OpenVPN verify_x509_name char array size


New Around Here
I got a question about the openvpn verify_x509_name char array size.

First of all, this is not a big deal, as I can remove the verification or put it in the custom config. Just trying to understand if that's something intended or if can be improved.

Is there a reason why only 32 (31 chars with '\0') for NAME of verify-x509-name?
Code below:
    char verify_x509_name[32];    //NAME of verify-x509-name

While the webui has a maxlength of 255:
                            <label style="padding-left:3em;" id="client_cn_label">Value:</label><input type="text" maxlength="255" class="input_22_table" id="vpn_client_cn" name="vpn_client_cn" value="<% nvram_get("vpn_client_cn"); %>">

I have a host name of more than 32 characters (and under 255). Although the webui shows the full value, openvpn will fail to verify cause the value is truncated to the first 31 chars.


Asuswrt-Merlin dev
It was probably an arbitrarily chosen limit that seemed sensible at the time. I can check if it`s possible to increase it.


Asuswrt-Merlin dev
That buffer size was copied from Asus' own implementation as I copied their existing struct layout as a starting point. I have increased it to 256, it will be included in the next release.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!