From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] database_attribute: Deliver/create index.txt.attr Date: Thu, 03 Jan 2019 15:32:08 +0000 Message-ID: <0116F232-967D-49D3-B96D-AD362BF93DC6@ipfire.org> In-Reply-To: <20190103025716.18297-1-ummeegge@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3314255895385898349==" List-Id: --===============3314255895385898349== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you very much. I merged this. Will be shipped with c127. > On 3 Jan 2019, at 02:57, Erik Kapfer wrote: >=20 > Fixes #11904 >=20 > Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn= =C2=B4t created while initial PKI generation. > OpenVPN delivered an error message but IPSec did crashed within the first a= ttempt. > This problem persists also after X509 deletion and new generation. >=20 > index.txt.attr will now be delivered by the system but also deleted and rec= reated while setting up a new x509. > --- > config/ovpn/certs/index.txt.attr | 0 > config/rootfiles/common/configroot | 1 + > config/rootfiles/common/openvpn | 1 + > html/cgi-bin/ovpnmain.cgi | 9 +++++++++ > html/cgi-bin/vpnmain.cgi | 9 +++++++++ > lfs/configroot | 2 +- > 6 files changed, 21 insertions(+), 1 deletion(-) > create mode 100644 config/ovpn/certs/index.txt.attr >=20 > diff --git a/config/ovpn/certs/index.txt.attr b/config/ovpn/certs/index.txt= .attr > new file mode 100644 > index 000000000..e69de29bb > diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/c= onfigroot > index c72768165..6f5d2fe2f 100644 > --- a/config/rootfiles/common/configroot > +++ b/config/rootfiles/common/configroot > @@ -19,6 +19,7 @@ var/ipfire/captive/settings > var/ipfire/captive/voucher_out > var/ipfire/certs > #var/ipfire/certs/index.txt > +var/ipfire/certs/index.txt.attr > #var/ipfire/certs/serial > var/ipfire/connscheduler > #var/ipfire/connscheduler/connscheduler.conf > diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/open= vpn > index 131d79873..547842db3 100644 > --- a/config/rootfiles/common/openvpn > +++ b/config/rootfiles/common/openvpn > @@ -25,6 +25,7 @@ var/ipfire/ovpn/caconfig > var/ipfire/ovpn/ccd > #var/ipfire/ovpn/certs > var/ipfire/ovpn/certs/index.txt > +var/ipfire/ovpn/certs/index.txt.attr > var/ipfire/ovpn/certs/serial > var/ipfire/ovpn/crls > var/ipfire/ovpn/n2nconf > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index 976300fc7..4fb234995 100644 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -174,7 +174,12 @@ sub cleanssldatabase > print FILE ""; > close FILE; > } > + if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt.attr")) { > + print FILE ""; > + close FILE; > + } > unlink ("${General::swroot}/ovpn/certs/index.txt.old"); > + unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old"); > unlink ("${General::swroot}/ovpn/certs/serial.old"); > unlink ("${General::swroot}/ovpn/certs/01.pem"); > } > @@ -189,7 +194,11 @@ sub newcleanssldatabase > if (! -s ">${General::swroot}/ovpn/certs/index.txt") { > system ("touch ${General::swroot}/ovpn/certs/index.txt"); > } > + if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") { > + system ("touch ${General::swroot}/ovpn/certs/index.txt.attr"); > + } > unlink ("${General::swroot}/ovpn/certs/index.txt.old"); > + unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old"); > unlink ("${General::swroot}/ovpn/certs/serial.old"); > } >=20 > diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi > index 21fd1f4cd..a5d27c8d8 100644 > --- a/html/cgi-bin/vpnmain.cgi > +++ b/html/cgi-bin/vpnmain.cgi > @@ -149,7 +149,12 @@ sub cleanssldatabase { > print FILE ""; > close FILE; > } > + if (open(FILE, ">${General::swroot}/certs/index.txt.attr")) { > + print FILE ""; > + close FILE; > + } > unlink ("${General::swroot}/certs/index.txt.old"); > + unlink ("${General::swroot}/certs/index.txt.attr.old"); > unlink ("${General::swroot}/certs/serial.old"); > unlink ("${General::swroot}/certs/01.pem"); > } > @@ -162,7 +167,11 @@ sub newcleanssldatabase { > if (! -s ">${General::swroot}/certs/index.txt") { > system ("touch ${General::swroot}/certs/index.txt"); > } > + if (! -s ">${General::swroot}/certs/index.txt.attr") { > + system ("touch ${General::swroot}/certs/index.txt.attr"); > + } > unlink ("${General::swroot}/certs/index.txt.old"); > + unlink ("${General::swroot}/certs/index.txt.attr.old"); > unlink ("${General::swroot}/certs/serial.old"); > # unlink ("${General::swroot}/certs/01.pem"); numbering evolves. Wrong pla= ce to delete > } > diff --git a/lfs/configroot b/lfs/configroot > index 4701d9e39..c66dcdedb 100644 > --- a/lfs/configroot > +++ b/lfs/configroot > @@ -62,7 +62,7 @@ $(TARGET) : >=20 > # Touch empty files > for i in auth/users backup/include.user backup/exclude.user \ > - captive/settings captive/agb.txt captive/clients captive/voucher_out = certs/index.txt ddns/config ddns/settings ddns/ipcache dhcp/settings \ > + captive/settings captive/agb.txt captive/clients captive/voucher_out = certs/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache d= hcp/settings \ > dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsf= orward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet= /scanned_nics \ > ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extr= ahd/settings firewall/settings firewall/config firewall/geoipblock firewall/i= nput firewall/outgoing \ > fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhost= s/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettin= gs \ > --=20 > 2.12.2 >=20 --===============3314255895385898349==--