Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-31 06:57:02 +01:00
Code Issues Projects Releases Wiki Activity

fix: support fingerprint mode in client management operations (#1446)

Browse Source 
## Summary

Fixes fingerprint mode (OpenVPN 2.6+ peer-fingerprint authentication)
which was broken for client management operations.

### CI Fix
Docker environment variables (`AUTH_MODE`, etc.) weren't being passed to
the systemd service running tests. Added `PassEnvironment` directive to
fix this.

### Script Fixes
In fingerprint mode, `easyrsa self-sign-*` commands don't
create/maintain `index.txt`, but several functions depended on it.

**Fixed operations:**
- `selectClient()`: uses fingerprints from server.conf instead of
index.txt
- `listClients()`: scans certs in pki/issued/, marks those without
fingerprint as revoked
- `newClient()`: duplicate check works in fingerprint mode, cleans up
revoked cert files for name reuse
- `revokeClient()`: removes fingerprint from server.conf, keeps cert for
listing
- `renewClient()`: uses `self-sign-client` instead of `easyrsa renew`
- `renewServer()`: uses `self-sign-server` + regenerates all client
configs (they embed server fingerprint)

**New helpers:**
- `getAuthMode()` - returns "pki" or "fingerprint"
- `getClientsFromFingerprints()` - parses client names from server.conf
- `clientExistsInFingerprints()` - checks client existence
- `getCertExpiry()` - extracts expiry date/days from cert file
- `removeCertFiles()` - removes cert/key/req files for regeneration
- `extractFingerprint()` - gets SHA256 fingerprint from cert

Fixes #1444
This commit is contained in:
Stanislas
2025-12-29 17:04:45 +01:00
committed by GitHub
parent 62e98f79e0
commit 28050efa50
3 changed files with 275 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/Dockerfile.server
View File

@@ -71,6 +71,7 @@ COPY test/validate-output.sh /opt/test/validate-output.sh
RUN chmod +x /entrypoint.sh /opt/test/validate-output.sh
# Create systemd service for the test script
# PassEnvironment passes Docker env vars (-e) from PID 1 to the service
RUN printf '%s\n' \
'[Unit]' \
'Description=OpenVPN Installation Test' \
@@ -79,6 +80,7 @@ RUN printf '%s\n' \
'[Service]' \
'Type=oneshot' \
'Environment=HOME=/root' \
'PassEnvironment=AUTH_MODE TLS_SIG TLS_KEY_FILE TLS_VERSION_MIN TLS13_CIPHERSUITES CLIENT_IPV6 VPN_SUBNET_IPV6' \
'WorkingDirectory=/root' \
'ExecStart=/entrypoint.sh' \
'RemainAfterExit=yes' \