File openvpn-CVE-2020-15078.patch of Package openvpn.38044

--- src/openvpn/push.c.orig
+++ src/openvpn/push.c
@@ -408,6 +408,8 @@ process_incoming_push_msg (struct contex
   struct buffer buf = *buffer;
 
 #if P2MP_SERVER
+  struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY];
+
   if (buf_string_compare_advance (&buf, "PUSH_REQUEST"))
     {
       if (tls_authentication_status (c->c2.tls_multi, 0) == TLS_AUTHENTICATION_FAILED || c->c2.context_auth == CAS_FAILED)
@@ -416,7 +418,12 @@ process_incoming_push_msg (struct contex
 	  send_auth_failed (c, client_reason);
 	  ret = PUSH_MSG_AUTH_FAILURE;
 	}
-      else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
+      else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED
+		&& ks->authenticated
+#ifdef ENABLE_DEF_AUTH
+		&& !ks->auth_deferred
+#endif
+	      )
 	{
 	  time_t now;