[Openvpn-devel] [PATCH] Correct --client-disconnect environment variable common_name

stringvest88 Thu, 16 Sep 2021 09:47:44 -0700

From: Richard T Bonhomme <tincant...@protonmail.com>

--client-disconnect is always passed the X509 certificate common_name,
which is incorrect when --username-as-common-name is used.


Set the environment variable common_name to the correct value, prior to
calling --client-disconnect.

Resolves https://community.openvpn.net/openvpn/ticket/160

Signed-off-by: Richard T Bonhomme <tincant...@protonmail.com>
---
 src/openvpn/multi.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 22357cfb..18ee5e52 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -557,6 +557,9 @@ setenv_stats(struct context *c)
 static void
 multi_client_disconnect_setenv(struct multi_instance *mi)
 {
+    /* setenv client current common-name */
+    setenv_str(mi->context.c2.es, "common_name", 
tls_common_name(mi->context.c2.tls_multi, true));
+
     /* setenv client real IP address */
     setenv_trusted(mi->context.c2.es, get_link_socket_info(&mi->context));
 
-- 
2.25.1



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Correct --client-disconnect environment variable common_name

Reply via email to