From a201764e756895ed5fc23028863ba3b0e8bb406d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Tue, 4 Apr 2023 20:25:55 +0000 Subject: [PATCH] ovpnmain.cgi: Do not determine certificate expiry status for N2N connections MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit https://wiki.ipfire.org/devel/telco/2023-04-03 Fixes: #13066 Signed-off-by: Peter Müller --- html/cgi-bin/ovpnmain.cgi | 43 ++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 87bda4f1ef..51d6e8431d 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -5354,26 +5354,37 @@ END } if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } - # Fetch information about the certificate - my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", - "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem"); + # Create some simple booleans to check the status + my $hasExpired; + my $expiresSoon; - my $expiryDate = 0; + # Fetch information about the certificate for non-N2N connections only + if ($confighash{$key}[3] ne 'net') { + my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", + "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem"); - # Parse the certificate information - foreach my $line (@cavalid) { - if ($line =~ /Not After : (.*)[\n]/) { - $expiryDate = &Date::Parse::str2time($1); - last; + my $expiryDate = 0; + + # Parse the certificate information + foreach my $line (@cavalid) { + if ($line =~ /Not After : (.*)[\n]/) { + $expiryDate = &Date::Parse::str2time($1); + last; + } } - } - # Calculate the remaining time - my $remainingTime = $expiryDate - time(); + # Calculate the remaining time + my $remainingTime = $expiryDate - time(); - # Create some simple booleans to check the status - my $hasExpired = ($remainingTime <= 0); - my $expiresSoon = ($remainingTime <= 30 * 24 * 3600); + # Determine whether the certificate has already expired, or will so soon + $hasExpired = ($remainingTime <= 0); + $expiresSoon = ($remainingTime <= 30 * 24 * 3600); + + } else { + # Populate booleans with dummy values for N2N connections (#13066) + $hasExpired = 0; + $expiresSoon = 0; + } print ""; -- 2.39.2