Opened 10 years ago

Closed 9 years ago

#262 closed Bug / Defect (invalid)

VERIFY X509NAME ERROR TLS_ERROR: BIO read tls_read_plaintext error 14090086

Reported by: tbrouwer Owned by:
Priority: minor Milestone:
Component: Configuration Version: OpenVPN 2.3.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:



I have arch linux on an Intel i7 machine (without aes-ni). The upgrade from 2.2.2 to 2.3.0 didn't work with my setup. Attached are obfuscated outputs of my setup. It seems something is wrong with escaping rules in the certificate-validation: the difference I see is that version 2.2.2 displays a part of the common name with underscores
where version 2.3.0 displays that part with whitespace
(O=T-Com Testcenter)

I'm not _sure_ this is a bug. The ovpn file contains the string with underscore (tls-remote ".....O=T-Com_Testcenter......"), where the certificate files contain the same string with a space. So maybe it was a bug that it works in 2.2.2 and that 2.3.0 is just not bug-compatible.

good.txt contains kernel version and openssl version, which did not change during the comparison.

Hope this helps.


Attachments (2)

good.txt (7.3 KB) - added by tbrouwer 10 years ago.
bad.txt (4.6 KB) - added by tbrouwer 10 years ago.

Download all attachments as: .zip

Change History (5)

Changed 10 years ago by tbrouwer

Attachment: good.txt added

Changed 10 years ago by tbrouwer

Attachment: bad.txt added

comment:1 Changed 10 years ago by David Sommerseth

Component: Generic / unclassifiedConfiguration

Try adding --compat-names to your 2.3 configuration. Look at the man page for further details. However, we are planning to improve things related to the old behaviour in a v2.3.1 release. But no ETA on 2.3.1 yet.

comment:2 Changed 10 years ago by tbrouwer

Ah ok. The compat-names option doesn't work for me, but moving the configuration to the new format does. So I guess it's not a bug, but a feature. :-) Thanx + cheers,


comment:3 Changed 9 years ago by Samuli Seppänen

Priority: majorminor
Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.