Am 26.08.20 um 03:12 schrieb Eric Thorpe: >> Management goes another code path and management_client_auth directly >> calls send_auth_failed. > I'm afraid in the case of renegotiation this is not relevant
That code/commit message is explicitly talking about renegotiation. So if that is also broken, there seems to be something else wrong. > >> But I >> also haven't digged deep enough to actually understand if your is >> actually fixing the problem correctly. > May I request that we resolve this first to ensure the content of the > patch is correct, and then we can move onto finding a way to avoid this > extra state? Yeah but I as a said, I currently don't understand it well enough to understand if your patch is correct or not and if the code path for management sending AUTH_FAILED on renegotiation is also not working, there is probably something else broken. As I said: - Do we send the AUTH_FAILED over the new or the old tls session? - Do we establish the data channel (key_method_2_write) before writing the key? are questions that I don't have an answer to currently and you also ignored those questions, so I assume you are not sure either. And I don't want to merge a patch where neither I nor the author of the patch really understand the implications and whether the patch is really fixing the root cause or just band aiding the symptoms. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
