return upstream ca certificate correctly in case menshen runs in proxy mode (!65) · Merge requests · leap / menshen

this is a follow-up of !47 (merged) and some fixes made in !63 (merged)

This MR ensures that menshen always provides the root CA certificate, the VPN private key and the VPN certificate to the client for the endpoint

/api/5/openvpn/cert

(and /api/5/openvpn/config - which we may remove completely, restrict its use via a flag to test staging deployments or refactor the internal logic further to avoid unauthorized gateway info leakage in a censorship circumvention provider use case ).

When starting menshen in proxy mode in front of an upstream provider the mentioned endpoint didn't serve the root CA.

Edited Jan 20, 2025 by cyberta

return upstream ca certificate correctly in case menshen runs in proxy mode

Merge request reports