Does OpenVPN support CADir format? On Mon, Aug 18, 2025 at 6:32 PM Michael Catanzaro <mcatanz...@redhat.com> wrote:
> Hi, after upgrading to Fedora 43 I noticed my OpenVPN connection was > broken due to > https://fedoraproject.org/wiki/Changes/droppingOfCertPemFile > > I see in my journal: > > nm-openvpn[32218]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but > missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). > OpenVPN ignores --cipher for cipher negotiations. > nm-openvpn[32218]: Options error: --ca fails with > '/etc/pki/tls/certs/ca-bundle.crt': No such file or directory (errno=2) > nm-openvpn[32218]: Options error: Please correct these errors. > nm-openvpn[32218]: Use --help for more information. > > I searched NetworkManager-openvpn, NetworkManager, and OpenVPN upstream > git repos and Fedora spec files and couldn't find any references to > ca-bundle.crt in any of them. Then eventually I found it specified > under my VPN configuration that's installed into > /etc/NetworkManager/system-connections: > > [vpn] > ca=/etc/pki/tls/certs/ca-bundle.crt > > Workaround is to just change the file path: > > [vpn] > ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem > > And that worked. > > (Next I thought "why allow all trusted certificates?" and wound up > selecting the particular root certificate that I expect my server > certificate to be signed by, which also worked. Nice when things work.) > > Michael > > > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Dmitry Belyavskiy
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
