If server sends a generated auth-token,
* this is the token to use for future
* user/pass authentications in this session.
*/
char *auth_token;
/**
* The first auth-token we sent to a client. We use this to remember
* the session ID and initial timestamp when generating new auth-token.
*/
#define AUTH_TOKEN_HMAC_OK (1<<0)
/**< Auth-token sent from client has valid hmac */
#define AUTH_TOKEN_EXPIRED (1<<1)
/**< Auth-token sent from client has expired */
#define AUTH_TOKEN_VALID_EMPTYUSER (1<<2)
/**<
* Auth-token is only valid for an empty username
* and not the username actually supplied from the client
*
* OpenVPN 3 clients sometimes wipes or replaces the username with a
* username hint from their config.
*/
char *auth_token_initial;
/** Auth-token sent from client has valid hmac */
#define AUTH_TOKEN_HMAC_OK (1 << 0)
/** Auth-token sent from client has expired */
#define AUTH_TOKEN_EXPIRED (1 << 1)
/**
* Auth-token is only valid for an empty username
* and not the username actually supplied from the client
*
* OpenVPN 3 clients sometimes wipes or replaces the username with a
* username hint from their config.
*/
#define AUTH_TOKEN_VALID_EMPTYUSER (1 << 2)
/* For P_DATA_V2 */
uint32_t peer_id;
@ -690,10 +698,10 @@ struct tls_multi
/*
* Our session objects.
*/
/** Array of \c tls_session objects
* representing control channel
* sessions with the remote peer. */
struct tls_session session[TM_SIZE];
/**< Array of \c tls_session objects
* representing control channel
* sessions with the remote peer. */
/* Only used when DCO is used to remember how many keys we installed
* for this session */