Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/787?usp=email )
Change subject: Refuse clients if username or password is > USER_PASS_LEN ...................................................................... Patch Set 1: Code-Review-1 (1 comment) Patchset: PS1: Okay, my client was not compiled the way I thought - so with --enable-pkcs11, sending a long username to an unmodified server yields ``` Oct 27 10:30:59 gentoo tun-udp-p2mp-global-authpam[14201]: 194.97.140.21:36736 TLS Error: Auth Username/Password was not provided by peer Oct 27 10:30:59 gentoo tun-udp-p2mp-global-authpam[14201]: 194.97.140.21:36736 TLS Error: TLS handshake failed `` and with the patch it does a proper ``` Oct 27 10:34:48 gentoo tun-udp-p2mp-global-authpam[15712]: 194.97.140.21:60127 TLS INFO: Username (-230) or password (14) long ... Oct 27 10:34:48 gentoo tun-udp-p2mp-global-authpam[15712]: 194.97.140.21:60127 TLS Error: Username (230) or password (14) too long ``` and the client receives ``` 2024-10-27 10:34:48 AUTH: Received control message: AUTH_FAILED,Username or password is too long. Maximum length is 128 bytes ``` (the "-" 230 is my doing, I removed the abs() call to more clearly see what is being returned). Upgrading the patch to "-1" ;-) - I think the "TLS INFO:" line clould either be removed (because it's duplicating the TLS Error: message later) or the `abs()` should go, and the double space before ` long`) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/787?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I60f02c919767eb8f1b95253689a8233f5f68621d Gerrit-Change-Number: 787 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: cron2 <g...@greenie.muc.de> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Comment-Date: Sun, 27 Oct 2024 09:41:32 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
