Selva Nair <selva.nair <at> gmail.com> writes: > openssl may be using secure_getenv instead of getenv, in which case it may not see the env variable depending on how openvpn is started as well as any security restrictions in place. Just guessing.
You're guessing right. Thanks to @richmoore1 from #openssl, who said there's no OPENSSL_ENABLE_MD5_VERIFY in openssl's source so it had to be patched in by distro, I googled OPENSSL_ENABLE_MD5_VERIFY again and found the bug "OPENSSL_ENABLE_MD5_VERIFY can not be used with NetworkManager & OpenVPN to re-enable MD5 certificate verification" (https://bugzilla.redhat.com/show_bug.cgi?id=1174915) However, according to this bug this was already fixed in Fedora 21 yet I observe this bug in Fedora 24 and someone else observed it in CentOS 7.1 It looks like the fix might have been reverted in the meantime. ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
