From 424f4e2c632ec00b1480b43fdcc5750a94d787c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
Date: Wed, 26 Apr 2017 14:54:31 +0200
Subject: [PATCH] freeradius3: A couple of small fixes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Moves /etc/freeradius3/sites-{enabled,available}/inner-tunnel to be part of
  the freeradius3-mod-eap package. This prevents conflicts between
  freeradius3-mod-eap-peap and freeradius3-mod-eap-ttls which both included the
  file before. This fixes LEDE bug FS#678.

- Change the demo cert validity to be 1 year instead of 60 days. Should keep the
  cert valid for the duration of the LEDE release cycle (with some slack). This
  fixes #4239.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
---
 net/freeradius3/Makefile                      | 12 ++-----
 .../patches/001-fix-cert-expiry.patch         | 33 +++++++++++++++++++
 2 files changed, 35 insertions(+), 10 deletions(-)
 create mode 100644 net/freeradius3/patches/001-fix-cert-expiry.patch

diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile
index 7603e86df..fc90af2b6 100644
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@@ -137,6 +137,8 @@ define Package/freeradius3-mod-eap/conffiles
 /etc/freeradius3/mods-available/eap
 /etc/freeradius3/mods-enabled/eap
 /etc/freeradius3/policy.d/eap
+/etc/freeradius3/sites-enabled/inner-tunnel
+/etc/freeradius3/sites-available/inner-tunnel
 endef
 
 define Package/freeradius3-mod-eap-gtc
@@ -169,11 +171,6 @@ define Package/freeradius3-mod-eap-peap
   TITLE:=EAP/PEAP module
 endef
 
-define Package/freeradius3-mod-eap-peap/conffiles
-/etc/freeradius3/sites-available/inner-tunnel
-/etc/freeradius3/sites-enabled/inner-tunnel
-endef
-
 define Package/freeradius3-mod-eap-tls
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL
@@ -186,11 +183,6 @@ define Package/freeradius3-mod-eap-ttls
   TITLE:=EAP/TTLS module
 endef
 
-define Package/freeradius3-mod-eap-ttls/conffiles
-/etc/freeradius3/sites-available/inner-tunnel
-/etc/freeradius3/sites-enabled/inner-tunnel
-endef
-
 define Package/freeradius3-mod-exec
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
diff --git a/net/freeradius3/patches/001-fix-cert-expiry.patch b/net/freeradius3/patches/001-fix-cert-expiry.patch
new file mode 100644
index 000000000..b30b01279
--- /dev/null
+++ b/net/freeradius3/patches/001-fix-cert-expiry.patch
@@ -0,0 +1,33 @@
+--- a/raddb/certs/ca.cnf
++++ b/raddb/certs/ca.cnf
+@@ -14,7 +14,7 @@ private_key		= $dir/ca.key
+ RANDFILE		= $dir/.rand
+ name_opt		= ca_default
+ cert_opt		= ca_default
+-default_days		= 60
++default_days		= 365
+ default_crl_days	= 30
+ default_md		= sha256
+ preserve		= no
+--- a/raddb/certs/client.cnf
++++ b/raddb/certs/client.cnf
+@@ -14,7 +14,7 @@ private_key		= $dir/ca.key
+ RANDFILE		= $dir/.rand
+ name_opt		= ca_default
+ cert_opt		= ca_default
+-default_days		= 60
++default_days		= 365
+ default_crl_days	= 30
+ default_md		= sha256
+ preserve		= no
+--- a/raddb/certs/server.cnf
++++ b/raddb/certs/server.cnf
+@@ -14,7 +14,7 @@ private_key		= $dir/ca.key
+ RANDFILE		= $dir/.rand
+ name_opt		= ca_default
+ cert_opt		= ca_default
+-default_days		= 60
++default_days		= 365
+ default_crl_days	= 30
+ default_md		= sha256
+ preserve		= no