Your message dated Mon, 30 Jul 2018 10:12:57 +0200
with message-id <[email protected]>
and subject line Re: [openvpn] --tls-remote option does not work on some
certificate CNs
has caused the Debian Bug report #483472,
regarding [openvpn] --tls-remote option does not work on some certificate CNs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
483472: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483472
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openvpn
Version: 2.1~rc7-1
Severity: minor
When using the following verification method:
tls-remote vpn.mysite.be
it works fine on a certificate created with easy-rsa with Subject:
/C=BE/ST=Brussels/L=Brussels/O=MyVPN/CN=vpn.mysite.be/[email protected]
But on a CACert certificate, which presents only a CN:
/CN=vpn.mysite.be
it fails.
When digging into code of ssl.c, I saw the common_name variable
contains a null string instead of the expected "vpn.mysite.be"
so the subject line was not parsed properly.
I flagged the issue as "minor" because there is a workaround:
using the full subject line is working:
tls-remote /CN=vpn.mysite.be
Phil
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.22-3-vserver-686
Debian Release: lenny/sid
990 testing www.debian-multimedia.org
990 testing security.debian.org
990 testing ftp.kulnet.kuleuven.ac.be
500 unstable www.debian-multimedia.org
500 unstable sidux.net
500 unstable ftp.kulnet.kuleuven.ac.be
500 unstable debian.jones.dk
500 stable security.debian.org
1 experimental ftp.kulnet.kuleuven.ac.be
--- Package information. ---
Depends (Version) | Installed
=============================-+-==============
debconf | 1.5.21
OR debconf-2.0 |
libc6 (>= 2.7-1) | 2.7-10
liblzo2-2 | 2.03-1
libpam0g (>= 0.99.7.1) | 0.99.7.1-6
libssl0.9.8 (>= 0.9.8f-5) | 0.9.8g-10
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello Philippe,
thank you for spending your time helping to make Debian better with
this bug report.
You file this bug against a currently not longer supported release.
So I close this bug. If the bug still exists please file a new bug from
a supported release.
CU
Jörg
- --
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key : 8CA1D25D
CAcert Key S/N : 0E:D4:56
Old pgp Key: BE581B6E (revoked since 2014-12-31).
Jörg Frings-Fürst
D-54470 Lieser
git: https://jff.email/cgit/
Threema: SYR8SJXB
Wire: @joergfringsfuerst
Skype: joergpenguin
Ring: jff
Telegram: @joergfringsfuerst
My wish list:
- Please send me a picture from the nature at your home.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAlteyIkACgkQCfifPIyh
0l2vaQ/+NgSssMBULvbxym2aAsUIBbrAuYyxoa049OFWZsY/lXbCZPc7/gBOt0qW
6z+rg2vUNTULMA/dQU6NlAJKT5z54fo0zDgtjgJfNmrNA0yYuNQOmOCMQSx03JvC
DeqGjl3GvxFTsabkcIDCKiTl+zP2aigJdc6C5CctMCdh34PVyddQDiT+U9g5Z8aH
vwR5xd/z6E8BWBaTdkF7+MyF7k/ZnpsbyJBDacXUW+qz6xCIoC/O0psebdsFoH40
idP4E+/MWB07uSpW385xB/gzkca3o97bllm9LnxEMvIsG+tDr3xTzHkPlX9c++RC
nmGnfPSWWhPWipr88nh60R2O7JWuEM5cRhxk6VGzfKB63TxpOtKCSoJQk2z+4wIE
rndK3ndcHpLU1AdD9donTKzpfa1Dr2amLvBo2ywgCtlUqPWWRL/uNo2NSp6WLgF/
FUHznSHB1T6VvVFpStxDVo4VFHtiqRw8+mMcY7vO0Ipxsjn6bZYSpMK+zLCFdo2W
Xgvtg1BFhTPGwobkAj9ZJJjFoM05Iu0UL+LJh74NOMHllCNVfoQopQoVNtRUXcyI
rQt4WUBk5AhNiLo/7egh161R3Rcnw0Kfk3xEEPHQ4g366uIJIpxMweQj1dD86y0L
u1ocB9Tw5fuxiyTG/41RX8vkBpzPChIL2igwRTvh8Clv3GNKwoU=
=BDlc
-----END PGP SIGNATURE-----
--- End Message ---
