What's new

OpenVPN verify_x509_name char array size

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

abelzx

New Around Here
I got a question about the openvpn verify_x509_name char array size.

First of all, this is not a big deal, as I can remove the verification or put it in the custom config. Just trying to understand if that's something intended or if can be improved.

Is there a reason why only 32 (31 chars with '\0') for NAME of verify-x509-name?
Code below:
Code:
    char verify_x509_name[32];    //NAME of verify-x509-name

While the webui has a maxlength of 255:
Code:
                            <label style="padding-left:3em;" id="client_cn_label">Value:</label><input type="text" maxlength="255" class="input_22_table" id="vpn_client_cn" name="vpn_client_cn" value="<% nvram_get("vpn_client_cn"); %>">

I have a host name of more than 32 characters (and under 255). Although the webui shows the full value, openvpn will fail to verify cause the value is truncated to the first 31 chars.
 
It was probably an arbitrarily chosen limit that seemed sensible at the time. I can check if it`s possible to increase it.
 
That buffer size was copied from Asus' own implementation as I copied their existing struct layout as a starting point. I have increased it to 256, it will be included in the next release.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top