ACK to the attached (rebase by me) patch from trac:
https://community.openvpn.net/openvpn/ticket/248
-Steffan
>From 0e132ca6733ede1f066b0cd717b1886a28e09d32 Mon Sep 17 00:00:00 2001
From: James Geboski <jgebo...@gmail.com>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Tue, 8 Jan 2013 17:52:57 -0500
Subject: [PATCH] Fix --askpass not allowing for password input via stdin
This resolves --askpass treating stdin as a file during the file access
check. In turn, this leads to openvpn failing to start if this option is
set to stdin.
By default, --askpass reads the certificate's password from stdin rather
than a file. Without passing the CHKACC_ACPTSTDIN flag to
check_file_access(), stdin is marked as being a nonexistent file.
Signed-off-by: James Geboski <jgebo...@gmail.com>
---
src/openvpn/options.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 74276d4..cd13aa9 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2738,8 +2738,8 @@ options_postprocess_filechecks (struct options *options)
options->packet_id_file, R_OK|W_OK, "--replay-persist");
/* ** Password files ** */
- errs |= check_file_access (CHKACC_FILE, options->key_pass_file, R_OK,
- "--askpass");
+ errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,
+ options->key_pass_file, R_OK, "--askpass");
#endif /* ENABLE_CRYPTO */
#ifdef ENABLE_MANAGEMENT
errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,
--
2.1.4
