Bug 1630313 - Missing support for --extra-certs
Summary: Missing support for --extra-certs
Keywords:
Status: NEW
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: NetworkManager-openvpn
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-18 11:33 UTC by David Sommerseth
Modified: 2018-09-18 11:46 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description David Sommerseth 2018-09-18 11:33:09 UTC 
Description of problem:
OpenVPN since version 2.3 have supported --extra-certs, but the OpenVPN NetworkManager plug-in does not understand this option.  This option points to a file or can be an embedded file a configuration file.

From the man page:

   --extra-certs file
          Specify  a file containing one or more PEM certs (concatenated together) that
          complete the local certificate chain.

          This option is useful for "split" CAs, where the CA for server certs is  dif‐
          ferent  than the CA for client certs.  Putting certs in this file allows them
          to be used to complete the local certificate chain without trusting  them  to
          verify the peer-submitted certificate, as would be the case if the certs were
          placed in the ca file.

One known VPN service provider actively using this feature is Private Tunnel ( https://www.privatetunnel.com/ )
Comment 1 Thomas Haller 2018-09-18 11:46:54 UTC 
Feature added upstream: https://gitlab.gnome.org/GNOME/network-manager-openvpn/commit/3c8d06797dcfdd0111fa228f90741712495180b8

which is present in 1.8.2 or newer.

EPEL is still at 1.2.6
Note You need to log in before you can comment on or make changes to this bug.