Hi, On 15/04/2021 11:12, Max Fillinger wrote: > When using the chroot option, the init_ssl function can be called before > entering the chroot or, when OpenVPN receives a SIGHUP, afterwards. This > commit ensures that OpenVPN tries to open the correct path for the CRL > file in either situation. > > This commit does not address key and certificate files. For these, the > --persist-key option should be used. > > Signed-off-by: Max Fillinger <maximilian.fillin...@foxcrypto.com>
Compile tested against my zoo of SSL libraries and got no complaint. GitLab CI did not complain either. I reproduced the bug by having the file reachable by the option parser (chroot+crl_path), but unreachable by the first run of init_ssl() (no chroot included in the path here). I could see that this patch addresses this issue and prevent the first init_ssl() from failing. Subsequent CRL reloads also work as expected. Acked-by: Antonio Quartulli <anto...@openvpn.net> Being this a bugfix for chroot, it should be merged to 2.5 too, if possible. Regards, -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
