Correct CN field certificate

Merged Tharyrok requested to merge fix/correct-cn-certificates into master

For ispng to recognize the certificate as a renewal and not as a new client, the CN field of the certificate must match.

When the CN changes, ISPng can become crazy and not recognize the client. Instead, it will create a brand new IPv6-only client.

The idea is to retrieve the CN from ISPng for the first IPv4 client that we find.
If there isn't any IPv4 client, then we retrieve the CN from the first IPv6-only client.
Otherwise, we set the CN to the user's login.

This MR introduces some new arguments:

  • -f --force: Force the certificate renewal, even when it's not needed
  • -e --email: Set the certificate's email. This might be useful for debugging.
  • -n --common_name: Set the certificate's CN. With this argument, we can override the CN discovery described above, which might be useful for debugging.

A bug might still occur if the user has more than one IPv4 clients... A workaround would be to search a client with the current tun0 IP, but we don't really know if this case actually exists...

Edited by HgO

Merge request reports