From 1d0a260a8b804e43037a2c0aa3ef9bae1ddca656 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 29 Dec 2013 21:13:55 +0100
Subject: [PATCH] openvpn: Move verify script out of configuration directory.

---
 config/rootfiles/common/openvpn          | 2 +-
 config/rootfiles/core/75/filelists/files | 2 +-
 config/rootfiles/core/75/update.sh       | 6 ++++++
 html/cgi-bin/ovpnmain.cgi                | 2 +-
 lfs/openvpn                              | 3 ++-
 5 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index ae6d6eee6..d1b836a1b 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -5,6 +5,7 @@
 usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
 #usr/lib/openvpn/plugins/openvpn-plugin-down-root.la
 usr/lib/openvpn/plugins/openvpn-plugin-down-root.so
+usr/lib/openvpn/verify
 usr/sbin/openvpn
 #usr/share/doc/openvpn
 #usr/share/doc/openvpn/COPYING
@@ -31,4 +32,3 @@ var/ipfire/ovpn/ovpn-leases.db
 var/ipfire/ovpn/ovpnconfig
 var/ipfire/ovpn/scripts
 var/ipfire/ovpn/settings
-var/ipfire/ovpn/verify
diff --git a/config/rootfiles/core/75/filelists/files b/config/rootfiles/core/75/filelists/files
index 46af05486..647eb2660 100644
--- a/config/rootfiles/core/75/filelists/files
+++ b/config/rootfiles/core/75/filelists/files
@@ -1,6 +1,6 @@
 etc/system-release
 etc/issue
 opt/pakfire/lib/functions.pl
+usr/lib/openvpn/verify
 var/ipfire/header.pl
 var/ipfire/langs
-var/ipfire/ovpn/verify
diff --git a/config/rootfiles/core/75/update.sh b/config/rootfiles/core/75/update.sh
index 05e2de3e6..3fd00fe3b 100644
--- a/config/rootfiles/core/75/update.sh
+++ b/config/rootfiles/core/75/update.sh
@@ -38,6 +38,12 @@ extract_files
 
 # Start services
 
+# Replace path to verify script.
+if [ -r "/var/ipfire/ovpn/server.conf" ]; then
+	sed -e "s@^tls-verify.*@tls-verify /usr/lib/openvpn/verify@g" \
+		-i /var/ipfire/ovpn/server.conf
+fi
+
 # Update Language cache
 perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 73e610bfd..2f3ac4d55 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -425,7 +425,7 @@ sub writeserverconf {
     if ($sovpnsettings{DHCP_WINS} ne '') {
 	print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
     }	
-    print CONF "tls-verify /var/ipfire/ovpn/verify\n";
+    print CONF "tls-verify /usr/lib/openvpn/verify\n";
     print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
     print CONF "user nobody\n";
     print CONF "group nobody\n";
diff --git a/lfs/openvpn b/lfs/openvpn
index 87daf07eb..727d3741f 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -93,8 +93,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	chown -R root:root /var/ipfire/ovpn/scripts
 	chown -R nobody:nobody /var/ipfire/ovpn
 	chown root.nobody /var/log/ovpnserver.log
-	chmod 755 /var/ipfire/ovpn/verify
 	chmod 660 /var/log/ovpnserver.log
 	chmod 700 /var/ipfire/ovpn/certs
+	mv -v /var/ipfire/ovpn/verify /usr/lib/openvpn/verify
+	chmod 755 /usr/lib/openvpn/verify
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
-- 
2.39.2