Fwd: F21 nm-openvpn and md5
poma
pomidorabelisima at gmail.com
Wed Nov 5 06:53:41 UTC 2014
On 04.11.2014 22:57, Zoltan Kota wrote:
> Hi,
>
> With F21 on, openssl has been patched to disallow verification of
> certificates that are signed with MD5 algorithm. Until I get our sysadmins
> generate new keys I should use the workaround described as: "a temporary
> measure the OPENSSL_ENABLE_MD5_VERIFY environment variable can be set to
> allow verification of certificates signed with MD5 algorithm."
>
> On my pre-F21 (test)machine I use gnome with Networkmanager(-openvpn). How
> can I add the above environment variable for Networkmanager?
>
[openssl] disable verification of certificate, CRL, and OCSP signatures using MD5
https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20131111/1144043.html
Chapter 28. Networking
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.0_Release_Notes/Known-Issues-Networking.html
openssl component, BZ#1062656
It is not possible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5-signed certificates. To work around this problem, copy the wpa_supplicant.service file from the /usr/lib/systemd/system/ directory to the /etc/systemd/system/ directory and add the following line to the Service section of the file:
Environment="OPENSSL_ENABLE_MD5_VERIFY"
Then run the systemctl daemon-reload command as root to reload the service file.
Important
Note that MD5 certificates are highly insecure and Red Hat does not recommend using them.
More information about the test
mailing list