git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Selva Nair <selva.nair@gmail.com>
	Sun, 23 Oct 2022 19:51:05 +0000 (15:51 -0400)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 26 Oct 2022 12:52:23 +0000 (14:52 +0200)
commit	3a4fb17d103be37599d72d072bbee42cc121a39d
tree	35c5f4035cdea35822fcab2fab121ce97f7918bf	tree
parent	77829be280b3b280f35d1ca4947900f3c5e5dd26	commit \| diff

Ensure --auth-nocache is handled during renegotiation

Currently, clearing auth_user_pass struct is delayed until
push-reply processing to support auth-token. This results in
username/password not purged after renegotiations that may
not accompany any pushed tokens -- say, when auth-token is not
in use.

Fix by always clearing auth_user_pass soon after it is used,
instead of delaying the purge as in pre-token days. But, when
"pull" is true, retain the username in auth_token in anticipation
of a token that may or may not arrive later.

Remove ssl_clean_user_pass() as there is no delayed purge any
longer -- auth-nocache handling is now done immediately after
writing username/password to the send-buffer.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20221023195105.31714-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25452.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/misc.c		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl.h		diff \| blob \| blame \| history