On server, lock session username against changes in mid-session TLS

renegotiations -- this is similer to how the common name is also locked. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5098 e7ae566f-a301-0410-adde-c780ea21d3b5
author: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2009-10-24 01:08:30 +0000
committer: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2009-10-24 01:08:30 +0000
commit: 71b557ba9d2f29f667bda60870993b83aa8d21a8 (patch)
tree: df12700d8c371b8159e39232c7f7de7c4d1dc99e /ssl.h
parent: 0f9c77b7d94338c6691eb59e80adb459afd364e0 (diff)
download: openvpn-71b557ba9d2f29f667bda60870993b83aa8d21a8.tar.gz
openvpn-71b557ba9d2f29f667bda60870993b83aa8d21a8.tar.xz
openvpn-71b557ba9d2f29f667bda60870993b83aa8d21a8.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl.h b/ssl.h
index 06cd246..7e0bfb5 100644
--- a/ssl.h
+++ b/ssl.h
@@ -589,9 +589,10 @@ struct tls_multi
   int n_soft_errors;   /* errors due to unrecognized or failed-to-authenticate incoming packets */
 
   /*
-   * Our locked common name (cannot change during the life of this tls_multi object)
+   * Our locked common name and username (cannot change during the life of this tls_multi object)
    */
   char *locked_cn;
+  char *locked_username;
 
 #ifdef ENABLE_DEF_AUTH
   /*
author	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2009-10-24 01:08:30 +0000
committer	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2009-10-24 01:08:30 +0000
commit	71b557ba9d2f29f667bda60870993b83aa8d21a8 (patch)
tree	df12700d8c371b8159e39232c7f7de7c4d1dc99e /ssl.h
parent	0f9c77b7d94338c6691eb59e80adb459afd364e0 (diff)
download	openvpn-71b557ba9d2f29f667bda60870993b83aa8d21a8.tar.gz openvpn-71b557ba9d2f29f667bda60870993b83aa8d21a8.tar.xz openvpn-71b557ba9d2f29f667bda60870993b83aa8d21a8.zip