From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: [PATCH] update.sh: Fixes bug#13138 - root/host certificate set fails to be created Date: Tue, 06 Jun 2023 12:52:51 +0200 Message-ID: <626c6044-d1d2-e618-e4d3-4b9228da4d1f@ipfire.org> In-Reply-To: <20230606104050.8290-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5827218680992584495==" List-Id: --===============5827218680992584495== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Peter, I tested out the latest nightly build and everything worked fine except for o= ne small hiccup. The fix for creating the IPSec root/host certificate set sti= ll gave the same error when first attempted but then created it if the attemp= t was directly made again. Turns out the addition of unique_subject =3D yes to /var/ipfire/certs/index.t= xt.attr is only done in the vpnmain.cgi after the root/host creation was atte= mpted the first time. The patch below ensures that the index.txt.attr file has the unique_subject = =3D yes entry the first time the root/host certificate set creation is attemp= ted. Apart from the above, all the other things I was able to test in IPSec and Op= enVPN worked with that latest nightly. Regards, Adolf. On 06/06/2023 12:40, Adolf Belka wrote: > - The fix applied in vpnmain.cgi only adds the unique_subject =3D yes to th= e index.txt.attr > file after the first time that the root/host certificates are attempted= to be created. > - Without this line in update.sh, the first attempt to create the root/host= certificate set > will still have the original error code. If the creation is attempted a= gain then it will > work because the unique_subject =3D yes will have then been added into = the file. > - This patch ensures that the first attempt to create a root/host certifica= te set in CU175 > will work. > - Confirmed on vm testbed with freshly updated CU175. >=20 > Fixes: Bug#13138 > Tested-by: Adolf Belka > Signed-off-by: Adolf Belka > --- > config/rootfiles/core/175/update.sh | 3 +++ > 1 file changed, 3 insertions(+) >=20 > diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/17= 5/update.sh > index 82676bc72..f1c6873c1 100644 > --- a/config/rootfiles/core/175/update.sh > +++ b/config/rootfiles/core/175/update.sh > @@ -191,6 +191,9 @@ if [ -s /var/ipfire/ovpn/ovpnconfig ]; then > done > fi > =20 > +## Add unique_subject =3D yes to vpn index.txt.attr file > +echo "unique_subject =3D yes" > /var/ipfire/certs/index.txt.attr > + > # This update needs a reboot... > touch /var/run/need_reboot > =20 --===============5827218680992584495==--