Browse Source

freeradius3: A couple of small fixes

- Moves /etc/freeradius3/sites-{enabled,available}/inner-tunnel to be part of
  the freeradius3-mod-eap package. This prevents conflicts between
  freeradius3-mod-eap-peap and freeradius3-mod-eap-ttls which both included the
  file before. This fixes LEDE bug FS#678.

- Change the demo cert validity to be 1 year instead of 60 days. Should keep the
  cert valid for the duration of the LEDE release cycle (with some slack). This
  fixes #4239.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
lilik-openwrt-22.03
Toke Høiland-Jørgensen 8 years ago
parent
commit
424f4e2c63
2 changed files with 35 additions and 10 deletions
  1. +2
    -10
      net/freeradius3/Makefile
  2. +33
    -0
      net/freeradius3/patches/001-fix-cert-expiry.patch

+ 2
- 10
net/freeradius3/Makefile View File

@ -137,6 +137,8 @@ define Package/freeradius3-mod-eap/conffiles
/etc/freeradius3/mods-available/eap
/etc/freeradius3/mods-enabled/eap
/etc/freeradius3/policy.d/eap
/etc/freeradius3/sites-enabled/inner-tunnel
/etc/freeradius3/sites-available/inner-tunnel
endef
define Package/freeradius3-mod-eap-gtc
@ -169,11 +171,6 @@ define Package/freeradius3-mod-eap-peap
TITLE:=EAP/PEAP module
endef
define Package/freeradius3-mod-eap-peap/conffiles
/etc/freeradius3/sites-available/inner-tunnel
/etc/freeradius3/sites-enabled/inner-tunnel
endef
define Package/freeradius3-mod-eap-tls
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL
@ -186,11 +183,6 @@ define Package/freeradius3-mod-eap-ttls
TITLE:=EAP/TTLS module
endef
define Package/freeradius3-mod-eap-ttls/conffiles
/etc/freeradius3/sites-available/inner-tunnel
/etc/freeradius3/sites-enabled/inner-tunnel
endef
define Package/freeradius3-mod-exec
$(call Package/freeradius3/Default)
DEPENDS:=freeradius3


+ 33
- 0
net/freeradius3/patches/001-fix-cert-expiry.patch View File

@ -0,0 +1,33 @@
--- a/raddb/certs/ca.cnf
+++ b/raddb/certs/ca.cnf
@@ -14,7 +14,7 @@ private_key = $dir/ca.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 60
+default_days = 365
default_crl_days = 30
default_md = sha256
preserve = no
--- a/raddb/certs/client.cnf
+++ b/raddb/certs/client.cnf
@@ -14,7 +14,7 @@ private_key = $dir/ca.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 60
+default_days = 365
default_crl_days = 30
default_md = sha256
preserve = no
--- a/raddb/certs/server.cnf
+++ b/raddb/certs/server.cnf
@@ -14,7 +14,7 @@ private_key = $dir/ca.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 60
+default_days = 365
default_crl_days = 30
default_md = sha256
preserve = no

Loading…
Cancel
Save