summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_verify.c
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2015-06-30 08:22:29 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2015-06-30 08:22:29 +0200
commitdb0b5876a982e93446fcc2df42c16d3e2b62dcfb (patch)
tree54d0f7166375db006940c9ee80159ccc501db518 /src/openvpn/ssl_verify.c
parenta89c50f051faf00e5370e6073b920940b2bc68bf (diff)
parent6149d88c5a2c58a9cc943ca02c36e8ee4e5d1751 (diff)
Merge tag 'upstream/2.3.7'
Upstream version 2.3.7
Diffstat (limited to 'src/openvpn/ssl_verify.c')
-rw-r--r--src/openvpn/ssl_verify.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index c90c2c3..9693b81 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -596,7 +596,7 @@ verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_dep
{
result_t ret = FAILURE;
char *subject = NULL;
- char common_name[TLS_USERNAME_LEN] = {0};
+ char common_name[TLS_USERNAME_LEN+1] = {0}; /* null-terminated */
const struct tls_options *opt;
struct gc_arena gc = gc_new();
@@ -619,7 +619,7 @@ verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_dep
string_replace_leading (subject, '-', '_');
/* extract the username (default is CN) */
- if (SUCCESS != x509_get_username (common_name, TLS_USERNAME_LEN,
+ if (SUCCESS != x509_get_username (common_name, sizeof(common_name),
opt->x509_username_field, cert))
{
if (!cert_depth)
@@ -1165,7 +1165,7 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi,
s2 = verify_user_pass_script (session, up);
/* check sizing of username if it will become our common name */
- if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) && strlen (up->username) >= TLS_USERNAME_LEN)
+ if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) && strlen (up->username) > TLS_USERNAME_LEN)
{
msg (D_TLS_ERRORS, "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters", TLS_USERNAME_LEN);
s1 = OPENVPN_PLUGIN_FUNC_ERROR;