[Pkg-utopia-maintainers] Bug#848024: Bug#848024: Bug#848024: Fails to connect after upgrade to openvpn 2.4

Alberto Gonzalez Iniesta agi at inittab.org
Sat Dec 17 09:58:43 UTC 2016


On Sat, Dec 17, 2016 at 10:46:46AM +0100, Julien Cristau wrote:
> On Tue, Dec 13, 2016 at 19:19:53 +0100, Michael Biebl wrote:
> 
> > Am 13.12.2016 um 18:22 schrieb Michael Biebl:
> > > Control: forwarded -1 https://bugzilla.gnome.org/show_bug.cgi?id=776045
> > > 
> > > Am 13.12.2016 um 18:02 schrieb Michael Biebl:
> > >> Am 13.12.2016 um 16:53 schrieb Alberto Gonzalez Iniesta:
> > >>> Hi there,
> > >>>
> > >>> The --tls-remote was removed in OpenVPN 2.4, and was already marked as
> > >>> DEPRECATED in OpenVPN 2.3. From OpenVPN 2.3's manpage:
> > >>>
> > >>> Please  also note: This option is now deprecated.  It will be removed
> > >>> either in OpenVPN v2.4 or v2.5.  So please make sure you support the new
> > >>> X.509  name formatting  described  with  the  --compat-names option as
> > >>> soon as possible by updating your configurations to use
> > >>> --verify-x509-name instead.
> > >>>
> > >>> IMHO this should have been fixed in network-manager-openvpn before 2.4
> > >>> arrived.
> > >>
> > >> Ok, thanks for the info.
> > >> I've cloned this bug report for openvpn. It needs a versioned Breaks
> > >> against network-manager-openvpn once a fixed version has been uploaded, to
> > >> avoid breakage on partial uploads.
> > >>
> > >> I'll ping you once such a version is available.
> > > 
> > > I've blocked the two bugs accordingly and forwarded the issue to upstream.
> > 
> > Looking at https://codesearch.debian.net/search?q=tls-remote
> > there are possibly more packages which are affected.
> > Have you notified them about this and/or checked that they are not affected?
> > 
> > I'm not sure if it's a bit late at this point of the release cycle to
> > introduce such a change in openvpn. I've CCed the release-team on their
> > input on this, i.e. whether we want openvpn in stretch 2.4 and how the
> > removal of tls-remote should be handled.
> > 
> Now is not the time to make incompatible changes affecting other
> packages?  How hard would it be to provide backwards compatibility here?

Hi Julien, the change does not affect other packages, but setups
using a deprecated option. A note will be added to NEWS.Debian.

Regards,

Alberto

-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
mailto/sip: agi at inittab.org | en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55



More information about the Pkg-utopia-maintainers mailing list