Commit 1adf6ab2 authored by ale's avatar ale

add a PKCS#12 file to the zip archive (for quick configuration of the android client)

parent ad7158b5
...@@ -2,6 +2,9 @@ import datetime ...@@ -2,6 +2,9 @@ import datetime
import functools import functools
import logging import logging
import os import os
import shutil
import subprocess
import tempfile
import uuid import uuid
import zipfile import zipfile
from cStringIO import StringIO from cStringIO import StringIO
...@@ -105,6 +108,18 @@ The ZIP file contains a configuration for Tunnelblick. Double-click ...@@ -105,6 +108,18 @@ The ZIP file contains a configuration for Tunnelblick. Double-click
on it and it will install itself automatically. on it and it will install itself automatically.
Check out the OpenVPN app at,
to use it:
- Select the PKCS12 format for the credentials and select the
<uuid>.pfx file from the ZIP archive.
- Ensure that LZO compression is disabled.
References References
---------- ----------
...@@ -118,6 +133,24 @@ Further info: ...@@ -118,6 +133,24 @@ Further info:
''' '''
def to_pkcs12(crt_pem, key_pem, ca_pem):
"""Pack credentials into a PKCS12-format buffer."""
tmpdir = tempfile.mkdtemp()
for name, content in [
('crt.pem', crt_pem), ('key.pem', key_pem), ('ca.pem', ca_pem)]:
with open(os.path.join(tmpdir, name)) as fd:
pipe = subprocess.Popen(
['openssl', 'pkcs12', '-export', '-password', 'pass:',
'-in', 'crt.pem', '-inkey', 'key.pem',
'-CAfile', 'ca.pem'],
cwd=tmpdir, stdout=subprocess.PIPE)
return pipe.communicate()[0]
def csrf(methods=('POST',)): def csrf(methods=('POST',)):
def _csrf(fn): def _csrf(fn):
@functools.wraps(fn) @functools.wraps(fn)
...@@ -214,13 +247,16 @@ def new_cert_dl(): ...@@ -214,13 +247,16 @@ def new_cert_dl():
'vpn_endpoint': current_app.config['VPN_ENDPOINT'], 'vpn_endpoint': current_app.config['VPN_ENDPOINT'],
'vpn_site': current_app.config['VPN_SITE_URL'], 'vpn_site': current_app.config['VPN_SITE_URL'],
'expiry_date': expiry_date.strftime('%Y/%m/%d')} 'expiry_date': expiry_date.strftime('%Y/%m/%d')}
ca_pem =
crt_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) crt_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey) key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
pkcs12 = to_pkcs12(crt_pem, key_pem, ca_pem)
manifest = [ manifest = [
('ca.crt',, ('ca.crt', ca_pem),
('crl.pem','pem')), ('crl.pem','pem')),
('%s.crt' % cn, crt_pem), ('%s.crt' % cn, crt_pem),
('%s.key' % cn, key_pem), ('%s.key' % cn, key_pem),
('%s.pfx' % cn, pkcs12),
('openvpn-%s.conf' % cn, OPENVPN_CONFIG_TEMPLATE % vars), ('openvpn-%s.conf' % cn, OPENVPN_CONFIG_TEMPLATE % vars),
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment