CRL file cannot be read by OpenVPN #7

New issue

Closed

opened 2021-05-25 11:37:11 +02:00 by jdubois · 1 comment

jdubois commented 2021-05-25 11:37:11 +02:00

Member

Copy link

Because OpenVPN is running as "nobody:nogroup" and the CRL file must be reread at each client connection, the CRL file must be readable by everyone.

We should either change the shellpki folder and crl file permissions :

# chmod 644 /etc/shellpki/crl.pem
# chmod 755 /etc/shellpki/

Or move the CRL file to another location.

Otherwise, the CRL file has no effect and a revoked client will still be able to connect.

Because OpenVPN is running as "nobody:nogroup" and the CRL file must be reread at each client connection, the CRL file must be readable by everyone. We should either change the shellpki folder and crl file permissions : ``` # chmod 644 /etc/shellpki/crl.pem # chmod 755 /etc/shellpki/ ``` Or move the CRL file to another location. Otherwise, the CRL file has no effect and a revoked client will still be able to connect.

jdubois commented 2023-01-05 17:22:22 +01:00

Author

Member

Copy link

Fixed by 30ef252ff5

Fixed by 30ef252ff5

jdubois closed this issue 2023-01-05 17:22:22 +01:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dev

openssl-pkey

master-legacy

debian-sid

22.12.2

22.12.1

22.12

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: evolix/shellpki#7

No description provided.