Hi, On Mon, Jul 23, 2018 at 10:58 PM, Jonathan K. Bullard <jkbull...@gmail.com> wrote: > I was testing Tunnelblick with Selva's C/R server and config (thanks > again for that) and there was a problem. Maybe I'm (still) > misunderstanding something, but a SIGUSR1 restart asks for the normal > username/password instead of a static C/R. > > That is, the first thing after the restart is ">PASSWORD:Need 'Auth' > username/password" instead of ">PASSWORD:Need 'Auth' username/password > SC:1,Type something (e.g., hello): ".
I think that's a side effect of my test config using both static challenge and dynamic challenge together. Not a realistic use case, I suppose. I did that to keep the server side verify simple for a quick validation of patches that touch user-auth. But it was probably not a good approach for properly testing what happens on signals or during TLS renegotiation. If you wish I can amend my server side verify script so that you can test static and dynamic challenge each separately. > > Should Tunnelblick save the static challenge info (like it saves the > dynamic challenge info) and use it again whenever it sees a > ">PASSWORD:Need 'Auth' username/password"? (Except when there is also > a pending dynamic challenge, in which case it would use that instead.) Normally SIGUSR1 restart should re-prompt with the static challenge if in use. > > Also, there's an oddity (that doesn't cause a problem) in that the > first thing Tunnelblick sees over the management interface for the > original connection is "ENTER PASSWORD:SUCCESS: password is correct" > -- that comes even before ">INFO:OpenVPN Management Interface Version > 1 -- type 'help' for more info", and long before any username or > password has been entered. The ENTER PASSWORD: is for the management-password, isn't it? Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
