openvpn: Remove opinion on which curve to use

Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-21 07:55:00 +00:00 · 2020-11-07 16:47:46 +05:30 · 2020-11-07 16:47:46 +05:30 · 030e6ce98d
commit 030e6ce98d
parent 3676fd1a87
3 changed files with 5 additions and 8 deletions
--- a/actions/openvpn
+++ b/actions/openvpn
@ -10,15 +10,13 @@ import subprocess

 import augeas

-from plinth import action_utils, utils
+from plinth import action_utils

 KEYS_DIRECTORY = '/etc/openvpn/freedombox-keys'

 DH_PARAMS = f'{KEYS_DIRECTORY}/pki/dh.pem'

-CURVE = 'secp521r1'
-
-EC_PARAMS = f'{KEYS_DIRECTORY}/pki/ecparams/{CURVE}.pem'
+EC_PARAMS_DIR = f'{KEYS_DIRECTORY}/pki/ecparams'

 SERVER_CONFIGURATION_PATH = '/etc/openvpn/server/freedombox.conf'

@ -77,7 +75,6 @@ verb 3
 CERTIFICATE_CONFIGURATION = {
    'EASYRSA_BATCH': '1',
    'EASYRSA_ALGO': 'ec',
-    'EASYRSA_CURVE': CURVE,
    'EASYRSA_DIGEST': 'sha512',
    'KEY_CONFIG': '/usr/share/easy-rsa/openssl-easyrsa.cnf',
    'KEY_DIR': KEYS_DIRECTORY,
@ -116,7 +113,7 @@ def parse_arguments():

 def _is_setup():
    """Return whether setup is complete."""
-    return any(utils.is_non_empty_file(fil) for fil in [DH_PARAMS, EC_PARAMS])
+    return any(os.path.exists(fil) for fil in [DH_PARAMS, EC_PARAMS_DIR])


 def subcommand_is_setup(_):
--- a/plinth/modules/openvpn/tests/conftest.py
+++ b/plinth/modules/openvpn/tests/conftest.py
@ -36,7 +36,7 @@ def fixture_call_action(capsys, keys_directory):

    def _call_action(module_name, args, **kwargs):
        actions.DH_PARAMS = f'{keys_directory}/pki/dh.pem'
-        actions.EC_PARAMS = f'{keys_directory}/pki/ecparams/secp521r1.pem'
+        actions.EC_PARAMS_DIR = f'{keys_directory}/pki/ecparams'
        with patch('argparse._sys.argv', [module_name] + args):
            actions.main()
            captured = capsys.readouterr()
--- a/plinth/modules/openvpn/tests/test_configuration.py
+++ b/plinth/modules/openvpn/tests/test_configuration.py
@ -47,7 +47,7 @@ def test_is_setup_with_ecc(keys_directory, call_action):
    """is_setup should work with RSA configuration."""
    with patch('plinth.actions.superuser_run', call_action):
        (keys_directory / 'pki' / 'ecparams').mkdir(parents=True)
-        ec_params_file = keys_directory / 'pki' / 'ecparams' / 'secp521r1.pem'
+        ec_params_file = keys_directory / 'pki' / 'ecparams' / 'somecurve.pem'
        ec_params_file.write_text('some content')
        assert openvpn.is_setup()
        os.remove(ec_params_file)