On 30/09/2020 15:13, Arne Schwabe wrote:
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
doc/man-sections/generic-options.rst | 3 +-
include/openvpn-plugin.h.in | 8 ++
src/openvpn/ssl.c | 2 +-
src/openvpn/ssl_common.h | 1 +
src/openvpn/ssl_verify.c | 165 ++++++++++++++++++++++++---
src/openvpn/ssl_verify.h | 2 +-
6 files changed, 165 insertions(+), 16 deletions(-)
So far just glared at the code, but the change below needs to be fixed
first. This patchset has also aged so much it does no longer apply on
top of latest git master.
[...snip...]
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index e7e62afa..fc3a1116 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c[...snip...]
@@ -1067,7 +1196,7 @@ verify_user_pass_script(struct tls_session *session,
struct tls_multi *multi,
struct gc_arena gc = gc_new();
struct argv argv = argv_new();
const char *tmp_file = "";
- bool ret = false;
+ bool ret = OPENVPN_PLUGIN_FUNC_ERROR;
This is wrong. OPENVPN_PLUGIN_FUNC_ERROR is 1, which means "true". I
see this is being corrected again in the next patch; but lets make it
correct from the beginning to avoid making a potential bisect in the
future more confusing than needed.
The rest of the code looks reasonable. I've not tested it yet, as there
are some merge conflicts now. Since the surrounding code has changed a
bit since this patch series , I consider it a bit risky to conclude on
testing this on a older code base without many of the fixes in between
in place.
Most of the merge conflicts is probably related to commit 99d217b20064
(removing --disable-def-auth), but there are other AUTH related changes
as well. This needs to be carefully tested with all these auth changes
in place too.
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
