Acked-by: Gert Doering <g...@greenie.muc.de>
Thanks for digging into this - this was an annoying and hard
to diagnose "sometimes, TLS reconnects fail for users where
it *should* succeed due to tokens being used" problem (that
openvpn considers tokens sensitive and never logs them
didn't help pinpointing the issue :-) ).
I tested this with a client built with lots of extra
debug output, gen-auth-token and frequend tls-renegotiates -
and indeed, "up->defined" goes to "0" after the first incoming
token if auth-nocache is active - so, no *further* tokens are
learned. With the patch, we also look at "tk->defined", which
is *then* defined, and tokens work even in that case.
Verified with a 2.4 client against a master server, including
a master restart without having to re-enter credentials on
the client. Yay :-)
Your patch has been applied to the master, release/2.5 and
release/2.4 branch (bugfix, identical code in all branches).
commit fb789947ab1eba3e68fb8e4b3551d095a53962bd (master)
commit 95e183723fc6571c73ed070b22923df2ce666af2 (release/2.5)
commit f9b73042892c14b906772e72b3116d809457c721 (release/2.4)
Author: Arne Schwabe
Date: Mon Nov 30 13:39:28 2020 +0100
Fix auth-token not being updated if auth-nocache is set
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20201130123928.21837-1-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21291.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
