[Bug 289856] Re: openvpn 2.1~rc11 tls_read_plaintext error
Thierry Carrez
thierry.carrez at ubuntu.com
Tue Oct 28 09:03:51 GMT 2008
In fact that's RC7 that does it wrong and RC11 that does it right...
Here is the --tls-remote parameter doc :
--tls-remote name
Accept connections only from a host with X509 name or common name equal to name. The remote host must also pass all other tests of verification.
Name can also be a common name prefix, for example if you want a client to only accept connections to "Server-1", "Server-2", etc., you can simply use --tls-remote Server
So you should be using the content of the CN field... for a certificate issued to
C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=client2/emailAddress=me at myhost.mydomain
You should have "tls-remote client2"
In 2.1-rc7 there was a regression in the X509 certificates data
extraction which impacted all the options using of the X509 name
contents, your current tls-remote value is a workaround to that bug.
See http://sourceforge.net/mailarchive/message.php?msg_id=F434C2FD-28EE-4FF2-B677-366B18B99AA6%40lassitu.de for the upstream bug in RC7
See bug 265058 for a discussion on fixing this RC7 problem in a hardy SRU.
** Changed in: openvpn (Ubuntu)
Status: New => Invalid
--
openvpn 2.1~rc11 tls_read_plaintext error
https://bugs.launchpad.net/bugs/289856
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in ubuntu.
More information about the Ubuntu-server-bugs
mailing list