Commit 1adf6ab2 authored by ale's avatar ale
Browse files

add a PKCS#12 file to the zip archive (for quick configuration of the android client)

parent ad7158b5
......@@ -2,6 +2,9 @@ import datetime
import functools
import logging
import os
import shutil
import subprocess
import tempfile
import uuid
import zipfile
from cStringIO import StringIO
......@@ -105,6 +108,18 @@ The ZIP file contains a configuration for Tunnelblick. Double-click
on it and it will install itself automatically.
Check out the OpenVPN app at,
to use it:
- Select the PKCS12 format for the credentials and select the
<uuid>.pfx file from the ZIP archive.
- Ensure that LZO compression is disabled.
......@@ -118,6 +133,24 @@ Further info:
def to_pkcs12(crt_pem, key_pem, ca_pem):
"""Pack credentials into a PKCS12-format buffer."""
tmpdir = tempfile.mkdtemp()
for name, content in [
('crt.pem', crt_pem), ('key.pem', key_pem), ('ca.pem', ca_pem)]:
with open(os.path.join(tmpdir, name)) as fd:
pipe = subprocess.Popen(
['openssl', 'pkcs12', '-export', '-password', 'pass:',
'-in', 'crt.pem', '-inkey', 'key.pem',
'-CAfile', 'ca.pem'],
cwd=tmpdir, stdout=subprocess.PIPE)
return pipe.communicate()[0]
def csrf(methods=('POST',)):
def _csrf(fn):
......@@ -214,13 +247,16 @@ def new_cert_dl():
'vpn_endpoint': current_app.config['VPN_ENDPOINT'],
'vpn_site': current_app.config['VPN_SITE_URL'],
'expiry_date': expiry_date.strftime('%Y/%m/%d')}
ca_pem =
crt_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
pkcs12 = to_pkcs12(crt_pem, key_pem, ca_pem)
manifest = [
('ca.crt', ca_pem),
('%s.crt' % cn, crt_pem),
('%s.key' % cn, key_pem),
('%s.pfx' % cn, pkcs12),
('openvpn-%s.conf' % cn, OPENVPN_CONFIG_TEMPLATE % vars),
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment