| Summary: | "Easy RSA" CA fails to generate correct unicode strings in certificates | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tomas Pecina <tomas> | ||||
| Component: | openvpn | Assignee: | Steven Pritchard <steve> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 15 | CC: | gwync, huzaifas, steve | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-08-07 20:04:43 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
This may have been fixed in 2.2.x, which is in f16. Can you test that? If that works, I can push that for F15. Unfortunately, it doesn't. The mb characters are still mangled in v2.2.1. Can you tell me the full path to the file to be patched? I tried it against easy-rsa/1.0/openssl.cnf, but it doesn't apply. I never checked or tested easy-rsa/1.0 - the patches are to be applied against /2.0. Your patch doesn't apply against easy-rsa/2.0/openssl-1.0.0.cnf. And it shouldn't, it applies to openssl.cnf, taken from version 0.9.6. Sorry for the confusion, I guess you should install the OpenVPN version I reported the bug against, ie, 2.1.4, or apply the patch manually - it is actually very simple, consisting of only 3 changes. I'm willing to re-create the patch. That's not the issue. I just want to make sure I do so against the correct file. [limb@bamboo openvpn-2.2.1]$ find . -name '*.cnf' ./easy-rsa/2.0/openssl-0.9.6.cnf <-----This one. . . ./easy-rsa/2.0/tmp/openssl-0.9.6.cnf ./easy-rsa/2.0/tmp/openssl-1.0.0.cnf ./easy-rsa/2.0/openssl-0.9.8.cnf ./easy-rsa/2.0/openssl-1.0.0.cnf <-----. . .or this? ./easy-rsa/1.0/openssl.cnf [limb@bamboo openvpn-2.2.1]$ If I am getting it right, version 2.2.1 includes three openssl-*.cnf files, and a chooser script named whichopensslcnf. It seems all three files should be checked and those that yield wrong results patched. This message is a notice that Fedora 15 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 15. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '15' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 15 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |
Created attachment 513529 [details] Patch fixing the bug Description of problem: Version-Release number of selected component (if applicable): 2.1.4 How reproducible: Always Steps to Reproduce: 1. Set up "Easy RSA" CA with UTF8 characters in strings (such as CN) 2. Generate a certificate, ca.crt will do 3. Check it out using openssl Actual results: Unicode is broken Expected results: Unicode is displayed correctly Additional info: I fixed it (as a person with two Unicode characters in my name, I simply need to use them!) with a simple patch, which is attached