Opened 5 years ago

Closed 5 years ago

#568 closed Bug / Defect (fixed)

make parser more robust in the face of corrupt/missing </close> tags for inline stuff

Reported by: hildeb Owned by:
Priority: major Milestone: release 2.3.8
Component: Generic / unclassified Version: OpenVPN 2.3.7 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: config
Cc: plaisthos

Description

Today I created a config with embedded key, cert, ca and ta.key.
Upon connecting, openvpn wouldn't use user&pass authentication, although it was present in the config file.

Moving auth-user-pass BEFORE the <ca>...</ca> etc. sections mad openvpn honour the config parameter again.

I suspect some bug in the config parser...

Change History (6)

comment:1 Changed 5 years ago by Gert Döring

Mmmmh, I can't reproduce this - I have changed one of my config files to have the "auth-user-pass" after the </key>, and it works nicely - both with 2.3.6 and with git master (which has all the changes that went into 2.3.7 and lots more)

Could you re-check that there is no other syntax issue, like, missing or mis-spelled </key>?

comment:2 Changed 5 years ago by hildeb

My bad. There was a </cer> instead of </cert> (but the parse could have found this...)

comment:3 Changed 5 years ago by Gert Döring

Cc: plaisthos added
Summary: embedded certificates need to be at the end of the config filemake parser more robust in the face of corrupt/missing </close> tags for inline stuff

Changed ticket summary, valid complaint :-) - someone needs to look into it...

comment:4 Changed 5 years ago by plaisthos

Patch sent to openvpn-devel

comment:5 Changed 5 years ago by Gert Döring

Milestone: release 2.3.8

Patch under review, argueing details.

comment:6 Changed 5 years ago by Gert Döring

Resolution: fixed
Status: newclosed

commit 68eecf76978a80bd5d88e944e4ed5e42bf2fd8e4 (master)
commit 19475259c92b4747c4c9d3a3d025bdeb170e859c (release/2.3)

Author: Arne Schwabe
Date: Mon Jun 29 14:46:35 2015 +0200

Report missing endtags of inline files as warnings

Acked-by: Gert Doering <gert@…>
Message-Id: <1435581995-11820-1-git-send-email-arne@…>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9830

(Warning in 2.3, to point out the issue without breaking people's setups. FATAL in 2.4, because this really should not go unnoticed)

Thanks, Plaisthos.

Note: See TracTickets for help on using tickets.