Your message dated Mon, 30 Jul 2018 11:33:10 +0200
with message-id <[email protected]>
and subject line openvpn bugs from unsupported releases
has caused the Debian Bug report #328845,
regarding openvpn: build-key silently fails with empty certificate if client's
country name does not match CA's one
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
328845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328845
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openvpn
Version: 2.0-1
Severity: wishlist
If the CA's certificate was issued with a country code, and a client's
certificate is build (with build-key from the easy-rsa CA script) for an other
one, then openssl ca will silently fail.
The result will be an empty .cert file for the client, that openvpn will
obviously refuse to load.
I'm not sure it's not a bug of openssl to generate an empty certificate file
instead of nothing, but anyway, it's not obvious to the user (although he/she
won't be asked for confirmation of the certificate expiration date and so
on....).
Of course this situation is not really normal, but that may happen if a user
won't edit vars for instance, and generate certificates by typing in the codes
and making a mistake
I think it would be great to have some kind of error checking on the openssl
execution in the build-key script or maybe only invoking openssl ca with the
-verbose option in that script
Hope this helps.
Best regards
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-386
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages openvpn depends on:
ii debconf 1.4.30.13 Debian configuration management sy
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii liblzo1 1.08-1.2 A real-time data compression libra
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
-- debconf information:
openvpn/change_init: true
* openvpn/stop2upgrade: false
* openvpn/default_port:
* openvpn/create_tun: false
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello,
thank you for spending your time helping to make Debian better with
this bug report.
You file this bug against a currently not longer supported release.
So I close this bug. If the bug still exists please file a new bug from
a supported release.
CU
Jörg
- --
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key : 8CA1D25D
CAcert Key S/N : 0E:D4:56
Old pgp Key: BE581B6E (revoked since 2014-12-31).
Jörg Frings-Fürst
D-54470 Lieser
git: https://jff.email/cgit/
Threema: SYR8SJXB
Wire: @joergfringsfuerst
Skype: joergpenguin
Ring: jff
Telegram: @joergfringsfuerst
My wish list:
- Please send me a picture from the nature at your home.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAlte21cACgkQCfifPIyh
0l2lvg//Wb6d6HEj/4uSMMp4g612C1Rs5M3hmy2g5c3eRWhfJfORW0YFkmh3sgAd
57tlEwtHmOyfpnxnbmAkDA8KTvu7KIV7KgtC49jFSqbOLO8GreGgepRF97pgt5cv
NuvNF4h3FIQOqYC+h/5sSJ8n5iZd5gnLixB+K77ENDWstGUnTweZeymF+ifJuw0V
t3JmzN56Bl7s58eyLjrsFzhPpz3V3qotmakXC4PZyK2BDTOCI0ml9ZPkCZR2z3hi
t2MeSpH4nGNp0k+Xiptdp/jbnIIiDgNdVGJ2+D3oNsyL6EiWYU5cRGnDO0Sab57u
TNqJv1u7wfr2xkCSXeJ2aTjKvnpyootd9tk53g9wDV38XnZcy2WeLU4qbguahNKo
nLG+iS2/7dC7xOVje6+VaoPx78FDvlnroCmvHb7D6DwLBNGHKgtdrxfRuYNs3MBZ
RJXzpTCkh1lD7g6DdHcPG7g16QeB7i3oekg3FaSlMkjMWOkFE6waH+c2afi0MW0z
SM6KjFhti0bmFqztW8u4yAAZ6U5R46SdG8TQtORsI7uUHDW1mwEfFNJaZpTclQwQ
IbK5raW41+Ntq7yW5lyCitKuWGImuqfMlUbZiVBf8aX0GYQE+WShm6R2hgocIfB2
lLqU+R+Rwi0FMFXFaR/DL0NoILgL61EBni0py7V0NGu/HqGWGUY=
=KZyc
-----END PGP SIGNATURE-----
--- End Message ---
