Opened 2 years ago

Last modified 2 years ago

#1028 assigned Bug / Defect

iOS: PKCS5 error when prompted for the private key password (encrypted with OpenSSL 1.1)

Reported by: Matteo13 Owned by: Antonio
Priority: major Milestone:
Component: OpenVPN Connect Version: OpenVPN Connect for iOS v1.2.9
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: easy-rsa openssl pkcs5
Cc:

Description

The latest version of OpenVPN connect doesn't seem to be able to decrypt RSA/EC private keys. I'm importing the .ovpn with the embedded key starting with "-----BEGIN ENCRYPTED PRIVATE KEY-----".

I am being asked for a password but it's not accepted, here is the error:

EVENT: CORE_ERROR mbed TLS: error parsing config private key : PKCS5 - Requested encryption or digest alg not available [ERR]

I'm attaching two sample keys, password is "test"

Attachments (2)

ecpass.ovpn (387 bytes) - added by Matteo13 2 years ago.
rsapass.ovpn (1.8 KB) - added by Matteo13 2 years ago.

Download all attachments as: .zip

Change History (6)

Changed 2 years ago by Matteo13

Attachment: ecpass.ovpn added

Changed 2 years ago by Matteo13

Attachment: rsapass.ovpn added

comment:1 Changed 2 years ago by Antonio

Resolution: fixed
Status: newclosed

this should finally be fixed with 1.2.9. Please test and re-open this ticket if needed.

comment:2 Changed 2 years ago by Matteo13

Resolution: fixed
Status: closedreopened

I opened the issue because indeed version 1.2.9 did not work for me, I’m still getting the error. I also posted it on the forum https://forums.openvpn.net/viewtopic.php?f=36&t=25929

Also, I’m generating the PKI with easyrsa version 4.4, openssl 1.1, using this config:

set_var EASYRSA_ALGO ec
set_var EASYRSA_CURVE secp384r1
set_var EASYRSA_DIGEST sha256

comment:3 Changed 2 years ago by Matteo13

Typo: easyrsa release 3.0.4

comment:4 Changed 2 years ago by Antonio

Status: reopenedassigned
Summary: iOS: PKCS5 error when prompted for the private key passwordiOS: PKCS5 error when prompted for the private key password (encrypted with OpenSSL 1.1)
Note: See TracTickets for help on using tickets.