nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gluon-mesh-vpn-openvpn: fix 509

Browse Source
This commit is contained in:
Maciej Krüger 2022-05-26 11:22:56 +02:00 committed by Alexander List
parent 8deacca70c
commit a00556df7a
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn
View File

@ -32,17 +32,19 @@ end
-- if mesh_vpn is on but we have no key, even tho we need one then we can't proceed -- if mesh_vpn is on but we have no key, even tho we need one then we can't proceed
if vpn.key ~= nil and not file_exists(vpn.key) then if vpn.key ~= nil and not file_exists(vpn.key) then
if site.mesh_vpn.openvpn.self_signed(true) then if site.mesh_vpn.openvpn.self_signed(true) then
local name = ssl.x509.name.new{
{ C = 'CN'},
{ O = 'gluon' },
{ CN = sysconfig.primary_mac }
}
local key = ssl.pkey.new() local key = ssl.pkey.new()
local cert = ssl.x509:new() local cert = ssl.x509:new()
cert:notbefore(os.time()) cert:notbefore(os.time())
cert:notafter(os.time() + 10 * 365 * 24 * 60) cert:notafter(os.time() + 10 * 365 * 24 * 60)
cert:subject(ssl.x509.name.new{ cert:subject(name)
{ C = 'CN'}, cert:sign(key, name)
{ O = 'gluon' },
{ CN = sysconfig.primary_mac }
})
cert:sign(key:export())
local certf = io.open(vpn.cert, 'w+') local certf = io.open(vpn.cert, 'w+')
certf:write(cert:export()) certf:write(cert:export())