- The patches for Bug#13138 https://patchwork.ipfire.org/project/ipfire/patch/20230603140541.13834-1-ado... https://patchwork.ipfire.org/project/ipfire/patch/20230606104050.8290-1-adol... work for an update to Core Update 175 but a fresh install of CU175 will still fail with the error when creating the root/host certificate set for the first time. - This patch ensures that the unique_subject = yes line is addeed to index.txt.attr when the root/host certificate set is attempted to be created or is uploaded also for the first attempt.

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- html/cgi-bin/vpnmain.cgi | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index f2aeecdf9..63f875c6a 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -870,6 +870,8 @@ END } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} || $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {

+ &newcleanssldatabase(); + if (-f "${General::swroot}/ca/cacert.pem") { $errormessage = $Lang::tr{'valid root certificate already exists'}; goto ROOTCERT_SKIP;