From: Richard T Bonhomme <tincant...@protonmail.com>
A server configured with --client-disconnect and --username-as-common-name
will pass the X509-CN not username, after the client has completed a
renegotiation, to --client-disconnect.
Explicitly set the environment variable common_name to the current value,
which will be username in this case, prior to calling --client-disconnect.
Trac: #160
Signed-off-by: Richard T Bonhomme <tincant...@protonmail.com>
---
src/openvpn/multi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 22357cfb..c72e8e95 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -557,6 +557,10 @@ setenv_stats(struct context *c)
static void
multi_client_disconnect_setenv(struct multi_instance *mi)
{
+ /* setenv client current common-name */
+ setenv_str(mi->context.c2.es, "common_name",
+ tls_common_name(mi->context.c2.tls_multi, true));
+
/* setenv client real IP address */
setenv_trusted(mi->context.c2.es, get_link_socket_info(&mi->context));
--
2.25.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
