Opened 7 years ago

Closed 5 years ago

#150 closed Bug / Defect (fixed)

Verify that PolarSSL refactoring has not affected authentication functions

Reported by: Samuli Seppänen Owned by: David Sommerseth
Priority: major Milestone: release 2.3
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


A patch that was originally a part of the PolarSSL patchset significantly refactores username and password authentication code. As this patch may have security implications, it was ACKed on the condition that all possible auth modes are tested. This includes auth driven by scripts, plugins and management interface.

Change History (2)

comment:1 Changed 6 years ago by David Sommerseth

Owner: set to David Sommerseth
Status: newaccepted

I have been running 2.3-alphas together with eurephia for username/password and certificate authentication for some months, without any issues. I would consider this refactoring safe.

comment:2 Changed 5 years ago by David Sommerseth

Resolution: fixed
Status: acceptedclosed
Note: See TracTickets for help on using tickets.