Peanut/remove riseup #23 (!17) · Merge requests · leap / menshen

Pea Nut requested to merge peanut2/menshen:peanut/remove-riseup-#23 into main Jan 29, 2024

Implements the three proposals from #23 (closed). Uses riseup as default parameters if nothing is supplied.
Now there is:

--client-cert-url: defaults to https://api.black.riseup.net/3/cert
--ca-file: defaults to riseup-ca.pem (I moved the hardcoded CA to riseup-ca.pem.)
some user input validation checks (at least one, eipFile or eipUrl must be specified, else gateways[0] will segfault)
rename riseup.ovpn to leap.ovpn?

I can not test everything, currently getting:

curl localhost:8443/api/5/openvpn/config
{"message":"Internal Server Error"}

Server log:

{"time":"2024-01-29T21:23:11.710142645+01:00","id":"","remote_ip":"::1","host":"localhost:8443","method":"GET","uri":"/api/5/openvpn/config","user_agent":"curl/8.5.0","status":500,"error":"Get \"https://api.black.riseup.net/3/cert\": tls: failed to verify certificate: x509: certificate signed by unknown authority","latency":931253933,"latency_human":"931.253933ms","bytes_in":0,"bytes_out":36}

Maybe !16 (merged) just needs to be merged. Still not sure about the whole SSL construct in total (what's pinned etc.).

Edited Jan 29, 2024 by Pea Nut

Peanut/remove riseup #23

Merge request reports