On 17/09/2019 14:10, Arne Schwabe wrote: > From: Arne Schwabe <a...@openvpn.net> > > This allows an external authentication method > (e.g. management interface) to track the connection and distinguish a > reconnection from multiple connections. > > Addtionally this now also checks to workaround a problem with > OpenVPN 3 core that sometimes uses a username hint from the config > instead of using an empty username if the token would be valid > with an empty username. Accepting such token can be only done > explicitly when the external-auth keyword to auth-gen-token is present. > > Patch V2: Add Empty variants to work around behaviour in openvpn 3 > Patch V3: document the behaviour of external-auth better in the man page, > rename 'auth' parameter to 'external-auth' > Patch V4: Rebase on current master > Patch V6: Fix tls_lock_username rejecting clients with empty username > when explicitly accepting them with external-auth > Patch V7: Fix compiling with disable-server > --- > doc/openvpn.8 | 37 +++++++++- > src/openvpn/auth_token.c | 156 ++++++++++++++++++++++++++++++++++++--- > src/openvpn/auth_token.h | 15 +++- > src/openvpn/init.c | 1 + > src/openvpn/manage.c | 4 +- > src/openvpn/options.c | 14 +++- > src/openvpn/options.h | 4 +- > src/openvpn/ssl_common.h | 10 ++- > src/openvpn/ssl_verify.c | 70 ++++++++++++------ > 9 files changed, 270 insertions(+), 41 deletions(-) This patch works ... but there are some comments which got ignored from the previous patch review. I will send a patch for this, as this is mostly documentation errors, not code errors.
So, I'll approve this now; these patches needs to be completed now. Acked-By: David Sommerseth <dav...@openvpn.net> -- kind regards, David Sommerseth OpenVPN Inc _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel