[Bug 230197] Re: Network-manager incorrectly uses openssl-vulnkey to check validity of openvpn keys

Wed, 14 May 2008 04:15:23 -0700 

Well. Whenever connecting to vpn I got this into my daemon.log:

May 14 11:06:24 saturnus nm-openvpn[21432]: OpenVPN 2.1_rc7 i486-pc-linux-gnu 
[SSL] [LZO2] [EPOLL] built on May 13 2008
May 14 11:06:24 saturnus nm-openvpn[21432]: /usr/sbin/openssl-vulnkey -q 
/home/markus/openvpn/markus_laptop.key
May 14 11:06:39 saturnus NetworkManager: <WARN>  
nm_vpn_service_process_signal(): VPN failed for service 
'org.freedesktop.NetworkManager.openvpn', signal 'ConnectFailed', with message 
'The VPN login failed because the VPN program could not connect to the VPN 
server.'. 
May 14 11:06:39 saturnus NetworkManager: <info>  VPN service 
'org.freedesktop.NetworkManager.openvpn' signaled state change 3 -> 5. 
May 14 11:06:39 saturnus NetworkManager: <info>  VPN service 
'org.freedesktop.NetworkManager.openvpn' signaled state change 5 -> 6. 
May 14 11:06:39 saturnus NetworkManager: <WARN>  
nm_vpn_service_stop_connection(): (VPN Service 
org.freedesktop.NetworkManager.openvpn): could not stop connection 'XXXXXX' 
because service was 6. 
May 14 11:06:49 saturnus nm-openvpn[21432]: ERROR: 
'/home/markus/openvpn/markus_laptop.key' is a known vulnerable key. See 'man 
openssl-vulnkey' for details.
May 14 11:06:49 saturnus nm-openvpn[21432]: Exiting


Then I did the following:

[EMAIL PROTECTED]:~/openvpn]$ openvpn-vulnkey -q markus_laptop.key
[EMAIL PROTECTED]:~/openvpn]$ openssl-vulnkey -q markus_laptop.key
Enter pass phrase for markus_laptop.key:
Enter pass phrase for markus_laptop.key:
ERROR: 1:
unable to load Private Key
27758:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad 
decrypt:evp_enc.c:461:
27758:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:
[EMAIL PROTECTED]:~/openvpn]$ sudo cp /usr/sbin/openssl-vulnkey 
/usr/sbin/openssl-vulnkey.bak
[EMAIL PROTECTED]:~/openvpn]$ sudo cp /usr/sbin/openvpn-vulnkey 
/usr/sbin/openssl-vulnkey    
[EMAIL PROTECTED]:~/openvpn]$ openssl-vulnkey -q markus_laptop.key
[EMAIL PROTECTED]:~/openvpn]$ 

And now network-manager quietly accepts my openvpn keys and I can have
openvpn connections.

Of course this can't be nothing but a temporary solution to get my work
done. The situation requires another bugfix for the network-manager.

-- 
Network-manager incorrectly uses openssl-vulnkey to check validity of openvpn 
keys
https://bugs.launchpad.net/bugs/230197
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to