git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Mon, 25 Jan 2021 12:56:19 +0000 (13:56 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 14 Feb 2021 14:56:41 +0000 (15:56 +0100)
commit	3f8fb2b2c1d664f421d36181846da89c4330c6cc
tree	f754890b40ebd1f88ea4630561ded1fb2907b18c	tree \| snapshot
parent	0714ed804e40f80b48a7571193d7e4d81d2bcd4b	commit \| diff

Implement client side handling of AUTH_PENDING message

This allows a client to extend the timeout of pull-request response
while waiting for the user to complete a pending authentication. A
timeout of 60s for a normal authentication might still works for a
simple 2FA (but still challenging). With a sophisticated (or overly
complicated) web based authentication 60s are quite short.

To avoid not detecting network problem in this phase, we use the
constant sending of PUSH_REQUEST/AUTH_PENDING as keepalive signal
and still timeout the session after the handshake window time.

patch v2: typo fixes, invert if for sscanf

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20210125125628.30364-3-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21491.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

doc/man-sections/server-options.rst		diff \| blob \| blame \| history
doc/management-notes.txt		diff \| blob \| blame \| history
src/openvpn/forward.c		diff \| blob \| blame \| history
src/openvpn/integer.h		diff \| blob \| blame \| history
src/openvpn/push.c		diff \| blob \| blame \| history
src/openvpn/push.h		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl.h		diff \| blob \| blame \| history
src/openvpn/ssl_common.h		diff \| blob \| blame \| history