Opened 10 years ago
Closed 9 years ago
#262 closed Bug / Defect (invalid)
VERIFY X509NAME ERROR TLS_ERROR: BIO read tls_read_plaintext error 14090086
| Reported by: | tbrouwer | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Configuration | Version: | OpenVPN 2.3.0 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
Hello,
I have arch linux on an Intel i7 machine (without aes-ni). The upgrade from 2.2.2 to 2.3.0 didn't work with my setup. Attached are obfuscated outputs of my setup. It seems something is wrong with escaping rules in the certificate-validation: the difference I see is that version 2.2.2 displays a part of the common name with underscores
(O=T-Com_Testcenter)
where version 2.3.0 displays that part with whitespace
(O=T-Com Testcenter)
I'm not _sure_ this is a bug. The ovpn file contains the string with underscore (tls-remote ".....O=T-Com_Testcenter......"), where the certificate files contain the same string with a space. So maybe it was a bug that it works in 2.2.2 and that 2.3.0 is just not bug-compatible.
good.txt contains kernel version and openssl version, which did not change during the comparison.
Hope this helps.
Cheers,
Thijs
Attachments (2)
Change History (5)
Changed 10 years ago by
Changed 10 years ago by
comment:1 Changed 10 years ago by
| Component: | Generic / unclassified → Configuration |
|---|
comment:2 Changed 10 years ago by
Ah ok. The compat-names option doesn't work for me, but moving the configuration to the new format does. So I guess it's not a bug, but a feature. :-) Thanx + cheers,
Thijs
comment:3 Changed 9 years ago by
| Priority: | major → minor |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
Try adding --compat-names to your 2.3 configuration. Look at the man page for further details. However, we are planning to improve things related to the old behaviour in a v2.3.1 release. But no ETA on 2.3.1 yet.