aboutsummaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_common.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/ssl_common.h')
-rw-r--r--src/openvpn/ssl_common.h9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
index 72eb55b..64c1d53 100644
--- a/src/openvpn/ssl_common.h
+++ b/src/openvpn/ssl_common.h
@@ -95,7 +95,10 @@
* completed while still within the
* handshake window. Deferred auth and
* client connect can still be pending. */
-#define S_GENERATED_KEYS 7 /**< The data channel keys have been generated */
+#define S_GENERATED_KEYS 7 /**< The data channel keys have been generated
+ * The TLS session is fully authenticated
+ * when reaching this state. */
+
/* Note that earlier versions also had a S_OP_NORMAL state that was
* virtually identical with S_ACTIVE and the code still assumes everything
* >= S_ACTIVE to be fully operational */
@@ -596,8 +599,8 @@ struct tls_multi
* user/pass authentications in this session.
*/
char *auth_token_initial;
- /**< The first auth-token we sent to a client, for clients that do
- * not update their auth-token (older OpenVPN3 core versions)
+ /**< The first auth-token we sent to a client. We use this to remember
+ * the session ID and initial timestamp when generating new auth-token.
*/
#define AUTH_TOKEN_HMAC_OK (1<<0)
/**< Auth-token sent from client has valid hmac */
generated by cgit v1.1 at 2024-10-07 03:22:54 +0000