Hi, On 22-09-16 12:04, David Sommerseth wrote: > If running an OpenVPN client with --enable-pkcs11 and a server without > and having a username and/or password with more than 128 characters, > the authentication will fail as the server truncates the password > to 128 bytes. > > This makes things easier and more predictable. Username/passwords > can be up to 4096 bytes, regardless of the --enable-pkcs11 state. > > Signed-off-by: David Sommerseth <dav...@openvpn.net> > --- > src/openvpn/misc.h | 9 +++------ > 1 file changed, 3 insertions(+), 6 deletions(-) > > diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h > index b694096..31ea10e 100644 > --- a/src/openvpn/misc.h > +++ b/src/openvpn/misc.h > @@ -195,17 +195,14 @@ const char *hostname_randomize(const char *hostname, > struct gc_arena *gc); > * Get and store a username/password > */ > > +/* max length of username/password */ > +#define USER_PASS_LEN 4096 > + > struct user_pass > { > bool defined; > bool nocache; > > -/* max length of username/password */ > -# ifdef ENABLE_PKCS11 > -# define USER_PASS_LEN 4096 > -# else > -# define USER_PASS_LEN 128 > -# endif > char username[USER_PASS_LEN]; > char password[USER_PASS_LEN]; > };
ACK. I've wondered about this before, but never got to sending a patch. Good that you did get to it. How are user/pass formatted. Are these supposed to be zero-terminated? In that case it would make sense to add a remark to the comment that this length includes the zero-byte. -Steffan ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel