mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
OpenVPN is an open source VPN daemon
fa5ab2438a
When username-as-common-name is in effect, the common_name is "CN" from the certificate for auth-user-pass-verify. It gets changed to "username" after successful authentication. This changed value gets into the env when client-connect script is called. However, "common_name" goes through the cycle of being "CN", then "username" during every reauth (renegotiation). As the client-connect script is not called during reneg, the changed value never gets back into the env. The end result is that the disconnect script gets "common_name=<CN>" instead of the username. Unless no reneg steps have happened before disconnect. (For a more detailed analysis see https://community.openvpn.net/openvpn/ticket/1434#comment:12) Fix by adding common_name to env whenever it changes. Trac: #1434 Very likely applies to #160 as well, but that's too old and some of the relevant code path has evolved since then. Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20211023000706.25016-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23051.html Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
|---|---|---|
| .github | ||
| .travis | ||
| build | ||
| contrib | ||
| debug | ||
| dev-tools | ||
| distro | ||
| doc | ||
| include | ||
| m4 | ||
| sample | ||
| src | ||
| tests | ||
| .git-blame-ignore-revs | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .svncommitters | ||
| .travis.yml | ||
| AUTHORS | ||
| ChangeLog | ||
| Changes.rst | ||
| compat.m4 | ||
| config-msvc-version.h.in | ||
| config-msvc.h | ||
| configure.ac | ||
| CONTRIBUTING.rst | ||
| COPYING | ||
| COPYRIGHT.GPL | ||
| INSTALL | ||
| Makefile.am | ||
| msvc-build.bat | ||
| msvc-dev.bat | ||
| msvc-env.bat | ||
| NEWS | ||
| openvpn.sln | ||
| PORTS | ||
| README | ||
| README.ec | ||
| README.IPv6 | ||
| README.mbedtls | ||
| README.wolfssl | ||
| TODO.IPv6 | ||
| version.m4 | ||
| version.sh.in | ||
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2018 OpenVPN Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* To get the latest release of OpenVPN, go to: https://openvpn.net/index.php/download/community-downloads.html To Build and Install, tar -zxf openvpn-<version>.tar.gz cd openvpn-<version> ./configure make make install or see the file INSTALL for more info. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html To report an issue, see https://community.openvpn.net/openvpn/report For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows The old cross-compilation environment (domake-win) and the Python-based buildsystem have been replaced with openvpn-build: https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.