aboutsummaryrefslogtreecommitdiff
path: root/ssl.h
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2009-09-29 23:10:14 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2009-09-29 23:10:14 +0000
commit5733ef668ff51d7a553fb5bc76a1c4ff00352e27 (patch)
tree25a355111e3442d04c35136456eaf741ac96f6e1 /ssl.h
parentFixed a bug introduced in r4436 (2.1_rc17) where using the (diff)
downloadopenvpn-5733ef668ff51d7a553fb5bc76a1c4ff00352e27.tar.xz
Added the ability for the server to provide a custom reason string
when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. For more info, see management/management-notes.txt, and look for references to "client-reason-text". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ssl.h')
-rw-r--r--ssl.h17
1 files changed, 16 insertions, 1 deletions
diff --git a/ssl.h b/ssl.h
index e7ccb42..06cd246 100644
--- a/ssl.h
+++ b/ssl.h
@@ -594,6 +594,11 @@ struct tls_multi
char *locked_cn;
#ifdef ENABLE_DEF_AUTH
+ /*
+ * An error message to send to client on AUTH_FAILED
+ */
+ char *client_reason;
+
/* Time of last call to tls_authentication_status */
time_t tas_last;
#endif
@@ -695,7 +700,7 @@ int tls_authentication_status (struct tls_multi *multi, const int latency);
void tls_deauthenticate (struct tls_multi *multi);
#ifdef MANAGEMENT_DEF_AUTH
-bool tls_authenticate_key (struct tls_multi *multi, const unsigned int mda_key_id, const bool auth);
+bool tls_authenticate_key (struct tls_multi *multi, const unsigned int mda_key_id, const bool auth, const char *client_reason);
#endif
/*
@@ -738,6 +743,16 @@ tls_set_single_session (struct tls_multi *multi)
multi->opt.single_session = true;
}
+static inline const char *
+tls_client_reason (struct tls_multi *multi)
+{
+#ifdef ENABLE_DEF_AUTH
+ return multi->client_reason;
+#else
+ return NULL;
+#endif
+}
+
#ifdef ENABLE_PF
static inline bool