[LEDE-DEV] OpenVPN capath + cafile uci options

p.wassi at gmx.at p.wassi at gmx.at
Thu Oct 27 11:29:31 PDT 2016

Hi John,

yesterday I've looked into the feature request for adding OpenVPN's "capath" option
to uci. Just a comment on today's changes in /package/network/services/openvpn/files/openvpn.init:

-) there's no such option like "cafile"; the option to pass a CA file is called "ca" and is
   already present in the init-file
-) for the now added option "capath":
   -> Info: this option is only available with libopenssl (not polarssl)
   -> I've tried this yesterday (passing a path to openvpn containing my test-CA-file)
      The result was: openvpn-openssl gives a warning in the syslog:
      daemon.warn openvpn(___)[15295]: WARNING: experimental option --capath /etc/openvpn/ca/
      The effect that openvpn didn't work seems to be due to me being not able to correctly
      setup a ca-directory in a style OpenSSL is able to read.

Anyway, I'd revoke the 'cafile' option - this could be misleading.

Best regards,
P. Wassi

More information about the Lede-dev mailing list