Project

General

Profile

Actions

Regression #13988

closed

PHP error with OpenVPN if the server certificate subject has duplicate components

Added by Marcos M almost 2 years ago. Updated 6 months ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

Saving an OpenVPN Server configuration results in the following error:

PHP Fatal error:  Uncaught TypeError: urlencode(): Argument #1 ($string) must be of type string, array given in /etc/inc/openvpn.inc:1197
Stack trace:
#0 /etc/inc/openvpn.inc(1197): urlencode(Array)
#1 /etc/inc/openvpn.inc(1658): openvpn_reconfigure('server', Array)
#2 /etc/inc/openvpn.inc(1865): openvpn_restart('server', Array)
#3 /etc/inc/openvpn.inc(1907): openvpn_resync('server', Array)
#4 /etc/rc.bootup(270): openvpn_resync_all()
#5 {main}
  thrown in /etc/inc/openvpn.inc on line 1197

config.xml

    <cert>
        <refid>5c116b60e0bdf</refid>
        <descr><![CDATA[webConfigurator default (5c116b60e0bdf)]]></descr>
        <type>server</type>
        <crt>xxxxx</crt>
        <prv>xxxxx</prv>
    </cert>
    <cert>
        <refid>60566761859b5</refid>
        <descr><![CDATA[vpn.domain.com]]></descr>
        <crt>xxxxx==</crt>
        <prv>xxxxx</prv>
        <caref>5cb13825d3349</caref>
    </cert>
    <cert>
        <refid>62f793e6736f6</refid>
        <descr><![CDATA[*.domain.com]]></descr>
        <crt>xxxxx</crt>
        <prv>xxxxx</prv>
        <caref>5cb13825d3349</caref>
    </cert>


Related issues

Is duplicate of Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributesResolvedMarcos M

Actions
Actions #1

Updated by Jim Pingle almost 2 years ago

  • Subject changed from PHP error with OpenVPN to PHP error with OpenVPN if the server certificate subject has duplicate components
  • Status changed from New to Feedback

That would have to be an issue in the certificate data. Somehow one of those certificates is triggering a return of multiple common name values in an array instead of a single CN as a string, but that shouldn't be possible as far as I can tell (unless maybe it was generated outside of pfSense in some non-standard way?).

To replicate this and investigate a solution we'll need the certificate "crt" PEM data (not the private key, just the cert) for whichever one of those is the OpenVPN server certificate.

Actions #2

Updated by Marcos M almost 2 years ago

  • Status changed from Feedback to Confirmed

The issue looks to be that the cert used for the OpenVPN server contains multiple CN fields/values (which indicates the cert was not created in the pfSense GUI). It was reported that if the OpenVPN server config using this cert is not deleted, the system will not boot properly resulting in no connectivity.

Actions #3

Updated by Marcos M 6 months ago

  • Status changed from Confirmed to Duplicate
Actions #4

Updated by Marcos M 6 months ago

  • Is duplicate of Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes added
Actions

Also available in: Atom PDF