diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/openvpn/ssl.c | 3 | ||||
-rw-r--r-- | src/openvpn/ssl_verify.c | 17 | ||||
-rw-r--r-- | src/openvpn/ssl_verify.h | 3 |
3 files changed, 23 insertions, 0 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 86450fe..beee82f 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2822,6 +2822,9 @@ tls_process(struct tls_multi *multi, session->opt->crl_file, session->opt->crl_file_inline); } + /* New connection, remove any old X509 env variables */ + tls_x509_clear_env(session->opt->es); + dmsg(D_TLS_DEBUG_MED, "STATE S_START"); } diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 9f12ab8..a6e9be3 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -1486,4 +1486,21 @@ verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session) gc_free(&gc); } } + +void +tls_x509_clear_env(struct env_set *es) +{ + struct env_item *item = es->list; + while (item) + { + struct env_item *next = item->next; + if (item->string + && 0 == strncmp("X509_", item->string, strlen("X509_"))) + { + env_set_del(es, item->string); + } + item = next; + } +} + #endif /* ENABLE_CRYPTO */ diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h index ffab218..d91799e 100644 --- a/src/openvpn/ssl_verify.h +++ b/src/openvpn/ssl_verify.h @@ -238,6 +238,9 @@ tls_client_reason(struct tls_multi *multi) #endif } +/** Remove any X509_ env variables from env_set es */ +void tls_x509_clear_env(struct env_set *es); + #endif /* ENABLE_CRYPTO */ #endif /* SSL_VERIFY_H_ */ |