On Sat, Mar 21, 2026 at 9:47 PM <[email protected]> wrote: > From: Luca Boccassi <[email protected]> > > Allow management clients to send long passwords via the > usual multi-line base64 encoded protocol. > > A client sends a 'password <type>' line, followed by > as many lines (each up to 1024 bytes) as needed, in base64 > encoded format, terminated by 'END'. > > This is useful when a password is a JIT-generated use-once > token. > > Signed-off-by: Luca Boccassi <[email protected]> >
I think this is a step in the right direction: allows arbitrary long passwords to be passed via the management interface bringing it in line with stdin/console input. No other intrusive changes like option parsing. Until now, the largish USER_PASS_LEN = 4096 was mostly a waste of space as it was often not possible to use it even locally within the client because of the 255 byte restriction in the management interface. I have only skimmed through the patch, but reusing "password" with no argument could break existing UI clients, hypothetically. If any UI client is currently using an empty password to quit the dialog, it will get into a stalemate. I guess a new keyword or an extra token after 'Auth' to indicate multi-line input would be required. Selva P.S. Next version could go into gerrit for a more thorough review.
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
