summaryrefslogtreecommitdiff
path: root/src/openvpn/push.c
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2019-02-20 14:11:51 +0100
committerBernhard Schmidt <berni@debian.org>2019-02-20 14:11:51 +0100
commit39ddb9cc8281bd239b94a3023da6329edb6718c1 (patch)
treedc6a8e7f1018f59f088c5b06b48eb24efe17f22d /src/openvpn/push.c
parentd5078cc44b8919a25cb7507e9e6da1d66f25bb5b (diff)
parent87356242baf10c8b2a94d9013e436ed2a0dada53 (diff)
Update upstream source from tag 'upstream/2.4.7'
Update to upstream version '2.4.7' with Debian dir d01da6ef78dc8ce91265e8f319468f6c34d23af8
Diffstat (limited to 'src/openvpn/push.c')
-rw-r--r--src/openvpn/push.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 6a30e47..dd5bd41 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -55,8 +55,20 @@ receive_auth_failed(struct context *c, const struct buffer *buffer)
if (c->options.pull)
{
- switch (auth_retry_get())
+ /* Before checking how to react on AUTH_FAILED, first check if the
+ * failed auth might be the result of an expired auth-token.
+ * Note that a server restart will trigger a generic AUTH_FAILED
+ * instead an AUTH_FAILED,SESSION so handle all AUTH_FAILED message
+ * identical for this scenario */
+ if (ssl_clean_auth_token())
{
+ c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */
+ c->sig->signal_text = "auth-failure (auth-token)";
+ }
+ else
+ {
+ switch (auth_retry_get())
+ {
case AR_NONE:
c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */
break;
@@ -70,8 +82,9 @@ receive_auth_failed(struct context *c, const struct buffer *buffer)
default:
ASSERT(0);
+ }
+ c->sig->signal_text = "auth-failure";
}
- c->sig->signal_text = "auth-failure";
#ifdef ENABLE_MANAGEMENT
if (management)
{