Description of problem:
openvpn fails to start if the x509-username-field is specified.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add the x509-username-field option to the OpenVPN config file.
2. Attempt to start OpenVPN.
OpenVPN fails to start.
OpenVPN starts successfully.
Sorry, the version is 2.4.1.
Sorry about removing that feature in the packaging clean-up. On the other hand, I now know there are at least one user of this feature.
Could you please test a scratch build and see how that works for you?
* x86_64 build:
* armv7hl build
* i686 build
Just pick the build which matches best your environment.
This fix will be in the pipe for the next OpenVPN build, unless there are more users needing this fix in the mean time.
The option seems to be enabled in your build. I also managed to port this to Fedora 26 and fixed an OpenVPN bug with numeric OIDs. I'll try to upstream the patches.
Here's a SRPM: https://copr-be.cloud.fedoraproject.org/results/hvenev/experiments/fedora-26-x86_64/00541892-openvpn/openvpn-2.4.1-3.1.fc26.src.rpm
Thanks a lot! I've just given your src.rpm a very quick look, but spotted you seem to have done some OpenSSL 1.1 porting as well.
There is an upstream effort already on-going doing the OpenSSL v1.1 port. You can see the patches here: http://email@example.com/msg14075.html
If you have any chance to test, review and comment on those still not applied to the upstream OpenVPN, we'd be thankful for that help. Get in touch with me directly on e-mail and I'll get you the needed pointers to reply properly.
For 0002-Fix-extract_x509_field_ssl-for-external-objects.patch, this looks reasonable to get upstream as well. But I'd encourage you to elaborate a bit more in the commit message what is wrong and why, plus some brief explanation of why you chose this approach - especially if there are more alternatives. With that in place + a signed-off-by line, then that patch looks reasonable and shouldn't have too much struggles for inclusion - as long as it doesn't break existing configurations (which I don't think your patch will do).
openvpn-2.4.2-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-89d98779ec
openvpn-2.4.2-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-89d98779ec
openvpn-2.4.2-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.