diff options
author | Arne Schwabe | 2021-04-06 00:05:21 +0200 |
---|---|---|
committer | Gert Doering | 2021-04-20 15:26:39 +0200 |
commit | 0e5516a9d656ce86f7fb370c824344ea1760c255 (patch) | |
tree | 91649707b982e5840513ebdb368a6ebcd4dab561 | |
parent | a7263a125199c6d11710ecf50f9a07424369fdbc (diff) | |
download | openvpn-0e5516a9d656ce86f7fb370c824344ea1760c255.zip openvpn-0e5516a9d656ce86f7fb370c824344ea1760c255.tar.gz |
Ensure key state is authenticated before sending push reply
This ensures that the key state is authenticated when sending
a push reply.
-rw-r--r-- | src/openvpn/push.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 002be23..52c6e82 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -652,6 +652,7 @@ int process_incoming_push_request(struct context *c) { int ret = PUSH_MSG_ERROR; + struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY]; #ifdef ENABLE_ASYNC_PUSH c->c2.push_request_received = true; @@ -662,7 +663,12 @@ process_incoming_push_request(struct context *c) send_auth_failed(c, client_reason); ret = PUSH_MSG_AUTH_FAILURE; } - else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED) + else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED + && ks->authenticated + #ifdef ENABLE_DEF_AUTH + && !ks->auth_deferred + #endif + ) { time_t now; |