Ubuntu
network-manager package

Bug #230197
Comment #3

Comment 3 for bug 230197

Revision history for this message

Markus Vuori (lite-deactivatedaccount) wrote on 2008-05-14: Re: Network-manager incorrectly uses openssl-vulnkey to check validity of openvpn keys

Well. Whenever connecting to vpn I got this into my daemon.log:

May 14 11:06:24 saturnus nm-openvpn[21432]: OpenVPN 2.1_rc7 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on May 13 2008
May 14 11:06:24 saturnus nm-openvpn[21432]: /usr/sbin/openssl-vulnkey -q /home/markus/openvpn/markus_laptop.key
May 14 11:06:39 saturnus NetworkManager: <WARN> nm_vpn_service_process_signal(): VPN failed for service 'org.freedesktop.NetworkManager.openvpn', signal 'ConnectFailed', with message 'The VPN login failed because the VPN program could not connect to the VPN server.'.
May 14 11:06:39 saturnus NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 3 -> 5.
May 14 11:06:39 saturnus NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 5 -> 6.
May 14 11:06:39 saturnus NetworkManager: <WARN> nm_vpn_service_stop_connection(): (VPN Service org.freedesktop.NetworkManager.openvpn): could not stop connection 'XXXXXX' because service was 6.
May 14 11:06:49 saturnus nm-openvpn[21432]: ERROR: '/home/markus/openvpn/markus_laptop.key' is a known vulnerable key. See 'man openssl-vulnkey' for details.
May 14 11:06:49 saturnus nm-openvpn[21432]: Exiting

Then I did the following:

[markus@saturnus:~/openvpn]$ openvpn-vulnkey -q markus_laptop.key
[markus@saturnus:~/openvpn]$ openssl-vulnkey -q markus_laptop.key
Enter pass phrase for markus_laptop.key:
Enter pass phrase for markus_laptop.key:
ERROR: 1:
unable to load Private Key
27758:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:
27758:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:
[markus@saturnus:~/openvpn]$ sudo cp /usr/sbin/openssl-vulnkey /usr/sbin/openssl-vulnkey.bak
[markus@saturnus:~/openvpn]$ sudo cp /usr/sbin/openvpn-vulnkey /usr/sbin/openssl-vulnkey
[markus@saturnus:~/openvpn]$ openssl-vulnkey -q markus_laptop.key
[markus@saturnus:~/openvpn]$

And now network-manager quietly accepts my openvpn keys and I can have openvpn connections.

Of course this can't be nothing but a temporary solution to get my work done. The situation requires another bugfix for the network-manager.

Well. Whenever connecting to vpn I got this into my daemon.log:

May 14 11:06:24 saturnus nm-openvpn[21432]: OpenVPN 2.1_rc7 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on May 13 2008
May 14 11:06:24 saturnus nm-openvpn[21432]: /usr/sbin/openssl-vulnkey -q /home/markus/openvpn/markus_laptop.key
May 14 11:06:39 saturnus NetworkManager: <WARN>  nm_vpn_service_process_signal(): VPN failed for service 'org.freedesktop.NetworkManager.openvpn', signal 'ConnectFailed', with message 'The VPN login failed because the VPN program could not connect to the VPN server.'. 
May 14 11:06:39 saturnus NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 3 -> 5. 
May 14 11:06:39 saturnus NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 5 -> 6. 
May 14 11:06:39 saturnus NetworkManager: <WARN>  nm_vpn_service_stop_connection(): (VPN Service org.freedesktop.NetworkManager.openvpn): could not stop connection 'XXXXXX' because service was 6. 
May 14 11:06:49 saturnus nm-openvpn[21432]: ERROR: '/home/markus/openvpn/markus_laptop.key' is a known vulnerable key. See 'man openssl-vulnkey' for details.
May 14 11:06:49 saturnus nm-openvpn[21432]: Exiting

Then I did the following:

[markus@saturnus:~/openvpn]$ openvpn-vulnkey -q markus_laptop.key
[markus@saturnus:~/openvpn]$ openssl-vulnkey -q markus_laptop.key
Enter pass phrase for markus_laptop.key:
Enter pass phrase for markus_laptop.key:
ERROR: 1:
unable to load Private Key
27758:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:
27758:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:
[markus@saturnus:~/openvpn]$ sudo cp /usr/sbin/openssl-vulnkey /usr/sbin/openssl-vulnkey.bak
[markus@saturnus:~/openvpn]$ sudo cp /usr/sbin/openvpn-vulnkey /usr/sbin/openssl-vulnkey    
[markus@saturnus:~/openvpn]$ openssl-vulnkey -q markus_laptop.key
[markus@saturnus:~/openvpn]$

And now network-manager quietly accepts my openvpn keys and I can have openvpn connections.

Of course this can't be nothing but a temporary solution to get my work done. The situation requires another bugfix for the network-manager.

Ubuntunetwork-manager package

Comment 3 for bug 230197

Ubuntu
network-manager package