Error after upgrade to 22.7.3

[PotatoCarl]

Hi
I saw here also a booting problem. OPNSense came up, but most services did not work. Proxy only erratic, no VPN, no ACME, no ICAP, no Scruita....
I had to physically power down the FW hardware, start it again and restart services until everything came back up.
HOWEVER, OPENVPN is not working with any client anymore.

I cannot connect.

I get in the protocol these messages:
2022-09-05T10:13:21   Error   openvpn   87.191.224.208:34795 TLS Error: TLS handshake failed   
2022-09-05T10:13:21   Error   openvpn   87.191.224.208:34795 TLS Error: TLS object -> incoming plaintext read error   
2022-09-05T10:13:21   Error   openvpn   87.191.224.208:34795 TLS_ERROR: BIO read tls_read_plaintext error   
2022-09-05T10:13:21   Error   openvpn   87.191.224.208:34795 OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed   
2022-09-05T10:13:21   Error   openvpn   87.191.224.208:34795 VERIFY ERROR: CRL not loaded   

On the devices "NETWORK_EOF_ERROR" (Android), time out on various linux machines.

Please help! A minor upgrade should not brake the firewall so completely!

[PotatoCarl]

Okay, after removing the CRL as a matter of fact, the VPN did connect again.

This is a very strange issue, no?

[Fright]

@franco

it could return early if the key cannot be loaded?

yes, the function seems to throw NoKeyLoadedException

There is the issue of trying to limit EC stuff to EC keys for example

sorry, i'm not sure i understand ..

[franco]

There is the issue of trying to limit EC stuff to EC keys for example

sorry, i'm not sure i understand ..

Switch case was nested so only signatures matching EC would be selectable for it. With your patch that's no longer the case.


Cheers,
Franco

[Fright]

ah! now i understand, thanks! )