Opened 6 years ago

Closed 5 years ago

#150 closed Bug / Defect (fixed)

Verify that PolarSSL refactoring has not affected authentication functions

Reported by: samuli Owned by: dazo
Priority: major Milestone: release 2.3
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


A patch that was originally a part of the PolarSSL patchset significantly refactores username and password authentication code. As this patch may have security implications, it was ACKed on the condition that all possible auth modes are tested. This includes auth driven by scripts, plugins and management interface.

Change History (2)

comment:1 Changed 5 years ago by dazo

  • Owner set to dazo
  • Status changed from new to accepted

I have been running 2.3-alphas together with eurephia for username/password and certificate authentication for some months, without any issues. I would consider this refactoring safe.

comment:2 Changed 5 years ago by dazo

  • Resolution set to fixed
  • Status changed from accepted to closed
Note: See TracTickets for help on using tickets.