Attention is currently required from: Bluca, plaisthos. selvanair has posted comments on this change by Bluca. ( http://gerrit.openvpn.net/c/openvpn/+/1593?usp=email )
Change subject: management: add password-base64 multi-line input for passwords ...................................................................... Patch Set 1: (5 comments) File doc/management-notes.txt: http://gerrit.openvpn.net/c/openvpn/+/1593/comment/ec11ebed_489629cf?usp=email : PS1, Line 329: commands. Update MANAGEMENT_VERSION to 6 and document that multi-line password support requires daemon version >= 6. File src/openvpn/manage.c: http://gerrit.openvpn.net/c/openvpn/+/1593/comment/0fc3a710_af3796ab?usp=email : PS1, Line 1029: * @param type The type of password being entered (e.g. "Auth", "TLS-Auth", etc) Nitpick: "TLS-Auth" is not a valid type -- "Private Key" ? http://gerrit.openvpn.net/c/openvpn/+/1593/comment/ce75309c_cca007a8?usp=email : PS1, Line 1102: msg(M_CLIENT, "ERROR: could not base64-decode password"); This could lead to an unhelpful decode error or silent truncation which is hard to debug. Instead, use a larger length like OPENVPN_BASE64_LENGTH(USER_PASS_LEN) + 1024 that will capture some of the excess data (if any), and then check OPENVPN_BASE64_DECODE_LENGTH(BLEN(buf)) < USER_PASS_LEN. On failure, return an ERROR message showing password is too long. http://gerrit.openvpn.net/c/openvpn/+/1593/comment/13426238_dff01d9f?usp=email : PS1, Line 1110: secure_memzero(decoded, sizeof(decoded)); Also needs a buf_clear() somewhere as buf contains sensitive data. http://gerrit.openvpn.net/c/openvpn/+/1593/comment/1de6799c_71c005a6?usp=email : PS1, Line 1664: else if (streq(p[0], "password-base64")) As Gert suggested, we could use "password 'Type'" with no argument and interpret it differently based on the management-client-version (say MCV_MULTILINE_PASSWORD). Better than introducing a different keyword? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1593?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ib99f171fb69d51f2260b44edf8ebe21ac958f233 Gerrit-Change-Number: 1593 Gerrit-PatchSet: 1 Gerrit-Owner: Bluca <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-Reviewer: selvanair <[email protected]> Gerrit-CC: openvpn-devel <[email protected]> Gerrit-Attention: plaisthos <[email protected]> Gerrit-Attention: Bluca <[email protected]> Gerrit-Comment-Date: Sat, 28 Mar 2026 15:49:29 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
