Could not read certificateorg.apache.harmony.security.asn1.ASN1Exception

GoogleCodeExporter commented 9 years ago

Samsung Galaxy S2 (SPH-D710VMUB)
Stock rooted 4.1.2
Certificates created with easy-rsa.

Trying to connect to my DD-WRT router, but it seems to me that the app doesn't 
even attempt to connect because it can't  read the certificates.

All options in app are default, except for pointing to the certificate 
locations.

Log:

2014-07-25 13:23:01 Running on SPH-D710VMUB (smdk4210) samsung, Android API 16, 
version 0.6.17, F-Droid built and signed version
2014-07-25 13:23:01 Could not read 
certificateorg.apache.harmony.security.asn1.ASN1Exception: ASN.1 sequence 
identifier expected at [0], got 5b
2014-07-25 13:23:01 Could not read 
certificateorg.apache.harmony.security.asn1.ASN1Exception: ASN.1 sequence 
identifier expected at [0], got 5b
2014-07-25 13:23:22 Could not read 
certificateorg.apache.harmony.security.asn1.ASN1Exception: ASN.1 sequence 
identifier expected at [0], got 5b
2014-07-25 13:25:49 Building configuration…
2014-07-25 13:25:52 started Socket Thread
2014-07-25 13:25:52 Current Parameter Settings:
2014-07-25 13:25:52   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-07-25 13:25:52   mode = 0
2014-07-25 13:25:52   show_ciphers = DISABLED
2014-07-25 13:25:52   show_digests = DISABLED
2014-07-25 13:25:52   show_engines = DISABLED
2014-07-25 13:25:52   genkey = DISABLED
2014-07-25 13:25:52   key_pass_file = '[UNDEF]'
2014-07-25 13:25:52   show_tls_ciphers = DISABLED
2014-07-25 13:25:52   connect_retry_max = 5
2014-07-25 13:25:52 Connection profiles [0]:
2014-07-25 13:25:52   proto = udp
2014-07-25 13:25:52   local = '[UNDEF]'
2014-07-25 13:25:52   local_port = '1194'
2014-07-25 13:25:52   remote = 'unknownsoldierx.strangled.net'
2014-07-25 13:25:52   remote_port = '1194'
2014-07-25 13:25:52   remote_float = DISABLED
2014-07-25 13:25:52   bind_defined = DISABLED
2014-07-25 13:25:52   bind_local = ENABLED
2014-07-25 13:25:52   bind_ipv6_only = DISABLED
2014-07-25 13:25:52   connect_retry_seconds = 5
2014-07-25 13:25:52   connect_timeout = 10
2014-07-25 13:25:52   socks_proxy_server = '[UNDEF]'
2014-07-25 13:25:52   socks_proxy_port = '[UNDEF]'
2014-07-25 13:25:52   socks_proxy_retry = DISABLED
2014-07-25 13:25:52   tun_mtu = 1500
2014-07-25 13:25:52   tun_mtu_defined = ENABLED
2014-07-25 13:25:52   link_mtu = 1500
2014-07-25 13:25:52   link_mtu_defined = DISABLED
2014-07-25 13:25:52   tun_mtu_extra = 0
2014-07-25 13:25:52   tun_mtu_extra_defined = DISABLED
2014-07-25 13:25:52   mtu_discover_type = -1
2014-07-25 13:25:52   fragment = 0
2014-07-25 13:25:52   mssfix = 1450
2014-07-25 13:25:52   explicit_exit_notification = 0
2014-07-25 13:25:52 Connection profiles END
2014-07-25 13:25:52   remote_random = DISABLED
2014-07-25 13:25:52   ipchange = '[UNDEF]'
2014-07-25 13:25:52   dev = 'tun'
2014-07-25 13:25:52   dev_type = '[UNDEF]'
2014-07-25 13:25:52   dev_node = '[UNDEF]'
2014-07-25 13:25:52   lladdr = '[UNDEF]'
2014-07-25 13:25:52   topology = 1
2014-07-25 13:25:52   tun_ipv6 = DISABLED
2014-07-25 13:25:52   ifconfig_local = '[UNDEF]'
2014-07-25 13:25:52   ifconfig_remote_netmask = '[UNDEF]'
2014-07-25 13:25:52   ifconfig_noexec = DISABLED
2014-07-25 13:25:52   ifconfig_nowarn = DISABLED
2014-07-25 13:25:52   ifconfig_ipv6_local = '[UNDEF]'
2014-07-25 13:25:52   ifconfig_ipv6_netbits = 0
2014-07-25 13:25:52   ifconfig_ipv6_remote = '[UNDEF]'
2014-07-25 13:25:52   shaper = 0
2014-07-25 13:25:52   mtu_test = 0
2014-07-25 13:25:52   mlock = DISABLED
2014-07-25 13:25:52   keepalive_ping = 0
2014-07-25 13:25:52   keepalive_timeout = 0
2014-07-25 13:25:52   inactivity_timeout = 0
2014-07-25 13:25:52   ping_send_timeout = 0
2014-07-25 13:25:52   ping_rec_timeout = 0
2014-07-25 13:25:52   ping_rec_timeout_action = 0
2014-07-25 13:25:52   ping_timer_remote = DISABLED
2014-07-25 13:25:52   remap_sigusr1 = 0
2014-07-25 13:25:52   persist_tun = DISABLED
2014-07-25 13:25:52   persist_local_ip = DISABLED
2014-07-25 13:25:52   persist_remote_ip = DISABLED
2014-07-25 13:25:52   persist_key = DISABLED
2014-07-25 13:25:52   passtos = DISABLED
2014-07-25 13:25:52   resolve_retry_seconds = 60
2014-07-25 13:25:52   resolve_in_advance = DISABLED
2014-07-25 13:25:52   username = '[UNDEF]'
2014-07-25 13:25:52   groupname = '[UNDEF]'
2014-07-25 13:25:52   chroot_dir = '[UNDEF]'
2014-07-25 13:25:52   cd_dir = '[UNDEF]'
2014-07-25 13:25:52   writepid = '[UNDEF]'
2014-07-25 13:25:52   up_script = '[UNDEF]'
2014-07-25 13:25:52   down_script = '[UNDEF]'
2014-07-25 13:25:52   down_pre = DISABLED
2014-07-25 13:25:52   up_restart = DISABLED
2014-07-25 13:25:52   up_delay = DISABLED
2014-07-25 13:25:52   daemon = DISABLED
2014-07-25 13:25:52   inetd = 0
2014-07-25 13:25:52   log = DISABLED
2014-07-25 13:25:52   suppress_timestamps = DISABLED
2014-07-25 13:25:52   machine_readable_output = ENABLED
2014-07-25 13:25:52   nice = 0
2014-07-25 13:25:52   verbosity = 4
2014-07-25 13:25:52   mute = 0
2014-07-25 13:25:52   gremlin = 0
2014-07-25 13:25:52 Network Status: CONNECTED CDMA - EvDo rev. A to mobile
2014-07-25 13:25:52   status_file = '[UNDEF]'
2014-07-25 13:25:52   status_file_version = 1
2014-07-25 13:25:52   status_file_update_freq = 60
2014-07-25 13:25:52   occ = ENABLED
2014-07-25 13:25:52   rcvbuf = 65536
2014-07-25 13:25:52   sndbuf = 65536
2014-07-25 13:25:52   sockflags = 0
2014-07-25 13:25:52   fast_io = DISABLED
2014-07-25 13:25:52   comp.alg = 2
2014-07-25 13:25:52   comp.flags = 1
2014-07-25 13:25:52   route_script = '[UNDEF]'
2014-07-25 13:25:52   route_default_gateway = '[UNDEF]'
2014-07-25 13:25:52   route_default_metric = 0
2014-07-25 13:25:52   route_noexec = DISABLED
2014-07-25 13:25:52   route_delay = 0
2014-07-25 13:25:52   route_delay_window = 30
2014-07-25 13:25:52   route_delay_defined = DISABLED
2014-07-25 13:25:52   route_nopull = DISABLED
2014-07-25 13:25:52   route_gateway_via_dhcp = DISABLED
2014-07-25 13:25:52   allow_pull_fqdn = DISABLED
2014-07-25 13:25:52   [redirect_default_gateway local=0]
2014-07-25 13:25:52   route 0.0.0.0/0.0.0.0/vpn_gateway/nil
2014-07-25 13:25:52   management_addr = 
'/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-07-25 13:25:52   management_port = 'unix'
2014-07-25 13:25:52   management_user_pass = '[UNDEF]'
2014-07-25 13:25:52   management_log_history_cache = 250
2014-07-25 13:25:52   management_echo_buffer_size = 100
2014-07-25 13:25:52   management_write_peer_info_file = '[UNDEF]'
2014-07-25 13:25:52   management_client_user = '[UNDEF]'
2014-07-25 13:25:52   management_client_group = '[UNDEF]'
2014-07-25 13:25:52   management_flags = 4390
2014-07-25 13:25:52   shared_secret_file = '[UNDEF]'
2014-07-25 13:25:52   key_direction = 0
2014-07-25 13:25:52   ciphername_defined = ENABLED
2014-07-25 13:25:52   ciphername = 'BF-CBC'
2014-07-25 13:25:52   authname_defined = ENABLED
2014-07-25 13:25:52   authname = 'SHA1'
2014-07-25 13:25:52   prng_hash = 'SHA1'
2014-07-25 13:25:52   prng_nonce_secret_len = 16
2014-07-25 13:25:52   keysize = 0
2014-07-25 13:25:52   engine = DISABLED
2014-07-25 13:25:52   replay = ENABLED
2014-07-25 13:25:52   mute_replay_warnings = DISABLED
2014-07-25 13:25:52   replay_window = 64
2014-07-25 13:25:52   replay_time = 15
2014-07-25 13:25:52   packet_id_file = '[UNDEF]'
2014-07-25 13:25:52   use_iv = ENABLED
2014-07-25 13:25:52   test_crypto = DISABLED
2014-07-25 13:25:52   tls_server = DISABLED
2014-07-25 13:25:52   tls_client = ENABLED
2014-07-25 13:25:52   key_method = 2
2014-07-25 13:25:52   ca_file = '[[INLINE]]'
2014-07-25 13:25:52   ca_path = '[UNDEF]'
2014-07-25 13:25:52   dh_file = '[UNDEF]'
2014-07-25 13:25:52   cert_file = '[[INLINE]]'
2014-07-25 13:25:52   priv_key_file = '[[INLINE]]'
2014-07-25 13:25:52   pkcs12_file = '[UNDEF]'
2014-07-25 13:25:52   cipher_list = '[UNDEF]'
2014-07-25 13:25:52   tls_verify = '[UNDEF]'
2014-07-25 13:25:52   tls_export_cert = '[UNDEF]'
2014-07-25 13:25:52   verify_x509_type = 0
2014-07-25 13:25:52   verify_x509_name = '[UNDEF]'
2014-07-25 13:25:52   crl_file = '[UNDEF]'
2014-07-25 13:25:52   ns_cert_type = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 160
2014-07-25 13:25:52   remote_cert_ku[i] = 136
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_ku[i] = 0
2014-07-25 13:25:52   remote_cert_eku = 'TLS Web Server Authentication'
2014-07-25 13:25:52   ssl_flags = 0
2014-07-25 13:25:52   tls_timeout = 2
2014-07-25 13:25:52   renegotiate_bytes = 0
2014-07-25 13:25:52   renegotiate_packets = 0
2014-07-25 13:25:52   renegotiate_seconds = 3600
2014-07-25 13:25:52   handshake_window = 60
2014-07-25 13:25:52   transition_window = 3600
2014-07-25 13:25:52   single_session = DISABLED
2014-07-25 13:25:52   push_peer_info = DISABLED
2014-07-25 13:25:52   tls_exit = DISABLED
2014-07-25 13:25:52   tls_auth_file = '[UNDEF]'
2014-07-25 13:25:52   client = ENABLED
2014-07-25 13:25:52   pull = ENABLED
2014-07-25 13:25:52   auth_user_pass_file = '[UNDEF]'
2014-07-25 13:25:52 OpenVPN 2.4-icsopenvpn 
[git:icsopenvpn_615-c430ab0e0cef9994] android-14-armeabi-v7a [SSL (OpenSSL)] 
[LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Jul  3 2014
2014-07-25 13:25:52 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
2014-07-25 13:25:52 MANAGEMENT: Connected to management server at 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-07-25 13:25:52 MANAGEMENT: CMD 'hold release'
2014-07-25 13:25:52 MANAGEMENT: CMD 'bytecount 2'
2014-07-25 13:25:52 MANAGEMENT: CMD 'state on'
2014-07-25 13:25:52 MANAGEMENT: CMD 'proxy NONE'
2014-07-25 13:25:53 MGMT: Got unrecognized command>FATAL:Cannot load inline 
certificate file: error:0906D06C:PEM routines:PEM_read_bio:no start line: 
error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
2014-07-25 13:25:53 MANAGEMENT: Client disconnected
2014-07-25 13:25:53 Cannot load inline certificate file: error:0906D06C:PEM 
routines:PEM_read_bio:no start line: error:140AD009:SSL 
routines:SSL_CTX_use_certificate_file:PEM lib
2014-07-25 13:25:53 Exiting due to fatal error
2014-07-25 13:25:53 Process exited with exit value 1
2014-07-25 13:30:58 Building configuration…
2014-07-25 13:31:00 started Socket Thread
2014-07-25 13:31:01 Network Status: CONNECTED CDMA - EvDo rev. A to mobile
2014-07-25 13:31:01 Current Parameter Settings:
2014-07-25 13:31:01   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-07-25 13:31:01   mode = 0
2014-07-25 13:31:01   show_ciphers = DISABLED
2014-07-25 13:31:01   show_digests = DISABLED
2014-07-25 13:31:01   show_engines = DISABLED
2014-07-25 13:31:01   genkey = DISABLED
2014-07-25 13:31:01   key_pass_file = '[UNDEF]'
2014-07-25 13:31:01   show_tls_ciphers = DISABLED
2014-07-25 13:31:01   connect_retry_max = 5
2014-07-25 13:31:01 Connection profiles [0]:
2014-07-25 13:31:01   proto = udp
2014-07-25 13:31:01   local = '[UNDEF]'
2014-07-25 13:31:01   local_port = '1194'
2014-07-25 13:31:01   remote = 'unknownsoldierx.strangled.net'
2014-07-25 13:31:01   remote_port = '1194'
2014-07-25 13:31:01   remote_float = DISABLED
2014-07-25 13:31:01   bind_defined = DISABLED
2014-07-25 13:31:01   bind_local = ENABLED
2014-07-25 13:31:01   bind_ipv6_only = DISABLED
2014-07-25 13:31:01   connect_retry_seconds = 5
2014-07-25 13:31:01   connect_timeout = 10
2014-07-25 13:31:01   socks_proxy_server = '[UNDEF]'
2014-07-25 13:31:01   socks_proxy_port = '[UNDEF]'
2014-07-25 13:31:01   socks_proxy_retry = DISABLED
2014-07-25 13:31:01   tun_mtu = 1500
2014-07-25 13:31:01   tun_mtu_defined = ENABLED
2014-07-25 13:31:01   link_mtu = 1500
2014-07-25 13:31:01   link_mtu_defined = DISABLED
2014-07-25 13:31:01   tun_mtu_extra = 0
2014-07-25 13:31:01   tun_mtu_extra_defined = DISABLED
2014-07-25 13:31:01   mtu_discover_type = -1
2014-07-25 13:31:01   fragment = 0
2014-07-25 13:31:01   mssfix = 1450
2014-07-25 13:31:01   explicit_exit_notification = 0
2014-07-25 13:31:01 Connection profiles END
2014-07-25 13:31:01   remote_random = DISABLED
2014-07-25 13:31:01   ipchange = '[UNDEF]'
2014-07-25 13:31:01   dev = 'tun'
2014-07-25 13:31:01   dev_type = '[UNDEF]'
2014-07-25 13:31:01   dev_node = '[UNDEF]'
2014-07-25 13:31:01   lladdr = '[UNDEF]'
2014-07-25 13:31:01   topology = 1
2014-07-25 13:31:01   tun_ipv6 = DISABLED
2014-07-25 13:31:01   ifconfig_local = '[UNDEF]'
2014-07-25 13:31:01   ifconfig_remote_netmask = '[UNDEF]'
2014-07-25 13:31:01   ifconfig_noexec = DISABLED
2014-07-25 13:31:01   ifconfig_nowarn = DISABLED
2014-07-25 13:31:01   ifconfig_ipv6_local = '[UNDEF]'
2014-07-25 13:31:01   ifconfig_ipv6_netbits = 0
2014-07-25 13:31:01   ifconfig_ipv6_remote = '[UNDEF]'
2014-07-25 13:31:01   shaper = 0
2014-07-25 13:31:01   mtu_test = 0
2014-07-25 13:31:01   mlock = DISABLED
2014-07-25 13:31:01   keepalive_ping = 0
2014-07-25 13:31:01   keepalive_timeout = 0
2014-07-25 13:31:01   inactivity_timeout = 0
2014-07-25 13:31:01   ping_send_timeout = 0
2014-07-25 13:31:01   ping_rec_timeout = 0
2014-07-25 13:31:01   ping_rec_timeout_action = 0
2014-07-25 13:31:01   ping_timer_remote = DISABLED
2014-07-25 13:31:01   remap_sigusr1 = 0
2014-07-25 13:31:01   persist_tun = DISABLED
2014-07-25 13:31:01   persist_local_ip = DISABLED
2014-07-25 13:31:01   persist_remote_ip = DISABLED
2014-07-25 13:31:01   persist_key = DISABLED
2014-07-25 13:31:01   passtos = DISABLED
2014-07-25 13:31:01   resolve_retry_seconds = 60
2014-07-25 13:31:01   resolve_in_advance = DISABLED
2014-07-25 13:31:01   username = '[UNDEF]'
2014-07-25 13:31:01   groupname = '[UNDEF]'
2014-07-25 13:31:01   chroot_dir = '[UNDEF]'
2014-07-25 13:31:01   cd_dir = '[UNDEF]'
2014-07-25 13:31:01   writepid = '[UNDEF]'
2014-07-25 13:31:01   up_script = '[UNDEF]'
2014-07-25 13:31:01   down_script = '[UNDEF]'
2014-07-25 13:31:01   down_pre = DISABLED
2014-07-25 13:31:01   up_restart = DISABLED
2014-07-25 13:31:01   up_delay = DISABLED
2014-07-25 13:31:01   daemon = DISABLED
2014-07-25 13:31:01   inetd = 0
2014-07-25 13:31:01   log = DISABLED
2014-07-25 13:31:01   suppress_timestamps = DISABLED
2014-07-25 13:31:01   machine_readable_output = ENABLED
2014-07-25 13:31:01   nice = 0
2014-07-25 13:31:01   verbosity = 4
2014-07-25 13:31:01   mute = 0
2014-07-25 13:31:01   gremlin = 0
2014-07-25 13:31:01   status_file = '[UNDEF]'
2014-07-25 13:31:01   status_file_version = 1
2014-07-25 13:31:01   status_file_update_freq = 60
2014-07-25 13:31:01   occ = ENABLED
2014-07-25 13:31:01   rcvbuf = 65536
2014-07-25 13:31:01   sndbuf = 65536
2014-07-25 13:31:01   sockflags = 0
2014-07-25 13:31:01   fast_io = DISABLED
2014-07-25 13:31:01   comp.alg = 2
2014-07-25 13:31:01   comp.flags = 1
2014-07-25 13:31:01   route_script = '[UNDEF]'
2014-07-25 13:31:01   route_default_gateway = '[UNDEF]'
2014-07-25 13:31:01   route_default_metric = 0
2014-07-25 13:31:01   route_noexec = DISABLED
2014-07-25 13:31:01   route_delay = 0
2014-07-25 13:31:01   route_delay_window = 30
2014-07-25 13:31:01   route_delay_defined = DISABLED
2014-07-25 13:31:01   route_nopull = DISABLED
2014-07-25 13:31:01   route_gateway_via_dhcp = DISABLED
2014-07-25 13:31:01   allow_pull_fqdn = DISABLED
2014-07-25 13:31:01   [redirect_default_gateway local=0]
2014-07-25 13:31:01   route 0.0.0.0/0.0.0.0/vpn_gateway/nil
2014-07-25 13:31:01   management_addr = 
'/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-07-25 13:31:01   management_port = 'unix'
2014-07-25 13:31:01   management_user_pass = '[UNDEF]'
2014-07-25 13:31:01   management_log_history_cache = 250
2014-07-25 13:31:01   management_echo_buffer_size = 100
2014-07-25 13:31:01   management_write_peer_info_file = '[UNDEF]'
2014-07-25 13:31:01   management_client_user = '[UNDEF]'
2014-07-25 13:31:01   management_client_group = '[UNDEF]'
2014-07-25 13:31:01   management_flags = 4390
2014-07-25 13:31:01   shared_secret_file = '[UNDEF]'
2014-07-25 13:31:01   key_direction = 0
2014-07-25 13:31:01   ciphername_defined = ENABLED
2014-07-25 13:31:01   ciphername = 'BF-CBC'
2014-07-25 13:31:01   authname_defined = ENABLED
2014-07-25 13:31:01   authname = 'SHA1'
2014-07-25 13:31:01   prng_hash = 'SHA1'
2014-07-25 13:31:01   prng_nonce_secret_len = 16
2014-07-25 13:31:01   keysize = 0
2014-07-25 13:31:01   engine = DISABLED
2014-07-25 13:31:01   replay = ENABLED
2014-07-25 13:31:01   mute_replay_warnings = DISABLED
2014-07-25 13:31:01   replay_window = 64
2014-07-25 13:31:01   replay_time = 15
2014-07-25 13:31:01   packet_id_file = '[UNDEF]'
2014-07-25 13:31:01   use_iv = ENABLED
2014-07-25 13:31:01   test_crypto = DISABLED
2014-07-25 13:31:01   tls_server = DISABLED
2014-07-25 13:31:01   tls_client = ENABLED
2014-07-25 13:31:01   key_method = 2
2014-07-25 13:31:01   ca_file = '[[INLINE]]'
2014-07-25 13:31:01   ca_path = '[UNDEF]'
2014-07-25 13:31:01   dh_file = '[UNDEF]'
2014-07-25 13:31:01   cert_file = '[[INLINE]]'
2014-07-25 13:31:01   priv_key_file = '[[INLINE]]'
2014-07-25 13:31:01   pkcs12_file = '[UNDEF]'
2014-07-25 13:31:01   cipher_list = '[UNDEF]'
2014-07-25 13:31:01   tls_verify = '[UNDEF]'
2014-07-25 13:31:01   tls_export_cert = '[UNDEF]'
2014-07-25 13:31:01   verify_x509_type = 0
2014-07-25 13:31:01   verify_x509_name = '[UNDEF]'
2014-07-25 13:31:01   crl_file = '[UNDEF]'
2014-07-25 13:31:01   ns_cert_type = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 160
2014-07-25 13:31:01   remote_cert_ku[i] = 136
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_ku[i] = 0
2014-07-25 13:31:01   remote_cert_eku = 'TLS Web Server Authentication'
2014-07-25 13:31:01   ssl_flags = 0
2014-07-25 13:31:01   tls_timeout = 2
2014-07-25 13:31:01   renegotiate_bytes = 0
2014-07-25 13:31:01   renegotiate_packets = 0
2014-07-25 13:31:01   renegotiate_seconds = 3600
2014-07-25 13:31:01   handshake_window = 60
2014-07-25 13:31:01   transition_window = 3600
2014-07-25 13:31:01   single_session = DISABLED
2014-07-25 13:31:01   push_peer_info = DISABLED
2014-07-25 13:31:01   tls_exit = DISABLED
2014-07-25 13:31:01   tls_auth_file = '[UNDEF]'
2014-07-25 13:31:01   client = ENABLED
2014-07-25 13:31:01   pull = ENABLED
2014-07-25 13:31:01   auth_user_pass_file = '[UNDEF]'
2014-07-25 13:31:01 OpenVPN 2.4-icsopenvpn 
[git:icsopenvpn_615-c430ab0e0cef9994] android-14-armeabi-v7a [SSL (OpenSSL)] 
[LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Jul  3 2014
2014-07-25 13:31:01 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
2014-07-25 13:31:01 MANAGEMENT: Connected to management server at 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-07-25 13:31:01 MANAGEMENT: CMD 'hold release'
2014-07-25 13:31:01 MANAGEMENT: CMD 'bytecount 2'
2014-07-25 13:31:01 MANAGEMENT: CMD 'state on'
2014-07-25 13:31:01 MANAGEMENT: CMD 'proxy NONE'
2014-07-25 13:31:02 MGMT: Got unrecognized command>FATAL:Cannot load inline 
certificate file: error:0906D06C:PEM routines:PEM_read_bio:no start line: 
error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
2014-07-25 13:31:02 MANAGEMENT: Client disconnected
2014-07-25 13:31:02 Cannot load inline certificate file: error:0906D06C:PEM 
routines:PEM_read_bio:no start line: error:140AD009:SSL 
routines:SSL_CTX_use_certificate_file:PEM lib
2014-07-25 13:31:02 Exiting due to fatal error
2014-07-25 13:31:02 Process exited with exit value 1

Original issue reported on code.google.com by unknowns...@gmail.com on 25 Jul 2014 at 11:44

GoogleCodeExporter commented 9 years ago

That really sounds as if your certificate is not in PEM format.

Original comment by arne@rfc2549.org on 26 Jul 2014 at 8:40

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Honestly, I'm not sure what I'm doing for the most part. Just following the 
tutorial
http://openvpn.net/index.php/open-source/documentation/howto.html#pki

For the client key I'm using, I did build-key-pass and I do remember having to 
enter a PEM pass phrase.

Original comment by unknowns...@gmail.com on 26 Jul 2014 at 11:35

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Can you send me your generated config?

Original comment by arne@rfc2549.org on 26 Jul 2014 at 11:47

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Config on the phone or the server? Where do I find the file, or what type of 
file am I looking for?

Original comment by unknowns...@gmail.com on 26 Jul 2014 at 11:55

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

When editing a vpn profile there should be a generated config menu item

Original comment by arne@rfc2549.org on 26 Jul 2014 at 12:10

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold

setenv IV_GUI_VER "de.blinkt.openvpn 0.6.17"
machine-readable-output
client
verb 4
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote <address removed> b 1194 udp
<ca>
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIJAPxE0XrFS2iwMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCSUwxDzANBgNVBAcTBkpvbGlldDEQMA4GA1UEChMH
T3BlblZQTjERMA8GA1UECxMIY2hhbmdlbWUxDTALBgNVBAMTBEhvbWUxETAPBgNV
BCkTCGNoYW5nZW1lMSgwJgYJKoZIhvcNAQkBFhl1bmtub3duc29sZGllcnhAZ21h
aWwuY29tMB4XDTE0MDcyNTE3NDk0MFoXDTI0MDcyMjE3NDk0MFowgZwxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJJTDEPMA0GA1UEBxMGSm9saWV0MRAwDgYDVQQKEwdP
cGVuVlBOMREwDwYDVQQLEwhjaGFuZ2VtZTENMAsGA1UEAxMESG9tZTERMA8GA1UE
KRMIY2hhbmdlbWUxKDAmBgkqhkiG9w0BCQEWGXVua25vd25zb2xkaWVyeEBnbWFp
bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE/ZNxFATq8dMN
UsrN4JU5c2IrsHep2r4nAeBchiSmvUcGi4aqOYTOkzcZ9hdRaP570H5SF7+Oec7D
pMERT6p6QVDNAaUvqxQvqi8c188H0w6Ec6wIym/N7e7Mjn8u7A7NQuAyxHE1zRP9
Hx74W5J+Pwtiz7YxExZ9BpAjyoC47GEFdVLchK1x40lK8hvRF+Nx/vL08g/xcmHt
36vTx/m7v0VpGqKv6qoZoNgugb90A8j0Yc7W9evoshH5aH0dLAspsxZtO1yIQVqo
cUSAyDtgGnK5H1REq36cgvxhju1BQLlp+Yfa2M+HWA137oPcwAks2TqYWkI+ZeE5
oJmpMpbzAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUjllztnm0xDxYakQIzHogv6Qd
LcgwgdEGA1UdIwSByTCBxoAUjllztnm0xDxYakQIzHogv6QdLcihgaKkgZ8wgZwx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEPMA0GA1UEBxMGSm9saWV0MRAwDgYD
VQQKEwdPcGVuVlBOMREwDwYDVQQLEwhjaGFuZ2VtZTENMAsGA1UEAxMESG9tZTER
MA8GA1UEKRMIY2hhbmdlbWUxKDAmBgkqhkiG9w0BCQEWGXVua25vd25zb2xkaWVy
eEBnbWFpbC5jb22CCQD8RNF6xUtosDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4IBAQCqSumJmZ+82Uwv4jrLFUYHwkJlxybe5MTaBf9Zy9uRKSpvsCGqfh8D
OYoMbYu2stjIwdM2XZbo7lWEqsOKjJSnPBrRsZh+vDWfi3lh4l92A52FWkrVraW3
R/klZINPtcRskdzmm+h5BC7Wh6rSzewLUpr5VgRsgxqI2PaRgE5dCuGqoJnwuFPW
+IDZiN6ddGcQv/Bo9wL8Tx0MVt5P08O3kbpIRx9GE1VfMNb/OKhBX4swPnEJmaFV
7gD1xE3qjdSjDSPOO7rHqYdxdxWaIo4rbaul7Hdak3g0LAd60+lv9xWy1h8woyl3
EnXUponpFGodcgqTUni/hx4uNwTLr2jK
-----END CERTIFICATE-----

</ca>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI/6TAb405uiMCAggA
MBQGCCqGSIb3DQMHBAhcH8kGScFsUgSCBMh66ridyktsiuDM8p6ygMDgmL07tWAB
aVpMoPlzLRERSedxEe8xUxji7zSl+FpyyRRiJJhb95fIUnoHrihgvC7rgLR19kP0
4WUZtB6RM5IL4kBUOdus1WJ0WeVhSj8kT0oFeZGPMIrJkPugmReQ+LtXCdyR5m6A
Y1NioW5bRK8M5y6VHeDXmXi5Mc9oUiqoH5HuUWlv7pGTIEAL/aVdLk7sU5/Va3ae
IHE5TJwmonhqQbGdmVU/uc4gtSjhaZ71Wwx5crNHQgkXiHa0qxporKzWKaFiXTY4
50RBbapD0d7T+VRAvsfJ7SLYeD9H+0OZYF6rAbqTh57pBgpOqF5SkAsz5JOiVPBd
0X3F+Hoi0f5wOrMvfXeyHXodEOMnHlkUfCwSAKDpHcYxlbzyqmdh2AAjzdlRZ0Fs
K5D9devrEtrcUIs1wt/vo/sjl/jNndpVxxiyDZnix6BPV61qGT2r4LQwR8AEoozL
3H0EG4GWtsnj4tmPBo4jyG1TF2ihL2ydf8VhnIB6aUK3SFrcsNdRQ0RSJTkUyjO0
mDdJIbe9jmIT7m4mODf+gMVxkXqdTqVvVJFBX9jeE0u7jbqMiC28v2i2aGlJFg5M
TEFHs9NZHuFFdcwWv6NxcSpcPlDBKdnq7RmbYVluDq3k0793STbBAGy6lypa/GE0
qrpDOpb/VP8Iat7cozJJo/OWp8mN1AOxHGwCMkx4fYOaLQCOJ4QSNL4+5OhXTCm6
neiNbT4gGkgE/iG0GHfavGzcpLGUFakpoMPCLZJ96BW6YrYUr/0x7GaNrUWa4j0Z
ldU8q+ZOVUhueKoCVWNdfU6ciYIDcf4M/I2ZL7c5YjxJ8N3PoT54ua/jb2ur/vgv
uno1qHAaQcbT6K1qRlX20YNCGZYnZYm/BUqFkMWAVWZeNCHv12hYoXFTgYZR4JaD
YiXum3Zm5a/RZO1YjKhtMjNuxRMvl1QUGHMtBlZKbBnYXBLGXlcCFwnJyt3Ty636
3TKasG1zSSrLrPPFpXwBx4BbCPRWIhLJnOdHVzq7kfTjGhYUSh9kggNdLUW7W1Ui
i8F3FKYuOqbEVABJIXEcViamvE/rSKzrxRWh//Gv6WineVmi58j+uQgHCfFHkstv
v3SgXlkSPV/6zbpOw2gYuTWSNCzKiKS+2aPHyLkNknkiHIXp9FzK6CJruBMtj2IM
G1H3rIC1GBOUfy6TIHY6oJ+4vqysfGglWyoYRGrzW8DsbYVGChLsEzdEA9czeR4X
SLL4+JKqL6l2YY09+Nem1lZs1Sc8QT0pKTsYYUFWxJwR3BGTZ/6gfyFsAlMA0jfM
rR4k5B1q9K1ZYA+V6kj8PGXknrohS67i0WGCs/I48vh/8e0YZw6jx7qihNa02eZN
ObDDC9sPoPE6vUewfB5tlU88u0jrZP9DXwPqui+s9cICjzpT3GkjHGXIgfqj03c9
mwwWIZ33bZeH+XzY3pHz7OSlrePQWZCa7W6q7ioQ7mGNbAgNyrLmGVq8V3r3AxwT
4JFafLvuJlgNkl1+WC7un56vOLUHtQw/MV2K1etkKmqR68sjZX6RSTlA7LgfD+p7
o4hVFtJtM7bqVRoTuol2FLV3N+WppfKmRq2CNbvJiY/wjydTTPyuHMbdmncZO27a
R+Q=
-----END ENCRYPTED PRIVATE KEY-----

</key>
<cert>
-----BEGIN CERTIFICATE REQUEST-----
MIIC+zCCAeMCAQAwgZ0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEPMA0GA1UE
BxMGSm9saWV0MRAwDgYDVQQKEwdPcGVuVlBOMREwDwYDVQQLEwhjaGFuZ2VtZTEO
MAwGA1UEAxMFUGhvbmUxETAPBgNVBCkTCGNoYW5nZW1lMSgwJgYJKoZIhvcNAQkB
Fhl1bmtub3duc29sZGllcnhAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqLY2+Z8rW6CjbZIup4vqCmAV7Sg9+aOi9VGN148ZdzbZn1cK
Q+E+MuZDIPjrbAHgWkvUWZY/O9lhoqzJnC89cIKryx7wG2p7TVXIaDnsOw794Bre
D530lqvthoviO/Od1OAGhy3iZBR3mwmNhF+oBE1oi8UAEifu/ibRRzwxmPehqHyk
W+ZMoR5AWxlZ1tQKrjmivn+QWqv8PC2GD5H0P1dASui6qYJzSJ2WLnHgOCwJZR80
d7QcT3ItqmF1oCgUORYNyAvX+dDYJooVM1Vlr+PN9tFkh5gz9ZVDJ4RhdjgF/cxB
QRRAKeaQ4tiO8NgoFNvIa3d6IlqtSzUh9tEdWwIDAQABoBgwFgYJKoZIhvcNAQkH
MQkTBzdwMXQwejIwDQYJKoZIhvcNAQEFBQADggEBAFUszdxSEyfUY6M+d2AoZYq5
h5zxN+3htVYMO2Z8JvgDvT0kT5u07NSbxlAhQmpKmBSnNIZeC3iY6Dh1cmCEiMGr
NPio8/BMiS25JXdyXIi3IpYZ5pJR7EjiQ4aaycgPFg0ykOZbsGaxzuMbJCCQm1XW
0CmLXqftKhkVhQ8CnpnOE+MpuD1LHZlEPANQQ5MENgMeqov0kMMZ0VEsz0j2mFjm
YXl+rl+zwVRmFnnoPutvLqQOnXNudrKuQ4o02NJ00SkLoVGBd/ce2J43bc0WeTUm
44uI6QmtpbmRhMpY7Wef7FSnsIDJH0lMdTS+LAMLQlq5e/whxZdBiS19Bd6hwnY=
-----END CERTIFICATE REQUEST-----

</cert>
comp-lzo
redirect-private block-local
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0 vpn_gateway
remote-cert-tls server
# Use system proxy setting
management-query-proxy

Original comment by unknowns...@gmail.com on 26 Jul 2014 at 12:36

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Redid all my certs. I think I may have entered a challenge password for my 
client cert, but not for my server cert.  I started from scratch and made sure 
not to enter any challenge passwords. Just a PEM password for the phone 
credentials.

Now it seems to attempt to connect, but it sits at "waiting for server reply", 
and the log shows "TLS key negotiation failed to occur within 60 seconds".

Original comment by unknowns...@gmail.com on 31 Jul 2014 at 9:30

Added labels: ****
Removed labels: ****

Attachments:

openvpn_log.txt

GoogleCodeExporter commented 9 years ago

Closing this since it was probably broken certficates

Original comment by arne@rfc2549.org on 22 Sep 2014 at 9:17

Changed state: Invalid
Added labels: ****
Removed labels: ****

mahiccc / ics-openvpn

Could not read certificateorg.apache.harmony.security.asn1.ASN1Exception #268