From 498134e5dda21dd9440098872e006408d8531d5b Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 22 Feb 2023 12:25:33 +0000 Subject: [PATCH] OpenVPN: Show indication when OpenVPN certificates expire MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This will help with #11742 - OpenVPN: No method to replace expired certificates. Signed-off-by: Michael Tremer Acked-by: Peter Müller --- doc/language_issues.en | 2 ++ doc/language_issues.es | 2 ++ doc/language_issues.fr | 2 ++ doc/language_issues.it | 2 ++ doc/language_issues.nl | 2 ++ doc/language_issues.pl | 2 ++ doc/language_issues.ru | 2 ++ doc/language_issues.tr | 2 ++ doc/language_missings | 18 ++++++++++++++ html/cgi-bin/ovpnmain.cgi | 51 +++++++++++++++++++++++++-------------- langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ 12 files changed, 71 insertions(+), 18 deletions(-) diff --git a/doc/language_issues.en b/doc/language_issues.en index 08fda35b7c..131278a204 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1413,6 +1413,8 @@ WARNING: untranslated string: only digits allowed in max retries field = Only di WARNING: untranslated string: only digits allowed in the idle timeout = Only digits allowed in the idle timeout. WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: openssl produced an error = OpenSSL produced an error +WARNING: untranslated string: openvpn cert expires soon = Expires Soon +WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: openvpn client = OpenVPN client WARNING: untranslated string: openvpn default = Default WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server. diff --git a/doc/language_issues.es b/doc/language_issues.es index ffe423bd1d..501f607647 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -982,6 +982,8 @@ WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilitie WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: no data = unknown string +WARNING: untranslated string: openvpn cert expires soon = Expires Soon +WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string diff --git a/doc/language_issues.fr b/doc/language_issues.fr index cb06f0ab39..bbf686b74e 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -946,6 +946,8 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string +WARNING: untranslated string: openvpn cert expires soon = Expires Soon +WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index dd794f57aa..f9fa74de11 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1174,6 +1174,8 @@ WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year WARNING: untranslated string: open connections = Open Connections +WARNING: untranslated string: openvpn cert expires soon = Expires Soon +WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: optional = Optional WARNING: untranslated string: otp qrcode = OTP QRCode WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 4f100abd25..d406e72994 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1197,6 +1197,8 @@ WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year WARNING: untranslated string: open connections = Open Connections +WARNING: untranslated string: openvpn cert expires soon = Expires Soon +WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: optional = Optional WARNING: untranslated string: otp qrcode = OTP QRCode WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression diff --git a/doc/language_issues.pl b/doc/language_issues.pl index e91e62c5b3..54aba0c661 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1355,6 +1355,8 @@ WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year WARNING: untranslated string: open connections = Open Connections +WARNING: untranslated string: openvpn cert expires soon = Expires Soon +WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: openvpn default = Default WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server. WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol. diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 7dd1a63d7b..05ee8461e9 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1353,6 +1353,8 @@ WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year WARNING: untranslated string: open connections = Open Connections +WARNING: untranslated string: openvpn cert expires soon = Expires Soon +WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: openvpn default = Default WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server. WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol. diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 3443b1f1a0..6871ea35aa 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1091,6 +1091,8 @@ WARNING: untranslated string: no entries = No entries at the moment. WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: not validating = Not validating WARNING: untranslated string: open connections = Open Connections +WARNING: untranslated string: openvpn cert expires soon = Expires Soon +WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: optional = Optional WARNING: untranslated string: otp qrcode = OTP QRCode WARNING: untranslated string: ovpn connection name = Connection Name diff --git a/doc/language_missings b/doc/language_missings index 78b9e8a2d5..956303c927 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -107,6 +107,8 @@ < dns servers < hardware vulnerabilities < invalid ip or hostname +< openvpn cert expires soon +< openvpn cert has expired < service boot setting unavailable < transport mode does not support vti < wlanap @@ -123,6 +125,12 @@ < dhcp fixed ip address in dynamic range < g.dtm < g.lite +< guaranteed bandwidth +< retbleed +< service boot setting unavailable +< show dh +< openvpn cert expires soon +< openvpn cert has expired < upload fcdsl.o ############################################################################ # Checking cgi-bin translations for language: it # @@ -467,6 +475,8 @@ < one week < one year < open connections +< openvpn cert expires soon +< openvpn cert has expired < optional < otp qrcode < outgoing compression in bytes per second @@ -995,6 +1005,8 @@ < one week < one year < open connections +< openvpn cert expires soon +< openvpn cert has expired < optional < otp qrcode < outgoing compression in bytes per second @@ -1828,6 +1840,8 @@ < one week < one year < open connections +< openvpn cert expires soon +< openvpn cert has expired < openvpn default < openvpn destination port used < openvpn disabled @@ -2812,6 +2826,8 @@ < one week < one year < open connections +< openvpn cert expires soon +< openvpn cert has expired < openvpn default < openvpn destination port used < openvpn disabled @@ -3317,6 +3333,8 @@ < not validating < okay < open connections +< openvpn cert expires soon +< openvpn cert has expired < optional < otp qrcode < ovpn connection name diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 42a7354fc9..87bda4f1ef 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -33,6 +33,7 @@ use File::Temp qw/ tempfile tempdir /; use strict; use Archive::Zip qw(:ERROR_CODES :CONSTANTS); use Sort::Naturally; +use Date::Parse; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; @@ -5352,31 +5353,45 @@ END END } if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } - if ($id % 2) { - print ""; - $col="bgcolor='$color{'color20'}'"; - } else { - print ""; - $col="bgcolor='$color{'color22'}'"; - } - print "$confighash{$key}[1]"; - print "" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")"; - #if ($confighash{$key}[4] eq 'cert') { - #print "$confighash{$key}[2]"; - #} else { - #print " "; - #} - my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem"); - my $cavalid; + # Fetch information about the certificate + my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", + "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem"); + + my $expiryDate = 0; + + # Parse the certificate information foreach my $line (@cavalid) { if ($line =~ /Not After : (.*)[\n]/) { - $cavalid = $1; - + $expiryDate = &Date::Parse::str2time($1); last; } } + # Calculate the remaining time + my $remainingTime = $expiryDate - time(); + + # Create some simple booleans to check the status + my $hasExpired = ($remainingTime <= 0); + my $expiresSoon = ($remainingTime <= 30 * 24 * 3600); + + print ""; + + if ($hasExpired || $expiresSoon) { + $col="bgcolor='$color{'color14'}'"; + } elsif ($id % 2) { + $col="bgcolor='$color{'color20'}'"; + } else { + $col="bgcolor='$color{'color22'}'"; + } + print "$confighash{$key}[1]"; + if ($hasExpired) { + print " ($Lang::tr{'openvpn cert has expired'})"; + } elsif ($expiresSoon) { + print " ($Lang::tr{'openvpn cert expires soon'})"; + } + print ""; + print "" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")"; print "$confighash{$key}[25]"; $col1="bgcolor='${Header::colourred}'"; my $active = "$Lang::tr{'capsclosed'}"; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 5fbab2ff8a..a57b62ad8f 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1884,6 +1884,8 @@ 'open connections' => 'Offene Verbindungen', 'open to all' => 'Überschreibe externen Zugang zu ALL', 'openssl produced an error' => 'OpenSSL hat einen Fehler verursacht', +'openvpn cert expires soon' => 'Läuft bald ab', +'openvpn cert has expired' => 'Abgelaufen', 'openvpn client' => 'OpenVPN-Client', 'openvpn default' => 'Vorgabe', 'openvpn destination port used' => 'Der Zielport wird bereits von einer anderen OpenVPN-Server-Instanz genutzt.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5a72f53b8c..cc7704e9dc 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1941,6 +1941,8 @@ 'open connections' => 'Open Connections', 'open to all' => 'Override external access to ALL', 'openssl produced an error' => 'OpenSSL produced an error', +'openvpn cert expires soon' => 'Expires Soon', +'openvpn cert has expired' => 'Expired', 'openvpn client' => 'OpenVPN client', 'openvpn default' => 'Default', 'openvpn destination port used' => 'The destination port is already used by another OpenVPN server.', -- 2.39.2