Opened 18 months ago

Last modified 7 months ago

#1088 assigned Bug / Defect

Android: app crashes upon connection

Reported by: bstanger Owned by: plaisthos
Priority: major Milestone:
Component: OpenVPN Connect Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

On my Nokia 6.1 with Adroid 8.1 the app crashes immediately after trying to connect. No connection possible.
I'll attach my openvpn config.

Attachments (1)

firewall-UDP4-1194-bstanger-ios-config.ovpn (5.8 KB) - added by bstanger 18 months ago.

Download all attachments as: .zip

Change History (8)

Changed 18 months ago by bstanger

comment:1 Changed 18 months ago by plaisthos

Owner: changed from Antonio to plaisthos
Status: newassigned

comment:2 Changed 18 months ago by plaisthos

Reproduced the bug. This is a kind of obscure bug. An illegal character in the certifcate kills the JVM via JNI:

08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] JNI DETECTED ERROR IN APPLICATION: input is not valid Modified UTF-8: illegal start byte 0xfc
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508]     string: 'VERIFY OK : depth=0
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] cert. version     : 3
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] serial number     : 02
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] issuer name       : C=DE, ST=Baden - W?rttemberg, L=Hermaringen, O=Stanger, emailAddress=email@bstanger.de, CN=openvpnca
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] subject name      : C=DE, ST=Baden - W?rttemberg, L=Hermaringen, O=Stanger, emailAddress=email@bstanger.de, CN=openvpnca
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] issued  on        : 2016-09-19 15:57:17
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] expires on        : 2026-09-17 15:57:17
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] signed using      : RSA with SHA-256
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] RSA key size      : 2048 bits
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] basic constraints : CA=false
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] cert. type        : SSL Server
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] key usage         : Digital Signature, Key Encipherment
08-20 18:54:18.243 24179 24202 F zygote64: runtime.cc:508] ext key usage     : TLS Web Server Authentication, ???
08-20 18:54:18.244 24179 24202 F zygote64: runtime.cc:508] 
08-20 18:54:18.244 24179 24202 F zygote64: runtime.cc:508] '
08-20 18:54:18.244 24179 24202 F zygote64: runtime.cc:508]     input: '0x56 0x45 0x52 0x49 0x46 0x59 0x20 0x4f 0x4b 0x20 0x3a 0x20 0x64 0x65 0x70 0x74 0x68 0x3d 0x30 0x0a 0x63 0x65 0x72 0x74 0x2e 0x20 0x76 0x65 0x72 0x73 0x69 0x6f 0x6e 0x20 0x20 0x20 0x20 0x20 0x3a 0x20 0x33 0x0a 0x73 0x65 0x72 0x69 0x61 0x6c 0x20 0x6e 0x75 0x6d 0x62 0x65 0x72 0x20 0x20 0x20 0x20 0x20 0x3a 0x20 0x30 0x32 0x0a 0x69 0x73 0x73 0x75 0x65 0x72 0x20 0x6e 0x61 0x6d 0x65 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x3a 0x20 0x43 0x3d 0x44 0x45 0x2c 0x20 0x53 0x54 0x3d 0x42 0x61 0x64 0x65 0x6e 0x20 0x2d 0x20 0x57 <0xfc> 0x72 0x74 0x74 0x65 0x6d 0x62 0x65 0x72 0x67 0x2c 0x20 0x4c 0x3d 0x48 0x65 0x72 0x6d 0x61 0x72 0x69 0x6e 0x67 0x65 0x6e 0x2c 0x20 0x4f 0x3d 0x53 0x74 0x61 0x6e 0x67 0x65 0x72 0x2c 0x20 0x65 0x6d 0x61 0x69 0x6c 0x41 0x64 0x64 0x72 0x65 0x73 0x73 0x3d 0x65 0x6d 0x61 0x69 0x6c 0x40 0x62 0x73 0x74 0x61 0x6e 0x67 0x65 0x72 0x2e 0x64 0x65 0x2c 0x20 0x43 0x4e 0x3d 0x6f 0x70 0x65 0x6e 0x76 0x70 0x6e 0x63 0x61 0x0a 0x73 0x75 0x62 0x6a 0x65 0x63 0x74 0x20 0x6e 0x61 0x6d 0x65 0x2
08-20 18:54:18.244 24179 24202 F zygote64: runtime.cc:508]     in call to NewStringUTF
08-20 18:54:18.244 24179 24202 F zygote64: runtime.cc:508]     from java.lang.String net.openvpn.ovpn3.ovpncliJNI.ClientAPI_LogInfo_text_get(long, net.openvpn.ovpn3.ClientAPI_LogInfo)

comment:3 Changed 18 months ago by plaisthos

Problem is exatcly here: C=DE, ST=Baden - Württemberg.

The ü is enoceded with 0xFC, which is valid iso-8859-1 but not UTF-8. Still the client not should not crash on encountering an invalid utf-8 string

Interestingly, when selecting OpenVPN2 instead OpenVPN3 in the OpenVPN for Android App, it has no problem printing the right Name and showing "Württemberg" in the log. This might actually a problem with mbedtls vs OpenSSL.

Yes. I compiled/tested OpenVPN2 with mbedtls and OpenSSL. OpenSSL gets the iso8859-1 cn right (and it somehow ends up being printed in utf-8), with mbedtls the iso8859-1 string is printed. The normal terminal on OS X just displays a ? instead of crashing but the bug is still there.

Last edited 18 months ago by plaisthos (previous) (diff)

comment:4 Changed 18 months ago by Gert Döring

I need to borrow you my "schei<?> encoding" T-Shirt :-)

comment:5 Changed 18 months ago by fschaefer

I've the same problem with the iOS OpenVPN Connect App:

"L=Lüneburg" gets encoded as "L=L\134M-C?\M-B\M-<neburg"

(at least that's what I see in Apple Configurator 2 logs)

comment:6 Changed 10 months ago by forca

The same here, last version installed(on Android 9).

The app crashes on connect, and yes, the issuer string has "illegal character", like here:

Problem is exatcly here: C=DE, ST=Baden - Württemberg.

any news about fixing it?

comment:7 Changed 7 months ago by bstanger

Seems to be fixed now! Everything fine with 3.0.6.(3510).

Note: See TracTickets for help on using tickets.