From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: [PATCH] OpenVPN: Set default of 730 days for client certificate validity
Date: Mon, 18 Jun 2018 15:50:02 +0100
Message-ID: <73f402b1cb1d7296da8dc15e90cd07d420f84daa.camel@ipfire.org>
In-Reply-To: <1529332887-30374-1-git-send-email-erik.kapfer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4329848162652439164=="
List-Id: <development.lists.ipfire.org>

--===============4329848162652439164==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Okay, this looks good.

I guess the renewal button is a lot more work and would be done separately.

Thanks for doing this one so quickly!

Best,
-Michael

On Mon, 2018-06-18 at 16:41 +0200, Erik Kapfer wrote:
> Since OpenSSL 1.1.0x it is required to set a value for the 'valid til (days=
)'
> field.
> The WUI delivers now a guide value of two years.
>=20
> Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
> ---
>  html/cgi-bin/ovpnmain.cgi | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index 1c2a810..b3122a4 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -4451,7 +4451,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
>  	$cgiparams{'CERT_CITY'}         =3D $vpnsettings{'ROOTCERT_CITY'};
>  	$cgiparams{'CERT_STATE'}        =3D $vpnsettings{'ROOTCERT_STATE'};
>  	$cgiparams{'CERT_COUNTRY'}      =3D $vpnsettings{'ROOTCERT_COUNTRY'};
> -	$cgiparams{'DAYS_VALID'}     	=3D $vpnsettings{'DAYS_VALID'};
> +	$cgiparams{'DAYS_VALID'}     	=3D $vpnsettings{'DAYS_VALID'} =3D
> '730';
>      }
> =20
>      VPNCONF_ERROR:

--===============4329848162652439164==--