From 455b754c41927840368725021169db2e9d7fb255 Mon Sep 17 00:00:00 2001
From: "Tuan M. Dang" <tuan.dang.m@gmail.com>
Date: Sun, 19 Nov 2017 21:36:21 +0700
Subject: [PATCH] Issue-171: Error using iOS OpenVPN

As @fyellin There is some chatter on other groups that some
OpenVPN implementations cannot handle client keys that are
encrypted with RSA.

If the client key is encrypted, we might re-encrypting the
current client key using 3DES.

This commit will convert user client key to 3DES in command
`pivpn -a`

P/S: All credits to @fyellin. Many thanks to him.
---
 scripts/makeOVPN.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh
index d9101f3..31dbb23 100644
--- a/scripts/makeOVPN.sh
+++ b/scripts/makeOVPN.sh
@@ -121,6 +121,17 @@ function keyPASS() {
     expect eof
 EOF
 
+    #Convert key to des3
+    KEY_FILE="pki/private/${NAME}${KEY}"
+    expect << EOF
+    set timeout -1
+    spawn openssl rsa -in ${KEY_FILE} -des3 -out ${KEY_FILE}
+    expect "Enter pass phrase" { send "${PASSWD}\r" }
+    expect "Enter PEM pass phrase" { send "${PASSWD}\r" }
+    expect "Verifying - Enter PEM pass phrase" { send "${PASSWD}\r" }
+    expect eof
+EOF
+
     cd pki || exit
 
 }