Connection Failure

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Jul 27 02:20:35 PDT 2014


On Sat, 2014-07-26 at 21:54 +0100, Gareth Williams wrote:

> Unfortunately, I'm getting the message below when I run the server in a 
> terminal with debugging enabled.
> Does it mean anything to anyone?  The lines that concern me are the ones 
> about obtaining the username.
> ocserv[5011]: worker: xx.xxx.65.223:51482 worker-auth.c:397: cannot 
> obtain user from certificate DN: The given memory buffer is too short
to 
> hold parameters.
> ocserv[5011]: worker: xx.xxx.65.223:51482 worker-auth.c:765: cannot
get 
> username ((null)) from certificate
> 

The log is a bit cryptic and what it means is that you haven't set the
cert-user-oid in the configuration file. Seeing your DN most probably
you use the CN part as the username holder. If you don't set that ocserv
assumes that the whole DN is the username and in your case it exceeds
the username limit of 64 bytes.

regards,
Nikos





More information about the openconnect-devel mailing list