As discussed on IRC, this patch fixes most of the shortcomings in
the previous patch (9a430502077).
I still find these code paths very complicated, but after running
the server test side with added logging to see when the cache kicks
in and what sort of delay is induced, I think I can say "this makes
sense" - and it does not break any of the existing test scenarios,
which is good :-)
While still complicated, it actually simplifies the overall flow, as
there is no extra "latency" parameter anymore, which does magic things,
depending on where it's called from.
Also, I was slightly confused on the actual effect of the cache/delay -
this is really only relevant for the initial authentication (and not for
TLS renegotiation) and only while the auth control file status is not yet
known. So for all other code paths, and for "inotify" paths (triggered
check of the ACFs) this just makes the code more simple -> more good.
Your patch has been applied to the master branch.
commit d49df6bdde0592c9f795a2a260f6f04255b32303
Author: Arne Schwabe
Date: Mon May 10 15:13:56 2021 +0200
Use exponential backoff for caching in tls_authentication_status
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Antonio Quartulli <anto...@openvpn.net>
Message-Id: <20210510131356.968965-1-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22327.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
