From 4f228ef62029cf83c1ba1372ffe16035b704b75c Mon Sep 17 00:00:00 2001
From: Tercio Gaudencio Filho <terciofilho@gmail.com>
Date: Wed, 16 Nov 2016 17:47:31 -0200
Subject: [PATCH] Added a check before revoking a client certificate

---
 openvpn-install.sh | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 7ca4bf2..119428d 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -111,19 +111,25 @@ if [[ -e /etc/openvpn/server.conf ]]; then
 			else
 				read -p "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
 			fi
-			CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
-			cd /etc/openvpn/easy-rsa/
-			./easyrsa --batch revoke $CLIENT
-			./easyrsa gen-crl
-			rm -rf pki/reqs/$CLIENT.req
-			rm -rf pki/private/$CLIENT.key
-			rm -rf pki/issued/$CLIENT.crt
-			rm -rf /etc/openvpn/crl.pem
-			cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
-			# CRL is read with each client connection, when OpenVPN is dropped to nobody
-			chown nobody:$GROUPNAME /etc/openvpn/crl.pem
-			echo ""
-			echo "Certificate for client $CLIENT revoked"
+			if [[ "$CLIENTNUMBER" -ge 1 -a "$CLIENTNUMBER" -le $NUMBEROFCLIENTS ]]; then
+				CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
+				cd /etc/openvpn/easy-rsa/
+				./easyrsa --batch revoke $CLIENT
+				./easyrsa gen-crl
+				rm -rf pki/reqs/$CLIENT.req
+				rm -rf pki/private/$CLIENT.key
+				rm -rf pki/issued/$CLIENT.crt
+				rm -rf /etc/openvpn/crl.pem
+				cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
+				# CRL is read with each client connection, when OpenVPN is dropped to nobody
+				chown nobody:$GROUPNAME /etc/openvpn/crl.pem
+				echo ""
+				echo "Certificate for client $CLIENT revoked"
+			else
+				echo ""
+				echo "You selected a invalid client!"
+				exit 7
+			fi
 			exit
 			;;
 			3)