On 04/02/15 18:01, Jorge Luiz Silva Peixoto wrote: > The following patch fixes CN maximum length as discussed with Steffan > Kargen at openvpn users mailing list. > > > Signed-off-by: Jorge Peixoto <jorgepeix...@gmail.com> > --- > src/openvpn/ssl_verify.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c > index ad50458..73488fc 100644 > --- a/src/openvpn/ssl_verify.c > +++ b/src/openvpn/ssl_verify.c > @@ -47,7 +47,7 @@ > #endif > > /** Maximum length of common name */ > -#define TLS_USERNAME_LEN 64 > +#define TLS_USERNAME_LEN 65
I've not really followed the discussion you've had with Steffan, but I suspect this is related to NULL-termination. That the username can be 64 characters according to some specs, but needs to be 65 to allow NULL termination? I'm speculating here ... so if I'm right I'd appreciate an update to the comment above if it includes NULL termination or not. Also since you do this TLS_USERNAME_LEN-1 a few other places in the code, being explicit would help to avoid any doubts. -- kind regards, David Sommerseth
