From a2480a2159acb8e667f7d51a7f7798e72c8509ac Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 9 Jul 2012 13:14:56 +0000
Subject: [PATCH] properly bundle the CA certificate within the PKCS12 file

---
 autovpn/vpn_app.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/autovpn/vpn_app.py b/autovpn/vpn_app.py
index d4f50ae..145e610 100644
--- a/autovpn/vpn_app.py
+++ b/autovpn/vpn_app.py
@@ -136,15 +136,14 @@ Further info:
 def to_pkcs12(crt_pem, key_pem, ca_pem):
     """Pack credentials into a PKCS12-format buffer."""
     tmpdir = tempfile.mkdtemp()
+    bundle_pem = '\n'.join([ca_pem, crt_pem])
     try:
-        for name, content in [
-            ('crt.pem', crt_pem), ('key.pem', key_pem), ('ca.pem', ca_pem)]:
+        for name, content in [('bundle.pem', bundle_pem), ('key.pem', key_pem)]:
             with open(os.path.join(tmpdir, name), 'w') as fd:
                 fd.write(content)
         pipe = subprocess.Popen(
             ['openssl', 'pkcs12', '-export', '-password', 'pass:',
-             '-in', 'crt.pem', '-inkey', 'key.pem',
-             '-CAfile', 'ca.pem'],
+             '-in', 'bundle.pem', '-inkey', 'key.pem'],
             cwd=tmpdir, stdout=subprocess.PIPE)
         return pipe.communicate()[0]
     finally:
-- 
GitLab