openvpn: shellpki upstream release 22.12.2

3 months ago · 0722b84341
parent d4f58b9395
commit 0722b84341
3 changed files with 9 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -45,7 +45,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * varnish: better package facts usage with check mode and tags
 * varnish: systemd override depends on Varnish version instead of Debian version
 * keepalived: change exit code (warning if runnin but not on expected state ; critical if not running)
-* openvpn: shellpki upstream release 22.12
+* openvpn: shellpki upstream release 22.12.2
 * openvpn: specifies that the mail for expirations is for OpenVPN

 ### Fixed
--- a/openvpn/files/shellpki/openssl.cnf
+++ b/openvpn/files/shellpki/openssl.cnf
@ -1,4 +1,4 @@
-# VERSION="22.04"
+# VERSION="22.12.2"

 [ ca ]
 default_ca      = CA_default
@ -14,7 +14,7 @@ crl             = $dir/crl.pem
 private_key     = $dir/cakey.key
 RANDFILE        = $dir/.rand
 default_days    = 365
-default_crl_days= 365
+default_crl_days= 730
 default_md      = sha256
 preserve        = no
 policy          = policy_match
--- a/openvpn/files/shellpki/shellpki
+++ b/openvpn/files/shellpki/shellpki
@ -5,7 +5,7 @@

 set -u

-VERSION="22.12"
+VERSION="22.12.2"

 show_version() {
    cat <<END
@ -224,7 +224,7 @@ replace_existing_or_abort() {
 init() {
    umask 0177

-    [ -d "${CA_DIR}" ] || mkdir -m 0750 "${CA_DIR}"
+    [ -d "${CA_DIR}" ] || mkdir -m 0751 "${CA_DIR}"
    [ -d "${CRT_DIR}" ] || mkdir -m 0750 "${CRT_DIR}"
    [ -f "${INDEX_FILE}" ] || touch "${INDEX_FILE}"
    [ -f "${INDEX_FILE}.attr" ] || touch "${INDEX_FILE}.attr"
@ -1103,9 +1103,11 @@ main() {

    # fix right
    chown -R "${PKI_USER}":"${PKI_USER}" "${CA_DIR}"
-    chmod 750 "${CA_DIR}" "${CRT_DIR}" "${KEY_DIR}" "${CSR_DIR}" "${PKCS12_DIR}" "${OVPN_DIR}" "${TMP_DIR}"
-    chmod 600 "${INDEX_FILE}"* "${SERIAL}"* "${CA_KEY}" "${CRL}"
+    chmod 750 "${CRT_DIR}" "${KEY_DIR}" "${CSR_DIR}" "${PKCS12_DIR}" "${OVPN_DIR}" "${TMP_DIR}"
+    chmod 600 "${INDEX_FILE}"* "${SERIAL}"* "${CA_KEY}"
    chmod 640 "${CA_CERT}"
+    chmod 604 "${CRL}"
+    chmod 751 "${CA_DIR}"
 }

 main "$@"