[Openvpn-devel] Correct --client-disconnect environment variable common_name

Message ID 20210916164641.867248-1-tincantech@protonmail.com
State Superseded
Headers show
Series
  • [Openvpn-devel] Correct --client-disconnect environment variable common_name
Related show

Commit Message

Richard T Bonhomme Sept. 16, 2021, 4:46 p.m.
From: Richard T Bonhomme <tincantech@protonmail.com>

--client-disconnect is always passed the X509 certificate common_name,
which is incorrect when --username-as-common-name is used.

Set the environment variable common_name to the correct value, prior to
calling --client-disconnect.

Resolves https://community.openvpn.net/openvpn/ticket/160

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 src/openvpn/multi.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

tincantech via Openvpn-devel Sept. 16, 2021, 8:55 p.m. | #1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The commit message is incorrect.

Not *always* but "after a renegotiation" then *always*

I'll resubmit again after some final testing.

R

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Thursday, September 16th, 2021 at 17:46, <stringvest88@gmail.com> wrote:

> From: Richard T Bonhomme tincantech@protonmail.com
>
> --client-disconnect is always passed the X509 certificate common_name,
>
> which is incorrect when --username-as-common-name is used.
>
> Set the environment variable common_name to the correct value, prior to
>
> calling --client-disconnect.
>
> Resolves https://community.openvpn.net/openvpn/ticket/160
>
> Signed-off-by: Richard T Bonhomme tincantech@protonmail.com
>
> src/openvpn/multi.c | 3 +++
>
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
>
> index 22357cfb..18ee5e52 100644
>
> --- a/src/openvpn/multi.c
>
> +++ b/src/openvpn/multi.c
>
> @@ -557,6 +557,9 @@ setenv_stats(struct context *c)
>
> static void
>
> multi_client_disconnect_setenv(struct multi_instance *mi)
>
> {
>
> -   /* setenv client current common-name */
>
> -   setenv_str(mi->context.c2.es, "common_name", tls_common_name(mi->context.c2.tls_multi, true));
>
> -   /* setenv client real IP address */
>
>     setenv_trusted(mi->context.c2.es, get_link_socket_info(&mi->context));
>
>
> 2.25.1
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJhQ68bACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ3Mogf+OX2Aj37g3VmepoBmyefgwHdxf6kf5Bfogns3GvEwcL459ciZ
OfDlWF1L7TyUX4ddSlApcbMCCb3r2iuLwgf4/LHc1RgybONaNCXk1lRqhQW4
eer6XYSGSjtdirdqCic3VGE0Zb61dtjEUzBFIGPsnZMD4bioXSwZ/aZ9ol/9
+zBZlkN4Pbk+I25D3AIXMCiZf3rl++BLlVYy/MND8VpiQi6wCj9K5r/YB2CI
AY1c+V7KjaUhSD6rwpchz9bQnYSTwvwOlv+3gggGXiiExy8HCieXLNybPJYq
3DhM3PPUt9zYgoOdD5BUUCArpU1DX1yt9FlD6Nl3Tjm1z2ST5TefnQ==
=OGdj
-----END PGP SIGNATURE-----

Patch

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 22357cfb..18ee5e52 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -557,6 +557,9 @@  setenv_stats(struct context *c)
 static void
 multi_client_disconnect_setenv(struct multi_instance *mi)
 {
+    /* setenv client current common-name */
+    setenv_str(mi->context.c2.es, "common_name", tls_common_name(mi->context.c2.tls_multi, true));
+
     /* setenv client real IP address */
     setenv_trusted(mi->context.c2.es, get_link_socket_info(&mi->context));