Do not include auth-token in pulled option digest

As change in auth-token is common on restart and does not
require tun-reopen, exclude it from the "pulled options digest"
calculation. Without this tun is always re-opened on SIGUSR1
if auth-token is in use which breaks persist-tun.

Github: Fixes OpenVPN/openvpn#200

v2: explcitly filter auth-token and auth-token-user

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221219140405.1221341-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25768.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit f778f4f88e56851c0a68205e95110c021f3032b3)

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index ad2f3c65608aaceb71eda02f421f4861ee1ba54f..e765d2a9d5096a2b9e87f76b528eddc80628c213 100644 (file)
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -989,8 +989,10 @@ push_update_digest(md_ctx_t *ctx, struct buffer *buf, const struct options *opt)
     char line[OPTION_PARM_SIZE];
     while (buf_parse(buf, ',', line, sizeof(line)))
     {
-        /* peer-id might change on restart and this should not trigger reopening tun */
-        if (strprefix(line, "peer-id "))
+        /* peer-id and auth-token might change on restart and this should not trigger reopening tun */
+        if (strprefix(line, "peer-id ")
+            || strprefix(line, "auth-token ")
+            || strprefix(line, "auth-token-user "))
         {
             continue;
         }