From 268d2891e3433481091e19a63be313fe40e19642 Mon Sep 17 00:00:00 2001
From: pedro <pedro311@gmail.com>
Date: Tue, 31 Aug 2021 10:53:46 +0200
Subject: [PATCH] GUI: OpenVPN Server: fix generation of the correct CA Key
 previously caused clients errors. In order to work properly, the key must be
 generated again both for the server and client(s).

---
 release/src-rt-6.x.4708/router/httpd/gencert.sh            | 1 +
 release/src-rt-6.x.4708/router/rom/rom/etc/ssl/openssl.cnf | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/release/src-rt-6.x.4708/router/httpd/gencert.sh b/release/src-rt-6.x.4708/router/httpd/gencert.sh
index e6067d9e75..89ba9b2404 100644
--- a/release/src-rt-6.x.4708/router/httpd/gencert.sh
+++ b/release/src-rt-6.x.4708/router/httpd/gencert.sh
@@ -39,6 +39,7 @@ sed -i "/\[ v3_ca \]/aextendedKeyUsage=serverAuth" $OPENSSLCNF
 # Start of SAN extensions
 sed -i "/\[ CA_default \]/acopy_extensions=copy" $OPENSSLCNF
 sed -i "/\[ v3_ca \]/asubjectAltName=@alt_names" $OPENSSLCNF
+sed -i "/\[ v3_ca \]/akeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment" $OPENSSLCNF
 sed -i "/\[ v3_req \]/asubjectAltName=@alt_names" $OPENSSLCNF
 echo "[alt_names]" >> $OPENSSLCNF
 
diff --git a/release/src-rt-6.x.4708/router/rom/rom/etc/ssl/openssl.cnf b/release/src-rt-6.x.4708/router/rom/rom/etc/ssl/openssl.cnf
index 2e837bc832..42e44c86d1 100644
--- a/release/src-rt-6.x.4708/router/rom/rom/etc/ssl/openssl.cnf
+++ b/release/src-rt-6.x.4708/router/rom/rom/etc/ssl/openssl.cnf
@@ -148,7 +148,7 @@ basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
-keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+# keyUsage = cRLSign, keyCertSign
 
 # Some might want this also
 # nsCertType = sslCA, emailCA