ovpnmain.cgi: Fix detection of used DH key lenght.

[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 077f5ab6c483f0dc96dc5a6da35bbeb1f77ff4ca..d9e26de2fee0c6f426cefa78ad2809effe735bc0 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -221,14 +221,23 @@ sub pkiconfigcheck
        # Warning if DH parameter is 1024 bit
        if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
                my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+               my $dhbit;
 
+               # Loop through the output and search for the DH bit lenght.
                foreach my $line (@dhparameter) {
-                       my @dhbit = ($line =~ /(\d+)/);
-                       if ($1 < 2048) {
-                               $cryptoerror = "$Lang::tr{'ovpn error dh'}";
-                               goto CRYPTO_ERROR;
+                       if ($line =~ (/(\d+)/)) {
+                               # Assign match to dhbit value.
+                               $dhbit = $1;
+
+                               last;
                        }
                }
+
+               # Check if the used key lenght is at least 2048 bit.
+               if ($dhbit < 2048) {
+                       $cryptoerror = "$Lang::tr{'ovpn error dh'}";
+                       goto CRYPTO_ERROR;
+               }
        }
 
        # Warning if md5 is in usage