From 030e6ce98d1ed73d42f85df2b74507b82e782c76 Mon Sep 17 00:00:00 2001
From: Joseph Nuthalapati <njoseph@riseup.net>
Date: Sat, 7 Nov 2020 16:47:46 +0530
Subject: [PATCH] openvpn: Remove opinion on which curve to use

Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 actions/openvpn                                    | 9 +++------
 plinth/modules/openvpn/tests/conftest.py           | 2 +-
 plinth/modules/openvpn/tests/test_configuration.py | 2 +-
 3 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/actions/openvpn b/actions/openvpn
index 1245a68c5..1d0f635b4 100755
--- a/actions/openvpn
+++ b/actions/openvpn
@@ -10,15 +10,13 @@ import subprocess
 
 import augeas
 
-from plinth import action_utils, utils
+from plinth import action_utils
 
 KEYS_DIRECTORY = '/etc/openvpn/freedombox-keys'
 
 DH_PARAMS = f'{KEYS_DIRECTORY}/pki/dh.pem'
 
-CURVE = 'secp521r1'
-
-EC_PARAMS = f'{KEYS_DIRECTORY}/pki/ecparams/{CURVE}.pem'
+EC_PARAMS_DIR = f'{KEYS_DIRECTORY}/pki/ecparams'
 
 SERVER_CONFIGURATION_PATH = '/etc/openvpn/server/freedombox.conf'
 
@@ -77,7 +75,6 @@ verb 3
 CERTIFICATE_CONFIGURATION = {
     'EASYRSA_BATCH': '1',
     'EASYRSA_ALGO': 'ec',
-    'EASYRSA_CURVE': CURVE,
     'EASYRSA_DIGEST': 'sha512',
     'KEY_CONFIG': '/usr/share/easy-rsa/openssl-easyrsa.cnf',
     'KEY_DIR': KEYS_DIRECTORY,
@@ -116,7 +113,7 @@ def parse_arguments():
 
 def _is_setup():
     """Return whether setup is complete."""
-    return any(utils.is_non_empty_file(fil) for fil in [DH_PARAMS, EC_PARAMS])
+    return any(os.path.exists(fil) for fil in [DH_PARAMS, EC_PARAMS_DIR])
 
 
 def subcommand_is_setup(_):
diff --git a/plinth/modules/openvpn/tests/conftest.py b/plinth/modules/openvpn/tests/conftest.py
index 832cbfdca..790f4b578 100644
--- a/plinth/modules/openvpn/tests/conftest.py
+++ b/plinth/modules/openvpn/tests/conftest.py
@@ -36,7 +36,7 @@ def fixture_call_action(capsys, keys_directory):
 
     def _call_action(module_name, args, **kwargs):
         actions.DH_PARAMS = f'{keys_directory}/pki/dh.pem'
-        actions.EC_PARAMS = f'{keys_directory}/pki/ecparams/secp521r1.pem'
+        actions.EC_PARAMS_DIR = f'{keys_directory}/pki/ecparams'
         with patch('argparse._sys.argv', [module_name] + args):
             actions.main()
             captured = capsys.readouterr()
diff --git a/plinth/modules/openvpn/tests/test_configuration.py b/plinth/modules/openvpn/tests/test_configuration.py
index fdfe87e95..a023bd92a 100644
--- a/plinth/modules/openvpn/tests/test_configuration.py
+++ b/plinth/modules/openvpn/tests/test_configuration.py
@@ -47,7 +47,7 @@ def test_is_setup_with_ecc(keys_directory, call_action):
     """is_setup should work with RSA configuration."""
     with patch('plinth.actions.superuser_run', call_action):
         (keys_directory / 'pki' / 'ecparams').mkdir(parents=True)
-        ec_params_file = keys_directory / 'pki' / 'ecparams' / 'secp521r1.pem'
+        ec_params_file = keys_directory / 'pki' / 'ecparams' / 'somecurve.pem'
         ec_params_file.write_text('some content')
         assert openvpn.is_setup()
         os.remove(ec_params_file)