On 20/05/17 00:45, Mahawar, Sunil wrote: > Hi, > > I loved easy-rsa tool and its user friendly interface. I am using > this tool for one of my project for OpenHPC (http://openhpc.community ). > However one my colleague pointed out that easy-rsa project is not an > active project, its last release was 2 year back, last commit was June > 2016, and there are multiple open issues on git hub (40), which are not > yet addressed. So there was concern that any security related > vulnerability (if found) will not be fixed in timely manner. Because of > that I was asked to reevaluate easy-rsa utility for my use. > > As per the documentation, easy-rsa development co-exists with OpenVPN, I > am assuming that openvpn community will take care of any vulnerability > in easy-rsa (if found). I will appreciate if someone on community > confirm my assumption that openvpn community will also be maintain > easy-rsa any vulnerability in this utility? >
It might not look so active, but there are people who are engaged and who I am quite sure will step up if it is truly needed to act upon any security issues. The upstream project is hosted here: <https://github.com/OpenVPN/easy-rsa> That said, there are not too much security issues easy-rsa itself may introduce. It is basically just a shell script providing a more easy user interface to the openssl command line. So as long as your OpenSSL installation is safe and good, there is not too much this tool can do to reduce that. The primary thing in easy-rsa influencing the security is the OpenSSL configuration file (openssl-1.0.cnf), and the secondary is how the various openssl command line calls is handled. Except of that, it is a fairly simple program logic and lots of somewhat more helpful text. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
