On 13/10/16 21:59, David Sommerseth wrote:
> If --auth-gen-token has been enabled and a token has been generated,
> ensure this token is pushed to the client using the 'auth-token' option.
> 
> Signed-off-by: David Sommerseth <dav...@openvpn.net>
> ---
>  src/openvpn/misc.c       | 5 +++++
>  src/openvpn/push.c       | 9 ++++++++-
>  src/openvpn/ssl_common.h | 2 ++
>  3 files changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 225f0bf..b74ac9d 100644
> --- a/src/openvpn/misc.c
> +++ b/src/openvpn/misc.c
> @@ -2073,6 +2073,11 @@ sanitize_control_message(const char *src, struct 
> gc_arena *gc)
>         skip = 4;
>         redact = true;
>       }
> +      else if (!check_debug_level(D_SHOW_KEYS) && (c == 'a' && !strncmp(src, 
> "auth-token ", 11)))
> +     {
> +       skip = 10;
> +       redact = true;
> +     }

This magic here should probably be explained in the commit message.  It
basically removes the auth-token value from the log file, unless --verb
is set to 7 or higher and debug logging have not been disabled
(configure --disable-debug).

-- 
kind regards,

David Sommerseth

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to