Package: openvpn
Version: 2.1~rc7-1
Severity: minor
When using the following verification method:
tls-remote vpn.mysite.be
it works fine on a certificate created with easy-rsa with Subject:
/C=BE/ST=Brussels/L=Brussels/O=MyVPN/CN=vpn.mysite.be/[EMAIL PROTECTED]
But on a CACert certificate, which presents only a CN:
/CN=vpn.mysite.be
it fails.
When digging into code of ssl.c, I saw the common_name variable
contains a null string instead of the expected "vpn.mysite.be"
so the subject line was not parsed properly.
I flagged the issue as "minor" because there is a workaround:
using the full subject line is working:
tls-remote /CN=vpn.mysite.be
Phil
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.22-3-vserver-686
Debian Release: lenny/sid
990 testing www.debian-multimedia.org
990 testing security.debian.org
990 testing ftp.kulnet.kuleuven.ac.be
500 unstable www.debian-multimedia.org
500 unstable sidux.net
500 unstable ftp.kulnet.kuleuven.ac.be
500 unstable debian.jones.dk
500 stable security.debian.org
1 experimental ftp.kulnet.kuleuven.ac.be
--- Package information. ---
Depends (Version) | Installed
=============================-+-==============
debconf | 1.5.21
OR debconf-2.0 |
libc6 (>= 2.7-1) | 2.7-10
liblzo2-2 | 2.03-1
libpam0g (>= 0.99.7.1) | 0.99.7.1-6
libssl0.9.8 (>= 0.9.8f-5) | 0.9.8g-10
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
