# Warning if DH parameter is 1024 bit
if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+ my $dhbit;
+ # Loop through the output and search for the DH bit lenght.
foreach my $line (@dhparameter) {
- my @dhbit = ($line =~ /(\d+)/);
- if ($1 < 2048) {
- $cryptoerror = "$Lang::tr{'ovpn error dh'}";
- goto CRYPTO_ERROR;
+ if ($line =~ (/(\d+)/)) {
+ # Assign match to dhbit value.
+ $dhbit = $1;
+
+ last;
}
}
+
+ # Check if the used key lenght is at least 2048 bit.
+ if ($dhbit < 2048) {
+ $cryptoerror = "$Lang::tr{'ovpn error dh'}";
+ goto CRYPTO_ERROR;
+ }
}
# Warning if md5 is in usage
if ($cgiparams{'TLSAUTH'} eq 'on') {
if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
# This system call is safe, because all arguements are passed as an array.
- system("/usr/sbin/openvpn", "--genkey", "--secret", "${General::swroot}/ovpn/certs/ta.key");
+ system("/usr/sbin/openvpn", "--genkey", "secret", "${General::swroot}/ovpn/certs/ta.key");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
goto SETTINGS_ERROR;
if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
&General::system("touch", "${General::swroot}/ovpn/enable_blue");
} else {
- unlink(${General::swroot}/ovpn/enable_blue);
+ unlink("${General::swroot}/ovpn/enable_blue");
}
if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {
unlink ($filename);
goto UPLOADCA_ERROR;
} else {
- # Delete if old key exists
- if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
- unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
+ # Delete if old key exists
+ if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
+ unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
}
- move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
- if ($? ne 0) {
+
+ unless(move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}")) {
$errormessage = "$Lang::tr{'dh key move failed'}: $!";
unlink ($filename);
goto UPLOADCA_ERROR;
- }
+ }
}
-
###
### Upload CA Certificate
###
unlink ($filename);
goto UPLOADCA_ERROR;
} else {
- move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
- if ($? ne 0) {
+ unless(move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
unlink ($filename);
goto UPLOADCA_ERROR;
}
}
- @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
+ my @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
my $casubject;
foreach my $line (@casubject) {
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
&Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output),"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
}
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output), "y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
}
}
- move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
- if ($? ne 0) {
+ unless(move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
unlink ($filename);
unlink ("${General::swroot}/ovpn/ca/cacert.pem");
goto ROOTCERT_ERROR;
}
- move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
- if ($? ne 0) {
+ unless(move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
unlink ($filename);
unlink ("${General::swroot}/ovpn/ca/cacert.pem");
goto ROOTCERT_ERROR;
}
- move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
- if ($? ne 0) {
+ unless(move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
unlink ($filename);
unlink ("${General::swroot}/ovpn/ca/cacert.pem");
}
# Create ta.key for tls-auth
# This system call is safe, because all arguments are passed as an array.
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ system('/usr/sbin/openvpn', '--genkey', 'secret', "${General::swroot}/ovpn/certs/ta.key");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
&cleanssldatabase();
&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
&writecollectdconf();
}
-
- } else {
- $errormessage = $Lang::tr{'invalid key'};
}
}
}
if ($confighash{$cgiparams{'KEY'}}) {
# Revoke certificate if certificate was deleted and rewrite the CRL
- &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf)";
+ &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
&General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
###
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output), "y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output) ,"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
my @output = <FILE>;
close(FILE);
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output),"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output), "y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
close FILE;
- move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
-
- if ($? ne 0) {
+ unless(move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2")) {
$errormessage = "*.conf move failed: $!";
unlink ($filename);
goto N2N_ERROR;
}
- move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2");
- chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
-
- if ($? ne 0) {
+ unless(move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
unlink ($filename);
goto N2N_ERROR;
- }
+ }
+
+ chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
my $complzoactive;
my $mssfixactive;
unlink ($filename);
goto VPNCONF_ERROR;
} else {
- move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
- if ($? ne 0) {
+ unless(move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
unlink ($filename);
goto VPNCONF_ERROR;
# Adding DH parameter to chart
if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
- my @dhsubject = &System_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
+ my @dhsubject = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
my $dhsubject;
foreach my $line (@dhsubject) {