openvpn (2.1~rc7-1ubuntu3.2) hardy-security; urgency=low
* init.c: Do not attempt to verify the key file with openvpn-vulnkey if it
is not accessible (any more). This happens when using the 'user', 'group',
or 'chroot' options in multi-client mode, and the SSL key file thus
becomes unreadable from the second time on. If the key file is not
accessible at the very start, this is already handled anyway, so we can
safely ignore this condition. (LP: #230208)
Note that this is not an issue when using pre-shared keys
(do_init_crypto_static(), since multi-client mode only works with TLS.
However, we also check it here just to be on the safe side.
-- Martin Pitt <email address hidden> Wed, 14 May 2008 12:57:19 +0200