aboutsummaryrefslogtreecommitdiff
path: root/ssl.c
diff options
context:
space:
mode:
authorDavid Sommerseth <dazo@users.sourceforge.net>2010-04-29 23:35:45 +0200
committerDavid Sommerseth <dazo@users.sourceforge.net>2010-04-29 23:35:45 +0200
commit339f2a4d4b487afa53fa99d72c35b16f31e417d3 (patch)
treef4a6440c1755d04935f8b0ed9c15e0a3e147d270 /ssl.c
parentDon't add compile time information if --enable-small is used (diff)
downloadopenvpn-339f2a4d4b487afa53fa99d72c35b16f31e417d3.tar.xz
Revamped the script-security warning logging (version 2)
The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING over and over again, in addition to not show this warning when it should not be a problem. This general warning should now only appear once, and only when --script-security is not set, 0 or 1. In all other cases this warning should not appear. In addition, this warning will come close to the script-hook which most probably will fail. It will also give a little bit more concrete hint on which script-hook which failed. If --script-security is 2 or 3, only the execve failure itself will be shown. This message will on the other hand be shown repeatedly. This is a new rewritten version which simplifies the implementaion of the new openvpn_run_script() function. It was considered to remove it completely, but due to code clearity and easy of use it was decided to make this function a static inline function instead. Anyhow, this function will enforce openvpn_execve_check() to be called with the S_SCRIPT flag. Patch ACKed on the developers meeting 2009-04-29. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
Diffstat (limited to '')
-rw-r--r--ssl.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl.c b/ssl.c
index d5230f7..a4af6a5 100644
--- a/ssl.c
+++ b/ssl.c
@@ -948,7 +948,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
ctx->error_depth,
subject);
argv_msg_prefix (D_TLS_DEBUG, &argv, "TLS: executing verify command");
- ret = openvpn_execve (&argv, opt->es, S_SCRIPT);
+ ret = openvpn_run_script (&argv, opt->es, 0, "--tls-verify script");
if (opt->verify_export_cert)
{
@@ -3232,7 +3232,7 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up
argv_printf (&argv, "%sc %s", session->opt->auth_user_pass_verify_script, tmp_file);
/* call command */
- retval = openvpn_execve (&argv, session->opt->es, S_SCRIPT);
+ retval = openvpn_run_script (&argv, session->opt->es, 0, "--auth-user-pass-verify");
/* test return status of command */
if (system_ok (retval))