Menu
▾
▴
Re: [Openvpn-devel] [PATCH 1/2] Send auth-fail messages to clients on renegotiation failures via auth-token or user-pass expiry
|
From: Eric T. <er...@sp...> - 2020-08-13 08:37:22
|
Hi Arne, The issue is your state is not accessible from where that boolean needs to be used unless I am missing something? Please advise if I'm mistaken or of another route. Eric --- Eric Thorpe SparkLabs Developer https://www.sparklabs.com https://twitter.com/sparklabs su...@sp... On 13/08/2020 6:30 pm, Arne Schwabe wrote: >> /* >> * Send restart message from server to client. >> */ >> diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h >> index 96897e48..b5cc9dc9 100644 >> --- a/src/openvpn/ssl_common.h >> +++ b/src/openvpn/ssl_common.h >> @@ -576,6 +576,7 @@ struct tls_multi >> >> char *remote_ciphername; /**< cipher specified in peer's config file */ >> >> + bool connection_established; /** Notifies future auth calls this is a reneg */ >> /* >> * Our session objects. >> */ >> > NAK from my side. Adding another variable to state machine for just this > feature that duplicates already existing states is something I really > want to avoid. This might look and work fine for this patch but at the > end you end up with a plenthora of mini states and unclear > interdependency. I worked hard in the connect-client patches to remove > duplication of these states and are not eager to reduce them, especially > not "connection_established" which duplicates the name of > link_socket->connection_established that has a completely different meaning. > > Arne > |
