Opened 4 years ago
Closed 3 years ago
#262 closed Bug / Defect (invalid)
VERIFY X509NAME ERROR TLS_ERROR: BIO read tls_read_plaintext error 14090086
| Reported by: | tbrouwer | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Configuration | Version: | 2.3.0 |
| Severity: | Not set (if unsure, select this one) | Keywords: | |
| Cc: |
Description
Hello,
I have arch linux on an Intel i7 machine (without aes-ni). The upgrade from 2.2.2 to 2.3.0 didn't work with my setup. Attached are obfuscated outputs of my setup. It seems something is wrong with escaping rules in the certificate-validation: the difference I see is that version 2.2.2 displays a part of the common name with underscores
(O=T-Com_Testcenter)
where version 2.3.0 displays that part with whitespace
(O=T-Com Testcenter)
I'm not _sure_ this is a bug. The ovpn file contains the string with underscore (tls-remote ".....O=T-Com_Testcenter......"), where the certificate files contain the same string with a space. So maybe it was a bug that it works in 2.2.2 and that 2.3.0 is just not bug-compatible.
good.txt contains kernel version and openssl version, which did not change during the comparison.
Hope this helps.
Cheers,
Thijs
Attachments (2)
Change History (5)
Changed 4 years ago by tbrouwer
Changed 4 years ago by tbrouwer
comment:1 Changed 4 years ago by dazo
- Component changed from Generic / unclassified to Configuration
comment:2 Changed 4 years ago by tbrouwer
Ah ok. The compat-names option doesn't work for me, but moving the configuration to the new format does. So I guess it's not a bug, but a feature. :-) Thanx + cheers,
Thijs
comment:3 Changed 3 years ago by samuli
- Priority changed from major to minor
- Resolution set to invalid
- Status changed from new to closed
Try adding --compat-names to your 2.3 configuration. Look at the man page for further details. However, we are planning to improve things related to the old behaviour in a v2.3.1 release. But no ETA on 2.3.1 yet.