Thank you very much. I merged this. Will be shipped with c127. > On 3 Jan 2019, at 02:57, Erik Kapfer wrote: > > Fixes #11904 > > Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation. > OpenVPN delivered an error message but IPSec did crashed within the first attempt. > This problem persists also after X509 deletion and new generation. > > index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509. > --- > config/ovpn/certs/index.txt.attr | 0 > config/rootfiles/common/configroot | 1 + > config/rootfiles/common/openvpn | 1 + > html/cgi-bin/ovpnmain.cgi | 9 +++++++++ > html/cgi-bin/vpnmain.cgi | 9 +++++++++ > lfs/configroot | 2 +- > 6 files changed, 21 insertions(+), 1 deletion(-) > create mode 100644 config/ovpn/certs/index.txt.attr > > diff --git a/config/ovpn/certs/index.txt.attr b/config/ovpn/certs/index.txt.attr > new file mode 100644 > index 000000000..e69de29bb > diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot > index c72768165..6f5d2fe2f 100644 > --- a/config/rootfiles/common/configroot > +++ b/config/rootfiles/common/configroot > @@ -19,6 +19,7 @@ var/ipfire/captive/settings > var/ipfire/captive/voucher_out > var/ipfire/certs > #var/ipfire/certs/index.txt > +var/ipfire/certs/index.txt.attr > #var/ipfire/certs/serial > var/ipfire/connscheduler > #var/ipfire/connscheduler/connscheduler.conf > diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn > index 131d79873..547842db3 100644 > --- a/config/rootfiles/common/openvpn > +++ b/config/rootfiles/common/openvpn > @@ -25,6 +25,7 @@ var/ipfire/ovpn/caconfig > var/ipfire/ovpn/ccd > #var/ipfire/ovpn/certs > var/ipfire/ovpn/certs/index.txt > +var/ipfire/ovpn/certs/index.txt.attr > var/ipfire/ovpn/certs/serial > var/ipfire/ovpn/crls > var/ipfire/ovpn/n2nconf > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index 976300fc7..4fb234995 100644 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -174,7 +174,12 @@ sub cleanssldatabase > print FILE ""; > close FILE; > } > + if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt.attr")) { > + print FILE ""; > + close FILE; > + } > unlink ("${General::swroot}/ovpn/certs/index.txt.old"); > + unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old"); > unlink ("${General::swroot}/ovpn/certs/serial.old"); > unlink ("${General::swroot}/ovpn/certs/01.pem"); > } > @@ -189,7 +194,11 @@ sub newcleanssldatabase > if (! -s ">${General::swroot}/ovpn/certs/index.txt") { > system ("touch ${General::swroot}/ovpn/certs/index.txt"); > } > + if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") { > + system ("touch ${General::swroot}/ovpn/certs/index.txt.attr"); > + } > unlink ("${General::swroot}/ovpn/certs/index.txt.old"); > + unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old"); > unlink ("${General::swroot}/ovpn/certs/serial.old"); > } > > diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi > index 21fd1f4cd..a5d27c8d8 100644 > --- a/html/cgi-bin/vpnmain.cgi > +++ b/html/cgi-bin/vpnmain.cgi > @@ -149,7 +149,12 @@ sub cleanssldatabase { > print FILE ""; > close FILE; > } > + if (open(FILE, ">${General::swroot}/certs/index.txt.attr")) { > + print FILE ""; > + close FILE; > + } > unlink ("${General::swroot}/certs/index.txt.old"); > + unlink ("${General::swroot}/certs/index.txt.attr.old"); > unlink ("${General::swroot}/certs/serial.old"); > unlink ("${General::swroot}/certs/01.pem"); > } > @@ -162,7 +167,11 @@ sub newcleanssldatabase { > if (! -s ">${General::swroot}/certs/index.txt") { > system ("touch ${General::swroot}/certs/index.txt"); > } > + if (! -s ">${General::swroot}/certs/index.txt.attr") { > + system ("touch ${General::swroot}/certs/index.txt.attr"); > + } > unlink ("${General::swroot}/certs/index.txt.old"); > + unlink ("${General::swroot}/certs/index.txt.attr.old"); > unlink ("${General::swroot}/certs/serial.old"); > # unlink ("${General::swroot}/certs/01.pem"); numbering evolves. Wrong place to delete > } > diff --git a/lfs/configroot b/lfs/configroot > index 4701d9e39..c66dcdedb 100644 > --- a/lfs/configroot > +++ b/lfs/configroot > @@ -62,7 +62,7 @@ $(TARGET) : > > # Touch empty files > for i in auth/users backup/include.user backup/exclude.user \ > - captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt ddns/config ddns/settings ddns/ipcache dhcp/settings \ > + captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache dhcp/settings \ > dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ > ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \ > fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \ > -- > 2.12.2 >