openvpn: Move verify script out of configuration directory.

config/rootfiles/common/openvpn

@@ -5,6 +5,7 @@
 usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
 #usr/lib/openvpn/plugins/openvpn-plugin-down-root.la
 usr/lib/openvpn/plugins/openvpn-plugin-down-root.so
+usr/lib/openvpn/verify
 usr/sbin/openvpn
 #usr/share/doc/openvpn
 #usr/share/doc/openvpn/COPYING
@@ -31,4 +32,3 @@ var/ipfire/ovpn/ovpn-leases.db
 var/ipfire/ovpn/ovpnconfig
 var/ipfire/ovpn/scripts
 var/ipfire/ovpn/settings
-var/ipfire/ovpn/verify

config/rootfiles/core/75/filelists/files

@@ -1,6 +1,6 @@
 etc/system-release
 etc/issue
 opt/pakfire/lib/functions.pl
+usr/lib/openvpn/verify
 var/ipfire/header.pl
 var/ipfire/langs
-var/ipfire/ovpn/verify

config/rootfiles/core/75/update.sh

@@ -38,6 +38,12 @@ extract_files
 
 # Start services
 
+# Replace path to verify script.
+if [ -r "/var/ipfire/ovpn/server.conf" ]; then
+	sed -e "s@^tls-verify.*@tls-verify /usr/lib/openvpn/verify@g" \
+		-i /var/ipfire/ovpn/server.conf
+fi
+
 # Update Language cache
 perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 

html/cgi-bin/ovpnmain.cgi

@@ -425,7 +425,7 @@ sub writeserverconf {
     if ($sovpnsettings{DHCP_WINS} ne '') {
 	print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
     }	
-    print CONF "tls-verify /var/ipfire/ovpn/verify\n";
+    print CONF "tls-verify /usr/lib/openvpn/verify\n";
     print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
     print CONF "user nobody\n";
     print CONF "group nobody\n";

lfs/openvpn

@@ -93,8 +93,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	chown -R root:root /var/ipfire/ovpn/scripts
 	chown -R nobody:nobody /var/ipfire/ovpn
 	chown root.nobody /var/log/ovpnserver.log
-	chmod 755 /var/ipfire/ovpn/verify
 	chmod 660 /var/log/ovpnserver.log
 	chmod 700 /var/ipfire/ovpn/certs
+	mv -v /var/ipfire/ovpn/verify /usr/lib/openvpn/verify
+	chmod 755 /usr/lib/openvpn/verify
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)