fix: allow reusing revoked client names#1185
Merged
angristan merged 2 commits intoangristan:masterfrom Dec 11, 2025
Merged
Conversation
Only check for valid (non-revoked) certificates when validating client name uniqueness. This allows creating a new client with the same name as a previously revoked one. Fixes angristan#652 Co-authored-by: joelpramos <joelpramos@gmail.com>
This was referenced Dec 11, 2025
Closed
angristan
added a commit
that referenced
this pull request
Dec 11, 2025
## Summary - Add end-to-end tests for certificate revocation functionality - Test that a revoked client certificate cannot connect to the VPN - Test that a new certificate can be created with the same name as a revoked one (validating the fix from #1185) - Test that the new certificate can successfully connect ## Test Flow 1. **Initial connectivity tests** - existing tests pass 2. **Certificate revocation test**: - Create a new client `revoketest` - Connect with the certificate (verifies it works) - Disconnect the client - Revoke the certificate via the install script - Try to reconnect with revoked cert (verifies connection is rejected) 3. **Reuse revoked name test**: - Create a new certificate with the same name `revoketest` - Verify both revoked and valid entries exist in `index.txt` - Connect with the new certificate (verifies it works) ## Changes | File | Changes | |------|---------| | `test/server-entrypoint.sh` | Start OpenVPN in background, add revocation test orchestration | | `test/client-entrypoint.sh` | Add revocation test phases with signal file coordination | | `docker-compose.yml` | Remove read-only restriction on shared volume for client | | `Makefile` | Increase timeout from 60 to 180 iterations | | `.github/workflows/docker-test.yml` | Increase timeouts, fix shared volume |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Close #680, close #652, close #1024, close #746