Opened 7 years ago

Closed 6 years ago

#73 closed Feature Wish (fixed)

warning on cant read ccd

Reported by: krzee Owned by: dazo
Priority: minor Milestone: beta 2.3
Component: Configuration Version: OpenVPN 2.1.0 / 2.1.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:

Change History (5)

comment:1 Changed 7 years ago by dazo

  • Status changed from new to accepted

Consider to call access() on the different files and directories which is needed at startup, and to report issues for each of them individually. This can be considered as a sanity check.

On files/directories which are required for normal operations (like write access to a tmp directory in OpenVPN 2.2 and later), OpenVPN could give a fatal error.

If it should be a fatal error on other configured files and directories must be considered, and might be different for each option. If the --client-config-dir is not readable, it might not be a fatal issue. But not being able to read --tmp-dir, --secret, --key, --cert or --ca if configured is more likely a fatal error.

comment:2 Changed 7 years ago by krzee

ooo i sense you might improve the error messages for unreadable cert files... that would be AWESOME!

comment:3 Changed 7 years ago by dazo

  • Milestone set to beta 2.3

comment:4 Changed 6 years ago by dazo

First attempt of a fix is posted to the -devel mailing list:
(PATCH) Do some file/directory tests before really starting openvpn

comment:5 Changed 6 years ago by dazo

  • Resolution set to fixed
  • Status changed from accepted to closed

commit 0f2bc0dd92f43c91e33bba8a66b06b98f281efc1
Author: David Sommerseth <davids@…>
Date: Thu Jun 16 17:27:06 2011 +0200

Do some file/directory tests before really starting openvpn

OpenVPN can handle over 30 different files and directories, and it is easy
to misconfigure some of them. In many situations OpenVPN will even start
running, even with a wrong file path or without the proper permissions, and
then it will complain much later on. In some cases the error being seen at
this late point might even be difficult to relate to a configuration option.

This patch tries to catch as many of these files as soon as possible, kind of
to "smoke-test" the files and directories to avoid the most likely errors.

Trac-ticket: 73
Signed-off-by: David Sommerseth <davids@…>
Acked-by: Gert Doering <gert@…>

Note: See TracTickets for help on using tickets.