Change History (5)

comment:1 Changed 7 years ago by David Sommerseth

Status: newaccepted

Consider to call access() on the different files and directories which is needed at startup, and to report issues for each of them individually. This can be considered as a sanity check.

On files/directories which are required for normal operations (like write access to a tmp directory in OpenVPN 2.2 and later), OpenVPN could give a fatal error.

If it should be a fatal error on other configured files and directories must be considered, and might be different for each option. If the --client-config-dir is not readable, it might not be a fatal issue. But not being able to read --tmp-dir, --secret, --key, --cert or --ca if configured is more likely a fatal error.

comment:2 Changed 7 years ago by krzee king

ooo i sense you might improve the error messages for unreadable cert files... that would be AWESOME!

comment:3 Changed 7 years ago by David Sommerseth

Milestone: beta 2.3

comment:4 Changed 6 years ago by David Sommerseth

First attempt of a fix is posted to the -devel mailing list:
(PATCH) Do some file/directory tests before really starting openvpn

comment:5 Changed 6 years ago by David Sommerseth

Resolution: fixed
Status: acceptedclosed

commit 0f2bc0dd92f43c91e33bba8a66b06b98f281efc1
Author: David Sommerseth <davids@…>
Date: Thu Jun 16 17:27:06 2011 +0200

Do some file/directory tests before really starting openvpn


OpenVPN can handle over 30 different files and directories, and it is easy
to misconfigure some of them. In many situations OpenVPN will even start
running, even with a wrong file path or without the proper permissions, and
then it will complain much later on. In some cases the error being seen at
this late point might even be difficult to relate to a configuration option.


This patch tries to catch as many of these files as soon as possible, kind of
to "smoke-test" the files and directories to avoid the most likely errors.


Trac-ticket: 73
Signed-off-by: David Sommerseth <davids@…>
Acked-by: Gert Doering <gert@…>

Note: See TracTickets for help on using tickets.