Hi, On Wed, May 2, 2018 at 2:30 PM, Steffan Karger <stef...@karger.me> wrote: > Hi, > > On 26-03-18 18:36, Ning Wei via Openvpn-devel wrote: >> Both of key_method_2_write and key_method_2_read take >> TLS_Channel_Bug_Size as buffer size. The current size, 2048 is not >> enough to read/write a long password response. I have notice the >> management interface has a much smaller than 2048 buffer size to >> read/write. Currently, if the management interface is not used, >> increasing tls channel buffer size will serve the need. >> >> As token provider, the size of token can be bigger or smaller. >> Sometime, it has more than 1600 as a token. To accommodate that, a >> bigger buffer size will be needed. > > I don't think this is achieving what you want. The username/password > size on the OpenVPN protocol are fixed at 128 bytes max, and can not be > changes without introducing a new protocol version or interoperability > problems. See the USER_PASS_LEN variable used in key_method_2_read.
USER_PASS_LEN is 4096 (not 128) for builds with ENABLE_PKCS11 and that was the assumption behind this patch. I'm not endorsing this patch but we do need changes to management interface and option parsing to allow long user/pass strings to support newer challenge-response protocols. Those changes are not hard but this patch falls short as I had pointed out earlier. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
