From mboxrd@z Thu Jan 1 00:00:00 1970 From: Erik Kapfer To: development@lists.ipfire.org Subject: [PATCH] database_attribute: Deliver/create index.txt.attr Date: Thu, 03 Jan 2019 03:57:16 +0100 Message-ID: <20190103025716.18297-1-ummeegge@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8224668481845982096==" List-Id: --===============8224668481845982096== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Fixes #11904 Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn= =C2=B4t created while initial PKI generation. OpenVPN delivered an error message but IPSec did crashed within the first att= empt. This problem persists also after X509 deletion and new generation. index.txt.attr will now be delivered by the system but also deleted and recre= ated while setting up a new x509. --- config/ovpn/certs/index.txt.attr | 0 config/rootfiles/common/configroot | 1 + config/rootfiles/common/openvpn | 1 + html/cgi-bin/ovpnmain.cgi | 9 +++++++++ html/cgi-bin/vpnmain.cgi | 9 +++++++++ lfs/configroot | 2 +- 6 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 config/ovpn/certs/index.txt.attr diff --git a/config/ovpn/certs/index.txt.attr b/config/ovpn/certs/index.txt.a= ttr new file mode 100644 index 000000000..e69de29bb diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/con= figroot index c72768165..6f5d2fe2f 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -19,6 +19,7 @@ var/ipfire/captive/settings var/ipfire/captive/voucher_out var/ipfire/certs #var/ipfire/certs/index.txt +var/ipfire/certs/index.txt.attr #var/ipfire/certs/serial var/ipfire/connscheduler #var/ipfire/connscheduler/connscheduler.conf diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn index 131d79873..547842db3 100644 --- a/config/rootfiles/common/openvpn +++ b/config/rootfiles/common/openvpn @@ -25,6 +25,7 @@ var/ipfire/ovpn/caconfig var/ipfire/ovpn/ccd #var/ipfire/ovpn/certs var/ipfire/ovpn/certs/index.txt +var/ipfire/ovpn/certs/index.txt.attr var/ipfire/ovpn/certs/serial var/ipfire/ovpn/crls var/ipfire/ovpn/n2nconf diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 976300fc7..4fb234995 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -174,7 +174,12 @@ sub cleanssldatabase print FILE ""; close FILE; } + if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt.attr")) { + print FILE ""; + close FILE; + } unlink ("${General::swroot}/ovpn/certs/index.txt.old"); + unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old"); unlink ("${General::swroot}/ovpn/certs/serial.old"); unlink ("${General::swroot}/ovpn/certs/01.pem"); } @@ -189,7 +194,11 @@ sub newcleanssldatabase if (! -s ">${General::swroot}/ovpn/certs/index.txt") { system ("touch ${General::swroot}/ovpn/certs/index.txt"); } + if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") { + system ("touch ${General::swroot}/ovpn/certs/index.txt.attr"); + } unlink ("${General::swroot}/ovpn/certs/index.txt.old"); + unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old"); unlink ("${General::swroot}/ovpn/certs/serial.old"); } =20 diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 21fd1f4cd..a5d27c8d8 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -149,7 +149,12 @@ sub cleanssldatabase { print FILE ""; close FILE; } + if (open(FILE, ">${General::swroot}/certs/index.txt.attr")) { + print FILE ""; + close FILE; + } unlink ("${General::swroot}/certs/index.txt.old"); + unlink ("${General::swroot}/certs/index.txt.attr.old"); unlink ("${General::swroot}/certs/serial.old"); unlink ("${General::swroot}/certs/01.pem"); } @@ -162,7 +167,11 @@ sub newcleanssldatabase { if (! -s ">${General::swroot}/certs/index.txt") { system ("touch ${General::swroot}/certs/index.txt"); } + if (! -s ">${General::swroot}/certs/index.txt.attr") { + system ("touch ${General::swroot}/certs/index.txt.attr"); + } unlink ("${General::swroot}/certs/index.txt.old"); + unlink ("${General::swroot}/certs/index.txt.attr.old"); unlink ("${General::swroot}/certs/serial.old"); # unlink ("${General::swroot}/certs/01.pem"); numbering evolves. Wrong plac= e to delete } diff --git a/lfs/configroot b/lfs/configroot index 4701d9e39..c66dcdedb 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -62,7 +62,7 @@ $(TARGET) : =20 # Touch empty files for i in auth/users backup/include.user backup/exclude.user \ - captive/settings captive/agb.txt captive/clients captive/voucher_out ce= rts/index.txt ddns/config ddns/settings ddns/ipcache dhcp/settings \ + captive/settings captive/agb.txt captive/clients captive/voucher_out ce= rts/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache dhc= p/settings \ dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsfo= rward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/= scanned_nics \ ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extra= hd/settings firewall/settings firewall/config firewall/geoipblock firewall/in= put firewall/outgoing \ fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts= /customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsetting= s \ --=20 2.12.2 --===============8224668481845982096==--