Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-26 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/06/10 11:20, Emilien Mantel wrote: > Hi, > > See attached a very small patch (based on allmerged tree) to fix "sizeof". Thanks a lot! commit 031d18fcb8a2a552aecabb41f1afdfe3f51bdd58 Author: Emilien Mantel List-Post: openvpn-devel@lists.source

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-25 Thread Peter Stuge
Emilien Mantel wrote: > See attached a very small patch (based on allmerged tree) to fix "sizeof". Acked-by: Peter Stuge

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-25 Thread Emilien Mantel
Hi, See attached a very small patch (based on allmerged tree) to fix "sizeof". Regards, -- Emilien Mantel Le 18/06/2010 02:01, Peter Stuge a écrit : David Sommerseth wrote: 3) "sizeof(common_name)" is useless... Line 745: char common_name[TLS_USERNAME_LEN]; we can use directly TLS_USERNA

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-20 Thread Gert Doering
Hi, On Fri, Jun 18, 2010 at 02:01:20AM +0200, Peter Stuge wrote: > David Sommerseth wrote: > > > 3) "sizeof(common_name)" is useless... Line 745: char > > > common_name[TLS_USERNAME_LEN]; we can use directly TLS_USERNAME_LEN. > > > > Thanks a lot for the patch and all rework done. (Also: thank y

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-18 Thread ma+ovpnd
Am 17.06.2010, 15:57 Uhr, schrieb Alon Bar-Lev: Great. Few more: 1. To upper: char *s = p[1]; while ((*s = toupper(*s)) != '\0') s++; I haven't looked at the patch yet, so my silence about anything else DOES NOT constitute approval or anything of the remainder of the code. Picking out a

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-18 Thread Peter Stuge
David Sommerseth wrote: > > 3) "sizeof(common_name)" is useless... Line 745: char > > common_name[TLS_USERNAME_LEN]; we can use directly TLS_USERNAME_LEN. > > Thanks a lot for the patch and all rework done. (Also: thank you to all > reviewers!) > > The third and last patch looks very good! I've

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-17 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/06/10 16:51, Emilien Mantel wrote: > 1) Done > > 2) Done > > 3) "sizeof(common_name)" is useless... Line 745: char > common_name[TLS_USERNAME_LEN]; we can use directly TLS_USERNAME_LEN. Thanks a lot for the patch and all rework done. (Also: t

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-17 Thread Emilien Mantel
Le 17/06/2010 17:21, Alon Bar-Lev a écrit : On Thu, Jun 17, 2010 at 5:51 PM, Emilien Mantel wrote: 1) Done 2) Done 3) "sizeof(common_name)" is useless... Line 745: char common_name[TLS_USERNAME_LEN]; we can use directly TLS_USERNAME_LEN. Usually sizeof(XXX) should be used so if XX

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-17 Thread Alon Bar-Lev
On Thu, Jun 17, 2010 at 5:51 PM, Emilien Mantel wrote: > 1) Done > > 2) Done > > 3) "sizeof(common_name)" is useless... Line 745: char > common_name[TLS_USERNAME_LEN]; we can use directly TLS_USERNAME_LEN. Usually sizeof(XXX) should be used so if XXX is modified there is no overrun (Single point

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-17 Thread Emilien Mantel
1) Done 2) Done 3) "sizeof(common_name)" is useless... Line 745: char common_name[TLS_USERNAME_LEN]; we can use directly TLS_USERNAME_LEN. 4) I note "common_name" is used everwhere in OpenVPN code... I can rename it with a big sed :) But substitute all "common_name" is very heavy : emilienm

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-17 Thread Alon Bar-Lev
Great. Few more: 1. To upper: char *s = p[1]; while ((*s = toupper(*s)) != '\0') s++; 2. Remove compound {} at this place, move the char *s before the VERIFY_PERMISSION. 3. I think: """ extract_x509_field_ssl (X509_get_subject_name (ctx->current_cert), x509_username_field, common_name, TLS_USERNA

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-17 Thread Emilien Mantel
I added toupper() + #include in options.c See attached. -- Emilien Mantel Le 17/06/2010 14:02, Alon Bar-Lev a écrit : This is good idea. In order to upper case toupper() should be used and not manual guessing. + else if (streq (p[0], "x509-username-field")&& p[1]) +{ + VERIFY_PER

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-17 Thread Alon Bar-Lev
This is good idea. In order to upper case toupper() should be used and not manual guessing. + else if (streq (p[0], "x509-username-field") && p[1]) +{ + VERIFY_PERMISSION (OPT_P_GENERAL); + /* Uppercase if necessary */ + { + char *s = p[1]; + int c, flag = 0; + +

Re: [Openvpn-devel] [PATCH] Choose a different field in X509 to be username

2010-06-17 Thread Samuli Seppänen
> Hi, > > For my company, we use a PKI (linked to a LDAP) with OpenVPN. We can't > use "CN" to be username (few people can have the same "CN"). In our > case, we only use the UID. > > With my patch, you can choose another field to be username with a new > option called "x509-username-field", the d