Hi, On 01/04/16 15:40, Piotr Dobrogost wrote: > Selva Nair <selva.nair <at> gmail.com> writes: > >> openssl may be using secure_getenv instead of getenv, in which case it may > not see the env variable depending on how openvpn is started as well as any > security restrictions in place. Just guessing. > > You're guessing right. Thanks to @richmoore1 from #openssl, who said there's > no OPENSSL_ENABLE_MD5_VERIFY in openssl's source so it had to be patched in > by distro, I googled OPENSSL_ENABLE_MD5_VERIFY again and found the bug > "OPENSSL_ENABLE_MD5_VERIFY can not be used with NetworkManager & OpenVPN to > re-enable MD5 certificate verification" > (https://bugzilla.redhat.com/show_bug.cgi?id=1174915) > However, according to this bug this was already fixed in Fedora 21 yet I > observe this bug in Fedora 24 and someone else observed it in CentOS 7.1 It > looks like the fix might have been reverted in the meantime. > > I've managed to reproduce most of your setup on my FC22 box; however, the env.conf file is never picked up by my systemd. What *does* work for me, however, is to use # cat openvpn\@.service [Unit] Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I After=network.target
[Service] EnvironmentFile=/etc/openvpn/environment PrivateTmp=true Type=forking PIDFile=/var/run/openvpn/%i.pid ExecStartPre=/usr/bin/env ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf [Install] WantedBy=multi-user.target and then add an environment file /etc/openvpn/environment containing OPENSSL_ENABLE_MD5_VERIFY=1 so how did you get systemd to pick up the env.d directory? on FC22 this did not happen automagically... HTH, JJK ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
