[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Make crl.pem with easy-rsa 2.0


  • Subject: Re: [Openvpn-users] Make crl.pem with easy-rsa 2.0
  • From: Jennifer Cormier <jcormier@xxxxxxxxxxxxxxx>
  • Date: Thu, 6 Dec 2007 15:28:38 +0000 (UTC)

 <okahei <at> gmail.com> reported an error message that occurs when running 
the revoke-full script included with easy-rsa 2.0:

> OpenVPN:~/easy-rsa/2.0# ./revoke-full cliente2
> Using configuration from /root/easy-rsa/2.0/openssl.cnf
> error on line 282 of config file '/root/easy-rsa/2.0/openssl.cnf'
> 2002:error:0E065068:configuration file routines:STR_COPY:variable has
> no value:conf_def.c:629:line 282
> Using configuration from /root/easy-rsa/2.0/openssl.cnf
> error on line 282 of config file '/root/easy-rsa/2.0/openssl.cnf'
> 2003:error:0E065068:configuration file routines:STR_COPY:variable has
> no value:conf_def.c:629:line 282
> cat: crl.pem: No existe el fichero o el directorio
> 
cliente2.crt: /C=ES/ST=ES/L=SanFrancisco/O=GTC/CN=cliente2/emailAddress=kokoa 
<at> myhost.mydomain
> error 3 at 0 depth lookup:unable to get certificate CRL


(Sorry for the duplicate post ... I was trying to reply to this message but it 
didn't show up in the same thread the first time.)

The error indicates a problem that occurs when the easy-rsa revoke-full script 
executes openssl.  One way to get it to work is to edit the revoke-full script 
as follows.

Inside the 2nd if statement (if [ "$KEY_DIR" ]; then), add the following lines 
immediately after the other 2 export statements (or anywhere before it first 
calls $OPENSSL):

	export PKCS11_MODULE_PATH="dummy"
	export PKCS11_PIN="dummy"

What's going on is that the openssl.cnf script requires those variables to be 
defined, but as long as PKCS11 isn't being used (which it isn't if you call 
the revoke-full script with only a single argument), it doesn't matter what 
they are set to.

Jennifer

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users