feat(api): ovpntunnel, retrieve all cert info #1502
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull request overview
This PR enhances the OpenVPN tunnel API to retrieve expiration dates for all certificates involved in tunnel configurations (CA, server, and client certificates), addressing the need to display certificate expiration information in the UI.
Changes:
- Replaced the single-certificate expiration function with a comprehensive certificate parser that extracts CN and expiration dates from PEM files containing multiple certificates
- Updated the
list-tunnelsAPI to include certificate information for both server and client tunnels - Updated documentation with examples showing the new certificates field structure
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| packages/ns-api/files/ns.ovpntunnel | Replaced get_cert_expiry_ts() with get_certificates_from_pem() to extract multiple certificates with their CNs and expiration timestamps; integrated the new function into both client and server tunnel listings |
| packages/ns-api/README.md | Added documentation examples showing the new certificates field structure with CN-keyed expiration timestamps for server tunnels |
Comments suppressed due to low confidence (1)
packages/ns-api/README.md:970
- The documentation example doesn't include the 'certificates' field for clients even though the code at line 388 in ns.ovpntunnel adds this field when vpn.get('cert') is available. Consider adding an example showing what the certificates field looks like for a client tunnel, similar to how it's shown for servers.
"clients": [
{
"ns_name": "clientsubent",
"id": "ns_1234",
"topology": "subnet",
"enabled": true,
"port": "1200",
"remote_host": "185.96.130.33",
"remote_network": []
},
{
"ns_name": "c1",
"id": "ns_333",
"topology": "p2p",
"enabled": true,
"port": "1122",
"remote_host": "1.2.3.4",
"remote_network": [
"10.0.1.0/24"
]
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The UI will display expiration date for all involved certificates.
gsanchietti
force-pushed
the
issue1481
branch
from
b08adeb to
210247f
Compare
Tbaile
approved these changes
Feb 6, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The UI will display expiration date for all involved certificates.
Improves #1481
UI changes: NethServer/nethsecurity-ui#690