Hi, On Sun, Jul 26, 2015 at 09:05:48AM -0400, Alan McKay wrote: > So it seems that now when I use --daemon it backgrounds BEFORE > prompting for my password instead of after > > So I am good as long as I don't do that. > > Why this all of a sudden?
The old way breaks if you use crypto systems that do not permit fork()ing
*after* initializing the crypto library - namely, FreeBSD's cryptodev
(and we can't opt to not use it - if it's loaded, FreeBSD's openssl will
always use cryptodev...). So we turned around the initialization order
for 2.3.7 - fork (=daemon()) first, then init crypto. Which means that
you need to use --askpass now to have openvpn query on stdin for a
pass-phrase for a protected key - because it won't notice on its own
until after daemon().
Unfortunately, we only discovered after 2.3.7 that it actually doesn't
work, due to another bug... the current git code (releae/2.3 branch) has
all the necessary fixes, and will lead to a 2.3.8 release "very soon".
Apologies for the mess.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpvaTO36v67A.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
