From 7ef7c36c83fe7f2a97301e0e9fb274ca5f730242 Mon Sep 17 00:00:00 2001 From: Daiyuu Nobori Date: Sat, 29 Jun 2019 21:30:58 +0900 Subject: [PATCH] OpenVPN X.509 certificate authentication will be used only when no username / password is specified --- src/Cedar/Proto_OpenVPN.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Cedar/Proto_OpenVPN.c b/src/Cedar/Proto_OpenVPN.c index 5668a93d..d23de964 100644 --- a/src/Cedar/Proto_OpenVPN.c +++ b/src/Cedar/Proto_OpenVPN.c @@ -871,9 +871,13 @@ void OvsBeginIPCAsyncConnectionIfEmpty(OPENVPN_SERVER *s, OPENVPN_SESSION *se, O p.BridgeMode = true; } - if (c->ClientCert.X != NULL) + if (IsEmptyStr(c->ClientKey.Username) || IsEmptyStr(c->ClientKey.Password)) { - p.ClientCertificate = c->ClientCert.X; + // OpenVPN X.509 certificate authentication will be used only when no username / password is specified + if (c->ClientCert.X != NULL) + { + p.ClientCertificate = c->ClientCert.X; + } } // Calculate the MSS