On 22/01/2019 16:03, Arne Schwabe wrote:
> From: Arne Schwabe <a...@openvpn.net>
>
> This allows OpenVPN 3 core to fall back to the original authentication
> method.
>
> This commit changes man_def_auth_set_client_reason to
> auth_set_client_reason since it now used in more contexts.
>
> Also remove a FIXME about client_reason not being freed, as it is freed
> in tls_multi_free with auth_set_client_reason(multi, NULL);
> ---
> src/openvpn/auth_token.c | 3 +++
> src/openvpn/ssl.c | 6 ++----
> src/openvpn/ssl_common.h | 10 +++++-----
> src/openvpn/ssl_verify.c | 8 ++++----
> src/openvpn/ssl_verify.h | 15 ++++++++++-----
> 5 files changed, 24 insertions(+), 18 deletions(-)
>
> diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c
> index 12bb724a..74a76b72 100644
> --- a/src/openvpn/auth_token.c
> +++ b/src/openvpn/auth_token.c
> @@ -15,6 +15,7 @@
> #include "push.h"
> #include "integer.h"
> #include "ssl.h"
> +#include "ssl_verify.h"
>
> const char *auth_token_pem_name = "OpenVPN auth-token server key";
>
> @@ -356,6 +357,8 @@ verify_auth_token(struct user_pass *up, struct tls_multi
> *multi,
>
> if (ret & AUTH_TOKEN_EXPIRED)
> {
> + /* Tell client that the session token is expired */
> + auth_set_client_reason(multi, "SESSION: token expired");
> msg(M_INFO, "--auth-token-gen: auth-token from client expired");
Feature-ACK! Code change looks sane, but need to test this more carefully -
where it would be good to have the changes from previous comments implemented.
But, we should fix the incorrect msg() above. It should say --auth-gen-token.
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
