/[smecontribs]/rpms/smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-implement_crl_verification.patch
ViewVC logotype

Annotation of /rpms/smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-implement_crl_verification.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Tue Nov 2 16:43:51 2010 UTC (13 years, 6 months ago) by slords
Branch: MAIN
CVS Tags: smeserver-openvpn-s2s-0_1-15_el4_sme, smeserver-openvpn-s2s-0_1-13_el4_sme, smeserver-openvpn-s2s-0_1-19_el4_sme, smeserver-openvpn-s2s-0_1-14_el4_sme, smeserver-openvpn-s2s-0_1-12_el4_sme, smeserver-openvpn-s2s-0_1-18_el4_sme, smeserver-openvpn-s2s-0_1-16_el4_sme, smeserver-openvpn-s2s-0_1-20_el4_sme, smeserver-openvpn-s2s-0_1-21_el4_sme, smeserver-openvpn-s2s-0_1-11_el4_sme, HEAD 
Initial import
1 slords 1.1 diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/createlinks mezzanine_patched_smeserver-openvpn-s2s-0.1/createlinks
2     --- smeserver-openvpn-s2s-0.1/createlinks 2010-10-17 23:38:54.000000000 +0200
3     +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/createlinks 2010-10-17 23:27:55.000000000 +0200
4     @@ -11,9 +11,11 @@
5    
6     event_link("openvpn-s2s-delete-networks", "openvpn-s2s-update", "10");
7     event_link("openvpn-s2s-genconf", "openvpn-s2s-update", "20");
8     +event_link("openvpn-s2s-update-crl", "openvpn-s2s-update", "30");
9     event_link("openvpn-s2s-genconf", "bootstrap-console-save", "80");
10    
11     templates2events("/etc/rc.d/init.d/masq", qw/openvpn-s2s-update/);
12     +templates2events("/etc/crontab", qw/openvpn-s2s-update/);
13    
14     panel_link("openvpns2s", 'manager');
15    
16     diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/events/actions/openvpn-s2s-update-crl mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/events/actions/openvpn-s2s-update-crl
17     --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/events/actions/openvpn-s2s-update-crl 1970-01-01 01:00:00.000000000 +0100
18     +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/events/actions/openvpn-s2s-update-crl 2010-10-17 23:35:10.000000000 +0200
19     @@ -0,0 +1,34 @@
20     +#!/bin/bash
21     +
22     +DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
23     +
24     +for VPN in $(/sbin/e-smith/db openvpn-s2s keys); do
25     + URL=$(/sbin/e-smith/db openvpn-s2s getprop $VPN CrlUrl)
26     + AUTH=$(/sbin/e-smith/db openvpn-s2s getprop $VPN Authentication)
27     +
28     + if [ ! -z "$URL" -a "$AUTH" == 'TLS' ]; then
29     +
30     + /usr/bin/wget $URL -O /tmp/cacrl.pem > /dev/null 2>&1
31     +
32     + /usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1
33     +
34     + if [ "$?" -eq "0" ]; then
35     + /bin/mv -f /tmp/cacrl.pem /etc/openvpn/s2s/pub/"$VPN"_cacrl.pem > /dev/null 2>&1
36     + else
37     + cat > /tmp/crlmail <<END
38     +
39     +An error occured while updating the CRL for the VPN ID $VPN
40     +because openssl didn't recognize the file as a valid CRL.
41     +Below is the copy of the latest CRL downloaded from
42     +$URL
43     +
44     +END
45     + cat /tmp/cacrl.pem >> /tmp/crlmail
46     + mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail
47     + fi
48     +
49     + rm -f /tmp/cacrl.pem
50     + rm -f /tmp/crlmail
51     + fi
52     +done
53     +
54     diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl
55     --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl 1970-01-01 01:00:00.000000000 +0100
56     +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl 2010-10-17 23:38:48.000000000 +0200
57     @@ -0,0 +1,15 @@
58     +{
59     +if ((${'openvpn-s2s'}{'status'} || 'disabled') eq 'enabled'){
60     + $OUT .=<<"HERE";
61     +# Update OpenVPN Site To Site CRLs
62     +10 * * * * root /etc/e-smith/events/actions/openvpn-s2s-update-crl 2>&1 /dev/null
63     +
64     +HERE
65     +else{
66     + $OUT .=<<"HERE";
67     +# OpenVPN Site to Site service is disabled
68     +# CRL updates are not running
69     +
70     +HERE
71     +}
72     +}
73     diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key
74     --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-17 23:38:54.000000000 +0200
75     +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-17 23:23:40.000000000 +0200
76     @@ -8,23 +8,29 @@
77     }
78     elsif ($auth eq 'TLS'){
79     if ($type eq 'server'){
80     - $OUT .= "tls-server\n";
81     - $OUT .= "ca pub/$key" . "_cacert.pem\n";
82     - $OUT .= "cert pub/$key" . "_cert.pem\n";
83     - $OUT .= "key priv/$key" . "_key.pem\n";
84     - $OUT .= "dh pub/$key" . "_dh.pem\n";
85     - $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
86     + $OUT .= "tls-server\n";
87     + $OUT .= "ca pub/$key" . "_cacert.pem\n";
88     + $OUT .= "cert pub/$key" . "_cert.pem\n";
89     + $OUT .= "key priv/$key" . "_key.pem\n";
90     + $OUT .= "dh pub/$key" . "_dh.pem\n";
91     + $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
92     if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
93     ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
94     + $OUT .= "crl-verify pub/$key" . "_cacrl.pem\n"
95     + if ( -e "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' ) &&
96     + ( ! -z "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' );
97     }
98     else{
99     - $OUT .= "tls-client\n";
100     - $OUT .= "ca pub/$key" . "_cacert.pem\n";
101     - $OUT .= "cert pub/$key" . "_cert.pem\n";
102     - $OUT .= "key priv/$key" . "_key.pem\n";
103     - $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
104     + $OUT .= "tls-client\n";
105     + $OUT .= "ca pub/$key" . "_cacert.pem\n";
106     + $OUT .= "cert pub/$key" . "_cert.pem\n";
107     + $OUT .= "key priv/$key" . "_key.pem\n";
108     + $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
109     if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
110     ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
111     + $OUT .= "crl-verify pub/$key" . "_cacrl.pem\n"
112     + if ( -e "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' ) &&
113     + ( ! -z "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' );
114     }
115     }
116    
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed