Menu
▾
▴
Re: [Openvpn-devel] Re: unix - windows interop (shared secret whitespace problem)
|
From: Adam L. <ad...@al...> - 2003-10-22 02:18:20
|
James Yonan wrote: > Adam Laurie <ad...@al...> said: > > >>>>this was just a quick note to request that you do some whitespace foo >>> >>> > (in particular CR/LF stuff) for the openvpn generated secret files as >>> > this seems to cause pain when setting up keys generated by one or other >>> > platform and then transferring them (my test platform was win2k -> >>> > freebsd-4.8). >>> >>> Not sure what the problem is. >>> >>> If you generate a static key on Windows, you will get CR-LF line termination. >>> If you generate on *nix, you will get LF-only (i.e. newline) termination. >>> Each platform generates interoperable keys. The only strange behaviour I >>> noticed is if you generate a key on Linux then try to edit it with a dumb >>> editor on windows (such as Notepad), it doesn't "get" the line termination >>> right. But OpenVPN will still read the key correctly, as the key reader is >>> mostly whitespace independent. >> >>ok, then the problem is that it's not working as expected. in trhis case >>the key was generated on the win2k side and placed on the bsd server. >>tls-auth failed. after editing with vi and removing ^M characters from >>end of each line, tls-auth passed. >> >>btw, when i tested with win-xp and a key generated on the bsd side i had >>no problem, so i have seen it working as described as well, but on a >>different platform. > > > Right, tls-auth generates the key by taking the sha1sum of the file, so it > will definitely be influenced by whitespace and newline conventions. When you > said "openvpn generated secret files" I was thinking you were talking about > --genkey and static keys, which are not whitespace dependent. yes, i was... the file i'm specifying to tls-auth is the original --genkey file that i used as a shared secret for initial testing. i guess that it's really meant to be a one-liner then? cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 The Stores http://www.thebunker.net 2 Bath Road http://www.aldigital.co.uk London W4 1LT mailto:ad...@al... UNITED KINGDOM PGP key on keyservers |
