Am 27.03.20 um 22:09 schrieb David Sommerseth: > On 09/11/2019 16:13, Arne Schwabe wrote: >> This implements sending AUTH_PENDING and INFO_PRE messages to clients >> that indicate that the clients should be continue authentication with >> a second factor. This can currently be out of band (openurl) or a normal >> challenge/response 2FA like TOTP (CR_TEXT). >> >> Signed-off-by: Arne Schwabe <a...@rfc2549.org> >> --- >> doc/management-notes.txt | 26 +++++++++++++++++++++++ >> src/openvpn/manage.c | 46 ++++++++++++++++++++++++++++++++++++++++ >> src/openvpn/manage.h | 3 +++ >> src/openvpn/multi.c | 19 +++++++++++++++++ >> src/openvpn/push.c | 24 +++++++++++++++++++++ >> src/openvpn/push.h | 2 ++ >> 6 files changed, 120 insertions(+) > > Code and management notes looks reasonable. But again, it would be good to > have a way to test this properly to avoid regressions later on. Since this is > also a more advanced authentication method, having good test methods is even > more critical.
Writing a complete framework to test management interface on the server side is something that would a huge undertaking for this simple patch. I think Access Server is basically the only software that I am aware of that really uses the server side management interface. So basically having this requirement right now of writing a testing suite to get this into OpenVPN will mean that we will effectively fork OpenVPN for AS. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel