OpenVPN: Set default of 730 days for client certificate validity
Commit Message
Since OpenSSL 1.1.0x it is required to set a value for the 'valid til (days)' field.
The WUI delivers now a guide value of two years.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Okay, this looks good.
I guess the renewal button is a lot more work and would be done separately.
Thanks for doing this one so quickly!
Best,
-Michael
On Mon, 2018-06-18 at 16:41 +0200, Erik Kapfer wrote:
> Since OpenSSL 1.1.0x it is required to set a value for the 'valid til (days)'
> field.
> The WUI delivers now a guide value of two years.
>
> Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
> ---
> html/cgi-bin/ovpnmain.cgi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index 1c2a810..b3122a4 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -4451,7 +4451,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
> $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
> $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
> $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
> - $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'};
> + $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} =
> '730';
> }
>
> VPNCONF_ERROR:
Yes, the renewal button is a lot more work, am currently not 100% clear
howto accomplish that, will need more time and other thoughts for that.
Thanks for looking through that.
Best,
Erik
Am Montag, den 18.06.2018, 15:50 +0100 schrieb Michael Tremer:
> Okay, this looks good.
>
> I guess the renewal button is a lot more work and would be done
> separately.
>
> Thanks for doing this one so quickly!
>
> Best,
> -Michael
>
> On Mon, 2018-06-18 at 16:41 +0200, Erik Kapfer wrote:
> >
> > Since OpenSSL 1.1.0x it is required to set a value for the 'valid
> > til (days)'
> > field.
> > The WUI delivers now a guide value of two years.
> >
> > Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
> > ---
> > html/cgi-bin/ovpnmain.cgi | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> > index 1c2a810..b3122a4 100644
> > --- a/html/cgi-bin/ovpnmain.cgi
> > +++ b/html/cgi-bin/ovpnmain.cgi
> > @@ -4451,7 +4451,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
> > $cgiparams{'CERT_CITY'} =
> > $vpnsettings{'ROOTCERT_CITY'};
> > $cgiparams{'CERT_STATE'} =
> > $vpnsettings{'ROOTCERT_STATE'};
> > $cgiparams{'CERT_COUNTRY'} =
> > $vpnsettings{'ROOTCERT_COUNTRY'};
> > - $cgiparams{'DAYS_VALID'} =
> > $vpnsettings{'DAYS_VALID'};
> > + $cgiparams{'DAYS_VALID'} =
> > $vpnsettings{'DAYS_VALID'} =
> > '730';
> > }
> >
> > VPNCONF_ERROR:
@@ -4451,7 +4451,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
$cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
$cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
$cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
- $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'};
+ $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} = '730';
}
VPNCONF_ERROR: