openconnect: move certificate files to config/ to add graceful upgrade

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/net/openconnect/README b/net/openconnect/README
index 3cd562194adcf4e9478f2c7005e72521f113ef69..11e98f5ea779d188cb9ba1ae02866c08d0a5160f 100644 (file)
--- a/net/openconnect/README
+++ b/net/openconnect/README
@@ -14,9 +14,9 @@ config interface 'MYVPN'
         option authgroup 'DEFAULT'
 
 The additional files are also used:
-/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
-/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
-/etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
+/etc/config/openconnect-user-cert-vpn-MYVPN.pem: The user certificate
+/etc/config/openconnect-user-key-vpn-MYVPN.pem: The user private key
+/etc/config/openconnect-ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
 
 After these are setup you can initiate the VPN using "ifup MYVPN", and
 deinitialize it using ifdown. You may also use the luci web interface

diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh
index 553a4ed51ac4a82fdae4413f42bad8e8f6489543..2d3f7141cade06ecb28f0539225f243bd00bab83 100755 (executable)
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -38,12 +38,19 @@ proto_openconnect_setup() {
 
        cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
 
-       [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
-       [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
-       [ -f /etc/openconnect/ca-vpn-$config.pem ] && {
+       # migrate to new config files
+       [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && mv "/etc/openconnect/user-cert-vpn-$config.pem" "/etc/config/openconnect-user-cert-vpn-$config.pem"
+       [ -f /etc/openconnect/user-key-vpn-$config.pem ] && mv "/etc/openconnect/user-key-vpn-$config.pem" "/etc/config/openconnect-user-key-vpn-$config.pem"
+       [ -f /etc/openconnect/ca-vpn-$config.pem ] && mv "/etc/openconnect/ca-vpn-$config.pem" "/etc/config/openconnect-ca-vpn-$config.pem"
+
+       # read new config files
+       [ -f /etc/config/openconnect-user-cert-vpn-$config.pem ] && append cmdline "-c /etc/config/openconnect-user-cert-vpn-$config.pem"
+       [ -f /etc/config/openconnect-user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/config/openconnect-user-key-vpn-$config.pem"
+       [ -f /etc/config/openconnect-ca-vpn-$config.pem ] && {
                append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
                append cmdline "--no-system-trust"
        }
+
        [ -n "$serverhash" ] && {
                append cmdline " --servercert=$serverhash"
                append cmdline "--no-system-trust"