[2/2] backup.pl: Fixes bug#13404 - Clear out OpenVPN certs before doing restore

Message ID 20240226150501.16508-2-adolf.belka@ipfire.org
State Staged
Commit c790899f7383dae7f734a44c1570da1c9246b778
Series [1/2] ovpnmain.cgi: Fixes bug#13404 - prevents certs being saved if common name is already used |

Commit Message

Adolf Belka Feb. 26, 2024, 3:05 p.m. UTC
  - Existing situation is if four new client connections are created and then it is decided
   to restore to an earlier stage the new certficates will be in the certs directory but
   not usable from the WUI page as they are no longer shown in the client connection table
   as that now shows the ones from the restored backup.
- This patch clears the /var/ipfire/ovpn/certs/ directory before restoring the contents
   of the backup so that the certs directory only holds what was in the backup.

Fixes: Bug#13404
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 config/backup/backup.pl | 4 ++++
 1 file changed, 4 insertions(+)


diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 7992f21c5..b43420740 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -75,6 +75,10 @@  make_backup() {
 restore_backup() {
 	local filename="${1}"
+	# remove all openvpn certs to prevent old unusable
+	# certificates being left in directory after a restore
+	rm -f /var/ipfire/ovpn/certs/*
 	# Extract backup
 	if ! tar xvzpf "${filename}" -C / \
 			--exclude-from="/var/ipfire/backup/exclude" \