Bug 1379803

Summary:	Please add support for verify-x509-name
Product:	[Fedora] Fedora EPEL	Reporter:	Oliver Ilian <oliver>
Component:	NetworkManager-openvpn	Assignee:	Gwyn Ciesla <gwync>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	epel7	CC:	gwync, misc, psimerda, thaller
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Linux
Whiteboard:
Fixed In Version:	NetworkManager-openvpn-1.2.6-1.el7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-12-31 10:48:00 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Oliver Ilian 2016-09-27 17:16:25 UTC

Description of problem:
NetworkManager-openvpn does not support the "verify-x509-name" option, which would replace the deprecated "tls-remote" option.

Please add support for verify-x509-name to allow a transition from tls-remote.

Thanks

Comment 1 Thomas Haller 2016-09-29 11:39:44 UTC

fixed upstream https://bugzilla.gnome.org/show_bug.cgi?id=770922

and also fixed in F25 by package >= NetworkManager-openvpn-1.2.6-0.1.fc25

Comment 2 Oliver Ilian 2016-09-29 13:33:37 UTC

Can we backport his to epel7

Comment 3 Thomas Haller 2016-10-24 12:49:35 UTC

(passing the question on, as I am not the epel7 maintainer)

Comment 4 Gwyn Ciesla 2016-10-24 15:30:47 UTC

If would require a backported patch, as 1.2.6 requires NetworkManager-glib >= 1.2.0, and EL7 uses 1.0.6.

Comment 5 Oliver Ilian 2016-10-24 15:58:36 UTC

@Jon, is this something we can easily do? I am about to open 2 more requests for the openvpn plugin.. maybe we can make it one bigger patch and backport that to EL7 . Would be surely great.

Comment 6 Thomas Haller 2016-10-24 16:01:58 UTC

rhel-7.3 will bring libnm >= 1.2.0 and a NetworkManager that is compatible with the latest version of nm-openvpn.

I think the latest release (1.2.6) would be fine, exactly what's in Fedora 25 (NetworkManager-openvpn-1.2.6-1.fc25).

Note that NetworkManager in Fedora 25 is quite similar to what will come in rhel-7.3.

(the same is true for most other NetworkManager VPN plugins).

Comment 7 Gwyn Ciesla 2016-11-07 14:34:26 UTC

(In reply to Oliver Haessler from comment #5)
> @Jon, is this something we can easily do? I am about to open 2 more requests
> for the openvpn plugin.. maybe we can make it one bigger patch and backport
> that to EL7 . Would be surely great.

I don't think so, which makes RHEL 7.3 especially welcome.

Comment 8 Oliver Ilian 2016-11-29 14:06:46 UTC

so will that mean that we have this option in RHEL 7.3?

Comment 9 Gwyn Ciesla 2016-11-29 14:09:43 UTC

It means that when the EPEL-7 ecosystem reaches 7.3, we can build it.

Comment 10 Michael S. 2016-12-14 11:10:41 UTC

Building a new version would also permit to fix a few others bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1288711  was fixed upstream

https://bugzilla.redhat.com/show_bug.cgi?id=1260168 same.

I suspect the others bugs opened would also be fixed.

Comment 11 Fedora Update System 2016-12-14 18:33:17 UTC

NetworkManager-openvpn-1.2.6-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1427c2b2fc

Comment 12 Fedora Update System 2016-12-16 04:20:02 UTC

NetworkManager-openvpn-1.2.6-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1427c2b2fc

Comment 13 Fedora Update System 2016-12-31 10:48:00 UTC

NetworkManager-openvpn-1.2.6-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.