Package: openvpn
Version: 2.4.9-1
Severity: important
Dear Maintainer,
Apparently, openvpn 2.4.9-1 has an issue when reading client-certificates used
to authenticate to the remote server.
When a client certificate is configured in the .ovpn file and a connection is
attempted, the following error output is provided:
Mon Apr 20 11:02:28 2020 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)]
[LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 19 2020
Mon Apr 20 11:02:28 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO
2.10
Enter Auth Username: ********
Enter Auth Password: ****************
Mon Apr 20 11:02:29 2020 OpenSSL: error:14187180:SSL routines:ssl_do_config:bad
value
Mon Apr 20 11:02:29 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start
line
Mon Apr 20 11:02:29 2020 Error reading extra certificate
Mon Apr 20 11:02:29 2020 Exiting due to fatal error
I tried different configuration files, newer and older, and all those that use
a client-certificate show the same behavior. I have checked and while some of
the older certificates are signed with sha1WithRSAEncryption, the current ones
use sha256WithRSAEncryption, so that should not be the culprit.
OpenSSL has no trouble reading the certificates with commands such as "openssl
x509 -in client.crt -noout -text"
Below is the output of strace when running openvpn with one .ovpn profiles,
which shows that the errors exist after trying to read the certificate file:
# strace openvpn vpn_connection.ovpn
execve("/usr/sbin/openvpn", ["openvpn", "vpn_connection.ovpn"], 0x7ffd8cd42db8
/* 97 vars */) = 0
brk(NULL) = 0x5559a6334000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=272683, ...}) = 0
mmap(NULL, 272683, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9838a03000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/liblzo2.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2201\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=145320, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f9838a01000
mmap(NULL, 147472, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f98389dc000
mprotect(0x7f98389df000, 131072, PROT_NONE) = 0
mmap(0x7f98389df000, 114688, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f98389df000
mmap(0x7f98389fb000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x1f000) = 0x7f98389fb000
mmap(0x7f98389ff000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f98389ff000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/liblz4.so.1", O_RDONLY|O_CLOEXEC) =
3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3402\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=133464, ...}) = 0
mmap(NULL, 135544, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f98389ba000
mmap(0x7f98389bd000, 106496, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f98389bd000
mmap(0x7f98389d7000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x1d000) = 0x7f98389d7000
mmap(0x7f98389da000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0x7f98389da000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) =
3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`|\0\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=146912, ...}) = 0
mmap(NULL, 132256, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9838999000
mmap(0x7f98389a0000, 61440, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f98389a0000
mmap(0x7f98389af000, 20480, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x16000) = 0x7f98389af000
mmap(0x7f98389b4000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7f98389b4000
mmap(0x7f98389b6000, 13472, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f98389b6000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libpkcs11-helper.so.1",
O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000H\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=121944, ...}) = 0
mmap(NULL, 124240, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f983897a000
mprotect(0x7f983897e000, 102400, PROT_NONE) = 0
mmap(0x7f983897e000, 61440, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f983897e000
mmap(0x7f983898d000, 36864, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x13000) = 0x7f983898d000
mmap(0x7f9838997000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f9838997000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1",
O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\t\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=3044192, ...}) = 0
mmap(NULL, 3063712, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f983868e000
mmap(0x7f9838714000, 1699840, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x86000) = 0x7f9838714000
mmap(0x7f98388b3000, 593920, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x225000) = 0x7f98388b3000
mmap(0x7f9838944000, 204800, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2b5000) = 0x7f9838944000
mmap(0x7f9838976000, 16288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9838976000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", O_RDONLY|O_CLOEXEC)
= 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\364\1\0\0\0\0\0"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0644, st_size=593856, ...}) = 0
mmap(NULL, 596272, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f98385fc000
mprotect(0x7f9838619000, 425984, PROT_NONE) = 0
mmap(0x7f9838619000, 315392, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d000) = 0x7f9838619000
mmap(0x7f9838666000, 106496, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x6a000) = 0x7f9838666000
mmap(0x7f9838681000, 53248, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x84000) = 0x7f9838681000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libsystemd.so.0", O_RDONLY|O_CLOEXEC) =
3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220)\1\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=705248, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f98385fa000
mmap(NULL, 709872, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f983854c000
mmap(0x7f983855d000, 466944, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x7f983855d000
mmap(0x7f98385cf000, 151552, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x83000) = 0x7f98385cf000
mmap(0x7f98385f4000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa7000) = 0x7f98385f4000
mmap(0x7f98385f9000, 1264, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f98385f9000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\21\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14592, ...}) = 0
mmap(NULL, 16656, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9838547000
mmap(0x7f9838548000, 4096, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f9838548000
mmap(0x7f9838549000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x2000) = 0x7f9838549000
mmap(0x7f983854a000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f983854a000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 o\2\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1831600, ...}) = 0
mmap(NULL, 1844568, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f9838384000
mmap(0x7f98383a9000, 1351680, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f98383a9000
mmap(0x7f98384f3000, 303104, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x16f000) = 0x7f98384f3000
mmap(0x7f983853d000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b8000) = 0x7f983853d000
mmap(0x7f9838543000, 13656, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9838543000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2603\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=39912, ...}) = 0
mmap(NULL, 44000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9838379000
mmap(0x7f983837c000, 16384, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f983837c000
mmap(0x7f9838380000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x7000) = 0x7f9838380000
mmap(0x7f9838382000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x7f9838382000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/liblzma.so.5", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0205\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=162496, ...}) = 0
mmap(NULL, 164496, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9838350000
mprotect(0x7f9838353000, 147456, PROT_NONE) = 0
mmap(0x7f9838353000, 98304, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f9838353000
mmap(0x7f983836b000, 45056, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x1b000) = 0x7f983836b000
mmap(0x7f9838377000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7f9838377000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libgcrypt.so.20",
O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\305\0\0\0\0\0\0"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0644, st_size=1163960, ...}) = 0
mmap(NULL, 1167304, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f9838233000
mmap(0x7f983823f000, 839680, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f983823f000
mmap(0x7f983830c000, 249856, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0xd9000) = 0x7f983830c000
mmap(0x7f9838349000, 28672, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x115000) = 0x7f9838349000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f9838231000
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC)
= 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pF\0\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0644, st_size=137424, ...}) = 0
mmap(NULL, 139872, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f983820e000
mmap(0x7f9838212000, 77824, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f9838212000
mmap(0x7f9838225000, 40960, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
0x17000) = 0x7f9838225000
mmap(0x7f983822f000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20000) = 0x7f983822f000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f983820c000
arch_prctl(ARCH_SET_FS, 0x7f983820ccc0) = 0
mprotect(0x7f983853d000, 12288, PROT_READ) = 0
mprotect(0x7f983822f000, 4096, PROT_READ) = 0
mprotect(0x7f9838349000, 8192, PROT_READ) = 0
mprotect(0x7f98389b4000, 4096, PROT_READ) = 0
mprotect(0x7f9838377000, 4096, PROT_READ) = 0
mprotect(0x7f9838382000, 4096, PROT_READ) = 0
mprotect(0x7f983854a000, 4096, PROT_READ) = 0
mprotect(0x7f98389da000, 4096, PROT_READ) = 0
mprotect(0x7f98385f4000, 16384, PROT_READ) = 0
mprotect(0x7f9838944000, 196608, PROT_READ) = 0
mprotect(0x7f9838681000, 36864, PROT_READ) = 0
mprotect(0x7f9838997000, 4096, PROT_READ) = 0
mprotect(0x7f98389ff000, 4096, PROT_READ) = 0
mprotect(0x5559a4991000, 8192, PROT_READ) = 0
mprotect(0x7f9838a6e000, 4096, PROT_READ) = 0
munmap(0x7f9838a03000, 272683) = 0
set_tid_address(0x7f983820cf90) = 22048
set_robust_list(0x7f983820cfa0, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f98389a06b0, sa_mask=[],
sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f98389ad110}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f98389a0750, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f98389ad110}, NULL,
8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024,
rlim_max=RLIM64_INFINITY}) = 0
brk(NULL) = 0x5559a6334000
brk(0x5559a6355000) = 0x5559a6355000
futex(0x7f9838978818, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f983897880c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f9838978804, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389786c4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
rt_sigaction(SIGINT, {sa_handler=0x5559a493bd10, sa_mask=[INT],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x5559a493bd10, sa_mask=[TERM],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=SIG_IGN, sa_mask=[HUP],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=SIG_IGN, sa_mask=[USR1],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=SIG_IGN, sa_mask=[USR2],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
openat(AT_FDCWD, "vpn_connection.ovpn", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=8293, ...}) = 0
read(3, "remote-random\nremote 1.2.3.4"..., 4096) = 4096
read(3, "JJPpsptwZDe/wSvvNDmqYtgXTXXAgSH3"..., 4096) = 4096
read(3, "a3471a579aeccd3243d\n2af1cfdca3df"..., 4096) = 101
read(3, "", 4096) = 0
close(3) = 0
futex(0x7f98389788d8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389787f0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
access("client.crt", R_OK) = 0
access("client.key", R_OK) = 0
stat("client.key", {st_mode=S_IFREG|0600, st_size=1704, ...}) = 0
access("/tmp", R_OK|W_OK|X_OK) = 0
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\v\0\0\0\v\0\0\0\0"..., 4096)
= 2628
lseek(3, -1654, SEEK_CUR) = 974
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\v\0\0\0\v\0\0\0\0"..., 4096)
= 1654
close(3) = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0x2), ...}) = 0
write(1, "Mon Apr 20 11:08:00 2020 OpenVPN"..., 145Mon Apr 20 11:08:00 2020
OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11]
[MH/PKTINFO] [AEAD] built on Apr 19 2020
) = 145
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:00 2020 library"..., 81Mon Apr 20 11:08:00 2020
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
) = 81
newfstatat(AT_FDCWD, "/run/systemd/system/", {st_mode=S_IFDIR|0755, st_size=40,
...}, AT_SYMLINK_NOFOLLOW) = 0
stat("/bin/systemd-ask-password", {st_mode=S_IFREG|0755, st_size=14520, ...}) =
0
pipe([3, 4]) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f983820cf90) = 22049
close(4) = 0
wait4(22049, Enter Auth Username: ***************
[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 22049
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22049, si_uid=0,
si_status=0, si_utime=0, si_stime=0} ---
read(3, "***************\n", 4095) = 16
close(3) = 0
pipe([3, 4]) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f983820cf90) = 22052
close(4) = 0
wait4(22052, Enter Auth Password: **************************
[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 22052
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22052, si_uid=0,
si_status=0, si_utime=0, si_stime=0} ---
read(3, "**************************\n", 4095) = 27
close(3) = 0
getpid() = 22048
futex(0x7f9838978948, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid() = 22048
getrandom("\x7f\x39\x65\x38\xd2\x71\x10\xa0\x28\x84\xdb\x17\xc6\xe1\xb2\x97\xfa\xe5\xd5\x8e\xf2\x63\xeb\x27\x2a\xf4\x7d\xbe\x59\x42\x73\xb3",
32, 0) = 32
getpid() = 22048
futex(0x7f9838978918, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
rt_sigaction(SIGINT, {sa_handler=0x5559a493bd10, sa_mask=[INT],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=0x5559a493bd10, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x5559a493bd10, sa_mask=[TERM],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=0x5559a493bd10, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=SIG_IGN, sa_mask=[HUP],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_IGN, sa_mask=[HUP], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=SIG_IGN, sa_mask=[USR1],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_IGN, sa_mask=[USR1], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=SIG_IGN, sa_mask=[USR2],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_IGN, sa_mask=[USR2], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f98383bf7e0},
{sa_handler=SIG_IGN, sa_mask=[PIPE], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f98383bf7e0}, 8) = 0
futex(0x7f983897865c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f9838978650, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389787fc, FUTEX_WAKE_PRIVATE, 2147483647) = 0
brk(0x5559a6376000) = 0x5559a6376000
futex(0x7f98389787e8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f9838975c5c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389787b8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f98389787b0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/usr/lib/ssl/openssl.cnf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=11141, ...}) = 0
read(3, "#\n# OpenSSL example configuratio"..., 4096) = 4096
read(3, "F8Strings).\n# MASK:XXXX a litera"..., 4096) = 4096
read(3, "icConstraints=CA:FALSE\n\n# Here a"..., 4096) = 2949
read(3, "", 4096) = 0
close(3) = 0
futex(0x7f98389787e0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f983868d840, FUTEX_WAKE_PRIVATE, 2147483647) = 0
sysinfo({uptime=5966, loads=[57440, 62976, 69120], totalram=33584746496,
freeram=16735600640, sharedram=846180352, bufferram=1437421568,
totalswap=34200350720, freeswap=34200350720, procs=1395, totalhigh=0,
freehigh=0, mem_unit=1}) = 0
futex(0x7f983868d928, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f983868d91c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f983868d748, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
getpid() = 22048
openat(AT_FDCWD, "client.crt", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1956, ...}) = 0
read(3, "-----BEGIN CERTIFICATE-----\nMIIF"..., 4096) = 1956
read(3, "", 4096) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:07 2020 OpenSSL"..., 86Mon Apr 20 11:08:07 2020
OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value
) = 86
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:07 2020 OpenSSL"..., 85Mon Apr 20 11:08:07 2020
OpenSSL: error:0909006C:PEM routines:get_name:no start line
) = 85
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:07 2020 Error r"..., 57Mon Apr 20 11:08:07 2020
Error reading extra certificate
) = 57
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2628, ...}) = 0
write(1, "Mon Apr 20 11:08:07 2020 Exiting"..., 52Mon Apr 20 11:08:07 2020
Exiting due to fatal error
) = 52
exit_group(1) = ?
+++ exited with 1 +++
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.5.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.74
ii iproute2 5.6.0-1
ii libc6 2.30-4
ii liblz4-1 1.9.2-2
ii liblzo2-2 2.10-2
ii libpam0g 1.3.1-5
ii libpkcs11-helper1 1.26-1+b1
ii libssl1.1 1.1.1f-1
ii libsystemd0 245.5-1
ii lsb-base 11.1.0
Versions of packages openvpn recommends:
ii easy-rsa 3.0.6-1
Versions of packages openvpn suggests:
ii openssl 1.1.1f-1
pn openvpn-systemd-resolved <none>
ii resolvconf 1.82
-- debconf information:
openvpn/create_tun: false
