Commit c756b263 authored by ale's avatar ale

add CRL verification to the client config

parent 693fd5e3
......@@ -35,6 +35,7 @@ persist-tun
ca ca.crt
cert %(cn)s.crt
key %(cn)s.key
crl-verify crl.pem
ns-cert-type server
'''
......@@ -186,6 +187,7 @@ def new_cert_dl():
key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
manifest = [
('ca.crt', g.ca.get_ca()),
('crl.pem', g.ca.get_crl(format='pem')),
('%s.crt' % cn, crt_pem),
('%s.key' % cn, key_pem),
('openvpn-%s.conf' % cn, OPENVPN_CONFIG_TEMPLATE % vars),
......@@ -195,6 +197,7 @@ def new_cert_dl():
('%s.tblk/Info.plist' % cn, TBLK_PLIST_TEMPLATE % vars),
('%s.tblk/config.ovpn' % cn, OPENVPN_CONFIG_TEMPLATE % vars),
('%s.tblk/ca.crt' % cn, g.ca.get_ca()),
('%s.tblk/crl.pem' % cn, g.ca.get_crl(format='pem')),
('%s.tblk/%s.crt' % (cn, cn), crt_pem),
('%s.tblk/%s.key' % (cn, cn), key_pem),
]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment