Hi Peter,
I have found that the code for the update.sh script for the Bug#11048 fix has a bug in it. The code looks for 'Encrypted' in the OpenSSL feedback for non password certs and 'error' for certs with a password.
I have found that with the OpenSSL3 version that some of the old certs without a password can end up also giving an error message so that both 'Encrypted' and 'error' are present. This means that an entry for that cert was placed in ovpnconfig twice for the same connection, once with pass and the second time with no-pass. It ends up only showing the first entry as the name is the same for both but this means that you end up with a connection with no password showing up like it has a password.
In the code grep needs to look for 'verify error' instead of just 'error' which will solve the above problem during the update.
I didn't find this when I did my testing, which I don't understand yet as I did the same sort of tests with the same sort of range of connections with and without passwords.
I think it would be a good idea to revert the patch set for the Bug Fix for Bug#11048 until I have sorted this all out and can confirm that with my testing.
Regards,
Adolf.
On 20/05/2023 09:00, IPFire Project wrote:
IPFire Logo
there is a new post from Peter Müller on the IPFire Blog:
*IPFire 2.27 - Core Update 175 is available for testing*
The forthcoming update, IPFire 2.27 - Core Update 175, is available for testing! Most noteworthy, it updates OpenSSL to the 3.1.0 branch, features a kernel update as well as other package updates and a variety of bug fixes are also included in this update.Click Here To Read More https://blog.ipfire.org/post/ipfire-2-27-core-update-175-is-available-for-testing
The IPFire Project Don't like these emails? Unsubscribe https://people.ipfire.org/unsubscribe.