2015-02-05 7:49 GMT-03:00 David Sommerseth <openvpn.l...@topphemmelig.net>: > On 04/02/15 18:01, Jorge Luiz Silva Peixoto wrote: >> The following patch fixes CN maximum length as discussed with Steffan >> Kargen at openvpn users mailing list. >> >> >> Signed-off-by: Jorge Peixoto <jorgepeix...@gmail.com> >> --- >> src/openvpn/ssl_verify.c | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c >> index ad50458..73488fc 100644 >> --- a/src/openvpn/ssl_verify.c >> +++ b/src/openvpn/ssl_verify.c >> @@ -47,7 +47,7 @@ >> #endif >> >> /** Maximum length of common name */ >> -#define TLS_USERNAME_LEN 64 >> +#define TLS_USERNAME_LEN 65 > > I've not really followed the discussion you've had with Steffan, but I > suspect this is related to NULL-termination. That the username can be
Yes, it is. ;-) > 64 characters according to some specs, but needs to be 65 to allow NULL > termination? I'm speculating here ... so if I'm right I'd appreciate an > update to the comment above if it includes NULL termination or not. OK. Do I send this patch again to the list? Comment updated below. /** Maximum length of common name (rfc5280) + null character byte */ -#define TLS_USERNAME_LEN 64 +#define TLS_USERNAME_LEN 65 > Also since you do this TLS_USERNAME_LEN-1 a few other places in the > code, being explicit would help to avoid any doubts. > > > -- > kind regards, > > David Sommerseth
