Opened 14 months ago
Closed 5 months ago
#262 closed Bug / Defect (invalid)
VERIFY X509NAME ERROR TLS_ERROR: BIO read tls_read_plaintext error 14090086
| Reported by: | tbrouwer | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Configuration | Version: | 2.3.0 |
| Severity: | Not set (if unsure, select this one) | Keywords: | |
| Cc: |
Description
Hello,
I have arch linux on an Intel i7 machine (without aes-ni). The upgrade from 2.2.2 to 2.3.0 didn't work with my setup. Attached are obfuscated outputs of my setup. It seems something is wrong with escaping rules in the certificate-validation: the difference I see is that version 2.2.2 displays a part of the common name with underscores
(O=T-Com_Testcenter)
where version 2.3.0 displays that part with whitespace
(O=T-Com Testcenter)
I'm not _sure_ this is a bug. The ovpn file contains the string with underscore (tls-remote ".....O=T-Com_Testcenter......"), where the certificate files contain the same string with a space. So maybe it was a bug that it works in 2.2.2 and that 2.3.0 is just not bug-compatible.
good.txt contains kernel version and openssl version, which did not change during the comparison.
Hope this helps.
Cheers,
Thijs
Attachments (2)
Change History (5)
Changed 14 months ago by tbrouwer
Changed 14 months ago by tbrouwer
comment:1 Changed 14 months ago by dazo
- Component changed from Generic / unclassified to Configuration
comment:2 Changed 14 months ago by tbrouwer
Ah ok. The compat-names option doesn't work for me, but moving the configuration to the new format does. So I guess it's not a bug, but a feature. :-) Thanx + cheers,
Thijs
comment:3 Changed 5 months ago by samuli
- Priority changed from major to minor
- Resolution set to invalid
- Status changed from new to closed
Try adding --compat-names to your 2.3 configuration. Look at the man page for further details. However, we are planning to improve things related to the old behaviour in a v2.3.1 release. But no ETA on 2.3.1 yet.