From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 2/3] OpenVPN: Move the OpenSSL configuration file out of /var/ipfire Date: Thu, 18 Apr 2024 21:36:53 +0000 Message-ID: <20240418213654.3321580-2-michael.tremer@ipfire.org> In-Reply-To: <20240418213654.3321580-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3723971705143514510==" List-Id: --===============3723971705143514510== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable We should not have any configuration files that we share in this place, therefore this patch is moving it into /usr/share/openvpn where we should be able to update it without any issues. Signed-off-by: Michael Tremer --- config/rootfiles/common/openvpn | 2 +- html/cgi-bin/ovpnmain.cgi | 2 +- lfs/openvpn | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn index d9848a579..c0d49bfad 100644 --- a/config/rootfiles/common/openvpn +++ b/config/rootfiles/common/openvpn @@ -25,6 +25,7 @@ usr/sbin/openvpn-authenticator #usr/share/doc/openvpn/openvpn.8.html #usr/share/man/man5/openvpn-examples.5 #usr/share/man/man8/openvpn.8 +usr/share/openvpn/openssl.cnf var/ipfire/ovpn/ca var/ipfire/ovpn/caconfig var/ipfire/ovpn/ccd @@ -35,7 +36,6 @@ var/ipfire/ovpn/certs/serial var/ipfire/ovpn/crls var/ipfire/ovpn/n2nconf #var/ipfire/ovpn/openssl -var/ipfire/ovpn/openssl/ovpn.cnf var/ipfire/ovpn/openvpn-authenticator var/ipfire/ovpn/ovpn-leases.db var/ipfire/ovpn/ovpnconfig diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9b8ff5aa5..ed80fef7d 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -54,7 +54,7 @@ my %mainsettings =3D (); &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", = \%color); =20 # Use a custom OpenSSL configuration file for all operations -$ENV["OPENSSL_CONF"] =3D "${General::swroot}/ovpn/ca/cacert.pem"; +$ENV["OPENSSL_CONF"] =3D "/usr/share/openvpn/openssl.cnf"; =20 ### ### Initialize variables diff --git a/lfs/openvpn b/lfs/openvpn index b71b4ccc9..0704aa438 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -101,6 +101,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) chown root:root /etc/fcron.daily/openvpn-crl-updater chmod 750 /etc/fcron.daily/openvpn-crl-updater =20 + # Move the OpenSSL configuration file out of /var/ipfire + mkdir -pv /usr/share/openvpn + mv -v /var/ipfire/ovpn/openssl/ovpn.cnf \ + /usr/share/openvpn/ + rmdir -v /usr/share/openvpn + # Install authenticator install -v -m 755 $(DIR_SRC)/config/ovpn/openvpn-authenticator \ /usr/sbin/openvpn-authenticator --=20 2.39.2 --===============3723971705143514510==--