From ef3ffde8999b1af28196699ee14bb5bb84ad49ba Mon Sep 17 00:00:00 2001 From: Paul Donald Date: Thu, 12 Mar 2026 16:03:25 +0100 Subject: [PATCH] openvpn: change file/path types move file and path type values to FILE type params so they are better handled with quoting, in case paths contain spaces. Remove duplicate 'extra_certs'. Signed-off-by: Paul Donald --- net/openvpn/files/lib/netifd/proto/openvpn.uc | 41 +++++++++---------- .../files/usr/share/openvpn/openvpn.options | 41 +++++++++---------- 2 files changed, 40 insertions(+), 42 deletions(-) diff --git a/net/openvpn/files/lib/netifd/proto/openvpn.uc b/net/openvpn/files/lib/netifd/proto/openvpn.uc index 5c7ae98328..2a6f42a51d 100755 --- a/net/openvpn/files/lib/netifd/proto/openvpn.uc +++ b/net/openvpn/files/lib/netifd/proto/openvpn.uc @@ -22,28 +22,19 @@ const OPENVPN_STRING_PARAMS = [ { name: 'auth_gen_token' }, { name: 'auth_gen_token_secret' }, { name: 'auth_retry' }, - { name: 'auth_user_pass_verify' }, { name: 'bind_dev' }, - { name: 'capath' }, - { name: 'chroot' }, { name: 'cipher' }, - { name: 'client_config_dir' }, - { name: 'client_connect' }, - { name: 'client_crresponse' }, - { name: 'client_disconnect' }, { name: 'client_nat' }, { name: 'comp_lzo', deprecated: true }, { name: 'compress', deprecated: true }, { name: 'connect_freq' }, { name: 'connect_freq_initial' }, - { name: 'crl_verify' }, { name: 'data_ciphers_fallback' }, { name: 'dev' }, { name: 'dev_node' }, { name: 'dev_type' }, { name: 'dhcp_option' }, { name: 'dns' }, - { name: 'down' }, { name: 'ecdh_curve' }, { name: 'echo' }, { name: 'engine' }, @@ -61,13 +52,10 @@ const OPENVPN_STRING_PARAMS = [ { name: 'ifconfig_pool_persist' }, { name: 'ifconfig_push' }, { name: 'inactive' }, - { name: 'ipchange' }, - { name: 'iproute' }, { name: 'iroute' }, { name: 'iroute_ipv6' }, { name: 'keepalive' }, { name: 'keying_material_exporter' }, - { name: 'learn_address' }, { name: 'lladdr' }, { name: 'local' }, { name: 'log' }, @@ -95,7 +83,6 @@ const OPENVPN_STRING_PARAMS = [ { name: 'remote_cert_eku' }, { name: 'remote_cert_ku' }, { name: 'remote_cert_tls' }, - { name: 'replay_persist' }, { name: 'replay_window' }, { name: 'resolv_retry' }, { name: 'route' }, @@ -103,8 +90,6 @@ const OPENVPN_STRING_PARAMS = [ { name: 'route_gateway' }, { name: 'route_ipv6' }, { name: 'route_ipv6_gateway' }, - { name: 'route_pre_down' }, - { name: 'route_up' }, { name: 'server' }, { name: 'server_bridge' }, { name: 'server_ipv6' }, @@ -115,14 +100,9 @@ const OPENVPN_STRING_PARAMS = [ { name: 'static_challenge' }, { name: 'tls_auth' }, { name: 'tls_cert_profile' }, - { name: 'tls_crypt_v2_verify' }, - { name: 'tls_export_cert' }, - { name: 'tls_verify' }, { name: 'tls_version_max' }, { name: 'tls_version_min' }, - { name: 'tmp_dir' }, { name: 'topology' }, - { name: 'up' }, { name: 'user' }, { name: 'verify_client_cert' }, { name: 'verify_hash', deprecated: true }, @@ -135,18 +115,37 @@ const OPENVPN_STRING_PARAMS = [ const OPENVPN_FILE_PARAMS = [ { name: 'askpass' }, { name: 'auth_user_pass' }, + { name: 'auth_user_pass_verify' }, { name: 'ca' }, + { name: 'capath' }, { name: 'cert' }, + { name: 'chroot' }, + { name: 'client_config_dir' }, + { name: 'client_connect' }, + { name: 'client_crresponse' }, + { name: 'client_disconnect' }, { name: 'config' }, + { name: 'crl_verify' }, { name: 'dh' }, - { name: 'extra_certs' }, + { name: 'down' }, { name: 'extra_certs' }, { name: 'http_proxy_user_pass' }, + { name: 'ipchange' }, + { name: 'iproute' }, { name: 'key' }, + { name: 'learn_address' }, { name: 'pkcs12' }, + { name: 'replay_persist' }, + { name: 'route_pre_down' }, + { name: 'route_up' }, { name: 'secret', deprecated: true }, { name: 'tls_crypt' }, { name: 'tls_crypt_v2' }, + { name: 'tls_crypt_v2_verify' }, + { name: 'tls_export_cert' }, + { name: 'tls_verify' }, + { name: 'tmp_dir' }, + { name: 'up' } ]; const OPENVPN_INT_PARAMS = [ diff --git a/net/openvpn/files/usr/share/openvpn/openvpn.options b/net/openvpn/files/usr/share/openvpn/openvpn.options index 2497f13a25..7d83083f95 100644 --- a/net/openvpn/files/usr/share/openvpn/openvpn.options +++ b/net/openvpn/files/usr/share/openvpn/openvpn.options @@ -7,28 +7,19 @@ auth auth_gen_token auth_gen_token_secret auth_retry -auth_user_pass_verify bind_dev -capath -chroot cipher -client_config_dir -client_connect -client_crresponse -client_disconnect client_nat comp_lzo:d compress:d connect_freq connect_freq_initial -crl_verify data_ciphers_fallback dev dev_node dev_type dhcp_option dns -down ecdh_curve echo engine @@ -46,13 +37,10 @@ ifconfig_pool ifconfig_pool_persist ifconfig_push inactive -ipchange -iproute iroute iroute_ipv6 keepalive keying_material_exporter -learn_address lladdr local log @@ -80,7 +68,6 @@ remap_usr1 remote_cert_eku remote_cert_ku remote_cert_tls -replay_persist replay_window resolv_retry route @@ -88,8 +75,6 @@ route_delay route_gateway route_ipv6 route_ipv6_gateway -route_pre_down -route_up server server_bridge server_ipv6 @@ -100,14 +85,9 @@ stale_routes_check static_challenge tls_auth tls_cert_profile -tls_crypt_v2_verify -tls_export_cert -tls_verify tls_version_max tls_version_min -tmp_dir topology -up user verify_client_cert verify_hash:d @@ -137,18 +117,37 @@ ncp_ciphers OPENVPN_PARAMS_FILE=' askpass auth_user_pass +auth_user_pass_verify ca +capath cert +chroot +client_config_dir +client_connect +client_crresponse +client_disconnect config +crl_verify dh -extra_certs +down extra_certs http_proxy_user_pass +ipchange +iproute key +learn_address pkcs12 +replay_persist +route_pre_down +route_up secret:d tls_crypt tls_crypt_v2 +tls_crypt_v2_verify +tls_export_cert +tls_verify +tmp_dir +up ' OPENVPN_INTS='