Comment 2 for bug 231199

We are not using PKCS#11, and the "pkcs11 = pkcs11_section" line in openssl.cnf is properly commented out. The problem is that openssl doesn't just ignore the [ pkcs11_section ]: it still parses its configuration lines and MODULE_PATH = $ENV::PKCS11_MODULE_PATH results in an undefined variable :

----------------
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section

[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
----------------------

The solution is to comment those lines or implement PKCS#11 support in openvpn and fix those lines accordingly.