On 2015-12-14, Tuyosi Takesima <[email protected]> wrote: > Hi all . > about openvpn ,i follow http://www.kernel-panic.it/openbsd/vpn/vpn4.html > > cp openssl-0.9.6.cnf openssl.cnf > > and > when # ./pkitool
easy-rsa is broken in 5.8 release. If you fetch a -stable ports tree from cvs and update easy-rsa you can get a version which has a workaround. > --initca > then > Using CA Common Name: changeme > error on line 39 of /usr/local/share/easy-rsa/openssl.cnf > 6496586334084:error:0E065068:configuration file routines:STR_COPY:variable > has no > value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_def.c:573:line > 39 > > > line 39 of /usr/local/share/easy-rsa/openssl.cnf > is > 39 dir = $ENV::KEY_DIR # Where everything is kept This is the config file passed to the openssl(1) tool, /usr/bin/openssl (which is LibreSSL in OpenBSD). It's using this syntax to try and pass in a variable via the process environment. You might think that the config parser for this is in the tool itself, but actually it's in the library(!). Changing library behaviour based on environment variables is considered dangerous in some cases, so it's been removed from LibreSSL.
