Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • R renew_cert
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 0
    • Issues 0
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • NeutrinetNeutrinet
  • renew_cert
  • Merge requests
  • !3

Correct CN field certificate

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Tharyrok requested to merge fix/correct-cn-certificates into master Apr 13, 2020
  • Overview 5
  • Commits 6
  • Pipelines 0
  • Changes 1

For ispng to recognize the certificate as a renewal and not as a new client, the CN field of the certificate must match.

When the CN changes, ISPng can become crazy and not recognize the client. Instead, it will create a brand new IPv6-only client.

The idea is to retrieve the CN from ISPng for the first IPv4 client that we find.
If there isn't any IPv4 client, then we retrieve the CN from the first IPv6-only client.
Otherwise, we set the CN to the user's login.

This MR introduces some new arguments:

  • -f --force: Force the certificate renewal, even when it's not needed
  • -e --email: Set the certificate's email. This might be useful for debugging.
  • -n --common_name: Set the certificate's CN. With this argument, we can override the CN discovery described above, which might be useful for debugging.

A bug might still occur if the user has more than one IPv4 clients... A workaround would be to search a client with the current tun0 IP, but we don't really know if this case actually exists...

Edited Apr 25, 2020 by HgO
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: fix/correct-cn-certificates