Debian User Forums

I'm running Raspbian Stretch build on my Pi, and yes, I have posted this question on the Raspberry Pi Forum but received no responses for two days now.

The openssl version that comes with Debian Stretch is "OpenSSL 1.1.0f 25 May 2017", but there is no openssl-1.1.0.cnf file in easy-rsa. So running 'source ./vars' fails when it tries to run whichopensslcnf:

No openssl.cnf file could be found
Further invocations will fail

I've read one page that suggested using Easy-RSA v3.x, but it is not available in the Raspbian repository to download. Also, from what I've read, this had been broken in Stretch since Jan 2017!

What can I do to resolve this and use OpenVPN/OpenSSL/Easy-RSA?
Can I copy the latest version of openssl*.cnf into opensl-1.1.0.cnf?

Thank you for your help!!!

Even though replies are late in coming at the Raspbian forums, this is not the right place to post the question.
It's an interesting question though.
By the way, you may be interested to know that you can install Debian itself on a Raspberry Pi. See wiki.debian.org/RaspberryPi, and a new version for Debian Stretch is available.
It goes against the grain to post questions here about other distributions, even though they may be based on or very similar to Debian itself.

Ok, but the question applies to Debian users as well as it is also broke in Sketch on Debian.
So, nope, installing Debian Sketch on the Pi will not fix it.
Thanks.

No, I don't propose your installing Debian Stretch as a solution to this particular problem but this is a forum for Debian users. It may or not coincide that it's an issue affecting both Debian and Raspbian, but if your question is to be discussed here, then logically, this would have to be a forums open to all posts from any Linux distribution on the assumption that the issue might coincide.

I'm wondering if anyone has tried just copying over the previous version of openssl.cnf (openssl-1.0.0.cnf) to the the new version name (openssl-1.1.0.cnf)?

dahai8 wrote:I'm wondering if anyone has tried just copying over the previous version of openssl.cnf (openssl-1.0.0.cnf) to the the new version name (openssl-1.1.0.cnf)?

I tried, but it is not working out of the box. build-ca is complaining: In this line, subjectAltName is defined. I commented out this line and the second one with subjectAltName (line 220), and now I can create certificates with easy-rsa.

BTW: I had to name the file openssl.cnf, because whichopensslcnf did not recognise the file when it is named openssl-1.1.0.cnf.