When evaluating authentication plugins, stop further evaluation
once the first failure is detected.
Implementation notes: Refactoring from a switch-case to an
if-else block allows the break statement to break out of the
outer for loop without additional control variables. Also,
moving the pr->n setting to within the loop keeps the value
correct if one does break out early.
First email patch submission and first patch submitted to this
list; be gentle please... -- Pete
---
src/openvpn/plugin.c | 27 +++++++++++----------------
1 file changed, 11 insertions(+), 16 deletions(-)
diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c
index d5704e07..c6c9a63f 100644
--- a/src/openvpn/plugin.c
+++ b/src/openvpn/plugin.c
@@ -818,24 +818,19 @@ plugin_call_ssl(const struct plugin_list *pl,
certdepth,
current_cert
);
- switch (status)
+ if (pr)
{
- case OPENVPN_PLUGIN_FUNC_SUCCESS:
- break;
-
- case OPENVPN_PLUGIN_FUNC_DEFERRED:
- deferred = true;
- break;
-
- default:
- error = true;
- break;
+ pr->n = i + 1;
+ }
+ if (status == OPENVPN_PLUGIN_FUNC_DEFERRED)
+ {
+ deferred = true;
+ }
+ else if (status != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ {
+ error = true;
+ break;
}
- }
-
- if (pr)
- {
- pr->n = i;
}
gc_free(&gc);
--
2.17.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
