Am 31.03.2016 um 23:07 schrieb Piotr Dobrogost:
When I start OpenVPN as a deamon from command line like this: `sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config /etc/openvpn/xxx.conf` the tunnel comes up with no problem. However, when I start it as a systemd service I get this error: Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL, L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1, error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx VPN CA I've been getting the same error when starting OpenVPN as a deamon from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's why I thought the reason for error is that when starting OpenVPN as a systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I verified it gets set by adding "ExecStartPre=/usr/bin/env" to the service template file. Please help
get rid of MD5 and SHA1 certs in 2016 openvpn works pretty fine with systemd we connect 6 different networks in all directions with openvpn and systemd
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
