aiden
/
freshtomato-arm
mirror of https://bitbucket.org/pedro311/freshtomato-arm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

GUI: OpenVPN Server: fix generation of the correct CA Key previously caused clients errors. In order to work properly, the key must be generated again both for the server and client(s).

Browse Source
arm-sdk7
pedro 4 years ago
parent f46afd303a
commit 268d2891e3
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

1
release/src-rt-6.x.4708/router/httpd/gencert.sh
Unescape Escape View File

@ -39,6 +39,7 @@ sed -i "/\[ v3_ca \]/aextendedKeyUsage=serverAuth" $OPENSSLCNF
# Start of SAN extensions # Start of SAN extensions
sed -i "/\[ CA_default \]/acopy_extensions=copy" $OPENSSLCNF sed -i "/\[ CA_default \]/acopy_extensions=copy" $OPENSSLCNF
sed -i "/\[ v3_ca \]/asubjectAltName=@alt_names" $OPENSSLCNF sed -i "/\[ v3_ca \]/asubjectAltName=@alt_names" $OPENSSLCNF
sed -i "/\[ v3_ca \]/akeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment" $OPENSSLCNF
sed -i "/\[ v3_req \]/asubjectAltName=@alt_names" $OPENSSLCNF sed -i "/\[ v3_req \]/asubjectAltName=@alt_names" $OPENSSLCNF
echo "[alt_names]" >> $OPENSSLCNF echo "[alt_names]" >> $OPENSSLCNF

2
release/src-rt-6.x.4708/router/rom/rom/etc/ssl/openssl.cnf
Unescape Escape View File

@ -148,7 +148,7 @@ basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will # Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best # prevent it being used as an test self-signed certificate it is best
# left out by default. # left out by default.
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment # keyUsage = cRLSign, keyCertSign
# Some might want this also # Some might want this also
# nsCertType = sslCA, emailCA # nsCertType = sslCA, emailCA

Write Preview
Loading…
Cancel
Save