From patchwork Sun Mar 15 18:39:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: luca.boccassi@gmail.com X-Patchwork-Id: 4832 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:2755:b0:83c:d90d:321 with SMTP id j21csp2448345maq; Sun, 15 Mar 2026 11:44:03 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCX+x1P/gfwEY7RVMgOSZlNj2FqQrBOUFz/T/rdURPZ6n5KIq9X8sumCqpJDblx7rohoEeZ85RmQCCk=@openvpn.net X-Received: by 2002:a05:6820:214:b0:67b:d547:26d9 with SMTP id 006d021491bc7-67bda8865eamr6826325eaf.0.1773600243544; Sun, 15 Mar 2026 11:44:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1773600243; cv=none; d=google.com; s=arc-20240605; b=D3Hu3zjXVu1V/psNunaqQvPIh/p1pg7WZ+VymfxEGvSvDunqOOkGoCYII8ljU/xbte mmNVftu8i6eWvZjJ0zEv1jZskwWL7mrWH/A5XkQtRCrmjy+4vavuN+tPeuv/0muxUEg/ D7pZ9tsgol5WBCcT/cv1VcpweweaihpQ/J/mPh7HXXXQbRCAPCBMPHoCW4kIGmL8tTB5 0N28S57ioB8RPEAyod3rIEMNjnO47UGNMQoissj9f27q7wv7HlAzfZvntGeB4sZxhGyv ywzh+gq6aEkVnqqTRYUpSJo35Fg/3GWPRFZLvEwSw6kc1p22V5vR+rTIk1Di2bWdzWvK i1lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=XM92qzFANwfMcYKqaUJjK8Yhf3v48vAdUPsjy+MKGls=; fh=FRWMOQmE4vArX8xPll5WCJJjcBedLRfud2/cHUpioeU=; b=YzFRafyFiu8vFNpWJ2C64mEHdFnfo2Z+0nMGoy3Q/L2599Evbs+gruLj1DWCjIN/mz oXqsiteWCx6AjYRkXxdVBn/33fSfNOehgEVHMy8UEqCGtzei0Sf9kyyOmQ/Ko+5Uu4ew N7pbV5i58e/sHX0GdwGI+6OTDtODQ2vi8/XoJnTW1XutfEDyrFroc8CURtI9jPiZUVP+ ty+PQzQswi5gwBdQmgVPmLFnHPJI0G/c0hi+qSaC3GOo9TYyw6bvohxN1/G5Newm3uoV za0dYVgV1TJ2OEQqalv10PXNYRKnE0+IQMLLTiINbujVmkGdhaL9lFUOysRmRXyKY+Rv 7Jlg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Y+AhwD+0; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XeO6Tphu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gLdhw2C9; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b="IZn/DNFS"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-67bc9322478si7073176eaf.83.2026.03.15.11.44.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Mar 2026 11:44:03 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Y+AhwD+0; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XeO6Tphu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gLdhw2C9; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b="IZn/DNFS"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=XM92qzFANwfMcYKqaUJjK8Yhf3v48vAdUPsjy+MKGls=; b=Y+AhwD+0S4OzwizLHGV1dBJnKd qGIsIF3ZK8T8nDFaV4Y1j+cDZ9qNmPdi3fiy4U8UiMRmp3YYdE8gDNpAeWBjJLLPD+AjXNL+OoIaE EH5CfqQrjOEalrABRc3rwFkLeMCKsxaUX0nnpZhRjZCRKxP1rV3Rqx9drIYINzjJadg4=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w1qRT-00049B-Ou; Sun, 15 Mar 2026 18:44:00 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w1qRS-00048s-53 for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 18:43:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=znggBQvKt9TLYQqMPOm+ITTICpbLQIiOFj4TQ7DzGCM=; b=XeO6Tphuhor7Cuvy8QM2uqKVP7 xpkJmg9gkf4Y9BLgTUazGnAk6izKHJCNhg+jLrt6bCQdgDChxHg/XJ2gOGSCEz7WN60mp4ObONyaL JaC8YS50zCwTGoaDEqHyN6WSs5jhl/jNQMIgwaqy4b9Xg3YcWwKDyh6V1xeKfzwElG/c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=znggBQvKt9TLYQqMPOm+ITTICpbLQIiOFj4TQ7DzGCM=; b=gLdhw2C9kfMNEMS1MHkVZwp7jw +s14I0uFhjtxvKFolKcFPml88n96fvKrUTTkDwVqlQ/CMivODkzFIUHWFFjL+z1hENqYjTMRw47YN R5lbpw4O5xfjbKN0AQMAhZbj7C97SnMILIwCZXA5CcM9OwH6+ylPOf/o0TZo6Lb0/nJ0=; Received: from mail-wr1-f52.google.com ([209.85.221.52]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1w1qRS-0000OF-CQ for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 18:43:58 +0000 Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-439b9cf8cb5so4370540f8f.0 for ; Sun, 15 Mar 2026 11:43:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773600226; x=1774205026; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=znggBQvKt9TLYQqMPOm+ITTICpbLQIiOFj4TQ7DzGCM=; b=IZn/DNFSVQcDJi6pg2FM+6kNSxSLBLM2wHmykzTAaCnNx4uqksolXAdhqOw/FxjWuL ZhbZVwW1qylFNi3KZjmwZ3l5CP0wSfNU9Pdd0ZZXD21MIfsMp51zdbB3bINa2jG6H6Wb QgFWID+VsVSh1lXxgpCyEaVNlxbAS0X2hN/XDvFVL5dEq8S7uyVVZKmR+9xelQDmC1Rc gb3DgyoP5T1WWyX++Wb8XIrp9rzvUM6eSHD6Tmmo2fmF+vtAwUoFy1Wis09l5KQyfNQz 5gdmklub/sD1ZlxelYPYAafunUVpCT3cY5/0Y0Y+a/9LXOTIEAFoXnuYRt4nlC/g6pRF GYhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773600226; x=1774205026; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=znggBQvKt9TLYQqMPOm+ITTICpbLQIiOFj4TQ7DzGCM=; b=ZRKJUyU5mmTvJriu3MYRf5Y+P/s73qGHfzJpBjyQ5gJQCPc3GOLWZk+mvvl9/Eqc04 TyJ8Cqxlmo8HLXRxb2i9fVrGjTXhlvhbeAVG6CFSmMjgm0Kcp6MiCwFF3K9JFKxzjQIa mwgbMUXk5g/Lsg1VdIvoj5cAAIiFxXLEXuNm+W3nuQ3WE+i/z1ff2udOvPGLgBrNIoXV kjeR0jPoPs8sy7uQnzluoXQEFJIVYp17LVTCAxJSGwdDv8Uw+A9K3EbbbTzgSfHA9Yu0 AGXi3Nm1zmHsegbLxQaKJhQtEofbffxEHttpMU0q+uGUJGtNuTyTl+scKYydolKiosJJ qgWg== X-Gm-Message-State: AOJu0YzNOkGvR+QFbRS+xLnUBAppWXGDnYr6rkLWyyW5MumCBzAr0yr9 HhQxBZgJ1miVX0LQkPxQESWbg3uFo4zsM/bWqgS5CfGC0N12heuyysdkcxeY6g== X-Gm-Gg: ATEYQzzhWbfprf32fCnX7uIgXxZC1L67zX1AXiU4ImcW8aj3UygHw/Hb1VvOZ/grp8l y4WfQhpuJQVyQnrr4E/aiPsJa+QmzlyN/vfwSvDC/mnslHSbuqtqh9CdK0glZEAXRG8UkeKbwLH SwFQ6SBiXk98JwuCd4ZRUVmvZ4TrKBOx4AFlHqm9den6nfk48J8ZDY5s8rN7KbpCSRRT21s98by WMjbMRluN5+o5sfywHu/auzo0nUFSkVLB1lHXZhCn26QYobxdoCJcCh2F23RMQcs7P2D6PQh8FH ftW1Hh+8y0dSkyNVtiBvFiyKw+67WdAZ42dfgmcnZyN/MLSpW6gj3D+2bGKZvHKe9rKhvyT8dNk 9nVVx/9TkGWCmygK9vIQGAYCV0t2xlJLKj/W5TBUz65DI2aKlXIkXXerRYDQjSdOyZfr0Zz2AJj 2/OjLZDNbdJo3TDrsmAqYpYzC7fhwo+RGWbca2y4M= X-Received: by 2002:a5d:5f53:0:b0:439:b624:5ce1 with SMTP id ffacd0b85a97d-43a04db6580mr18780110f8f.33.1773600226381; Sun, 15 Mar 2026 11:43:46 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:16d6:15ec:8b51:78c3]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-439fe20bb90sm37365011f8f.19.2026.03.15.11.43.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Mar 2026 11:43:45 -0700 (PDT) From: luca.boccassi@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 15 Mar 2026 18:39:55 +0000 Message-ID: <20260315184337.1541272-2-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260315184337.1541272-1-luca.boccassi@gmail.com> References: <20260315184337.1541272-1-luca.boccassi@gmail.com> MIME-Version: 1.0 X-Spam-Score: 0.8 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Luca Boccassi When authenticating via a JWT token 2048 bytes are not enough, which breaks the auth process. In my local case the token is ~2100 bytes. Bump the maximum harcoded size from 2k to 8k to leave some head [...] Content analysis details: (0.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [luca.boccassi(at)gmail.com] 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.52 listed in wl.mailspike.net] X-Headers-End: 1w1qRS-0000OF-CQ Subject: [Openvpn-devel] [PATCH 1/2] Increase TLS_CHANNEL_BUF_SIZE from 2048 to 8192 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Luca Boccassi Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1859754648820128287?= X-GMAIL-MSGID: =?utf-8?q?1859754648820128287?= From: Luca Boccassi When authenticating via a JWT token 2048 bytes are not enough, which breaks the auth process. In my local case the token is ~2100 bytes. Bump the maximum harcoded size from 2k to 8k to leave some headroom. Signed-off-by: Luca Boccassi --- src/openvpn/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/common.h b/src/openvpn/common.h index aa7b7217..fbe6239a 100644 --- a/src/openvpn/common.h +++ b/src/openvpn/common.h @@ -67,7 +67,7 @@ typedef unsigned long ptr_type; * maximum size of a single TLS message (cleartext). * This parameter must be >= PUSH_BUNDLE_SIZE */ -#define TLS_CHANNEL_BUF_SIZE 2048 +#define TLS_CHANNEL_BUF_SIZE 8192 /* TLS control buffer minimum size * From patchwork Sun Mar 15 18:39:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: luca.boccassi@gmail.com X-Patchwork-Id: 4831 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:2755:b0:83c:d90d:321 with SMTP id j21csp2448344maq; Sun, 15 Mar 2026 11:44:03 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXnQUepk/gehVsOlqz7P+kOxjLc2EZVIfny18jAbvvbvYGCRPR2eA260RSRqQoFiY4QToJaJGVs9Yg=@openvpn.net X-Received: by 2002:a05:6808:11cb:b0:43c:8714:fe3c with SMTP id 5614622812f47-467575c6e9emr5425347b6e.51.1773600243526; Sun, 15 Mar 2026 11:44:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1773600243; cv=none; d=google.com; s=arc-20240605; b=BG6q8OqRl/ZXEuB4awEauU0DL7nRErAPd/tK1nZ0N5qzs3rO5IUWMukSBFqNJXlIR0 0w110r+Ri/w3s8e9EbBQchlZzSJHGB+3vkNVixO3o9AmaKO63iER2bSdwBhz+1LPKpPg y1+Ov3zspNZyyiLLYKEeE5jlZnCi2psEr0ZVg+fvJ4GT2W5slze5ixiYmsxGPvzrP5x/ TTEHyPllYy7JpWUocU/k2QQ2DohtuY9D+mMS067qV3pFpqazya4QV3ulIWlFDGxusxVw ZO4ezDIhNXy5MkJyHmCx8tnsuIJqAxSdnF/n5xpV5GQ61XEraI+6QDFfRSEk7ZzYaKcE AuwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=uELeknqXscD/37CEOqUxXXycZpV2HbFVT7ec2mu72T0=; fh=FRWMOQmE4vArX8xPll5WCJJjcBedLRfud2/cHUpioeU=; b=aDclOGv6rP8AQUAAlwFdpMm0iREgs5biiwoKBdcZ0js8V68E9giCrkwOnV0vfhPFcT qhlANmpA0I3kamA9tZxouAorc/ROIWjxVTvl+K6wQApQ7hFfFEdJuUIVUP5CaU30cBdv tSfVRMnLWG4tAZvh6iw+u6SNe/LIU073hLFtPRQMXEgX3tBfLR+JD3Zypp7+7iSDi6Tg BQHVeXB39pYbXuOU5E1uWXRj2OUVt8rfTp2izqM0TWzdKaBYxg3dfWs/0nWXSFlgcBbO WVFeffkWIasm8UTac0eVC7eVdGog+XUpaUlq3Itzv01mg3odzW6FcVHRDZFDCRNlHACA 4JUA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="Ku8NWq/3"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=I7bl68Oy; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ejGEAy6a; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=iWHtTBGO; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-4177e63d898si8894525fac.128.2026.03.15.11.44.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Mar 2026 11:44:03 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="Ku8NWq/3"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=I7bl68Oy; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ejGEAy6a; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=iWHtTBGO; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=uELeknqXscD/37CEOqUxXXycZpV2HbFVT7ec2mu72T0=; b=Ku8NWq/3hj8XrivFnEALn3zD7L 06RU5UbpnxKcO2bXHydp92wOxe/UHtHgiLAEYl/To647XyOLoyYV/Vv1LjKRQsEWr2qfkHwhH2dbu Hr1f3APhhgVPM03AY4Inks//J+MgZBZd+e0yHhtYyFzgquSuCTMOXV5VC8PuXqxxuaXQ=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w1qRV-00010V-DX; Sun, 15 Mar 2026 18:44:01 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w1qRT-00010P-S9 for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 18:43:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=HN0e3fcwO+cv4md7vbRNmzE8yDUZpn47aTlmn3j09c4=; b=I7bl68Oy2obI91AGs+6vzNFAlU 6n73r1TkITsDSJM9pcQckOZeXuqAFwlvn1G3yHy6EOVJ0z/jFAtsysU7xDUAu6vf6MGtPLS7pUirc 01oT6fbUFTiHmDkUfoZotTVdUzB+gVdEpc2cbY8ELFrlILh83XP9sIh49J8a6dRyTEIQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=HN0e3fcwO+cv4md7vbRNmzE8yDUZpn47aTlmn3j09c4=; b=ejGEAy6awfCkptn1vbF2Z+rzz6 /vw35hS/u6mnSVimUTEBJVnOcxfMC4+nZr3ABj0J/Pz5EWofe1OsKj39ftmS0EiGvJsfSvyouPNBs gIJK11vDaTB/I2N0HL0WASFKZfNtedi8IY1ru+r7Vf8HuZhqLaCabLrc5Tqip3d75zGQ=; Received: from mail-wr1-f48.google.com ([209.85.221.48]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1w1qRT-0000OJ-H9 for openvpn-devel@lists.sourceforge.net; Sun, 15 Mar 2026 18:43:59 +0000 Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-43b41b545d9so583045f8f.2 for ; Sun, 15 Mar 2026 11:43:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773600228; x=1774205028; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HN0e3fcwO+cv4md7vbRNmzE8yDUZpn47aTlmn3j09c4=; b=iWHtTBGOWGNpwcI7J2yCDbOpel0EG4MAiOc8yIKqZ5RJKJNbc8IyDN+0Y+acnXe2gO N3/6uQUjX9aLHtcL42F5ZrpvbU074hQmqkqXDr6JSuhn1FPRtw/nz/I6lLPKwAsbl6b8 bQtrPsXUpSrOo3ibcwKvy/FPGWlDVmZAH7snw5cFTd0dqDTv9h2WQvx/stBR0Ynw3Kys mP1c5VoJFvnYS+RFesPVFp5sfJb4jh23r8w5yveo/Tyip7Ahv0/hn2MJGJ/0Ybf0Tinn ecWMPEKprT7mkLolj3OvSClFIMMi8mV5/EnSRosEMRawq3DkXg90u5vbxgASjqNIu4ld 7fWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773600228; x=1774205028; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=HN0e3fcwO+cv4md7vbRNmzE8yDUZpn47aTlmn3j09c4=; b=J3cfY4640mrYVynshDZN+/SM6O8Kp+RRneLYv7/ZObzl/h5iQXIqyhuDXcTPgFuvLx aw3NSHGq9f4KcqyCZGgLdKY2KOsMrPhwNvXHKdMtPavrBi7Gwq82VfelXx51hzmqhoH/ XXNlElJKDRt70dyD53x4vsW/qejmynk5HBx8/DNWq2DINBXyn9nLqvEwFYc9zVXpCVpb akaf2dXCrHMye246Cj708WUHU4W3Pbf4dyyjpLjNlRMkptFcfX7iDMIMf2sb95GYWJ/v MKAIzntwsD14UExmkm6lgKrbAJpboFqWu8lxPvgrSCUroMhGB74dmP/bSi5M+Ry072YE xGTg== X-Gm-Message-State: AOJu0YwITmUCQnDLDkWwqLFkHFq8ZRUnqD+klmV9ECoYSn36151WOusA 35M4LcN+FsYUkktb0CzQsO2MgrrsWHmrDMNXRSs6pHankBQIYlSrDShP+tOeOw== X-Gm-Gg: ATEYQzwVu5LmXOlVnXjapPAhTFEJaZWj9sm5N5jrOe4/SYhKneehpn+xJs1Cm65K4M/ 7KJfCKTqgGhN8VqBn6vrahNev6L/iyZBvFotC8hlRa+lJeq5Hp4YhJXADh6UBBq4GZkr1+AR9FP UKVbcJiw8q+ADJ3lwOrQbcXEmF6KcrhFpuQee7Tt3fGTWHj1kEYZaWjeSXVSBaYypU4UkdSabQN UU7L1fWRRHVaY3vXzykI1XALEGvrgjEDjPlOvMi4AmjOCr636J6UCVD0QeO1JyV7xc/LTH2zp3/ GWk9fZqnRsWfZSWtWBHg6CnS2iOO+OY0sxjfwpNmW8TCtPTCEMOSEnxCs1E5RPVIaRMR6l8Ikdo y5BW3Nja2m41qk+SMARnnjuu7QcvYALD42Jjkcg8PoUuE91cFKTFr16ayeC8tW7UszceWvnK1eJ x7h3kOHjRfC3EyHHVsiPcx7X4KlJwZ73thOsO9AIA= X-Received: by 2002:a05:6000:184f:b0:439:cc01:c9ee with SMTP id ffacd0b85a97d-43a04d84b2dmr20843096f8f.3.1773600227677; Sun, 15 Mar 2026 11:43:47 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:16d6:15ec:8b51:78c3]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-43b41ff92a6sm6607520f8f.11.2026.03.15.11.43.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Mar 2026 11:43:47 -0700 (PDT) From: luca.boccassi@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 15 Mar 2026 18:39:56 +0000 Message-ID: <20260315184337.1541272-3-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260315184337.1541272-1-luca.boccassi@gmail.com> References: <20260315184337.1541272-1-luca.boccassi@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Luca Boccassi When authenticating via a JWT token 128 bytes are not enough, which breaks the auth process. Currently the hardcoded password limit is increased to 4k when PKCS11 is enabled, for similar reasons. Remo [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [209.85.221.48 listed in list.dnswl.org] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [luca.boccassi(at)gmail.com] 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.48 listed in wl.mailspike.net] X-Headers-End: 1w1qRT-0000OJ-H9 Subject: [Openvpn-devel] [PATCH 2/2] Unconditionally set USER_PASS_LEN to 4096 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Luca Boccassi Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1859754648723151930?= X-GMAIL-MSGID: =?utf-8?q?1859754648723151930?= From: Luca Boccassi When authenticating via a JWT token 128 bytes are not enough, which breaks the auth process. Currently the hardcoded password limit is increased to 4k when PKCS11 is enabled, for similar reasons. Remove the compile time conditional and always set the limit to 4k. Signed-off-by: Luca Boccassi --- src/openvpn/misc.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index e9cfadba..2c495d41 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -58,11 +58,7 @@ struct user_pass bool protected; /* max length of username/password */ -#ifdef ENABLE_PKCS11 #define USER_PASS_LEN 4096 -#else -#define USER_PASS_LEN 128 -#endif /* Note that username and password are expected to be null-terminated */ char username[USER_PASS_LEN]; char password[USER_PASS_LEN];