Changeset 2205


Ignore:
Timestamp:
Oct 4, 2012, 6:39:08 PM (7 years ago)
Author:
matthijs
Message:

openvpn: Make sure a valid certificate revocation list exists.

There was an empty file by default, but OpenVPN / OpenSSL wants some
actual content (e.g., a PEM-encoded empty list at the least). Since it
seems that the CA key and certificate are needed to generate this empty
CRL, we can't simply add a static "empty CRL" file, but need to generate
it in the initscript.

References: #1208

Location:
trunk/fon/openvpn/files/etc
Files:
1 deleted
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/fon/openvpn/files/etc/init.d/openvpn

    r2204 r2205  
    170170                openvpn --genkey --secret $KEY_DIR/ta.key
    171171        fi
     172        if [ ! -f $KEY_DIR/crl.pem ]; then
     173                # Set some values the openssl.cnf uses
     174                export KEY_CN="" KEY_OU="" KEY_NAME=""
     175                openssl ca -gencrl -config "$KEY_CONFIG" -out $KEY_DIR/crl.pem
     176        fi
    172177        uci -P /var/state revert openvpn.openvpn.key
    173178
Note: See TracChangeset for help on using the changeset viewer.