[prev in list] [next in list] [prev in thread] [next in thread]
List: openvpn-devel
Subject: [Openvpn-devel] [PATCH 7/8] Send AUTH_FAILED message to clients on renegotiation failures
From: Arne Schwabe <arne () rfc2549 ! org>
Date: 2020-10-23 12:02:58
Message-ID: 20201023120259.29783-6-arne () rfc2549 ! org
[Download RAW message or body]
This changes the exit in server mode on renegotiation to an exit that
also sends an AUTH_FAILED to the client. Any previously set failed auth
reason is passed to the client.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
src/openvpn/forward.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 958246c4..67615a6b 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -155,7 +155,14 @@ check_tls(struct context *c)
}
else if (tmp_status == TLSMP_KILL)
{
- register_signal(c, SIGTERM, "auth-control-exit");
+ if (c->options.mode == MODE_SERVER)
+ {
+ send_auth_failed(c, c->c2.tls_multi->client_reason);
+ }
+ else
+ {
+ register_signal(c, SIGTERM, "auth-control-exit");
+ }
}
interval_future_trigger(&c->c2.tmp_int, wakeup);
--
2.26.2
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic