Connection Failure

Nikos Mavrogiannopoulos nmav at
Sun Jul 27 02:20:35 PDT 2014

On Sat, 2014-07-26 at 21:54 +0100, Gareth Williams wrote:

> Unfortunately, I'm getting the message below when I run the server in a 
> terminal with debugging enabled.
> Does it mean anything to anyone?  The lines that concern me are the ones 
> about obtaining the username.
> ocserv[5011]: worker: worker-auth.c:397: cannot 
> obtain user from certificate DN: The given memory buffer is too short
> hold parameters.
> ocserv[5011]: worker: worker-auth.c:765: cannot
> username ((null)) from certificate

The log is a bit cryptic and what it means is that you haven't set the
cert-user-oid in the configuration file. Seeing your DN most probably
you use the CN part as the username holder. If you don't set that ocserv
assumes that the whole DN is the username and in your case it exceeds
the username limit of 64 bytes.


More information about the openconnect-devel mailing list