ovpnmain.cgi: No longer include the CA in the client configuration

NetworkManager complains that it cannot use <ca>...</ca> when
<pkcs12>...</pkcs12> is being used as well. This makes somehwat sense as
the PKCS12 container also contains the CA certificate.

Therefore we are removing the <ca>...</ca> block for all clients as they
must all be able to read the PKCS12 container.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index dd4f98246912c5fb93523a2edf72ab9e2d7731cf..e53bd6e28b6bd113d272563720de0950d86253b2 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2479,16 +2479,6 @@ END
                        print "providers legacy default\n";
                }
 
-               # CA
-               open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem");
-               print "\n<ca>\n";
-               while (<FILE>) {
-                       chomp($_);
-                       print "$_\n";
-               }
-               print "</ca>\n";
-               close(FILE);
-
                # PKCS12
                open(FILE, "<${General::swroot}/ovpn/certs/${name}.p12");
                print "\n<pkcs12>\n";