| Message ID | 20260414055721.16857-1-gert@greenie.muc.de |
|---|---|
| State | New |
| Headers | show |
| Series | [Openvpn-devel,v1] Log when writing username/password to TLS buffer fails | expand |
Thanks, this makes sense - if we fail, we want to tell the user what
happened (even if we then continue to run in silly circles).
I have not tested it - I guess one needs a GUI with "long password"
support to trigger it :-) - but since the code path is clear enough
and the patch only adds msg() calls, I guess a compile test is fine.
Your patch has been applied to the master and release/2.7 branch
(I put this into "documentation improvement").
commit fd1fd077ea7781be8be6e05f2a2b657619c7e437 (master)
commit 784ba7a2019539db028cd98beaa42e8921394cdf (release/2.7)
Author: Selva Nair
Date: Tue Apr 14 07:57:14 2026 +0200
Log when writing username/password to TLS buffer fails
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1600
Message-Id: <20260414055721.16857-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36604.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
> I have not tested it - I guess one needs a GUI with "long password" support to trigger it :-) Not really.. long passwords work via the console even in pre-2.6 ! A password longer than about 1700 bytes will trigger it. Selva On Tue, Apr 14, 2026 at 12:31 PM Gert Doering <gert@greenie.muc.de> wrote: > > Thanks, this makes sense - if we fail, we want to tell the user what > happened (even if we then continue to run in silly circles). > > I have not tested it - I guess one needs a GUI with "long password" > support to trigger it :-) - but since the code path is clear enough > and the patch only adds msg() calls, I guess a compile test is fine. > > Your patch has been applied to the master and release/2.7 branch > (I put this into "documentation improvement"). > > commit fd1fd077ea7781be8be6e05f2a2b657619c7e437 (master) > commit 784ba7a2019539db028cd98beaa42e8921394cdf (release/2.7) > Author: Selva Nair > Date: Tue Apr 14 07:57:14 2026 +0200 > > Log when writing username/password to TLS buffer fails > > Signed-off-by: Selva Nair <selva.nair@gmail.com> > Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> > Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1600 > Message-Id: <20260414055721.16857-1-gert@greenie.muc.de> > URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36604.html > Signed-off-by: Gert Doering <gert@greenie.muc.de> > > > -- > kind regards, > > Gert Doering >
Hi, On Tue, Apr 14, 2026 at 12:43:58PM -0400, Selva Nair wrote: > > I have not tested it - I guess one needs a GUI with "long password" > support to trigger it :-) > > Not really.. long passwords work via the console even in pre-2.6 ! A > password longer than about 1700 bytes will trigger it. Amazing :-) - and indeed, being prodded to start thinking, this USER_PASS_LEN being set to 4096 must have some sort of effect... - thanks. gert
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 576157d..5868d53 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2125,10 +2125,12 @@ if (!write_string(buf, up->username, -1)) { + msg(M_WARN, "WARNING: Failed to write auth username to TLS buffer"); goto error; } else if (!write_string(buf, up->password, -1)) { + msg(M_WARN, "WARNING: Failed to write auth password to TLS buffer"); goto error; } /* save username for auth-token which may get pushed later */