#484 closed Bug / Defect (fixed)
Inline file size limit
| Reported by: | mbuck | Owned by: | Steffan Karger |
|---|---|---|---|
| Priority: | major | Milestone: | release 2.3.7 |
| Component: | Generic / unclassified | Version: | OpenVPN 2.3.5 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
It seems inline files have a fixed size limit of 10000 bytes:
I tried to inline a PKCS#12 file (with a 4096 bit key) which after base64-encoding is exactly 10193 bytes. This results in the following error message from openvpn:
Tue Nov 25 00:58:52 2014 OpenVPN 2.3.5 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 25 2014 Tue Nov 25 00:58:52 2014 library versions: OpenSSL 1.0.1e 11 Feb 2013, LZO 2.06 Tue Nov 25 00:58:52 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue Nov 25 00:58:52 2014 Error reading inline PKCS#12 file: error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data Tue Nov 25 00:58:52 2014 Exiting due to fatal error
The limit should probably be raised to at least 20000 bytes (or even more since the buffer is used only temporarily and then shrunk to the actually required size).
Change History (4)
comment:1 Changed 9 years ago by
| Owner: | set to Steffan Karger |
|---|---|
| Status: | new → assigned |
comment:2 Changed 9 years ago by
Thanks for pointing me at this, Gert. I did not notice this one before. I just sent a patch to resolve this to the mailing list:
comment:3 Changed 9 years ago by
| Milestone: | → release 2.3.7 |
|---|---|
| Resolution: | → fixed |
| Status: | assigned → closed |
Your patch has been applied to the master and release/2.3 branches.
commit e473b7c4ce41a450645e0f89579bc25b4a7f7d49 (master)
commit 95f47ab88e1f240984ba3c79f2243ed304b46a94 (release/2.3)
Author: Steffan Karger
Date: Mon Apr 27 10:12:22 2015 +0200
Remove size limit for files inlined in config
Signed-off-by: Steffan Karger <steffan@…>
Acked-by: Gert Doering <gert@…>
Message-Id: <1430122342-11742-1-git-send-email-steffan@…>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9607
closing the ticket now, patch will be in the upcoming 2.3.7 release.
mbuck: could you please test it and verify that it works for you? If not, just reopen the ticket.
comment:4 Changed 9 years ago by
Works fine for me. Tested on Linux, even though I saw the original problem on Android, but I've got no way to compile git master for Android myself.
Thanks a lot!
Steffan, wanna have a look?