aboutsummaryrefslogtreecommitdiff
path: root/ssl.h
diff options
context:
space:
mode:
authorJames Yonan <james@openvpn.net>2010-10-24 09:12:47 +0000
committerJames Yonan <james@openvpn.net>2010-10-24 09:12:47 +0000
commit3cf9dd88fd84108eccfcce0ebf44e00f9481cd82 (patch)
tree03264d8f2741babc01a8ab2bbe9a8d2b546f3147 /ssl.h
parentFixed initialization bug in route_list_add_default_gateway (diff)
downloadopenvpn-3cf9dd88fd84108eccfcce0ebf44e00f9481cd82.tar.xz
Implement challenge/response authentication support in client mode,
where credentials are entered from stdin. This capability is compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled by default). Challenge/response support was previously implemented for creds that are queried via the management interface. In this case, the challenge message will be returned as a custom client-reason-text string (see management-notes.txt for more info) on auth failure. Also, see the comments in misc.c above get_auth_challenge() for info on the OpenVPN challenge/response protocol. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ssl.h')
-rw-r--r--ssl.h11
1 files changed, 11 insertions, 0 deletions
diff --git a/ssl.h b/ssl.h
index c6a5627..4373a80 100644
--- a/ssl.h
+++ b/ssl.h
@@ -705,6 +705,17 @@ void auth_user_pass_setup (const char *auth_file);
void ssl_set_auth_nocache (void);
void ssl_purge_auth (void);
+
+#ifdef ENABLE_CLIENT_CR
+/*
+ * ssl_get_auth_challenge will parse the server-pushed auth-failed
+ * reason string and return a dynamically allocated
+ * auth_challenge_info struct.
+ */
+void ssl_purge_auth_challenge (void);
+void ssl_put_auth_challenge (const char *cr_str);
+#endif
+
void tls_set_verify_command (const char *cmd);
void tls_set_crl_verify (const char *crl);
void tls_set_verify_x509name (const char *x509name);