Bug#1024385: bullseye-pu: package openvpn-auth-radius/2.1-7+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: zhsj@debian.org
[ Reason ]
Fix #954264: Support for verify-client-cert openvpn 2.4 directive.
[ Impact ]
The current version doesn't work with openvpn version (2.5.1) in stable.
The old workaround only works for openvpn 2.4.
[ Tests ]
On #954264, one reporter is someone I know and trust, and he has verified on
his vpn server.
But I don't have a openvpn server with radius, so I only reviewed the code.
[ Risks ]
The patch is trivial and easy to review.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
+ if (param == "verify-client-cert")
+ {
+ this->deletechars(&line);
+ if (line != "verify-client-certrequired")
+ {
+ this->clientcertnotrequired=true;
+ }
+ }
Add a new check for directive "verify-client-cert".
[ Other info ]
No.
diff -Nru openvpn-auth-radius-2.1/debian/changelog openvpn-auth-radius-2.1/debian/changelog
--- openvpn-auth-radius-2.1/debian/changelog 2018-10-28 20:10:22.000000000 +0800
+++ openvpn-auth-radius-2.1/debian/changelog 2022-11-19 00:59:14.000000000 +0800
@@ -1,3 +1,10 @@
+openvpn-auth-radius (2.1-7+deb11u1) bullseye; urgency=medium
+
+ * Add patch to support verify-client-cert directive in openvpn 2.4
+ (Closes: #954264)
+
+ -- Shengjing Zhu <zhsj@debian.org> Sat, 19 Nov 2022 00:59:14 +0800
+
openvpn-auth-radius (2.1-7) unstable; urgency=low
* QA upload.
diff -Nru openvpn-auth-radius-2.1/debian/patches/0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch openvpn-auth-radius-2.1/debian/patches/0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch
--- openvpn-auth-radius-2.1/debian/patches/0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch 1970-01-01 08:00:00.000000000 +0800
+++ openvpn-auth-radius-2.1/debian/patches/0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch 2022-11-19 00:59:14.000000000 +0800
@@ -0,0 +1,29 @@
+From: Shengjing Zhu <zhsj@debian.org>
+Date: Sat, 12 Nov 2022 19:25:57 +0800
+Subject: Support verify-client-cert directive in openvpn 2.4
+
+Bug-Debian: #954264
+Forwarded: no
+---
+ Config.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/Config.cpp b/Config.cpp
+index b600fab..d914818 100644
+--- a/Config.cpp
++++ b/Config.cpp
+@@ -180,6 +180,14 @@ int Config::parseConfigFile(const char * configfile)
+ this->clientcertnotrequired=true;
+ }
+ }
++ if (param == "verify-client-cert")
++ {
++ this->deletechars(&line);
++ if (line != "verify-client-certrequired")
++ {
++ this->clientcertnotrequired=true;
++ }
++ }
+ if (param == "username-as-common-name")
+ {
+ this->deletechars(&line);
diff -Nru openvpn-auth-radius-2.1/debian/patches/series openvpn-auth-radius-2.1/debian/patches/series
--- openvpn-auth-radius-2.1/debian/patches/series 2018-10-28 18:45:40.000000000 +0800
+++ openvpn-auth-radius-2.1/debian/patches/series 2022-11-19 00:59:14.000000000 +0800
@@ -3,3 +3,4 @@
30_build-with-debug-symbols.diff
35_verbose_built.diff
40_use_cppflags.diff
+0006-Support-verify-client-cert-directive-in-openvpn-2.4.patch
Reply to: