diff options
| author | James Yonan <james@openvpn.net> | 2010-10-24 09:12:47 +0000 |
|---|---|---|
| committer | James Yonan <james@openvpn.net> | 2010-10-24 09:12:47 +0000 |
| commit | 3cf9dd88fd84108eccfcce0ebf44e00f9481cd82 (patch) | |
| tree | 03264d8f2741babc01a8ab2bbe9a8d2b546f3147 /ssl.h | |
| parent | c68e0cddf024ae5b18f89062bf7164da77f1cf06 (diff) | |
| download | openvpn-3cf9dd88fd84108eccfcce0ebf44e00f9481cd82.tar.gz openvpn-3cf9dd88fd84108eccfcce0ebf44e00f9481cd82.tar.xz openvpn-3cf9dd88fd84108eccfcce0ebf44e00f9481cd82.zip | |
Implement challenge/response authentication support in client mode,
where credentials are entered from stdin. This capability is
compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled
by default).
Challenge/response support was previously implemented for creds
that are queried via the management interface. In this case,
the challenge message will be returned as a custom
client-reason-text string (see management-notes.txt for more
info) on auth failure.
Also, see the comments in misc.c above get_auth_challenge()
for info on the OpenVPN challenge/response protocol.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ssl.h')
| -rw-r--r-- | ssl.h | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -705,6 +705,17 @@ void auth_user_pass_setup (const char *auth_file); void ssl_set_auth_nocache (void); void ssl_purge_auth (void); + +#ifdef ENABLE_CLIENT_CR +/* + * ssl_get_auth_challenge will parse the server-pushed auth-failed + * reason string and return a dynamically allocated + * auth_challenge_info struct. + */ +void ssl_purge_auth_challenge (void); +void ssl_put_auth_challenge (const char *cr_str); +#endif + void tls_set_verify_command (const char *cmd); void tls_set_crl_verify (const char *crl); void tls_set_verify_x509name (const char *x509name); |