Dear all,

This update fixes CRL code handling with third party software and sandboxes the code to avoid dealing with boot-time issues ever again. However, due to the nature of the sandboxing no automatic fix can be made for the following case:

Creating and using an empty CRL in OpenVPN broke in 22.7.5 due to an ancient bug not populating the empty CRL in binary format: the side effect "correcting" this at runtime was removed. 22.7.6 will now correctly populate the binary format of the empty CRL upon creation in the config.xml as originally intended.

The options to manually fix existing empty CRLs are as follows:

These fixes can be carried out on older installation without a problem as well prior to upgrading to avoid OpenVPN from not working post-upgrade.

Here are the full patch notes:


Stay safe,
Your OPNsense team