aboutsummaryrefslogtreecommitdiff
path: root/ssl.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2009-09-29 23:10:14 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2009-09-29 23:10:14 +0000
commit5733ef668ff51d7a553fb5bc76a1c4ff00352e27 (patch)
tree25a355111e3442d04c35136456eaf741ac96f6e1 /ssl.c
parentFixed a bug introduced in r4436 (2.1_rc17) where using the (diff)
downloadopenvpn-5733ef668ff51d7a553fb5bc76a1c4ff00352e27.tar.xz
Added the ability for the server to provide a custom reason string
when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. For more info, see management/management-notes.txt, and look for references to "client-reason-text". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ssl.c')
-rw-r--r--ssl.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/ssl.c b/ssl.c
index 224721a..bc8b2da 100644
--- a/ssl.c
+++ b/ssl.c
@@ -908,6 +908,18 @@ tls_lock_common_name (struct tls_multi *multi)
#endif
#ifdef MANAGEMENT_DEF_AUTH
+static void
+man_def_auth_set_client_reason (struct tls_multi *multi, const char *client_reason)
+{
+ if (multi->client_reason)
+ {
+ free (multi->client_reason);
+ multi->client_reason = NULL;
+ }
+ if (client_reason && strlen (client_reason))
+ multi->client_reason = string_alloc (client_reason, NULL);
+}
+
static inline unsigned int
man_def_auth_test (const struct key_state *ks)
{
@@ -1077,12 +1089,13 @@ tls_authentication_status (struct tls_multi *multi, const int latency)
#ifdef MANAGEMENT_DEF_AUTH
bool
-tls_authenticate_key (struct tls_multi *multi, const unsigned int mda_key_id, const bool auth)
+tls_authenticate_key (struct tls_multi *multi, const unsigned int mda_key_id, const bool auth, const char *client_reason)
{
bool ret = false;
if (multi)
{
int i;
+ man_def_auth_set_client_reason (multi, client_reason);
for (i = 0; i < KEY_SCAN_SIZE; ++i)
{
struct key_state *ks = multi->key_scan[i];
@@ -2397,6 +2410,10 @@ tls_multi_free (struct tls_multi *multi, bool clear)
ASSERT (multi);
+#ifdef MANAGEMENT_DEF_AUTH
+ man_def_auth_set_client_reason(multi, NULL);
+#endif
+
if (multi->locked_cn)
free (multi->locked_cn);