Do not include auth-token in pulled option digest

As change in auth-token is common on restart and does not require tun-reopen, exclude it from the "pulled options digest" calculation. Without this tun is always re-opened on SIGUSR1 if auth-token is in use which breaks persist-tun. Github: Fixes OpenVPN/openvpn#200 v2: explcitly filter auth-token and auth-token-user Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20221219140405.1221341-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25768.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
2024-09-20 03:52:28 +02:00 · 2022-12-19 09:04:05 -05:00 · 2022-12-19 09:04:05 -05:00 · f778f4f88e
commit f778f4f88e
parent 5bd787bb8f
1 changed files with 4 additions and 2 deletions
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@ -989,8 +989,10 @@ push_update_digest(md_ctx_t *ctx, struct buffer *buf, const struct options *opt)
    char line[OPTION_PARM_SIZE];
    while (buf_parse(buf, ',', line, sizeof(line)))
    {
-        /* peer-id might change on restart and this should not trigger reopening tun */
-        if (strprefix(line, "peer-id "))
+        /* peer-id and auth-token might change on restart and this should not trigger reopening tun */
+        if (strprefix(line, "peer-id ")
+            || strprefix(line, "auth-token ")
+            || strprefix(line, "auth-token-user "))
        {
            continue;
        }