[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
** Changed in: network-manager-openvpn Status: Unknown => New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in NetworkManager-OpenVPN: New Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
This seems to also happen when you specify any cert inline in an imported openvpn config. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in NetworkManager-OpenVPN: Unknown Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
** Also affects: network-manager-openvpn via https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/57 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in NetworkManager-OpenVPN: Unknown Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
thanks! -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
(Voila)[https://gitlab.gnome.org/GNOME/NetworkManager- openvpn/-/issues/57] ** Bug watch added: gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues #57 https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/57 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
Could you report the issue upstream on https://gitlab.gnome.org/GNOME /NetworkManager-openvpn/issues since it's likely a problem in the upstream codebase? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
I'm trying to set the crl-verify option via the network-manager UI: nm-connection-editor -> Edit -> Advanced... -> Security -> "Verify CRL from file". I didn't use the crl-verify-dir setting. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
do you also have a crl-verify-dir in your configuration? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
could you give some details on where and how is crl.rsa.4096.pem configured? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
The option was added some years ago https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/214815f7 The chroot directory seems to come from this define https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/blob/master/shared/nm-service-defines.h#L133 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
Looking at the source code for nm-openvpn-service.c, before this bug was introduced it doesn't appear that the crl-verify option was ever implemented or used, as it is not found within the code. The only lines that refer to crl-verify were introduced in Ubuntu 19.04, and consist of the following: tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CRL_VERIFY_FILE); if (tmp) args_add_strv (args, "--crl-verify", tmp); else { tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CRL_VERIFY_DIR); if (tmp) args_add_strv (args, "--crl-verify", tmp, "dir"); } Frankly I do not know how or why "/var/lib/openvpn/chroot/" gets incorrectly prepended to the file path in the openvpn argument string, but the crl-verify option clearly doesn't work (or may never have worked after it was introduced). This needs fixing ASAP. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
This is a serious problem compromising the security of OpenVPN on Linux. Every time I try to use crl-verify I get the following error: nm-openvpn[3957]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot/[insert path to pem file selected here]': No such file or directory (errno=2) The network manager cannot find the specified .pem file because for some reason the path is being prepended with "/var/lib/openvpn/chroot/". This bug needs to be fixed ASAP, I had no idea this was an issue until "upgrading" to this broken version of the network manager in Ubuntu 20.04. This bug is completely unacceptable and frankly ridiculous in that it has not been fixed or addressed. Please fix this issue. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
The problem persists on 20.04 (network-manager-openvpn, network-manager- openvpn-gnome 1.8.12-1) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
the problem persists on Ubuntu 19.10: nm-openvpn[2459]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//etc/openvpn/crl.pem': No such file or directory (errno=2) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1835644] Re: CRL files are not accessible for the Verify CRL options
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: network-manager-openvpn (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1835644 Title: CRL files are not accessible for the Verify CRL options Status in network-manager-openvpn package in Ubuntu: Confirmed Bug description: Hello, The Network Manager GUI options 'Verify CRL from file' and 'Verify CRL from directory' won't work because the openvpn process cannot access the files since being run with chroot, so the connection fails: nm-openvpn[5069]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[6135]: Options error: --crl-verify fails with '/var/lib/openvpn/chroot//home/steve/VPN/config/crl.rsa.4096.pem': No such file or directory (errno=2) Thanks. Ubuntu 19.04 network-manager-openvpn, network-manager-openvpn-gnome 1.8.10-1 openvpn 2.4.6-1ubuntu3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1835644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp