Bug#958296: marked as done (openvpn 2.4.9 seems to fail loading/reading client certificates)

Debian Bug Tracking System Tue, 21 Apr 2020 14:40:26 -0700

Your message dated Tue, 21 Apr 2020 21:37:56 +0000
with message-id <[email protected]>
and subject line Bug#958296: fixed in openvpn 2.4.9-2
has caused the Debian Bug report #958296,
regarding openvpn 2.4.9 seems to fail loading/reading client certificates
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
958296: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958296
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: openvpn
Version: 2.4.9-1
Severity: important

Dear Maintainer,

Apparently, openvpn 2.4.9-1 has an issue when reading client-certificates used
to authenticate to the remote server.

When a client certificate is configured in the .ovpn file and a connection is
attempted, the following error output is provided:

Mon Apr 20 11:02:28 2020 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)]
[LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 19 2020
Mon Apr 20 11:02:28 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO
2.10
Enter Auth Username: ********
Enter Auth Password: ****************
Mon Apr 20 11:02:29 2020 OpenSSL: error:14187180:SSL routines:ssl_do_config:bad
value
Mon Apr 20 11:02:29 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start
line
Mon Apr 20 11:02:29 2020 Error reading extra certificate
Mon Apr 20 11:02:29 2020 Exiting due to fatal error


I tried different configuration files, newer and older, and all those that use
a client-certificate show the same behavior. I have checked and while some of
the older certificates are signed with sha1WithRSAEncryption, the current ones
use sha256WithRSAEncryption, so that should not be the culprit.

OpenSSL has no trouble reading the certificates with commands such as "openssl
x509 -in client.crt -noout -text"

Below is the output of strace when running openvpn with one .ovpn profiles,
which shows that the errors exist after trying to read the certificate file:

# strace openvpn vpn_connection.ovpn
execve("/usr/sbin/openvpn", ["openvpn", "vpn_connection.ovpn"], 0x7ffd8cd42db8
/* 97 vars */) = 0
brk(NULL)                               = 0x5559a6334000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=272683, ...}) = 0
mmap(NULL, 272683, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9838a03000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/liblzo2.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2201\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=145320, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f9838a01000
mmap(NULL, 147472, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f98389dc000
mprotect(0x7f98389df000, 131072, PROT_NONE) = 0
mmap(0x7f98389df000, 114688, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f98389df000
mmap(0x7f98389fb000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x1f000) = 0x7f98389fb000
mmap(0x7f98389ff000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f98389ff000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/liblz4.so.1", O_RDONLY|O_CLOEXEC) =
3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3402\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=133464, ...}) = 0
mmap(NULL, 135544, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f98389ba000
mmap(0x7f98389bd000, 106496, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f98389bd000
mmap(0x7f98389d7000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x1d000) = 0x7f98389d7000
mmap(0x7f98389da000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0x7f98389da000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) =
3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`|\0\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=146912, ...}) = 0
mmap(NULL, 132256, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9838999000
mmap(0x7f98389a0000, 61440, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f98389a0000
mmap(0x7f98389af000, 20480, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x16000) = 0x7f98389af000
mmap(0x7f98389b4000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7f98389b4000
mmap(0x7f98389b6000, 13472, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f98389b6000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libpkcs11-helper.so.1",
O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000H\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=121944, ...}) = 0
mmap(NULL, 124240, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f983897a000
mprotect(0x7f983897e000, 102400, PROT_NONE) = 0
mmap(0x7f983897e000, 61440, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f983897e000
mmap(0x7f983898d000, 36864, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x13000) = 0x7f983898d000
mmap(0x7f9838997000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f9838997000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1",
O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\t\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=3044192, ...}) = 0
mmap(NULL, 3063712, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f983868e000
mmap(0x7f9838714000, 1699840, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x86000) = 0x7f9838714000
mmap(0x7f98388b3000, 593920, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x225000) = 0x7f98388b3000
mmap(0x7f9838944000, 204800, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2b5000) = 0x7f9838944000
mmap(0x7f9838976000, 16288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9838976000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", O_RDONLY|O_CLOEXEC)
= 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\364\1\0\0\0\0\0"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0644, st_size=593856, ...}) = 0
mmap(NULL, 596272, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f98385fc000
mprotect(0x7f9838619000, 425984, PROT_NONE) = 0
mmap(0x7f9838619000, 315392, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d000) = 0x7f9838619000
mmap(0x7f9838666000, 106496, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x6a000) = 0x7f9838666000
mmap(0x7f9838681000, 53248, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x84000) = 0x7f9838681000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libsystemd.so.0", O_RDONLY|O_CLOEXEC) =
3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220)\1\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=705248, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f98385fa000
mmap(NULL, 709872, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f983854c000
mmap(0x7f983855d000, 466944, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x7f983855d000
mmap(0x7f98385cf000, 151552, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x83000) = 0x7f98385cf000
mmap(0x7f98385f4000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa7000) = 0x7f98385f4000
mmap(0x7f98385f9000, 1264, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f98385f9000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\21\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14592, ...}) = 0
mmap(NULL, 16656, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9838547000
mmap(0x7f9838548000, 4096, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f9838548000
mmap(0x7f9838549000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x2000) = 0x7f9838549000
mmap(0x7f983854a000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f983854a000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 o\2\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1831600, ...}) = 0
mmap(NULL, 1844568, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f9838384000
mmap(0x7f98383a9000, 1351680, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f98383a9000
mmap(0x7f98384f3000, 303104, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x16f000) = 0x7f98384f3000
mmap(0x7f983853d000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b8000) = 0x7f983853d000
mmap(0x7f9838543000, 13656, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9838543000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2603\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=39912, ...}) = 0
mmap(NULL, 44000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9838379000
mmap(0x7f983837c000, 16384, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f983837c000
mmap(0x7f9838380000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x7000) = 0x7f9838380000
mmap(0x7f9838382000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x7f9838382000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/liblzma.so.5", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0205\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=162496, ...}) = 0
mmap(NULL, 164496, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9838350000
mprotect(0x7f9838353000, 147456, PROT_NONE) = 0
mmap(0x7f9838353000, 98304, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f9838353000
mmap(0x7f983836b000, 45056, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x1b000) = 0x7f983836b000
mmap(0x7f9838377000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7f9838377000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libgcrypt.so.20",
O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\305\0\0\0\0\0\0"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0644, st_size=1163960, ...}) = 0
mmap(NULL, 1167304, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f9838233000
mmap(0x7f983823f000, 839680, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f983823f000
mmap(0x7f983830c000, 249856, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0xd9000) = 0x7f983830c000
mmap(0x7f9838349000, 28672, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x115000) = 0x7f9838349000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f9838231000
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC)
= 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pF\0\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0644, st_size=137424, ...}) = 0
mmap(NULL, 139872, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f983820e000
mmap(0x7f9838212000, 77824, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f9838212000
mmap(0x7f9838225000, 40960, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x17000) = 0x7f9838225000
mmap(0x7f983822f000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20000) = 0x7f983822f000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f983820c000
arch_prctl(ARCH_SET_FS, 0x7f983820ccc0) = 0
mprotect(0x7f983853d000, 12288, PROT_READ) = 0
mprotect(0x7f983822f000, 4096, PROT_READ) = 0
mprotect(0x7f9838349000, 8192, PROT_READ) = 0
mprotect(0x7f98389b4000, 4096, PROT_READ) = 0
mprotect(0x7f9838377000, 4096, PROT_READ) = 0
mprotect(0x7f9838382000, 4096, PROT_READ) = 0
mprotect(0x7f983854a000, 4096, PROT_READ) = 0
mprotect(0x7f98389da000, 4096, PROT_READ) = 0
mprotect(0x7f98385f4000, 16384, PROT_READ) = 0
mprotect(0x7f9838944000, 196608, PROT_READ) = 0
mprotect(0x7f9838681000, 36864, PROT_READ) = 0
mprotect(0x7f9838997000, 4096, PROT_READ) = 0
mprotect(0x7f98389ff000, 4096, PROT_READ) = 0
mprotect(0x5559a4991000, 8192, PROT_READ) = 0
mprotect(0x7f9838a6e000, 4096, PROT_READ) = 0
munmap(0x7f9838a03000, 272683)          = 0
set_tid_address(0x7f983820cf90)         = 22048
set_robust_list(0x7f983820cfa0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f98389a06b0, sa_mask=[],
sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f98389ad110}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f98389a0750, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f98389ad110}, NULL,
8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024,
rlim_max=RLIM64_INFINITY}) = 0
brk(NULL)                               = 0x5559a6334000
brk(0x5559a6355000)                     = 0x5559a6355000
futex(0x7f9838978818, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f983897880c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f9838978804, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389786c4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
rt_sigaction(SIGINT, {sa_handler=0x5559a493bd10, sa_mask=[INT],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x5559a493bd10, sa_mask=[TERM],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=SIG_IGN, sa_mask=[HUP],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=SIG_IGN, sa_mask=[USR1],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=SIG_IGN, sa_mask=[USR2],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
openat(AT_FDCWD, "vpn_connection.ovpn", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=8293, ...}) = 0
read(3, "remote-random\nremote 1.2.3.4"..., 4096) = 4096
read(3, "JJPpsptwZDe/wSvvNDmqYtgXTXXAgSH3"..., 4096) = 4096
read(3, "a3471a579aeccd3243d\n2af1cfdca3df"..., 4096) = 101
read(3, "", 4096)                       = 0
close(3)                                = 0
futex(0x7f98389788d8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389787f0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
access("client.crt", R_OK)              = 0
access("client.key", R_OK)              = 0
stat("client.key", {st_mode=S_IFREG|0600, st_size=1704, ...}) = 0
access("/tmp", R_OK|W_OK|X_OK)          = 0
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\v\0\0\0\v\0\0\0\0"..., 4096)
= 2628
lseek(3, -1654, SEEK_CUR)               = 974
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\v\0\0\0\v\0\0\0\0"..., 4096)
= 1654
close(3)                                = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0x2), ...}) = 0
write(1, "Mon Apr 20 11:08:00 2020 OpenVPN"..., 145Mon Apr 20 11:08:00 2020
OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11]
[MH/PKTINFO] [AEAD] built on Apr 19 2020
) = 145
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:00 2020 library"..., 81Mon Apr 20 11:08:00 2020
library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
) = 81
newfstatat(AT_FDCWD, "/run/systemd/system/", {st_mode=S_IFDIR|0755, st_size=40,
...}, AT_SYMLINK_NOFOLLOW) = 0
stat("/bin/systemd-ask-password", {st_mode=S_IFREG|0755, st_size=14520, ...}) =
0
pipe([3, 4])                            = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f983820cf90) = 22049
close(4)                                = 0
wait4(22049, Enter Auth Username: ***************
[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 22049
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22049, si_uid=0,
si_status=0, si_utime=0, si_stime=0} ---
read(3, "***************\n", 4095)      = 16
close(3)                                = 0
pipe([3, 4])                            = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f983820cf90) = 22052
close(4)                                = 0
wait4(22052, Enter Auth Password: **************************
[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 22052
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22052, si_uid=0,
si_status=0, si_utime=0, si_stime=0} ---
read(3, "**************************\n", 4095) = 27
close(3)                                = 0
getpid()                                = 22048
futex(0x7f9838978948, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid()                                = 22048
getrandom("\x7f\x39\x65\x38\xd2\x71\x10\xa0\x28\x84\xdb\x17\xc6\xe1\xb2\x97\xfa\xe5\xd5\x8e\xf2\x63\xeb\x27\x2a\xf4\x7d\xbe\x59\x42\x73\xb3",
32, 0) = 32
getpid()                                = 22048
futex(0x7f9838978918, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
rt_sigaction(SIGINT, {sa_handler=0x5559a493bd10, sa_mask=[INT],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=0x5559a493bd10, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x5559a493bd10, sa_mask=[TERM],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=0x5559a493bd10, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=SIG_IGN, sa_mask=[HUP],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_IGN, sa_mask=[HUP], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=SIG_IGN, sa_mask=[USR1],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_IGN, sa_mask=[USR1], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=SIG_IGN, sa_mask=[USR2],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_IGN, sa_mask=[USR2], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_IGN, sa_mask=[PIPE], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
futex(0x7f983897865c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f9838978650, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389787fc, FUTEX_WAKE_PRIVATE, 2147483647) = 0
brk(0x5559a6376000)                     = 0x5559a6376000
futex(0x7f98389787e8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f9838975c5c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389787b8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389787b0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/usr/lib/ssl/openssl.cnf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=11141, ...}) = 0
read(3, "#\n# OpenSSL example configuratio"..., 4096) = 4096
read(3, "F8Strings).\n# MASK:XXXX a litera"..., 4096) = 4096
read(3, "icConstraints=CA:FALSE\n\n# Here a"..., 4096) = 2949
read(3, "", 4096)                       = 0
close(3)                                = 0
futex(0x7f98389787e0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f983868d840, FUTEX_WAKE_PRIVATE, 2147483647) = 0
sysinfo({uptime=5966, loads=[57440, 62976, 69120], totalram=33584746496,
freeram=16735600640, sharedram=846180352, bufferram=1437421568,
totalswap=34200350720, freeswap=34200350720, procs=1395, totalhigh=0,
freehigh=0, mem_unit=1}) = 0
futex(0x7f983868d928, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f983868d91c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f983868d748, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
getpid()                                = 22048
openat(AT_FDCWD, "client.crt", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1956, ...}) = 0
read(3, "-----BEGIN CERTIFICATE-----\nMIIF"..., 4096) = 1956
read(3, "", 4096)                       = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:07 2020 OpenSSL"..., 86Mon Apr 20 11:08:07 2020
OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value
) = 86
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:07 2020 OpenSSL"..., 85Mon Apr 20 11:08:07 2020
OpenSSL: error:0909006C:PEM routines:get_name:no start line
) = 85
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:07 2020 Error r"..., 57Mon Apr 20 11:08:07 2020
Error reading extra certificate
) = 57
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:07 2020 Exiting"..., 52Mon Apr 20 11:08:07 2020
Exiting due to fatal error
) = 52
exit_group(1)                           = ?
+++ exited with 1 +++



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.5.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.74
ii  iproute2               5.6.0-1
ii  libc6                  2.30-4
ii  liblz4-1               1.9.2-2
ii  liblzo2-2              2.10-2
ii  libpam0g               1.3.1-5
ii  libpkcs11-helper1      1.26-1+b1
ii  libssl1.1              1.1.1f-1
ii  libsystemd0            245.5-1
ii  lsb-base               11.1.0

Versions of packages openvpn recommends:
ii  easy-rsa  3.0.6-1

Versions of packages openvpn suggests:
ii  openssl                   1.1.1f-1
pn  openvpn-systemd-resolved  <none>
ii  resolvconf                1.82

-- debconf information:
  openvpn/create_tun: false

--- End Message ---

--- Begin Message ---

Source: openvpn
Source-Version: 2.4.9-2
Done: Bernhard Schmidt <[email protected]>

We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernhard Schmidt <[email protected]> (supplier of updated openvpn package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 21 Apr 2020 21:58:53 +0200
Source: openvpn
Architecture: source
Version: 2.4.9-2
Distribution: unstable
Urgency: medium
Maintainer: Bernhard Schmidt <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Closes: 958296 958315
Changes:
 openvpn (2.4.9-2) unstable; urgency=medium
 .
   * Cherry-Pick upstream patch to fix ssl_do_config error with
     invalid OpenSSL system configuration (Closes: #958296)
     Thanks to Jonas Andradas for reporting and Arne Schwabe for debugging.
   * Use DEB_HOST_MULTIARCH for libraries (Closes: #958315)
   * Enable Salsa CI
Checksums-Sha1:
 8c72a0bff43ec27e88770d7673ec5d93bdd4ff83 2094 openvpn_2.4.9-2.dsc
 55b03e27cee9c83b3db3cffa39dafcab52313049 57216 openvpn_2.4.9-2.debian.tar.xz
 de2b39bc9a112d9e7cb5a7c1356611aeb500ff20 7188 openvpn_2.4.9-2_amd64.buildinfo
Checksums-Sha256:
 a37e934d2e9a3fd6f585ab1cae51c1534c7e353cd3f5487e848cd08b8494094c 2094 
openvpn_2.4.9-2.dsc
 a99332e5007ae30103a6fe443685b89461836337cf304f0fdc20b1298aeaef8f 57216 
openvpn_2.4.9-2.debian.tar.xz
 440ed6fc38374729f68aeb2c89a0dca3fdec78913263d0f3fbb25edb6b00ecdf 7188 
openvpn_2.4.9-2_amd64.buildinfo
Files:
 ee2973c00442650c42db11af61d11447 2094 net optional openvpn_2.4.9-2.dsc
 3da68cb0b869ac66f29fe9f866e1d837 57216 net optional 
openvpn_2.4.9-2.debian.tar.xz
 b52f2acb2a61a87f5ce46679a77ded14 7188 net optional 
openvpn_2.4.9-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAl6fVI0RHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOLFQ/8CT6flJFjKJ+oBK7W8kHgywhvRrpT0vMW
93fW2i2fA0yAoUcJ4Kqaa0j+YygiYCmbeclQJwZM4pNz0O4zxBWqsUVAHqni+E09
IwrM8kg6Pa1Ry2TPOL1wVIQVLtYlcI4q+/51mga0fNICuJBQZ3A5WNgC1lR/CYAU
5FgqegsSUxNtPln0BQ+WRynlQTR2TMhlJPs7+PlldfYmeR8ihqB3KQ7oJRn4o2fu
Q8Cu+VLzhl8evFC4pKITObJ/7iScTklNwvCfUisRhgJWU4D/5MfLTfneYNj2jIda
FodRtwpYy95DyvPVJoZEwLlaX+DoAYCrtv94sWdh//teGIFI7Nk5Z5Hx+94uab1U
eRTQnr7CwOGeSyxsuKdhfDZhV5OoAlKICUXqY9NWpI5SUGWuKvnBir1Ag4W+00Bf
sZ6lCTvEyx08uwHjJJbuv305Uj0HHbNSxxJFXFdfpMx+PZxs/JxxbImYVqzo1bd8
O9KQ0G4dDFhrDN33l3iJYVU0RLIf6q4YnLtcOdkh1NLNSJLe96I+6gS2pnQdC9Wt
Xn/qBHa+fCW71MTvRNy1Y2wWMtO4d6p/CFXi8NoOKR/ZVV2qiRnI6CsvYQjBXYKL
yzoCdPO9b4QoIpHzBDVeF/+UBmaxul6R0FeIQ2TGabPneq/1HATYFZloB6t4Fl7z
VnJCUAfhyDU=
=Mpwp
-----END PGP SIGNATURE-----

--- End Message ---

Bug#958296: marked as done (openvpn 2.4.9 seems to fail loading/reading client certificates)

Reply via email to