753933 – nm-openvpn is unable to load the private key file

Bug 753933 - nm-openvpn is unable to load the private key file

Summary: nm-openvpn is unable to load the private key file

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	NetworkManager-openvpn
Sub Component:
Version:	16
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Dan Williams
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-14 21:37 UTC by Pierre
Modified:	2013-02-13 13:47 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-13 13:47:47 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Pierre 2011-11-14 21:37:44 UTC

Description of problem:
Unable to start OpenVPN from the NetworkManager

Version-Release number of selected component (if applicable):
rpm -q NetworkManager-openvpn
NetworkManager-openvpn-0.9.0-1.fc16.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Just configure an OpenVPN client
2. Try to run it
3. tail log

Actual results:
Nov 14 21:44:15 toshiba nm-openvpn[15620]: OpenVPN 2.2.1 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Sep  9 2011
Nov 14 21:44:15 toshiba nm-openvpn[15620]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Nov 14 21:44:15 toshiba nm-openvpn[15620]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 14 21:44:15 toshiba nm-openvpn[15620]: Cannot load private key file /etc/openvpn/keys/03.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Nov 14 21:44:15 toshiba nm-openvpn[15620]: Error: private key password verification failed
Nov 14 21:44:15 toshiba nm-openvpn[15620]: Exiting


Expected results:
Should work

Additional info:
SELinux is disabled:
[pierre@toshiba ~]$ cat /etc/selinux/config (and the notebook has been rebooted)

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

Fresh Fedora 16 install (Previous Fedora 15 used to to work fine with same files)

OpenVPN itself works fine:
# openvpn --config /etc/openvpn/client.conf
actually establishes the connection.

Comment 1 Robert Smol 2012-06-25 17:14:01 UTC

Hi, I am having exactly same issue:

NetworkManager-openvpn-0.9.3.997-1.fc17.x86_64

If I do manualy sudo openvpn connection.vpn I do get connected with the same certificate. Is there any additional info needed?

Comment 2 Robert Smol 2012-06-25 17:52:43 UTC

OK, please disregard my previous comment, I've swapped crt with key files. Works OK for me now.

Comment 3 Jirka Klimes 2012-07-17 10:03:41 UTC

Pierre, is that still an issue?
Is 03.pem file in place and valid? It should contain something like this
-----BEGIN RSA PRIVATE KEY-----
(base64 encoded data)
-----END RSA PRIVATE KEY-----

Comment 4 Dan Winship 2012-07-23 16:58:16 UTC

I'm thinking we should change the dialogs to let you select any file with the correct extension, but then pop up an error after the user selects the file if the contents are not in the expected format. That would make it clearer to users what's going on.

(It would also be good if we documented somewhere what formats were allowed...)

Comment 5 Fedora End Of Life 2013-01-16 13:07:42 UTC

This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 6 Fedora End Of Life 2013-02-13 13:47:50 UTC

Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.