Faulty openvpn-client-export config files.
-
Hi,
i'd exported my android user config (inline) with openvpn-client-export utility.
I can't import those into my android.
I get the following error:
No endtag for starttag <tls-auth>found
I checked the generated config and it looks as it was half exported:
<tls-auth>#
2048 bit OpenVPN static key
–---BEGIN OpenVPN Static key V1-----
3563656648eregr4545t4gf4wt54tw45e8b
f37eee2tzer2b580fe57954af737dc36c064
2b59471dbc95238b4c6662e3377bae8b
7146db0fa26f3d9349b70b4f803c5a97
8ec7ba43c2a8eaa3aa543b142d8722e0
f058925f41e214f43fc8893248cfe280
30b7ebcb5zer536362awa532632q5641a6
696917f05b54a72b96689f7448a63176
7ef4bd168d5df68a9bdc5b26a50acc89
56e54004dec763bb613da3988330f769
1d1adb3c45346346457z54763as you see it looks a it wasn't fully exported.
If i download the zip archive i can't unzip. Faulty archive (file-roller & 7-zip for me)
Any help?
Thanks
elemay</tls-auth></tls-auth>
-
and using what what version of pfsense, snapshot? What browser, what version of the export package.
I am on 2.1.1 snap
2.1.1-PRERELEASE (i386)
built on Thu Feb 13 13:59:46 EST 2014
FreeBSD 8.3-RELEASE-p14using 1.2.4 of the export package with firefox 28 and working here, both the inline and zip files are fine.
-
My version:
2.1.1-PRERELEASE (amd64)
built on Wed Mar 26 13:50:51 EDT 2014
FreeBSD 8.3-RELEASE-p14openvpn-client-export-utility:
1.2.4
tried with firefox 24.4.0 and chromium 33.0.1750.152 (256984)
and i forgot to mention thos lines as the first 2 line of my config files (stupid me):
Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 419 Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 480
greetings
-
when i go to cert-manager i also got those lines in the webui:
Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 394 Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 444 Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 490
any way to fix this?
-
any way to fix this?
The way to fix the warning is to stop issuing insane certificates that expire after 2050.
https://bugs.php.net/bug.php?id=66636
-
Hi doktornotor,
thats nice to know.
My cert shows:
Valid From: Wed, 07 Mar 2012 17:48:38 +0100 Valid Until:
as you can see no Valid until is shown.
My client certs show (the one i want to export):
Valid From: Mon, 31 Mar 2014 20:33:42 +0200 Valid Until: Thu, 28 Mar 2024 19:33:42 +0100
Funny thing is that i could export an older cert just fine (1 year ago :P )
Maybe with the mentioned fix for 'GENERALIZEDTIME parsing' they broke my cert export :P
I'll try with a new cert.
Thanks
-
I found this topic searching for a solution to this error:
An error code was received while attempting Filter sync with username … - Code 2: Invalid return payload: enable debugging to examine incoming payload
This error start happening after upgrading from 2.1 to >=2.1.1-2.1.4
The "Warning" that generates the new openssl version breaks the XML response that rc.filter_synchronize uses, and thus the referrer error appears on System Log.
If one can not recreate the SSL certs with expiration year before 2050, one way to workaround this is to use the php functions ob_start(); and ob_end_clean();.
I've modified /etc/inc/certs.inc (in every CARP server), adding this function:
function openssl_x509_parse_nooutput($str_crt) { ob_start(); $inf_crt = openssl_x509_parse($str_crt); ob_end_clean(); return $inf_crt; }
And then, modified (in the same file) every call to openssl_x509_parse to the new openssl_x509_parse_nooutput.
I've been using this workaround for a couple of hours and everything seems to works fine, and the Sync error now reads:
php: rc.filter_synchronize: Filter sync successfully completed with …
-
Hi,
I have the same problem.
I created a new certificate and recognized a mistyping in the Name.
Then I deleted it. After I recognized the text in the WebGui of the Certificate Authority Manager:Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 394 Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 444 Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 490
Maybe it is, because the name for the Cert. that I wrongly entered, was the same that was already in use?
I can not export any Client or Certificates anymore, like elemay mentioned.
Is there any possibility to get more details where the problem is caused by?
Maybe some one could help me how to fix it.
BR and many thanks indvance.