Hi,
On Thu, Sep 22, 2016 at 01:36:15PM +0200, Steffan Karger wrote:
> > +#define USER_PASS_LEN 4096
> > +
> > struct user_pass
> > {
> > bool defined;
> > bool nocache;
> >
> > -/* max length of username/password */
> > -# ifdef ENABLE_PKCS11
> > -# define USER_PASS_LEN 4096
> > -# else
> > -# define USER_PASS_LEN 128
> > -# endif
> > char username[USER_PASS_LEN];
> > char password[USER_PASS_LEN];
> > };
>
> ACK.
>
> I've wondered about this before, but never got to sending a patch. Good
> that you did get to it.
I'm not exactly happy about this. struct user_pass is used as a global
instance in quite a few places, and this sucks up 7.5 kbytes extra for
each of them.
As Jonathan wrote, management interface can only handle 256 bytes, so
I think this should be done as part of a larger cleanup.
But it's good that you got involved :-) - what is the reasoning behind
4k for username and password here? It doesn't really make sense to me,
but since this struct is used in pkcs#11 context, something seems to need
it *there*.
(Will it work at all, to send a 4k username and password in the OpenVPN
handshake? James tells us the space for --push-peer-info is "limited",
and username+password share the very same space...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
