git.ipfire.org Git - ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Sat, 3 Jun 2023 14:05:41 +0000 (16:05 +0200)
committer	Peter Müller <peter.mueller@ipfire.org>
	Mon, 5 Jun 2023 14:51:33 +0000 (14:51 +0000)
commit	94aa82fa619448229737bf545b768f0ca7177b0c
tree	56de56eb6e238aa5e0a7a74d03d36b793b16a0e2	tree \| snapshot
parent	495ea08478cb9520fb9d94fff43ace46f6c3a368	commit \| diff

vpnmain.cgi: Fixes bug#13138 - root/host certificate set fails to be created

- The change to openssl-3.x results in the openssl commands that start with ca failing
   with the error message
     OpenSSL produced an error: <br>40E7B4719B730000:error:0700006C:configuration file
     routines:NCONF_get_string:no value:crypto/conf/conf_lib.c:315:group=<NULL>
     name=unique_subject
- The fix for this is to include the unique_subject = yes line into
   /var/ipfire/certs/index.txt.attr
- Additionally, based on the learnings from bug#13137 on OpenVPN, any openssl commands
   dealing with pkcs12 (.p12) files that were created with openssl-1.1.1x fail when being
   accessed with openssl-3.x due to the no longer supported algorithm. These can be
   accessed if the -legacy option is added to every openssl command dealing with pkcs12

Fixes: Bug#13138
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>