diff --git a/client/config_init.c b/client/config_init.c
index 3774cd11..dab1cbac 100644
--- a/client/config_init.c
+++ b/client/config_init.c
@@ -576,6 +576,10 @@ is_rc_param(const char *line, rc_file_param_t *param)
     var[MAX_LINE_LEN-1] = 0x0;
     val[MAX_LINE_LEN-1] = 0x0;
 
+    /* Remove any trailing whitespace from the value
+    */
+    chop_whitespace(val);
+
     /* Copy back the val and var in the structure */
     strlcpy(param->name, var, sizeof(param->name));
     strlcpy(param->val, val, sizeof(param->val));
diff --git a/common/fko_util.c b/common/fko_util.c
index ca9a58b7..77e89adb 100644
--- a/common/fko_util.c
+++ b/common/fko_util.c
@@ -562,6 +562,24 @@ strtol_wrapper(const char * const str, const int min,
     return val;
 }
 
+/* Chop whitespace off the end of a string (must be NULL-terminated)
+*/
+void
+chop_whitespace(char *str)
+{
+    int i;
+    for (i=strlen(str)-1; i > 0; i--)
+    {
+        if (! isspace(str[i]))
+        {
+            if (i < strlen(str)-1)
+                str[i+1] = 0x0;
+            break;
+        }
+    }
+    return;
+}
+
 /* zero out a buffer before free()
 */
 int zero_free(char *buf, int len)
diff --git a/common/fko_util.h b/common/fko_util.h
index c5ad8f56..da8d11f2 100644
--- a/common/fko_util.h
+++ b/common/fko_util.h
@@ -53,6 +53,7 @@ short   digest_inttostr(int digest, char* digest_str, size_t digest_size);
 short   hmac_digest_strtoint(const char *dt_str);
 short   hmac_digest_inttostr(int digest, char* digest_str, size_t digest_size);
 int     constant_runtime_cmp(const char *a, const char *b, int len);
+void    chop_whitespace(char *buf);
 int     zero_free(char *buf, int len);
 int     zero_buf(char *buf, int len);
 
diff --git a/server/access.c b/server/access.c
index 8424f13f..9b74e520 100644
--- a/server/access.c
+++ b/server/access.c
@@ -1560,6 +1560,10 @@ parse_access_file(fko_srv_options_t *opts, char *access_filename, int *depth)
         var[MAX_LINE_LEN-1] = 0x0;
         val[MAX_LINE_LEN-1] = 0x0;
 
+        /* Remove any trailing whitespace from the value
+        */
+        chop_whitespace(val);
+
         if (opts->verbose > 3)
             log_msg(LOG_DEBUG,
                 "ACCESS FILE: %s, LINE: %s\tVar: %s, Val: '%s'",
diff --git a/server/config_init.c b/server/config_init.c
index c308b925..8cc1828a 100644
--- a/server/config_init.c
+++ b/server/config_init.c
@@ -332,6 +332,9 @@ parse_config_file(fko_srv_options_t *opts, const char *config_file)
             );
             continue;
         }
+        /* Remove any trailing whitespace from the value
+        */
+        chop_whitespace(val);
 
         good_ent = 0;
         for(i=0; i<NUMBER_OF_CONFIG_ENTRIES; i++)
diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl
index 0f87987a..a4451e22 100755
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@@ -272,6 +272,7 @@ my $enable_perl_module_checks = 0;
 my $enable_perl_module_fuzzing_spa_pkt_generation = 0;
 my $enable_python_module_checks = 0;
 my $enable_openssl_compatibility_tests = 0;
+my $disable_openssl_compatibility_tests = 0;
 my $enable_cunit_tests = 0;
 my $openssl_success_ctr = 0;
 my $openssl_failure_ctr = 0;
@@ -383,6 +384,7 @@ exit 1 unless GetOptions(
     'enable-distcheck'  => \$enable_make_distcheck,
     'enable-dist-check' => \$enable_make_distcheck,  ### synonym
     'enable-openssl-checks' => \$enable_openssl_compatibility_tests,
+    'disable-openssl-checks' => \$disable_openssl_compatibility_tests,
     'enable-cunit' => \$enable_cunit_tests,
     'gdb-test=s'        => \$gdb_test_file,
     'List-mode'         => \$list_mode,
@@ -744,6 +746,9 @@ unless (-d $output_dir) {
     mkdir $output_dir or die "[*] Could not mkdir $output_dir: $!";
 }
 
+### allow OpenSSL tests to be disabled even when --enable-all is set
+$enable_openssl_compatibility_tests = 0 if $disable_openssl_compatibility_tests;
+
 ### create an anonymized tar file of test suite results that can be
 ### emailed around to assist in debugging fwknop communications
 exit &anonymize_results() if $anonymize_results;
@@ -8655,6 +8660,7 @@ sub usage() {
                                          $fuzzing_pkts_file
     --enable-openssl-checks            - Enable tests to verify that Rijndael
                                          cipher usage is compatible with openssl.
+    --disable-openssl-checks           - Disable OpenSSL verification tests.
     --gdb-test <test file>             - Run the same command a previous test suite
                                          execution through gdb by specifying the
                                          output/ test file.
diff --git a/test/tests/basic_operations.pl b/test/tests/basic_operations.pl
index c93c9905..2d7f06e8 100644
--- a/test/tests/basic_operations.pl
+++ b/test/tests/basic_operations.pl
@@ -1047,6 +1047,24 @@
         'positive_output_matches' => [qr/skipping stanza/],
         'negative_output_matches' => [qr/Could not find valid SOURCE stanza/],
     },
+
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'source trailing chars',
+        'function' => \&server_conf_files,
+        'fwknopd_cmdline' => "$server_rewrite_conf_files --exit-parse-config",
+        'exec_err' => $YES,
+        'server_access_file' => [
+            'SOURCE     192.168.10.1      #test',
+            'KEY        testtest'
+        ],
+        'server_conf_file' => [
+            '### comment'
+        ],
+        'positive_output_matches' => [qr/Setting gid/],
+    },
+
     {
         'category' => 'basic operations',
         'subcategory' => 'server',