22b2389989
Fixes two related security vulnerabilities (CVE-2020-15078) which
under very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup. In combination with "--auth-gen-token" or
a user-specific token auth solution it can be possible to get access to
a VPN with an otherwise-invalid account.
OpenVPN 2.5.2 also includes other bug fixes and improvements.
Add CI build test script.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from 6186fe732b)
10 lines
174 B
Bash
Executable file
10 lines
174 B
Bash
Executable file
#!/bin/sh
|
|
|
|
case "$1" in
|
|
"openvpn-mbedtls")
|
|
openvpn --version | grep "$2.*SSL (mbed TLS)"
|
|
;;
|
|
"openvpn-openssl")
|
|
openvpn --version | grep "$2.*SSL (OpenSSL)"
|
|
;;
|
|
esac
|