Hi Bob, Sorry for responding so late. If we add the script to openvpn.lrp the package would also require the openssl.lrp package. I will think about a solution.
Regards, Eric > Hi Eric, > > > Just to confirm, the script works fine without modification, the Server > config needs "crl-verify keys/crl.pem" adding to be able to use the CRL > generated by "full-revoke <client>". On testing, the leaf box shows that a > revoked certificate has been tried in daemon.log. Sadly the Windows > Openvpn GUI does not show a revocation, > just a TLS failure (maybe this is good security?). > > Would it be worth adding the script to the LRP ? > > > Regards, > > > Bob > >> Hi Bob, >> >> >> Correct, but you can just copy the script from the openvpn source to >> the Bering-uClibc system and make it executable. >> >> >> Regards, >> Eric >> >> >> >>> Hi Eric, >>> >>> >>> >>> Thanks for answering, but the revoke script is neither in the >>> openvpnz nor the openssl lrp package. I have both installed on my LEAF >>> box. >>> >>> Regards, >>> Bob >>> >>> >>> >>> Eric Spakman schrieb: >>> >>> >>> >>>> Hi Bob, >>>> >>>> >>>> >>>> The revoke-full script is a very simple shell script which only >>>> uses openssl (you need the openssl.lrp package, probably the reason >>>> why the script isn't added by default), so I don't see any reason >>>> why it shouldn't work. I think you just can use it "as is" on >>>> Bering-uClibc. >>>> >>>> >>>> Regards, >>>> Eric >>>> >>>> >>>> >>>> >>>> >>>>> Dear LEAF list, >>>>> >>>>> >>>>> >>>>> >>>>> I am using Bering uClibc 2.3 with OpenVPN. Everything works >>>>> reaaly well - thanks ! I am trying to revoke a certificate (only to >>>>> test the CRL mechanism). On >>>>> the OpenVPN Howto a script is used "revoke-full" that is part of >>>>> the easyRSA software. This does not seem to exist in the >>>>> openvpn-lrp. Can I >>>>> use the same script as in the 'non-LEAF' openvpn package or do I >>>>> need to make some adjustments? p.s. I don't find any information >>>>> as to revocation/CRLs in the LEAF docs, I would be happy to write >>>>> something once I get it working. >>>>> >>>>> >>>>> >>>>> Regards, >>>>> >>>>> >>>>> >>>>> >>>>> Bob von Knobloch. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ----------------------------------------------------------------- >>>>> ---- >>>>> ---- >>>>> Using Tomcat but need to do more? Need to support web services, >>>>> security? Get stuff done quickly with pre-integrated technology to >>>>> make your job easier Download IBM WebSphere Application Server >>>>> v.1.0.1 based on Apache Geronimo >>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat >>>>> =1216 >>>>> 42 >>>>> ------------------------------------------------------------------ >>>>> ---- >>>>> -- >>>>> leaf-user mailing list: [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/leaf-user >>>>> Support Request -- http://leaf-project.org/ >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>> --------------------------------------------------------------------- >>> ---- >>> Using Tomcat but need to do more? Need to support web services, >>> security? Get stuff done quickly with pre-integrated technology to >>> make your job easier Download IBM WebSphere Application Server v.1.0.1 >>> based on Apache Geronimo >>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=1216 >>> 42 >>> ---------------------------------------------------------------------- >>> -- >>> leaf-user mailing list: [email protected] >>> https://lists.sourceforge.net/lists/listinfo/leaf-user >>> Support Request -- http://leaf-project.org/ >>> >>> >>> >>> >> >> >> > > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
