If running an OpenVPN client with --enable-pkcs11 and a server without and having a username and/or password with more than 128 characters, the authentication will fail as the server truncates the password to 128 bytes.
This makes things easier and more predictable. Username/passwords can be up to 4096 bytes, regardless of the --enable-pkcs11 state. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/openvpn/misc.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index b694096..31ea10e 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -195,17 +195,14 @@ const char *hostname_randomize(const char *hostname, struct gc_arena *gc); * Get and store a username/password */ +/* max length of username/password */ +#define USER_PASS_LEN 4096 + struct user_pass { bool defined; bool nocache; -/* max length of username/password */ -# ifdef ENABLE_PKCS11 -# define USER_PASS_LEN 4096 -# else -# define USER_PASS_LEN 128 -# endif char username[USER_PASS_LEN]; char password[USER_PASS_LEN]; }; -- 1.8.3.1 ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel