Hi,
I am not sure what I Am missing, but this patch does not apply on top of
master + 3/7.
Is there another patch that I need to apply first?
Regards,
On 22/04/2021 17:17, Arne Schwabe wrote:
> Previously we relied on checking tls_authentication_status to check
> wether to determine if the context auth state is actually valid or not.
> This patch eliminates that check by introducing waiting on the
> authentication as extra state in the context auth, state machine.
>
> Signed-off-by: Arne Schwabe <a...@rfc2549.org>
> ---
> src/openvpn/multi.c | 6 ------
> src/openvpn/ssl.c | 9 ++++++++-
> src/openvpn/ssl_common.h | 1 +
> 3 files changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
> index ab2270a58..7cb9e86aa 100644
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -2596,12 +2596,6 @@ static const multi_client_connect_handler
> client_connect_handlers[] = {
> static void
> multi_connection_established(struct multi_context *m, struct multi_instance
> *mi)
> {
> - if (tls_authentication_status(mi->context.c2.tls_multi,
> TLS_MULTI_AUTH_STATUS_INTERVAL)
> - != TLS_AUTHENTICATION_SUCCEEDED)
> - {
> - return;
> - }
> -
> /* We are only called for the CAS_PENDING_x states, so we
> * can ignore other states here */
> bool from_deferred = (mi->context.c2.tls_multi->multi_state !=
> CAS_PENDING);
> diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
> index 7d66cf565..4bb395039 100644
> --- a/src/openvpn/ssl.c
> +++ b/src/openvpn/ssl.c
> @@ -2809,7 +2809,7 @@ tls_process(struct tls_multi *multi,
> if (session->opt->mode == MODE_SERVER)
> {
> /* On a server we continue with running connect
> scripts next */
> - multi->multi_state = CAS_PENDING;
> + multi->multi_state = CAS_WAITING_AUTH;
> }
> else
> {
> @@ -3135,6 +3135,13 @@ tls_multi_process(struct tls_multi *multi,
>
> enum tls_auth_status tas = tls_authentication_status(multi,
> TLS_MULTI_AUTH_STATUS_INTERVAL);
>
> + /* If we have successfully authenticated and are still waiting for the
> authentication to finish
> + * move the state machine for the multi context forward */
> + if (multi->multi_state == CAS_WAITING_AUTH && tas ==
> TLS_AUTHENTICATION_SUCCEEDED)
> + {
> + multi->multi_state = CAS_PENDING;
> + }
> +
> /*
> * If lame duck session expires, kill it.
> */
> diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
> index 026da3578..01f00950e 100644
> --- a/src/openvpn/ssl_common.h
> +++ b/src/openvpn/ssl_common.h
> @@ -512,6 +512,7 @@ struct tls_session
> * connect scripts/plugins */
> enum multi_status {
> CAS_NOT_CONNECTED,
> + CAS_WAITING_AUTH, /**< TLS connection established but
> deferred auth not finished */
> CAS_PENDING,
> CAS_PENDING_DEFERRED,
> CAS_PENDING_DEFERRED_PARTIAL, /**< at least handler succeeded, no
> result yet*/
>
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
