From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: IPFire 2.27 - Core Update 175 is available for testing
Date: Sat, 20 May 2023 15:00:01 +0200
Message-ID: <01841464-ef54-5c9d-6f9e-5d642b80879c@ipfire.org>
In-Reply-To: <168456600904.682715.17753844671708569948.ipfire@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7456074825777000980=="
List-Id: <development.lists.ipfire.org>

--===============7456074825777000980==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Peter,

I have found that the code for the update.sh script for the Bug#11048 fix has=
 a bug in it. The code looks for 'Encrypted' in the OpenSSL feedback for non =
password certs and 'error' for certs with a password.

I have found that with the OpenSSL3 version that some of the old certs withou=
t a password can end up also giving an error message so that both 'Encrypted'=
 and 'error' are present. This means that an entry for that cert was placed i=
n ovpnconfig twice for the same connection, once with pass and the second tim=
e with no-pass. It ends up only showing the first entry as the name is the sa=
me for both but this means that you end up with a connection with no password=
 showing up like it has a password.

In the code grep needs to look for 'verify error' instead of just 'error' whi=
ch will solve the above problem during the update.

I didn't find this when I did my testing, which I don't understand yet as I d=
id the same sort of tests with the same sort of range of connections with and=
 without passwords.

I think it would be a good idea to revert the patch set for the Bug Fix for B=
ug#11048 until I have sorted this all out and can confirm that with my testin=
g.

Regards,

Adolf.

On 20/05/2023 09:00, IPFire Project wrote:
> IPFire Logo
>=20
> there is a new post from Peter M=C3=BCller on the IPFire Blog:
>=20
> *IPFire 2.27 - Core Update 175 is available for testing*
>=20
>     The forthcoming update, IPFire 2.27 - Core Update 175, is available for=
 testing! Most noteworthy, it updates OpenSSL to the 3.1.0 branch, features a=
 kernel update as well as other package updates and a variety of bug fixes ar=
e also included in this update.
>=20
> Click Here To Read More <https://blog.ipfire.org/post/ipfire-2-27-core-upda=
te-175-is-available-for-testing>
>=20
> The IPFire Project
> Don't like these emails? Unsubscribe <https://people.ipfire.org/unsubscribe=
>.
>=20

--===============7456074825777000980==--