Opened 13 years ago

Closed 2 years ago

#194 closed Bug / Defect (worksforme)

Management Interface does not allow UTF8 passwords

Reported by: fjaeger Owned by:
Priority: major Milestone: release 2.4
Component: Management Version: OpenVPN 2.2.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: mac osx unicode ascii
Cc:

Description

I am using OpenVPN's management interface with Shimo (MacOSX VPN Client) and I realized that I am unable to login when the user password contains a German umlaut. Same holds for other UTF8 characters.
Currently I am using OpenVPN version 2.2.2

Change History (5)

comment:1 Changed 11 years ago by Samuli Seppänen

Keywords: mac osx unicode ascii added

Can someone reproduce this on 2.3.2 or latest Git "master"?

comment:2 Changed 11 years ago by Gert Döring

this might not be "just" an umlaut issue, but an "is the umlaut encoding the same on the OpenVPN client and the OpenVPN server" (so if the Mac GUI sends UTF8 umlauts to the management interface and the server compares to ISO umlauts...)

No idea how SSH and friends solve this. I just don't use non-ASCII characters in usernames or passwords...

comment:3 Changed 9 years ago by Samuli Seppänen

Milestone: release 2.2.2release 2.4

comment:4 Changed 2 years ago by Selva Nair

I think management i/f accepts any byte sequence as password with few exceptions (no embedded new lines or NULs) -- its up to the client to ensure that consistent values are provided when starting openvpn.exe on, say, command line, and from management client.

The error reported here is very likely mismatch between encoding used on the command line and management-client UI.

Shall we close this?

comment:5 Changed 2 years ago by Gert Döring

Resolution: worksforme
Status: newclosed

Closing this as indeed character set issues are complex (GUI to management interface, Terminal to config file, server side script to authentication backend), and we can't really solve this inside OpenVPN except "do not even try to autoconvert something".

While this is not really helping the original poster, trying to do charset autoconversion here ("if a --auth-user-pass file has no UTF8 BOM, treat as ISO8859-1, and convert to UTF8 before sending to server") will be a major undertaking, and not necessarily create less pain...

The best way is to have the same encoding everywhere, which would be UTF-8 today - and avoid using non-7-bit-characters in usernames and passwords, as a matter of good practice.

Note: See TracTickets for help on using tickets.