Opened 14 months ago

Closed 5 months ago

#262 closed Bug / Defect (invalid)

VERIFY X509NAME ERROR TLS_ERROR: BIO read tls_read_plaintext error 14090086

Reported by: tbrouwer Owned by:
Priority: minor Milestone:
Component: Configuration Version: 2.3.0
Severity: Not set (if unsure, select this one) Keywords:
Cc:

Description

Hello,

I have arch linux on an Intel i7 machine (without aes-ni). The upgrade from 2.2.2 to 2.3.0 didn't work with my setup. Attached are obfuscated outputs of my setup. It seems something is wrong with escaping rules in the certificate-validation: the difference I see is that version 2.2.2 displays a part of the common name with underscores
(O=T-Com_Testcenter)
where version 2.3.0 displays that part with whitespace
(O=T-Com Testcenter)

I'm not _sure_ this is a bug. The ovpn file contains the string with underscore (tls-remote ".....O=T-Com_Testcenter......"), where the certificate files contain the same string with a space. So maybe it was a bug that it works in 2.2.2 and that 2.3.0 is just not bug-compatible.

good.txt contains kernel version and openssl version, which did not change during the comparison.

Hope this helps.

Cheers,
Thijs

Attachments (2)

good.txt (7.3 KB) - added by tbrouwer 14 months ago.
bad.txt (4.6 KB) - added by tbrouwer 14 months ago.

Download all attachments as: .zip

Change History (5)

Changed 14 months ago by tbrouwer

Changed 14 months ago by tbrouwer

comment:1 Changed 14 months ago by dazo

  • Component changed from Generic / unclassified to Configuration

Try adding --compat-names to your 2.3 configuration. Look at the man page for further details. However, we are planning to improve things related to the old behaviour in a v2.3.1 release. But no ETA on 2.3.1 yet.

comment:2 Changed 14 months ago by tbrouwer

Ah ok. The compat-names option doesn't work for me, but moving the configuration to the new format does. So I guess it's not a bug, but a feature. :-) Thanx + cheers,

Thijs

comment:3 Changed 5 months ago by samuli

  • Priority changed from major to minor
  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.