aboutsummaryrefslogtreecommitdiff
path: root/options.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-11-18 03:22:52 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-11-18 03:22:52 +0000
commit09cc9c81c8e57a21395de4848baaa8213627d3c6 (patch)
tree4d17f28cb5eaf0c24168282dd742c2da1c6b95cf /options.c
parentAdded --prng option to control PRNG (pseudo-random (diff)
downloadopenvpn-09cc9c81c8e57a21395de4848baaa8213627d3c6.tar.xz
Added server-side --opt-verify option: clients that connect
with options that are incompatible with those of the server will be disconnected. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3505 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--options.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/options.c b/options.c
index 5a78c70..2bb5fc2 100644
--- a/options.c
+++ b/options.c
@@ -384,6 +384,8 @@ static const char usage_message[] =
" run script cmd to verify. If method='via-env', pass\n"
" user/pass via environment, if method='via-file', pass\n"
" user/pass via temporary file.\n"
+ "--opt-verify : Clients that connect with options that are incompatible\n"
+ " with those of the server will be disconnected.\n"
"--auth-user-pass-optional : Allow connections by clients that don't\n"
" specify a username/password.\n"
"--no-name-remapping : Allow Common Name and X509 Subject to include\n"
@@ -1758,6 +1760,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
msg (M_USAGE, "--username-as-common-name requires --mode server");
if (options->ssl_flags & SSLF_AUTH_USER_PASS_OPTIONAL)
msg (M_USAGE, "--auth-user-pass-optional requires --mode server");
+ if (options->ssl_flags & SSLF_OPT_VERIFY)
+ msg (M_USAGE, "--opt-verify requires --mode server");
if (options->auth_user_pass_verify_script)
msg (M_USAGE, "--auth-user-pass-verify requires --mode server");
#if PORT_SHARE
@@ -4625,6 +4629,11 @@ add_option (struct options *options,
VERIFY_PERMISSION (OPT_P_GENERAL);
options->ssl_flags |= SSLF_NO_NAME_REMAPPING;
}
+ else if (streq (p[0], "opt-verify"))
+ {
+ VERIFY_PERMISSION (OPT_P_GENERAL);
+ options->ssl_flags |= SSLF_OPT_VERIFY;
+ }
else if (streq (p[0], "auth-user-pass-verify") && p[1])
{
VERIFY_PERMISSION (OPT_P_SCRIPT);