[LEDE-DEV] OpenVPN capath + cafile uci options

John Crispin john at phrozen.org
Thu Oct 27 11:46:18 PDT 2016



On 27/10/2016 20:29, p.wassi at gmx.at wrote:
> Hi John,
> 
> yesterday I've looked into the feature request for adding OpenVPN's "capath" option
> to uci. Just a comment on today's changes in /package/network/services/openvpn/files/openvpn.init:
> 
> -) there's no such option like "cafile"; the option to pass a CA file is called "ca" and is
>    already present in the init-file
> -) for the now added option "capath":
>    -> Info: this option is only available with libopenssl (not polarssl)
>    -> I've tried this yesterday (passing a path to openvpn containing my test-CA-file)
>       The result was: openvpn-openssl gives a warning in the syslog:
>       daemon.warn openvpn(___)[15295]: WARNING: experimental option --capath /etc/openvpn/ca/
>       The effect that openvpn didn't work seems to be due to me being not able to correctly
>       setup a ca-directory in a style OpenSSL is able to read.
> 
> Anyway, I'd revoke the 'cafile' option - this could be misleading.
> 
> Best regards,
> P. Wassi
> 

ok, will do so in a moment. thanks for testing.

	John
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
> 



More information about the Lede-dev mailing list