vpnmain.cgi: Fixes bug13737 - increments the serial number to allow cert regen

- When the regeneration is carried out the existing cert, with serial number 01, is
   revoked but when the new cert is created the serial number is still 01 causing error
   messages about the new cert being revoked.
- This patch increments the serial number from 01 to 02 after the initial root/host
   certificate set is created.
- Then when the olf cert is revoked the new one uses serial number 02 but also
   automatically increments it again. So all future regenerations work without problems.
- Tested out on a physical IPFire system.

Fixes: bug13737
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index a1d0f0e2ac819557371fec721afaa79302a34d40..fe14b38f0a37b1d6520bb613b9e92223b2d08d90 100755 (executable)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1241,6 +1241,13 @@ END
        exit(0);
 
        ROOTCERT_SUCCESS:
+
+# Increment the serial number to 02 after root and host certificates are
+# created so that cert regeneration works.
+       open(FILE, ">${General::swroot}/certs/serial");
+       print FILE "02";
+       close FILE;
+
        if (&vpnenabled) {
                &General::system('/usr/local/bin/ipsecctrl', 'S');
                sleep $sleepDelay;