Opened 13 years ago

Closed 13 years ago

#139 closed Bug / Defect (duplicate)

WARNING: file server.key is group or others accessible even with chmod 0400

Reported by: totaluser Owned by:
Priority: minor Milestone:
Component: Generic / unclassified Version: OpenVPN 2.2.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

I was crosscompiling OpenVPN 2.2.0 sources and OpenSSL 1.0.0d

yesterday I used this config
OpenSSL ./Configure linux-generic32 && make
OpenVPN ./configure --host=mipsel-linux-uclibc --disable-lzo --with-ssl-headers=/home/martin/Downloads/openssl-1.0.0d/include/ --with-ssl-lib=/home/martin/Downloads/openssl-1.0.0d/
then I added -static flag into LIBS in Makefile and ran make

the binary works fine and does not show any warnings

today I was trying to make the binary as small as possible
OpenSSL ./Configure linux-generic32 no-bf no-camellia no-seed no-krb5 no-idea no-cast no-asm no-whirlpool no-rc2 no-ripemd no-capieng no-mostasm no-cms no-gms
then I added -ldl flag into SHARED_LDFLAGS and ran make depend && make
OpenVPN ./configure --host=mipsel-linux-uclibc --disable-lzo --with-ssl-headers=/home/martin/Downloads/openssl-1.0.0d/include/ --with-ssl-lib=/home/martin/Downloads/openssl-1.0.0d/ --disable-selinux --enable-small --disable-debug --disable-pkcs11 --disable-plugins
then I added -ldl flag into LDFLAGS and ran make

the binary works fine but show this line in log
WARNING: file server.key is group or others accessible
when the file is created the command chmod 0400 system.key is issued and the permissions are set correctly

I used compiler from this toolchain toolchain-mipsel_gcc4.1.2 which can be downloaded from here ftp://ftp.dd-wrt.com/others/sourcecode/toolchains/current-toolchains.tar.bz2

the binary works fine but I am curios what option causes it to warn me about something that is not true

the binaries can be downloaded from my dropbox account
http://dl.dropbox.com/u/29867397/openvpn.WARN
http://dl.dropbox.com/u/29867397/openvpn.noWARN

none are stripped, hence the filesize (winth statically linked I can reduce it by ~30kB, with dynamically linked I can reduce it by ~1500kB)

Change History (1)

comment:1 Changed 13 years ago by krzee king

Resolution: duplicate
Status: newclosed

this is a duplicate of ticket #138
closing this ticket

Note: See TracTickets for help on using tickets.