From: Selva Nair <selva.nair@gmail.com>
Date: Mon, 19 Dec 2022 14:04:05 +0000 (-0500)
Subject: Do not include auth-token in pulled option digest
X-Git-Tag: v2.7_alpha1~630
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f778f4f88e56851c0a68205e95110c021f3032b3;p=thirdparty%2Fopenvpn.git

Do not include auth-token in pulled option digest

As change in auth-token is common on restart and does not
require tun-reopen, exclude it from the "pulled options digest"
calculation. Without this tun is always re-opened on SIGUSR1
if auth-token is in use which breaks persist-tun.

Github: Fixes OpenVPN/openvpn#200

v2: explcitly filter auth-token and auth-token-user

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221219140405.1221341-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25768.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index ad2f3c656..e765d2a9d 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -989,8 +989,10 @@ push_update_digest(md_ctx_t *ctx, struct buffer *buf, const struct options *opt)
     char line[OPTION_PARM_SIZE];
     while (buf_parse(buf, ',', line, sizeof(line)))
     {
-        /* peer-id might change on restart and this should not trigger reopening tun */
-        if (strprefix(line, "peer-id "))
+        /* peer-id and auth-token might change on restart and this should not trigger reopening tun */
+        if (strprefix(line, "peer-id ")
+            || strprefix(line, "auth-token ")
+            || strprefix(line, "auth-token-user "))
         {
             continue;
         }