Hi John,
yesterday I've looked into the feature request for adding OpenVPN's "capath"
option
to uci. Just a comment on today's changes in
/package/network/services/openvpn/files/openvpn.init:
-) there's no such option like "cafile"; the option to pass a CA file is called
"ca" and is
already present in the init-file
-) for the now added option "capath":
-> Info: this option is only available with libopenssl (not polarssl)
-> I've tried this yesterday (passing a path to openvpn containing my
test-CA-file)
The result was: openvpn-openssl gives a warning in the syslog:
daemon.warn openvpn(___)[15295]: WARNING: experimental option --capath
/etc/openvpn/ca/
The effect that openvpn didn't work seems to be due to me being not able
to correctly
setup a ca-directory in a style OpenSSL is able to read.
Anyway, I'd revoke the 'cafile' option - this could be misleading.
Best regards,
P. Wassi
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
