Summary: | OpenSSL-1.1.1 RAND_write_file:Cannot open | ||
---|---|---|---|
Product: | IPFire | Reporter: | Erik Kapfer <ummeegge> |
Component: | openssl | Assignee: | Erik Kapfer <ummeegge> |
Status: | CLOSED FIXED | QA Contact: | Peter Müller <peter.mueller> |
Severity: | Major Usability | ||
Priority: | - Unknown - | ||
Version: | 2 | ||
Hardware: | all | ||
OS: | Unspecified | ||
Bug Depends on: | |||
Bug Blocks: | 11913 |
Description
Erik Kapfer
2018-12-01 08:14:19 UTC
OpenSSL-1.1.1a fixes the rnd. creation problem so far but leaves nevertheless a problem for the IPSec structure on IPFire. On OpenVPN the correct Owner/permissions for .rnd are set while the PKI generation -rw------- 1 nobody nobody 1024 Nov 16 01:27 /var/ipfire/ovpn/ca/.rnd . It seems that OpenSSL uses the owner of the parent directory which is nobody in OpenVPN (/var/ipfire/ovpn/ca/) but root for IPSec ( /var/tmp ). Best, Erik Potential fix can look like this --> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=5a8e18bfe7e378a7ef89aa128b43cc966fc76e2c. Tests looks good. Erik Erik, may I assign this to you? Lacking spare time for OpenSSL at the moment, and it looks like you are more deeply into this. Thank you! |