From ec647c819b79c9efd44ba61f54acf50f06777073 Mon Sep 17 00:00:00 2001
From: Phil Bayfield <phil@bayfmail.com>
Date: Sat, 3 May 2014 13:47:18 +0100
Subject: [PATCH 1/3] add common name support for server certificate

---
 manifests/server.pp  | 9 +++++++--
 templates/server.erb | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/manifests/server.pp b/manifests/server.pp
index 5ad4f85c..8ea94b56 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -20,6 +20,10 @@
 # [*email*]
 #   String.  Email address to be used for the SSL certificate
 #
+# [*common_name*]
+#   String.  Common name to be used for the SSL certificate
+#   Default: server
+#
 # [*compression*]
 #   String.  Which compression algorithim to use
 #   Default: comp-lzo
@@ -232,6 +236,7 @@
   $city,
   $organization,
   $email,
+  $common_name = 'server',
   $compression = 'comp-lzo',
   $dev = 'tun0',
   $user = 'nobody',
@@ -354,9 +359,9 @@
                     File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] ];
 
     "generate server cert ${name}":
-      command  => '. ./vars && ./pkitool --server server',
+      command  => ". ./vars && ./pkitool --server ${common_name}",
       cwd      => "/etc/openvpn/${name}/easy-rsa",
-      creates  => "/etc/openvpn/${name}/easy-rsa/keys/server.key",
+      creates  => "/etc/openvpn/${name}/easy-rsa/keys/${common_name}.key",
       provider => 'shell',
       require  => Exec["initca ${name}"];
   }
diff --git a/templates/server.erb b/templates/server.erb
index f2774d8c..88b7b40e 100644
--- a/templates/server.erb
+++ b/templates/server.erb
@@ -1,8 +1,8 @@
 mode server
 client-config-dir /etc/openvpn/<%= scope.lookupvar('name') %>/client-configs
 ca /etc/openvpn/<%= scope.lookupvar('name') %>/keys/ca.crt
-cert /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.crt
-key /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.key
+cert /etc/openvpn/<%= scope.lookupvar('name') %>/keys/<%= scope.lookupvar('common_name') %>.crt
+key /etc/openvpn/<%= scope.lookupvar('name') %>/keys/<%= scope.lookupvar('common_name') %>.key
 dh /etc/openvpn/<%= scope.lookupvar('name') %>/keys/dh<%= scope.lookupvar('ssl_key_size') %>.pem
 crl-verify /etc/openvpn/<%= scope.lookupvar('name') %>/crl.pem
 <% if scope.lookupvar('proto') == 'tcp' -%>

From 820a2a5fc2937faef41ba0c61348278bb2b485e4 Mon Sep 17 00:00:00 2001
From: Raffael Schmid <raffael@yux.ch>
Date: Sat, 10 May 2014 15:44:41 +0200
Subject: [PATCH 2/3] Better readability of the regexp

---
 spec/defines/openvpn_server_spec.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb
index 6bed70f7..b3ba6ed7 100644
--- a/spec/defines/openvpn_server_spec.rb
+++ b/spec/defines/openvpn_server_spec.rb
@@ -105,19 +105,19 @@
     } }
 
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^mode\s+server$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^client\-config\-dir\s+\/etc\/openvpn\/test_server\/client\-configs$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^ca\s+\/etc\/openvpn\/test_server\/keys\/ca.crt$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^cert\s+\/etc\/openvpn\/test_server\/keys\/server.crt$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^key\s+\/etc\/openvpn\/test_server\/keys\/server.key$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dh\s+\/etc\/openvpn\/test_server\/keys\/dh2048.pem$/) }
+    it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^client-config-dir\s+/etc/openvpn/test_server/client-configs$}) }
+    it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^ca\s+/etc/openvpn/test_server/keys/ca.crt$}) }
+    it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^dh\s+/etc/openvpn/test_server/keys/dh2048.pem$}) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+udp$/) }
     it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+tls-server$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^port\s+123$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^fake_compression$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+someone$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^user\s+someone$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^log\-append\s+\/var\/log\/openvpn\/test_server\.log$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^status\s+\/var\/log\/openvpn\/test_server_status\.log$/) }
+    it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^log\-append\s+/var/log/openvpn/test_server\.log$}) }
+    it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^status\s+/var/log/openvpn/test_server_status\.log$}) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dev\s+tun1$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^local\s+2\.3\.4\.5$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^server\s+2\.3\.4\.0\s+255\.255\.0\.0$/) }

From 0a66efcbbbe6292081bf9122e35efeda9195990f Mon Sep 17 00:00:00 2001
From: Raffael Schmid <raffael@yux.ch>
Date: Sat, 10 May 2014 15:44:50 +0200
Subject: [PATCH 3/3] Add a test for the common_name

---
 spec/defines/openvpn_server_spec.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb
index b3ba6ed7..64a85730 100644
--- a/spec/defines/openvpn_server_spec.rb
+++ b/spec/defines/openvpn_server_spec.rb
@@ -94,6 +94,7 @@
       'management'      => true,
       'management_ip'   => '1.3.3.7',
       'management_port' => 1337,
+      'common_name'     => 'mylittlepony',
     } }
 
     let(:facts) { {
@@ -105,10 +106,10 @@
     } }
 
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^mode\s+server$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^cert\s+\/etc\/openvpn\/test_server\/keys\/server.crt$/) }
-    it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^key\s+\/etc\/openvpn\/test_server\/keys\/server.key$/) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^client-config-dir\s+/etc/openvpn/test_server/client-configs$}) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^ca\s+/etc/openvpn/test_server/keys/ca.crt$}) }
+    it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^cert\s+/etc/openvpn/test_server/keys/mylittlepony.crt$}) }
+    it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^key\s+/etc/openvpn/test_server/keys/mylittlepony.key$}) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^dh\s+/etc/openvpn/test_server/keys/dh2048.pem$}) }
     it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+udp$/) }
     it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+tls-server$/) }