From patchwork Tue Jun 19 00:41:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Erik Kapfer X-Patchwork-Id: 1818 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id 1FCEE6095C for ; Mon, 18 Jun 2018 16:41:32 +0200 (CEST) Received: from mail01.i.ipfire.org (localhost [127.0.0.1]) by mail01.ipfire.org (Postfix) with ESMTP id BF467108B887; Mon, 18 Jun 2018 15:41:31 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1529332891; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references:list-id: list-unsubscribe:list-subscribe:list-post; bh=PYiDT1wRQQ4mWroBwxpxbgrRfbz7XIIaQcjZtHmGQgU=; b=BfB+KWolgRi6+0kqTW1XtuaomT0bXbPm02m+z930boOrqHcNK3qq7BNbkpKXlhYzAl6KWW qCiHz5OJNUNG+w4RN6ZbrOBRxwGzqBKJ15dqUC8De9dZt4VfXxSHZLA0lkWKp7rdQgKsTm LY4IdxuNwZAYNVRROpBUH2aEkl8XeD4hzE/2vv74U3ToNLh55ZRN1UYl2Oz3Rc+5KElbmL fRQOeSe3zd22C/ieMXONFB2Y3t+Ya2NpifiWmKASRpOvMR1zuvHrzsfAxlp58ecBpmyy/0 cdzDqv7sYky48M3IoSiaByU9kglUclJOf7X02WMxmgn9bs2vAGpCOVJUG6K6jw== Received: from localhost.localdomain (i59F4AD79.versanet.de [89.244.173.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 91A6210910AF; Mon, 18 Jun 2018 15:41:28 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1529332888; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=PYiDT1wRQQ4mWroBwxpxbgrRfbz7XIIaQcjZtHmGQgU=; b=jWBP6qHJhjaw0RnQOwRKGxaQEFAJmb8C3fWIdQCByopuSbaS7GYJlyFXSzHWU8vCuMNTxJ oLpPZakSVw1m0ohFrHLGOtBwrMbQxM/4iKZesG7t0PxFq6Wd7NbZiNRpf9DSl7QU7l2Ia7 n4YdM7JUqFVZn1bGkV06VnzILVTkcyMMKvWqBFrhY2gTqSzKFlT5U6y/kfE4LFofTVhJDR /7AdAol+NeE30gkbooyrtxpUesuAi/bZuMTfRiV0EgDmFXpTBe+SrVtwTalcXKAawitveA UhjUZLnFjMW9JtnKkpkels6jrcR+FEPZMYEwt8yvfDlcoIbhuyGEXkNnJRbwMw== From: Erik Kapfer To: development@lists.ipfire.org Subject: [PATCH] OpenVPN: Set default of 730 days for client certificate validity Date: Mon, 18 Jun 2018 16:41:27 +0200 Message-Id: <1529332887-30374-1-git-send-email-erik.kapfer@ipfire.org> X-Mailer: git-send-email 2.7.4 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ummeegge smtp.mailfrom=erik.kapfer@ipfire.org X-Spamd-Result: default: False [-2.10 / 11.00]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_SOME(0.00)[]; BAYES_HAM(-3.00)[100.00%]; ARC_NA(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MIME_GOOD(-0.10)[text/plain]; DKIM_SIGNED(0.00)[]; MID_CONTAINS_FROM(1.00)[]; RCVD_COUNT_ZERO(0.00)[0]; ASN(0.00)[asn:8881, ipnet:89.244.160.0/20, country:DE]; FROM_HAS_DN(0.00)[] X-Spam-Status: No, score=-2.10 X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Since OpenSSL 1.1.0x it is required to set a value for the 'valid til (days)' field. The WUI delivers now a guide value of two years. Signed-off-by: Erik Kapfer --- html/cgi-bin/ovpnmain.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 1c2a810..b3122a4 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4451,7 +4451,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'}; $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'}; $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'}; - $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'}; + $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} = '730'; } VPNCONF_ERROR: