On 17/09/2019 14:10, Arne Schwabe wrote:
> From: Arne Schwabe <a...@openvpn.net>
> 
> This allows an external authentication method
> (e.g. management interface) to track the connection and distinguish a
> reconnection from multiple connections.
> 
> Addtionally this now also checks to workaround a problem with
> OpenVPN 3 core that sometimes uses a username hint from the config
> instead of using an empty username if the token would be valid
> with an empty username. Accepting such token can be only done
> explicitly when the external-auth keyword to auth-gen-token is present.
> 
> Patch V2: Add Empty variants to work around behaviour in openvpn 3
> Patch V3: document the behaviour of external-auth better in the man page,
>           rename 'auth' parameter to 'external-auth'
> Patch V4: Rebase on current master
> Patch V6: Fix tls_lock_username rejecting clients with empty username
>           when explicitly accepting them with external-auth
> Patch V7: Fix compiling with disable-server
> ---
>  doc/openvpn.8            |  37 +++++++++-
>  src/openvpn/auth_token.c | 156 ++++++++++++++++++++++++++++++++++++---
>  src/openvpn/auth_token.h |  15 +++-
>  src/openvpn/init.c       |   1 +
>  src/openvpn/manage.c     |   4 +-
>  src/openvpn/options.c    |  14 +++-
>  src/openvpn/options.h    |   4 +-
>  src/openvpn/ssl_common.h |  10 ++-
>  src/openvpn/ssl_verify.c |  70 ++++++++++++------
>  9 files changed, 270 insertions(+), 41 deletions(-)
This patch works ... but there are some comments which got ignored from the
previous patch review.  I will send a patch for this, as this is mostly
documentation errors, not code errors.

So, I'll approve this now; these patches needs to be completed now.

Acked-By: David Sommerseth <dav...@openvpn.net>


-- 
kind regards,

David Sommerseth
OpenVPN Inc



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to