Re: Fwd: F21 nm-openvpn and md5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04.11.2014 22:57, Zoltan Kota wrote:
> Hi,
> 
> With F21 on, openssl has been patched to disallow verification of
> certificates that are signed with MD5 algorithm. Until I get our sysadmins
> generate new keys I should use the workaround described as: "a temporary
> measure the OPENSSL_ENABLE_MD5_VERIFY environment variable can be set to
> allow verification of certificates signed with MD5 algorithm."
> 
> On my pre-F21 (test)machine I use gnome with Networkmanager(-openvpn). How
> can I add the above environment variable for Networkmanager?
> 

[openssl] disable verification of certificate, CRL, and OCSP signatures using MD5
https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20131111/1144043.html

⁠Chapter 28. Networking
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.0_Release_Notes/Known-Issues-Networking.html

openssl component, BZ#1062656
    It is not possible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5-signed certificates. To work around this problem, copy the wpa_supplicant.service file from the /usr/lib/systemd/system/ directory to the /etc/systemd/system/ directory and add the following line to the Service section of the file:

    Environment="OPENSSL_ENABLE_MD5_VERIFY"

    Then run the systemctl daemon-reload command as root to reload the service file.

    Important
    Note that MD5 certificates are highly insecure and Red Hat does not recommend using them. 


-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux