- This first part removes all usages of &cleanssldatabase with the client certificates.
This is not needed here. If used then the serial number would be moved back to 01 when
an existing client certificate is removged or a new one created, even if no errors
occurred.
- The usage of &cleanssldatabase has also been removed from the root/host cert creation
if it was successful, otherwise the index file is moved back to being empty and the
serial file to containing 01.
- The only usage now of the &cleanssldatabase is for when the root/host cert set is
being created or if an uploaded cert has been checked as good to install.
- This now means that each time a new client certificate is created the serial number
is incremented.
- The removal of the x509 root/host cert also unlinks all .pem files in the certs
directory and therefore also all the 01.pem, 02.pem etc files so the
&cleanssldatabase routine no longer needs to unlink the 01.pem file
- The &newcleanssldatabase script is no longer needed, as the &cleanssldatabase commands
used covers the required cleaning, so it has been removed.
- This patch together with the others from this set have been tested out on my vm system
and I was able to create a new root/host cert set and then new client certs and make
an ipsec certificate connection successfully. I could then renew the host cert and
the client connection still worked.
Fixes: bug13737 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / ms / ipfire-2.x.git / commit
