From 7d1d7e0bec4c7f991dbbb622ce414e0b91d14d74 Mon Sep 17 00:00:00 2001
From: Adolf Belka <adolf.belka@ipfire.org>
Date: Sun, 2 Mar 2025 20:14:30 +0100
Subject: [PATCH] vpnmain.cgi: Fixes bug13737 - increments the serial number to
 allow cert regen

- When the regeneration is carried out the existing cert, with serial number 01, is
   revoked but when the new cert is created the serial number is still 01 causing error
   messages about the new cert being revoked.
- This patch increments the serial number from 01 to 02 after the initial root/host
   certificate set is created.
- Then when the olf cert is revoked the new one uses serial number 02 but also
   automatically increments it again. So all future regenerations work without problems.
- Tested out on a physical IPFire system.

Fixes: bug13737
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index a1d0f0e2a..fe14b38f0 100755
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1241,6 +1241,13 @@ END
 	exit(0);
 
 	ROOTCERT_SUCCESS:
+
+# Increment the serial number to 02 after root and host certificates are
+# created so that cert regeneration works.
+	open(FILE, ">${General::swroot}/certs/serial");
+	print FILE "02";
+	close FILE;
+
 	if (&vpnenabled) {
 		&General::system('/usr/local/bin/ipsecctrl', 'S');
 		sleep $sleepDelay;
-- 
2.39.5