Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#484 closed Bug / Defect (fixed)

Inline file size limit

Reported by: mbuck Owned by: Steffan Karger
Priority: major Milestone: release 2.3.7
Component: Generic / unclassified Version: OpenVPN 2.3.5 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


It seems inline files have a fixed size limit of 10000 bytes:

I tried to inline a PKCS#12 file (with a 4096 bit key) which after base64-encoding is exactly 10193 bytes. This results in the following error message from openvpn:

Tue Nov 25 00:58:52 2014 OpenVPN 2.3.5 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 25 2014
Tue Nov 25 00:58:52 2014 library versions: OpenSSL 1.0.1e 11 Feb 2013, LZO 2.06
Tue Nov 25 00:58:52 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Nov 25 00:58:52 2014 Error reading inline PKCS#12 file: error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data
Tue Nov 25 00:58:52 2014 Exiting due to fatal error

The limit should probably be raised to at least 20000 bytes (or even more since the buffer is used only temporarily and then shrunk to the actually required size).

Change History (4)

comment:1 Changed 9 years ago by Gert Döring

Owner: set to Steffan Karger
Status: newassigned

Steffan, wanna have a look?

comment:2 Changed 9 years ago by Steffan Karger

Thanks for pointing me at this, Gert. I did not notice this one before. I just sent a patch to resolve this to the mailing list:

comment:3 Changed 9 years ago by Gert Döring

Milestone: release 2.3.7
Resolution: fixed
Status: assignedclosed

Your patch has been applied to the master and release/2.3 branches.

commit e473b7c4ce41a450645e0f89579bc25b4a7f7d49 (master)
commit 95f47ab88e1f240984ba3c79f2243ed304b46a94 (release/2.3)

Author: Steffan Karger
Date: Mon Apr 27 10:12:22 2015 +0200

Remove size limit for files inlined in config

Signed-off-by: Steffan Karger <steffan@…>
Acked-by: Gert Doering <gert@…>
Message-Id: <1430122342-11742-1-git-send-email-steffan@…>

closing the ticket now, patch will be in the upcoming 2.3.7 release.

mbuck: could you please test it and verify that it works for you? If not, just reopen the ticket.

comment:4 Changed 9 years ago by mbuck

Works fine for me. Tested on Linux, even though I saw the original problem on Android, but I've got no way to compile git master for Android myself.

Thanks a lot!

Note: See TracTickets for help on using tickets.