From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: [PATCH] OpenVPN: Set default of 730 days for client certificate validity Date: Mon, 18 Jun 2018 17:02:45 +0200 Message-ID: <1529334165.8691.6.camel@ipfire.org> In-Reply-To: <73f402b1cb1d7296da8dc15e90cd07d420f84daa.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7672446458389404106==" List-Id: --===============7672446458389404106== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Yes, the renewal button is a lot more work, am currently not 100% clear howto accomplish that, will need more time and other thoughts for that. Thanks for looking through that. Best, Erik Am Montag, den 18.06.2018, 15:50 +0100 schrieb Michael Tremer: > Okay, this looks good. > > I guess the renewal button is a lot more work and would be done > separately. > > Thanks for doing this one so quickly! > > Best, > -Michael > > On Mon, 2018-06-18 at 16:41 +0200, Erik Kapfer wrote: > > > > Since OpenSSL 1.1.0x it is required to set a value for the 'valid > > til (days)' > > field. > > The WUI delivers now a guide value of two years. > > > > Signed-off-by: Erik Kapfer > > --- > >  html/cgi-bin/ovpnmain.cgi | 2 +- > >  1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > > index 1c2a810..b3122a4 100644 > > --- a/html/cgi-bin/ovpnmain.cgi > > +++ b/html/cgi-bin/ovpnmain.cgi > > @@ -4451,7 +4451,7 @@ if ($cgiparams{'TYPE'} eq 'net') { > >   $cgiparams{'CERT_CITY'}         = > > $vpnsettings{'ROOTCERT_CITY'}; > >   $cgiparams{'CERT_STATE'}        = > > $vpnsettings{'ROOTCERT_STATE'}; > >   $cgiparams{'CERT_COUNTRY'}      = > > $vpnsettings{'ROOTCERT_COUNTRY'}; > > - $cgiparams{'DAYS_VALID'}      = > > $vpnsettings{'DAYS_VALID'}; > > + $cgiparams{'DAYS_VALID'}      = > > $vpnsettings{'DAYS_VALID'} = > > '730'; > >      } > >   > >      VPNCONF_ERROR: --===============7672446458389404106==--