mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
fa58633e81
- Set renewal period to 3 years before expiry so that users not inconvenienced too much. - Renew server certificate if possible. - There are openvpn server setups where the expiry of the server certificate has been set to 2 years due to a bug in our code. Triggering a setup call will renew these certificates without effecting any clients. Even during the bug, CA certs were still be valid for 10 years. So, they are unaffected. - When downloading profile, if client certificate is renewable, renew before providing profile for download. Old certificates will still be valid until their expiry. Tests: - Without the patches, install openvpn app. Server certificate will be created with a validity of 2 years. Download the client profile. Apply patches, setup will be rerun. OpenVPN will be restarted. Server certificate will be renewed and show 10 years expiry. Old client profile will continue to connect successfully. It will have expiry of 2 years. Download the client profile again. It will an expiry of 10 years and will successfully to the server. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>