Hi,
On 23/07/19 19:11, Stephen Reese wrote:
Let me dive into this deeper, but this did not use to happen -
I've used CentOS 6+7 icw OpenVPN for years , including
client-connect scripts and have never seen coredumps like that.
Are you using selinux? auditing? what is your policy on those?
I had SELinux disabled (permissive) and did not enable any special
auditing. The image used is from https://github.com/plus3it/spel and
running in AWS.
just tried this on a "plain" CentOS 7 box and I am not seeing any seg
faults upon client-connect; this is with the EPEL version of OpenVPN 2.4.7.
The openssl library on RHEL/CentOS 7 is indeed FIPS compliant, but FIPS
mode still needs to be explicitly enabled inside an application, usually
using FIPS_mode_set().
You can check whether your version of OpenVPN has been patched to do
this by running:
# objdump -tT /usr/sbin/openvpn | grep FIPS
( no output, meaning no FIPS calls )
In contrast to:
# objdump -tT /usr/bin/openssl | grep FIPS
0000000000000000 DF *UND* 0000000000000000 libcrypto.so.10
FIPS_mode
0000000000000000 DF *UND* 0000000000000000 libcrypto.so.10
FIPS_mode_set
I've looked at the github page but it's too much of a bother to actually
get/build such an image (for my VMware player). If you can provide me
with a prebuilt image, including root access I can have a quick peek.
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
