Is selinux/apparmod enabled? That can prevent the openvpn process to read the file.
I know you've check the files/dirs, but it's always a good idea to check it with the actual user accessing it; it's too easy to overlook/miss something. -----Original Message----- From: richard lucassen [mailto:mailingli...@lucassen.org] Sent: Thursday, April 16, 2020 7:16 PM To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] crl-verify On Thu, 16 Apr 2020 13:38:39 +0200 Dajka Tamás <vi...@vipernet.hu> wrote: > Still does NOT work? You mean, you are able to connect? Yep. And according to the man page the server should reject certificate with serial 0B if a file exists in crl/0B (file can be empty) > If u can't restart the server how can you test? Changing the server > side requires reboot. With a SysV system you can restart one of the OpenVPN instances like this: /etc/init.d restart server where "server" is the server.conf without .conf > You might have missed something with the directory rights. Simply 'su' > to nobody with a valid shell and try to read the 0B file As I said in another post, all dirs are 755 and files 644 It smells like a bug. Or a "bug" in the manpage. -- richard lucassen http://contact.xaq.nl/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
