On 27/04/2022 16:26, Gert Doering wrote:
Hi,
On Wed, Apr 27, 2022 at 04:04:41PM +0200, Antonio Quartulli wrote:
On 22/04/2022 16:29, Arne Schwabe wrote:
The current place that we reload is a bit more efficient since it only
triggers reload after a completed 3way handshake. On the other hand the
key_state_init is a much more logical place and with the upcoming
HMAC based UDP code and TCP code, the initialisation will only be done
after a 3way handshake.
There is something strange. Upon client reconnection the CRL is not
always reloaded. It feels as if "some stuff" are already initialized
(because we have a session for this client floating around) so we skip
that initialization and we also skip reloading the CRL.
I take this back.
I managed to fool myself (and OpenVPN) because instead of really
updating the CRL file, I was rather switching between two CRLs (one with
client revoked, one with client allowed) using a symlink.
However, as reported in stat(2), stat() will follow the symlink and
report stats about the linked file (which had a constant mtime).
To properly test the CRL-reload behaviour, I therefore had to change the
symlink and then touch the linked file. This made my test correct and I
could check that also the OpenVPN behaviour, with this patch, is
actually correct.
Acked-by: Antonio Quartulli <a...@unstable.cc>
Regards,
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
