mirror of
https://github.com/angristan/openvpn-install.git
synced 2025-12-30 22:57:01 +01:00
28050efa50
## Summary Fixes fingerprint mode (OpenVPN 2.6+ peer-fingerprint authentication) which was broken for client management operations. ### CI Fix Docker environment variables (`AUTH_MODE`, etc.) weren't being passed to the systemd service running tests. Added `PassEnvironment` directive to fix this. ### Script Fixes In fingerprint mode, `easyrsa self-sign-*` commands don't create/maintain `index.txt`, but several functions depended on it. **Fixed operations:** - `selectClient()`: uses fingerprints from server.conf instead of index.txt - `listClients()`: scans certs in pki/issued/, marks those without fingerprint as revoked - `newClient()`: duplicate check works in fingerprint mode, cleans up revoked cert files for name reuse - `revokeClient()`: removes fingerprint from server.conf, keeps cert for listing - `renewClient()`: uses `self-sign-client` instead of `easyrsa renew` - `renewServer()`: uses `self-sign-server` + regenerates all client configs (they embed server fingerprint) **New helpers:** - `getAuthMode()` - returns "pki" or "fingerprint" - `getClientsFromFingerprints()` - parses client names from server.conf - `clientExistsInFingerprints()` - checks client existence - `getCertExpiry()` - extracts expiry date/days from cert file - `removeCertFiles()` - removes cert/key/req files for regeneration - `extractFingerprint()` - gets SHA256 fingerprint from cert Fixes #1444