Actions
Bug #11557
closedOpenVPN fails in tls-validate after upgrading to PfSense 2.5
Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
02/26/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:
Description
If OpenVPN server is configured with a "Certificate Depth" higher than 1, the /usr/local/sbin/ovpn_auth_verify will fail to verify the certificate. The for loop in ovpn_auth_verify script :
for check_depth in $(/usr/bin/seq ${3} -1 0)
do
eval serial="\$tls_serial_${check_depth}"
RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certdepth=$4&certsubject=$5&serial=$serial&config=$config")
done
doesn't break on the first success (so if the depth is set to 3 it will still check depth 0).
Actions