If running an OpenVPN client with --enable-pkcs11 and a server without
and having a username and/or password with more than 128 characters,
the authentication will fail as the server truncates the password
to 128 bytes.
This makes things easier and more predictable. Username/passwords
can be up to 4096 bytes, regardless of the --enable-pkcs11 state.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/misc.h | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index b694096..31ea10e 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -195,17 +195,14 @@ const char *hostname_randomize(const char *hostname,
struct gc_arena *gc);
* Get and store a username/password
*/
+/* max length of username/password */
+#define USER_PASS_LEN 4096
+
struct user_pass
{
bool defined;
bool nocache;
-/* max length of username/password */
-# ifdef ENABLE_PKCS11
-# define USER_PASS_LEN 4096
-# else
-# define USER_PASS_LEN 128
-# endif
char username[USER_PASS_LEN];
char password[USER_PASS_LEN];
};
--
1.8.3.1
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
