From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: IPFire 2.27 - Core Update 175 is available for testing Date: Mon, 22 May 2023 22:18:00 +0000 Message-ID: In-Reply-To: <01841464-ef54-5c9d-6f9e-5d642b80879c@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0244812013904788861==" List-Id: --===============0244812013904788861== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Adolf, thank you for your e-mail, your patches, and testing everything so thoroughly= . Highly appreciated! :-) Just to ensure I didn't miss anything: I interpret comment #3 in bug #13117 t= hat this bug has been created as a follow-up to the behaviour observed in Core Update 175 (testing)= , related to the patchset submitted for bug #11048. So, having amended your patchset for fixing #13117, my understanding is that = that fixing #11048 does not need to be reverted anymore? Thanks in advance for clarifying, and all the best, Peter M=C3=BCller (under-caffeinated) > Hi Peter, >=20 > I have found that the code for the update.sh script for the Bug#11048 fix h= as a bug in it. The code looks for 'Encrypted' in the OpenSSL feedback for no= n password certs and 'error' for certs with a password. >=20 > I have found that with the OpenSSL3 version that some of the old certs with= out a password can end up also giving an error message so that both 'Encrypte= d' and 'error' are present. This means that an entry for that cert was placed= in ovpnconfig twice for the same connection, once with pass and the second t= ime with no-pass. It ends up only showing the first entry as the name is the = same for both but this means that you end up with a connection with no passwo= rd showing up like it has a password. >=20 > In the code grep needs to look for 'verify error' instead of just 'error' w= hich will solve the above problem during the update. >=20 > I didn't find this when I did my testing, which I don't understand yet as I= did the same sort of tests with the same sort of range of connections with a= nd without passwords. >=20 > I think it would be a good idea to revert the patch set for the Bug Fix for= Bug#11048 until I have sorted this all out and can confirm that with my test= ing. >=20 > Regards, >=20 > Adolf. >=20 > On 20/05/2023 09:00, IPFire Project wrote: >> IPFire Logo >> >> there is a new post from Peter M=C3=BCller on the IPFire Blog: >> >> *IPFire 2.27 - Core Update 175 is available for testing* >> >> =C2=A0=C2=A0=C2=A0 The forthcoming update, IPFire 2.27 - Core Update 175, = is available for testing! Most noteworthy, it updates OpenSSL to the 3.1.0 br= anch, features a kernel update as well as other package updates and a variety= of bug fixes are also included in this update. >> >> Click Here To Read More >> >> The IPFire Project >> Don't like these emails? Unsubscribe . >> --===============0244812013904788861==--