*** This bug is a duplicate of bug 1566032 ***
https://bugs.launchpad.net/bugs/1566032
** Information type changed from Public Security to Public
** This bug has been marked a duplicate of bug 1566032
crl-verify is not an option
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1618286
Title:
Critical security flaw: Missing crl-verify openvpn option
Status in network-manager-openvpn package in Ubuntu:
New
Bug description:
Many VPN providers will give a Certificate Revocation List crl.pem file in
their OpenVPN packages. The CRL list is becoming increasingly important after
the Heartbleed bug was exposed, leaving many servers vulnerable to attack by
unauthorized certificates. Is there any way to manually pass the option
'crl-verify crl.pem' to openvpn by editing a file somewhere?
I'm having a difficult time understanding how the network-manager-openvpn
client actually works, and what arguments it can actually receive, given that
it doesn't 'truly' import .ovpn configuration files. I also have little clue
where the configurations are written in the file system as there are no manual
pages and no debugging/terminal output for the network-manager-openvpn client.
I can't even find the godforsaken binaries after installing the package. It
would be much better if one could literally just pass it a .ovpn file, but
seeing as that's not possible, I must request that the crl-verify option is
added in the near future so that my system is not vulnerable to attacks using
unauthorized certificates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1618286/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
