Looking at the source code for nm-openvpn-service.c, before this bug was
introduced it doesn't appear that the crl-verify option was ever
implemented or used, as it is not found within the code. The only lines
that refer to crl-verify were introduced in Ubuntu 19.04, and consist of
the following:
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CRL_VERIFY_FILE);
if (tmp)
args_add_strv (args, "--crl-verify", tmp);
else {
tmp = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENVPN_KEY_CRL_VERIFY_DIR);
if (tmp)
args_add_strv (args, "--crl-verify", tmp, "dir");
}
Frankly I do not know how or why "/var/lib/openvpn/chroot/" gets
incorrectly prepended to the file path in the openvpn argument string,
but the crl-verify option clearly doesn't work (or may never have worked
after it was introduced). This needs fixing ASAP.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835644
Title:
CRL files are not accessible for the Verify CRL options
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
