Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: z...@debian.org
[ Reason ]
Fix #954264: Support for verify-client-cert openvpn 2.4 directive.
[ Impact ]
The current version doesn't work with openvpn version (2.5.1) in stable.
The old workaround only works for openvpn 2.4.
[ Tests ]
On #954264, one reporter is someone I know and trust, and he has verified on
his vpn server.
But I don't have a openvpn server with radius, so I only reviewed the code.
[ Risks ]
The patch is trivial and easy to review.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
+ if (param == "verify-client-cert")
+ {
+ this->deletechars();
+ if (line !=
"verify-client-certrequired")
+ {
+
this->clientcertnotrequired=true;
+ }
+ }
Add a new check for directive "verify-client-cert".
[ Other info ]
No.
diff -Nru openvpn-auth-radius-2.1/debian/changelog
openvpn-auth-radius-2.1/debian/changelog
--- openvpn-auth-radius-2.1/debian/changelog2018-10-28 20:10:22.0
+0800
+++ openvpn-auth-radius-2.1/debian/changelog2022-11-19 00:59:14.0
+0800
@@ -1,3 +1,10 @@
+openvpn-auth-radius (2.1-7+deb11u1) bullseye; urgency=medium
+
+ * Add patch to support verify-client-cert directive in openvpn 2.4
+(Closes: #954264)
+
+ -- Shengjing Zhu Sat, 19 Nov 2022 00:59:14 +0800
+
openvpn-auth-radius (2.1-7) unstable; urgency=low
* QA upload.
diff -Nru
openvpn-auth-radius-2.1/debian/patches/0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch
openvpn-auth-radius-2.1/debian/patches/0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch
---
openvpn-auth-radius-2.1/debian/patches/0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch
1970-01-01 08:00:00.0 +0800
+++
openvpn-auth-radius-2.1/debian/patches/0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch
2022-11-19 00:59:14.0 +0800
@@ -0,0 +1,29 @@
+From: Shengjing Zhu
+Date: Sat, 12 Nov 2022 19:25:57 +0800
+Subject: Support verify-client-cert directive in openvpn 2.4
+
+Bug-Debian: #954264
+Forwarded: no
+---
+ Config.cpp | 8
+ 1 file changed, 8 insertions(+)
+
+diff --git a/Config.cpp b/Config.cpp
+index b600fab..d914818 100644
+--- a/Config.cpp
b/Config.cpp
+@@ -180,6 +180,14 @@ int Config::parseConfigFile(const char * configfile)
+
this->clientcertnotrequired=true;
+ }
+ }
++if (param == "verify-client-cert")
++{
++this->deletechars();
++if (line !=
"verify-client-certrequired")
++{
++
this->clientcertnotrequired=true;
++}
++}
+ if (param ==
"username-as-common-name")
+ {
+ this->deletechars();
diff -Nru openvpn-auth-radius-2.1/debian/patches/series
openvpn-auth-radius-2.1/debian/patches/series
--- openvpn-auth-radius-2.1/debian/patches/series 2018-10-28
18:45:40.0 +0800
+++ openvpn-auth-radius-2.1/debian/patches/series 2022-11-19
00:59:14.0 +0800
@@ -3,3 +3,4 @@
30_build-with-debug-symbols.diff
35_verbose_built.diff
40_use_cppflags.diff
+0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch