Opened 7 years ago
Closed 7 years ago
#262 closed Bug / Defect (invalid)
VERIFY X509NAME ERROR TLS_ERROR: BIO read tls_read_plaintext error 14090086
| Reported by: | tbrouwer | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Configuration | Version: | OpenVPN 2.3.0 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
Hello,
I have arch linux on an Intel i7 machine (without aes-ni). The upgrade from 2.2.2 to 2.3.0 didn't work with my setup. Attached are obfuscated outputs of my setup. It seems something is wrong with escaping rules in the certificate-validation: the difference I see is that version 2.2.2 displays a part of the common name with underscores
(O=T-Com_Testcenter)
where version 2.3.0 displays that part with whitespace
(O=T-Com Testcenter)
I'm not _sure_ this is a bug. The ovpn file contains the string with underscore (tls-remote ".....O=T-Com_Testcenter......"), where the certificate files contain the same string with a space. So maybe it was a bug that it works in 2.2.2 and that 2.3.0 is just not bug-compatible.
good.txt contains kernel version and openssl version, which did not change during the comparison.
Hope this helps.
Cheers,
Thijs
Attachments (2)
Change History (5)
Changed 7 years ago by
Changed 7 years ago by
comment:1 Changed 7 years ago by
| Component: | Generic / unclassified → Configuration |
|---|
comment:2 Changed 7 years ago by
Ah ok. The compat-names option doesn't work for me, but moving the configuration to the new format does. So I guess it's not a bug, but a feature. :-) Thanx + cheers,
Thijs
comment:3 Changed 7 years ago by
| Priority: | major → minor |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
Try adding --compat-names to your 2.3 configuration. Look at the man page for further details. However, we are planning to improve things related to the old behaviour in a v2.3.1 release. But no ETA on 2.3.1 yet.