Am 23.10.22 um 21:51 schrieb selva.n...@gmail.com:
From: Selva Nair <selva.n...@gmail.com>
Currently, clearing auth_user_pass struct is delayed until
push-reply processing to support auth-token. This results in
username/password not purged after renegotiations that may
not accompany any pushed tokens -- say, when auth-token is not
in use.
Fix by always clearing auth_user_pass soon after it is used,
instead of delaying the purge as in pre-token days. But, when
"pull" is true, retain the username in auth_token in anticipation
of a token that may or may not arrive later.
Remove ssl_clean_user_pass() as there is no delayed purge any
longer -- auth-nocache handling is now done immediately after
writing username/password to the send-buffer.
Acked-By: Arne Schwabe <a...@rfc2549.org
I think the delaying and complicated logic, which thiss patch removes,
is the last part of the attempt to try to use the same auth_user_pass
struct for both auth token and user/password.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
