-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
I NAK this for the following reasons. The original problem: "Openvpn does not set common_name for --client-disconnect", for reasons which have not been identified, no longer occurs. The code has changed enough since 2011 that a new problem occurs. The new problem: Openvpn sets common_name to X509-CN for --client-disconnect, after a client has attempted to float, successfully or not. If this patch is applied to current Openvpn then similar behaviour of the original problem occurs. That being, after a client attempts to float then common_name is not set at all. I have also written Easy-TLS to work around this bug, as it stands, and Easy-TLS manages connection tracking 100% successfully. Regards R Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, September 17th, 2021 at 16:35, <stringves...@gmail.com> wrote: > From: Richard T Bonhomme tincant...@protonmail.com > > A server configured with --client-disconnect and --username-as-common-name > > will pass the X509-CN not username, after the client has completed a > > renegotiation, to --client-disconnect. > > Explicitly set the environment variable common_name to the current value, > > which will be username in this case, prior to calling --client-disconnect. > > Trac: #160 > > Signed-off-by: Richard T Bonhomme tincant...@protonmail.com > > src/openvpn/multi.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c > > index 22357cfb..c72e8e95 100644 > > --- a/src/openvpn/multi.c > > +++ b/src/openvpn/multi.c > > @@ -557,6 +557,10 @@ setenv_stats(struct context *c) > > static void > > multi_client_disconnect_setenv(struct multi_instance *mi) > > { > > - /* setenv client current common-name */ > > - setenv_str(mi->context.c2.es, "common_name", > > - tls_common_name(mi->context.c2.tls_multi, true)); > > > - /* setenv client real IP address */ > > setenv_trusted(mi->context.c2.es, get_link_socket_info(&mi->context)); > > > 2.25.1 -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJhYxtZACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ1suAgAkjPdY7Zh0qZpnSjd2nUoBwnsafzflGlzlTjzokRURa5+aAdK zDZvyN3TTayZgVlnFWRf+lvrIQTbYyUkLSRqxWfiDabr6BxIEGeFxqWardLn YAdfvwI8MX17HBZPXI02EJiaCnKWA90uU9OM1DRzswarc8Kakqrs61vIy/iL LhamBby/984WrJhJq1Gv90aM25E6/GLCi9GUAHixhvxDiaeCiWDpO/asB19d TYxJWt1yVxuELAIaot02ESMPEogorK3V9W52oN64xCieoKWYsW51OxgSFMfu 0JIv20gJdPLMM0GOPFOi3ZHVPChiLg+gh7tiQixsi4+LGMkwOT4+hw== =+jcn -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel