Hi, On 20/05/2021 17:11, Arne Schwabe wrote: > The auth-token check is tied to the username/password that is coming > via a specific SSL session, so keep the state also in the key_state > structure. > > This also ensures the auth_token_state is always set to 0 on a new > session since we clear the key_state object at the start of a new > SSL session. > > This is a prerequisite patch to fix 2020-15078 in the following two > commits. > > This also applies the changes to the auth_token_test.c. The change of > tls_session to a pointer is necessary since before that we had tls_session > not tied to the multi and had two tls_session used in the test. One > implicitly in tls_multi and one explicit one. Merge these to one. > > Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Looks good and does what it says. The key-state object is initialized by key_state_init() which wipes the entire thing before setting fields, therefore the auth-token-flags are indeed erased as expected during the key-state life cycle. No functional change, as expected. Compile zoo is happy. Basic connectivity tests with auth-user-pass along with auth-gen-token have worked fine, including renegotiation. Acked-by: Antonio Quartulli <anto...@openvpn.net> -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
