Commit c756b263 authored by ale's avatar ale
Browse files

add CRL verification to the client config

parent 693fd5e3
...@@ -35,6 +35,7 @@ persist-tun ...@@ -35,6 +35,7 @@ persist-tun
ca ca.crt ca ca.crt
cert %(cn)s.crt cert %(cn)s.crt
key %(cn)s.key key %(cn)s.key
crl-verify crl.pem
ns-cert-type server ns-cert-type server
''' '''
...@@ -186,6 +187,7 @@ def new_cert_dl(): ...@@ -186,6 +187,7 @@ def new_cert_dl():
key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey) key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
manifest = [ manifest = [
('ca.crt', g.ca.get_ca()), ('ca.crt', g.ca.get_ca()),
('crl.pem', g.ca.get_crl(format='pem')),
('%s.crt' % cn, crt_pem), ('%s.crt' % cn, crt_pem),
('%s.key' % cn, key_pem), ('%s.key' % cn, key_pem),
('openvpn-%s.conf' % cn, OPENVPN_CONFIG_TEMPLATE % vars), ('openvpn-%s.conf' % cn, OPENVPN_CONFIG_TEMPLATE % vars),
...@@ -195,6 +197,7 @@ def new_cert_dl(): ...@@ -195,6 +197,7 @@ def new_cert_dl():
('%s.tblk/Info.plist' % cn, TBLK_PLIST_TEMPLATE % vars), ('%s.tblk/Info.plist' % cn, TBLK_PLIST_TEMPLATE % vars),
('%s.tblk/config.ovpn' % cn, OPENVPN_CONFIG_TEMPLATE % vars), ('%s.tblk/config.ovpn' % cn, OPENVPN_CONFIG_TEMPLATE % vars),
('%s.tblk/ca.crt' % cn, g.ca.get_ca()), ('%s.tblk/ca.crt' % cn, g.ca.get_ca()),
('%s.tblk/crl.pem' % cn, g.ca.get_crl(format='pem')),
('%s.tblk/%s.crt' % (cn, cn), crt_pem), ('%s.tblk/%s.crt' % (cn, cn), crt_pem),
('%s.tblk/%s.key' % (cn, cn), key_pem), ('%s.tblk/%s.key' % (cn, cn), key_pem),
] ]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment