From 45016b76e7ea1be4eca24d355b936b777a5fca60 Mon Sep 17 00:00:00 2001
From: "vladimir.kuznetsov" <astanaar1@gmail.com>
Date: Thu, 19 Jan 2023 17:49:17 +0300
Subject: [PATCH] moved crl-verify crl.pem to openvpn config templates

---
 client/server_scripts/openvpn/configure_container.sh     | 1 +
 client/server_scripts/openvpn/template.ovpn              | 1 +
 .../server_scripts/openvpn_cloak/configure_container.sh  | 1 +
 client/server_scripts/openvpn_cloak/template.ovpn        | 1 +
 .../openvpn_shadowsocks/configure_container.sh           | 1 +
 client/server_scripts/openvpn_shadowsocks/template.ovpn  | 1 +
 client/ui/pages_logic/ClientInfoLogic.cpp                | 9 +--------
 docs/openVpnRevokeClientCertificate.plantuml             | 1 -
 8 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/client/server_scripts/openvpn/configure_container.sh b/client/server_scripts/openvpn/configure_container.sh
index 0499b6e8..838088cf 100644
--- a/client/server_scripts/openvpn/configure_container.sh
+++ b/client/server_scripts/openvpn/configure_container.sh
@@ -18,6 +18,7 @@ user nobody
 group nobody
 persist-key
 persist-tun
+crl-verify crl.pem
 status openvpn-status.log
 verb 1
 tls-server
diff --git a/client/server_scripts/openvpn/template.ovpn b/client/server_scripts/openvpn/template.ovpn
index c0b4a044..8ab0c9bf 100644
--- a/client/server_scripts/openvpn/template.ovpn
+++ b/client/server_scripts/openvpn/template.ovpn
@@ -5,6 +5,7 @@ resolv-retry infinite
 nobind
 persist-key
 persist-tun
+crl-verify crl.pem
 $OPENVPN_NCP_DISABLE
 cipher $OPENVPN_CIPHER
 auth $OPENVPN_HASH
diff --git a/client/server_scripts/openvpn_cloak/configure_container.sh b/client/server_scripts/openvpn_cloak/configure_container.sh
index 26b514a4..c418d124 100644
--- a/client/server_scripts/openvpn_cloak/configure_container.sh
+++ b/client/server_scripts/openvpn_cloak/configure_container.sh
@@ -18,6 +18,7 @@ user nobody
 group nobody
 persist-key
 persist-tun
+crl-verify crl.pem
 status openvpn-status.log
 verb 1
 tls-server
diff --git a/client/server_scripts/openvpn_cloak/template.ovpn b/client/server_scripts/openvpn_cloak/template.ovpn
index 4fc2b2c3..c725baab 100644
--- a/client/server_scripts/openvpn_cloak/template.ovpn
+++ b/client/server_scripts/openvpn_cloak/template.ovpn
@@ -5,6 +5,7 @@ resolv-retry infinite
 nobind
 persist-key
 persist-tun
+crl-verify crl.pem
 $OPENVPN_NCP_DISABLE
 cipher $OPENVPN_CIPHER
 auth $OPENVPN_HASH
diff --git a/client/server_scripts/openvpn_shadowsocks/configure_container.sh b/client/server_scripts/openvpn_shadowsocks/configure_container.sh
index db8fe055..0d176214 100644
--- a/client/server_scripts/openvpn_shadowsocks/configure_container.sh
+++ b/client/server_scripts/openvpn_shadowsocks/configure_container.sh
@@ -18,6 +18,7 @@ user nobody
 group nobody
 persist-key
 persist-tun
+crl-verify crl.pem
 status openvpn-status.log
 verb 1
 tls-server
diff --git a/client/server_scripts/openvpn_shadowsocks/template.ovpn b/client/server_scripts/openvpn_shadowsocks/template.ovpn
index 64cbd4be..3cdf2ef3 100644
--- a/client/server_scripts/openvpn_shadowsocks/template.ovpn
+++ b/client/server_scripts/openvpn_shadowsocks/template.ovpn
@@ -5,6 +5,7 @@ resolv-retry infinite
 nobind
 persist-key
 persist-tun
+crl-verify crl.pem
 $OPENVPN_NCP_DISABLE
 cipher $OPENVPN_CIPHER
 auth $OPENVPN_HASH
diff --git a/client/ui/pages_logic/ClientInfoLogic.cpp b/client/ui/pages_logic/ClientInfoLogic.cpp
index 61d86ad1..30375d04 100644
--- a/client/ui/pages_logic/ClientInfoLogic.cpp
+++ b/client/ui/pages_logic/ClientInfoLogic.cpp
@@ -125,6 +125,7 @@ void ClientInfoLogic::onRevokeOpenVpnCertificateClicked()
     auto error = m_serverController->runScript(credentials, script);
     if (isErrorOccured(error)) {
         set_busyIndicatorIsRunning(false);
+        emit uiLogic()->goToPage(Page::ServerSettings);
         return;
     }
 
@@ -136,14 +137,6 @@ void ClientInfoLogic::onRevokeOpenVpnCertificateClicked()
         return;
     }
 
-    error = m_serverController->uploadTextFileToContainer(container, credentials, "crl-verify crl.pem\n",
-                                                          protocols::openvpn::serverConfigPath,
-                                                          QSsh::SftpOverwriteMode::SftpAppendToExisting);
-    if (isErrorOccured(error)) {
-        set_busyIndicatorIsRunning(false);
-        return;
-    }
-
     const QJsonObject &containerConfig = m_settings->containerConfig(uiLogic()->selectedServerIndex, container);
     error = m_serverController->startupContainerWorker(credentials, container, containerConfig);
     if (isErrorOccured(error)) {
diff --git a/docs/openVpnRevokeClientCertificate.plantuml b/docs/openVpnRevokeClientCertificate.plantuml
index c33045e6..2d8d4abd 100644
--- a/docs/openVpnRevokeClientCertificate.plantuml
+++ b/docs/openVpnRevokeClientCertificate.plantuml
@@ -12,7 +12,6 @@ cont -> cont: cd /opt/amnezia/openvpn
 cont -> cont: easyrsa revoke openvpnCertId
 cont -> cont: easyrsa gen-crl
 cont -> cont: cp pki/crl.pem crl.pem
-cont -> cont: add crl-verify crl.pem to server.conf
 cont -> ovpn: restart openvpn service
 note right
     In the OpenVpn config