diff options
| author | kali kaneko (leap communications) <kali@leap.se> | 2021-05-17 12:53:24 +0200 |
|---|---|---|
| committer | kali kaneko (leap communications) <kali@leap.se> | 2021-05-17 17:52:46 +0200 |
| commit | 083f4095319b734f33f3e28a9f3234ff9cf6a7d7 (patch) | |
| tree | d6e81c51862f1a7157d8e1de719e214df579104d /pkg/vpn/openvpn.go | |
| parent | 1d0bdcd6d82b1edcb56268198b242a5814a04fd9 (diff) | |
[feat] reuse certificate if found in config folder
Diffstat (limited to 'pkg/vpn/openvpn.go')
| -rw-r--r-- | pkg/vpn/openvpn.go | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go index 4dad0e2..7cfa101 100644 --- a/pkg/vpn/openvpn.go +++ b/pkg/vpn/openvpn.go @@ -22,9 +22,11 @@ import ( "log" "os" "path" + "path/filepath" "strconv" "strings" + "0xacab.org/leap/bitmask-vpn/pkg/config" "0xacab.org/leap/shapeshifter" ) @@ -167,7 +169,7 @@ func (b *Bitmask) startOpenVPN() error { "--verb", "3", "--management-client", "--management", openvpnManagementAddr, openvpnManagementPort, - "--ca", b.getCaCertPath(), + "--ca", b.getTempCaCertPath(), "--cert", b.certPemPath, "--key", b.certPemPath, "--persist-tun") @@ -175,17 +177,25 @@ func (b *Bitmask) startOpenVPN() error { } func (b *Bitmask) getCert() (certPath string, err error) { - certPath = b.getCertPemPath() - - if _, err := os.Stat(certPath); os.IsNotExist(err) { - log.Println("Fetching certificate to", certPath) - cert, err := b.bonafide.GetPemCertificate() - if err != nil { - return "", err + persistentCertFile := filepath.Join(config.Path, strings.ToLower(config.Provider)+".pem") + if _, err := os.Stat(persistentCertFile); !os.IsNotExist(err) && isValidCert(persistentCertFile) { + // reuse cert. for the moment we're not writing one there, this is + // only to allow users to get certs off-band and place them there + // as a last-resort fallback for circumvention. + certPath = persistentCertFile + err = nil + } else { + // download one fresh + certPath = b.getTempCertPemPath() + if _, err := os.Stat(certPath); os.IsNotExist(err) { + log.Println("Fetching certificate to", certPath) + cert, err := b.bonafide.GetPemCertificate() + if err != nil { + return "", err + } + err = ioutil.WriteFile(certPath, cert, 0600) } - err = ioutil.WriteFile(certPath, cert, 0600) } - return certPath, err } @@ -299,10 +309,10 @@ func (b *Bitmask) UseTransport(transport string) error { return nil } -func (b *Bitmask) getCertPemPath() string { +func (b *Bitmask) getTempCertPemPath() string { return path.Join(b.tempdir, "openvpn.pem") } -func (b *Bitmask) getCaCertPath() string { +func (b *Bitmask) getTempCaCertPath() string { return path.Join(b.tempdir, "cacert.pem") } |