In the initial state of checking whether an auth-token has been
validated, the check check if multi->auth_token is already set and
only then sets the value. This defeats the purpose and lead to always
a new auth-token with new session id and lifetime being generated when
the server restarts or the client reconnect to another server.
---
src/openvpn/ssl_verify.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index da0966c5..226daf3d 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -1381,7 +1381,7 @@ verify_user_pass(struct user_pass *up, struct tls_multi
*multi,
* to store the auth-token in multi->auth_token, so
* the initial timestamp and session id can be extracted from it
*/
- if (multi->auth_token && (multi->auth_token_state_flags &
AUTH_TOKEN_HMAC_OK)
+ if ((multi->auth_token_state_flags & AUTH_TOKEN_HMAC_OK)
&& !(multi->auth_token_state_flags & AUTH_TOKEN_EXPIRED))
{
multi->auth_token = strdup(up->password);
--
2.26.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
