On Dienstag, 18. Mai 2021 14:26:35 CEST Arne Schwabe wrote:
> This is allows scripts and pluginsto parse/react to a CR_RESPONSE message
This commit message needs a makeover, I think.
> - If ``method`` is set to :code:`via-env`, OpenVPN will call ``script``
> + If ``method`` is set to :code:`via-env`, OpenVPN will call ``cmd``
These drive-by fixes Antonio spotted make sense and are not intrusive enough
that I care.
> +verify_crresponse_script(struct tls_multi *multi, const char *cr_response)
[...]
> + const char *tmp_file = platform_create_temp_file(session->opt->tmp_dir,
> "cr", &gc);
> + if (tmp_file)
> + {
> + struct status_output *so = status_open(tmp_file, 0, -1, NULL,
> + STATUS_OUTPUT_WRITE);
> + status_printf(so, "%s", cr_response);
> + if (!status_close(so))
> + {
> + msg(D_TLS_ERRORS, "TLS CR Response Error: could not write cr"
> + "responsed to file: %s",
> + tmp_file);
> + tls_deauthenticate(multi);
> + goto done;
> + }
> + }
> + else
> + {
> + msg(D_TLS_ERRORS, "TLS Auth Error: could not create write "
> + "username/password to temp file");
> + }
This else branch should be the same as the "if (!status_close(so))" one above
I think, as you don't want to call the script without a valid tempfile.
Besides that the error message is copy/paste wrong anyway. So, maybe introduce
a bool and do the error handling in one place, might help future copy/pastes
as well.
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
