From 0e912614466983402eb487316dccdd1af0e5d02a Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Thu, 24 Aug 2023 10:33:45 -0700
Subject: [PATCH] openvpn: Correctly set expiry of server/client certs to 10
 years

- After moving to easy-rsa 3.x, the expiry configuration key changed and
original intention of setting the expiry to 10 years was not working. Update the
key to set the expiry properly.

Tests:

- Install the app freshly and verify the server and client have 'Valid Not
After' date set 10 years in future.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 plinth/modules/openvpn/privileged.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plinth/modules/openvpn/privileged.py b/plinth/modules/openvpn/privileged.py
index 7880390d4..d7876bab3 100644
--- a/plinth/modules/openvpn/privileged.py
+++ b/plinth/modules/openvpn/privileged.py
@@ -77,7 +77,7 @@ CERTIFICATE_CONFIGURATION = {
     'KEY_DIR': KEYS_DIRECTORY,
     'EASYRSA_OPENSSL': 'openssl',
     'EASYRSA_CA_EXPIRE': '3650',
-    'EASYRSA_REQ_EXPIRE': '3650',
+    'EASYRSA_CERT_EXPIRE': '3650',
     'EASYRSA_REQ_COUNTRY': 'US',
     'EASYRSA_REQ_PROVINCE': 'NY',
     'EASYRSA_REQ_CITY': 'New York',