Looking at the source code for nm-openvpn-service.c, before this bug was
introduced it doesn't appear that the crl-verify option was ever
implemented or used, as it is not found within the code. The only lines
that refer to crl-verify were introduced in Ubuntu 19.04, and consist of
the following:
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CRL_VERIFY_FILE);
if (tmp)
args_add_strv (args, "--crl-verify", tmp);
else {
tmp = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENVPN_KEY_CRL_VERIFY_DIR);
if (tmp)
args_add_strv (args, "--crl-verify", tmp, "dir");
}
Frankly I do not know how or why "/var/lib/openvpn/chroot/" gets
incorrectly prepended to the file path in the openvpn argument string,
but the crl-verify option clearly doesn't work (or may never have worked
after it was introduced). This needs fixing ASAP.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1835644
Title:
CRL files are not accessible for the Verify CRL options
Status in network-manager-openvpn package in Ubuntu:
Confirmed
Bug description:
Hello,
The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL
from directory' won't work because the openvpn process cannot access
the files since being run with chroot, so the connection fails:
nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
nm-openvpn[6135]: Options error: --crl-verify fails with
'/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file
or directory (errno=2)
Thanks.
Ubuntu 19.04
network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1
openvpn 2.4.6-1ubuntu3.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
