Opened 3 years ago
Last modified 7 weeks ago
#1028 assigned Bug / Defect
iOS: PKCS5 error when prompted for the private key password (encrypted with OpenSSL 1.1)
| Reported by: | Matteo13 | Owned by: | OpenVPN Inc. |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | OpenVPN Connect | Version: | OpenVPN Connect for iOS v1.2.9 |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | easy-rsa openssl pkcs5 |
| Cc: |
Description
The latest version of OpenVPN connect doesn't seem to be able to decrypt RSA/EC private keys. I'm importing the .ovpn with the embedded key starting with "-----BEGIN ENCRYPTED PRIVATE KEY-----".
I am being asked for a password but it's not accepted, here is the error:
EVENT: CORE_ERROR mbed TLS: error parsing config private key : PKCS5 - Requested encryption or digest alg not available [ERR]
I'm attaching two sample keys, password is "test"
Attachments (2)
Change History (7)
Changed 3 years ago by
| Attachment: | ecpass.ovpn added |
|---|
Changed 3 years ago by
| Attachment: | rsapass.ovpn added |
|---|
comment:1 Changed 3 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:2 Changed 3 years ago by
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
I opened the issue because indeed version 1.2.9 did not work for me, I’m still getting the error. I also posted it on the forum https://forums.openvpn.net/viewtopic.php?f=36&t=25929
Also, I’m generating the PKI with easyrsa version 4.4, openssl 1.1, using this config:
set_var EASYRSA_ALGO ec set_var EASYRSA_CURVE secp384r1 set_var EASYRSA_DIGEST sha256
comment:4 Changed 3 years ago by
| Status: | reopened → assigned |
|---|---|
| Summary: | iOS: PKCS5 error when prompted for the private key password → iOS: PKCS5 error when prompted for the private key password (encrypted with OpenSSL 1.1) |
comment:5 Changed 7 weeks ago by
| Owner: | changed from Antonio to OpenVPN Inc. |
|---|
Note: See
TracTickets for help on using
tickets.
this should finally be fixed with 1.2.9. Please test and re-open this ticket if needed.