On 04.11.2014 22:57, Zoltan Kota wrote: > Hi, > > With F21 on, openssl has been patched to disallow verification of > certificates that are signed with MD5 algorithm. Until I get our sysadmins > generate new keys I should use the workaround described as: "a temporary > measure the OPENSSL_ENABLE_MD5_VERIFY environment variable can be set to > allow verification of certificates signed with MD5 algorithm." > > On my pre-F21 (test)machine I use gnome with Networkmanager(-openvpn). How > can I add the above environment variable for Networkmanager? >
[openssl] disable verification of certificate, CRL, and OCSP signatures using MD5 https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20131111/1144043.html Chapter 28. Networking https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.0_Release_Notes/Known-Issues-Networking.html openssl component, BZ#1062656 It is not possible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5-signed certificates. To work around this problem, copy the wpa_supplicant.service file from the /usr/lib/systemd/system/ directory to the /etc/systemd/system/ directory and add the following line to the Service section of the file: Environment="OPENSSL_ENABLE_MD5_VERIFY" Then run the systemctl daemon-reload command as root to reload the service file. Important Note that MD5 certificates are highly insecure and Red Hat does not recommend using them. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
