diff options
| -rw-r--r-- | doc/openvpn.8 | 3 | ||||
| -rw-r--r-- | src/openvpn/init.c | 1 | ||||
| -rw-r--r-- | src/openvpn/ssl.c | 4 | ||||
| -rw-r--r-- | src/openvpn/ssl_common.h | 1 |
4 files changed, 7 insertions, 2 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index ef87bb7..67e6ddd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4786,6 +4786,9 @@ when OpenVPN needs a username/password, it will prompt for input from stdin, which may be multiple times during the duration of an OpenVPN session. +When using \-\-auth\-nocache in combination with a user/password file +and \-\-chroot or \-\-daemon, make sure to use an absolute path. + This directive does not affect the .B \-\-http\-proxy username/password. It is always cached. diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 3434ce0..d093f46 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2252,6 +2252,7 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) to.tmp_dir = options->tmp_dir; if (options->ccd_exclusive) to.client_config_dir_exclusive = options->client_config_dir; + to.auth_user_pass_file = options->auth_user_pass_file; #endif #ifdef ENABLE_X509_TRACK diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index dce6c30..ebb2f0d 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1920,9 +1920,9 @@ key_method_2_write (struct buffer *buf, struct tls_session *session) if (auth_user_pass_enabled) { #ifdef ENABLE_CLIENT_CR - auth_user_pass_setup (NULL, session->opt->sci); + auth_user_pass_setup (session->opt->auth_user_pass_file, session->opt->sci); #else - auth_user_pass_setup (NULL, NULL); + auth_user_pass_setup (session->opt->auth_user_pass_file, NULL); #endif if (!write_string (buf, auth_user_pass.username, -1)) goto error; diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index bb1c1c2..95cd2f7 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -277,6 +277,7 @@ struct tls_options const char *auth_user_pass_verify_script; bool auth_user_pass_verify_script_via_file; const char *tmp_dir; + const char *auth_user_pass_file; /* use the client-config-dir as a positive authenticator */ const char *client_config_dir_exclusive; |