Auto CRL check · kylemanna/docker-openvpn#101

(20 留言) (0 反應) (0 負責人)Shell (8,506 star) (2,336 fork)batch import

bugenhancementhelp wanted

描述

Hello, I try to revoke a client certificate using the commands shown in the documentation:

docker run --rm -i --volumes-from vpn -e "EASYRSA_BATCH=1" kylemanna/openvpn easyrsa revoke toto
docker run --rm -i --volumes-from vpn kylemanna/openvpn easyrsa gen-crl

The process seems to be ok, but when I try to connect to vpn with my revocated certificate, it works... The docker-openvpn logs:

Fri Jan 29 23:17:04 2016 172.17.0.1:41187 CRL CHECK OK: CN=blah
Fri Jan 29 23:17:04 2016 172.17.0.1:41187 VERIFY OK: depth=1, CN=blah
Fri Jan 29 23:17:04 2016 172.17.0.1:41187 CRL CHECK OK: CN=toto
Fri Jan 29 23:17:04 2016 172.17.0.1:41187 VERIFY OK: depth=0, CN=toto

Does this reaction normal ?

貢獻者指南

技術棧: shelldocker
領域: security
議題類型: bug
難度: 3
預計時間: half day
活動狀態: stale
清晰度: mostly clear
前置要求: Basic Docker knowledgeUnderstanding of OpenVPN and CRL
新手友善度: 40
研究方向: Investigate why the CRL check passes for revoked certificates. Check the OpenVPN configuration for 'crl verify' directive and ensure the CRL file is generated and mounted correctly. Look at the EasyRSA scripts in the docker image. Review issue comments for proposed solutions or workarounds.