[prev in list] [next in list] [prev in thread] [next in thread]
List: openvpn-devel
Subject: [Openvpn-devel] [PATCH 1/3] [Auth-token] Fix session id and initial timestamp not begin preserved
From: Arne Schwabe <arne () rfc2549 ! org>
Date: 2020-03-26 17:23:30
Message-ID: 20200326172332.2356-1-arne () rfc2549 ! org
[Download RAW message or body]
In the initial state of checking whether an auth-token has been
validated, the check check if multi->auth_token is already set and
only then sets the value. This defeats the purpose and lead to always
a new auth-token with new session id and lifetime being generated when
the server restarts or the client reconnect to another server.
---
src/openvpn/ssl_verify.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index da0966c5..226daf3d 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -1381,7 +1381,7 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi,
* to store the auth-token in multi->auth_token, so
* the initial timestamp and session id can be extracted from it
*/
- if (multi->auth_token && (multi->auth_token_state_flags & AUTH_TOKEN_HMAC_OK)
+ if ((multi->auth_token_state_flags & AUTH_TOKEN_HMAC_OK)
&& !(multi->auth_token_state_flags & AUTH_TOKEN_EXPIRED))
{
multi->auth_token = strdup(up->password);
--
2.26.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic