https://bugzilla.novell.com/show_bug.cgi?id=662577
https://bugzilla.novell.com/show_bug.cgi?id=662577#c10
--- Comment #10 from dev001x _ 2011-01-12 01:20:31 UTC ---
atm, prior to the 'fix', there's a compromise/workaround ... encrypt the
easy-rsa-generated, unencrypted openvpn keys to a form that *does* pass the
current code's key-validity checks -- i.e., so that the key's enctyped, and its
headers start:
" -----BEGIN RSA PRIVATE KEY----- "
to do that, rather than following the current advice @
http://www.openssl.org/docs/apps/rsa.html,
" ... newer apps should use the more secure PKCS#8 format using pkcs8 util
.."
i.e.,
openssl pkcs8 -in unencrypted.key -out encrypted.key -topk8 -v1 PBE-SHA1-3DES
instead, encrypt the unencrypted key to RSA (e.g.),
openssl rsa -in unencrypted.key -out encrypted.key -aes256
with this done, the _current_ nm-applet's nm-openvpn file-chooser can "see" the
ca.crt, the client.crt AND the _encrypted_ key.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.