-###
-### Generate DH key step 2
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
- # Delete if old key exists
- if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
- unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
- }
- # Create Diffie Hellmann Parameter
- # The system call is safe, because all arguments are passed as an array.
- system("/usr/bin/openssl", "dhparam", "-out", "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
- if ($?) {
- $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
- unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
- }
-
-###
-### Generate DH key step 1
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
- &Header::showhttpheaders();
- &Header::openpage($Lang::tr{'ovpn'}, 1, '');
- &Header::openbigbox('100%', 'LEFT', '', '');
- &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
- print <<END;
- <table width='100%'>
- <tr>
- <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td>
- </tr>
- <tr>
- <td class='base'>$Lang::tr{'ovpn dh'}:</td>
- <td align='center'>
- <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
- <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
- <select name='DHLENGHT'>
- <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
- <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
- <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
- </select>
- </td>
- </tr>
- <tr><td colspan='4'><br></td></tr>
- </table>
- <table width='100%'>
- <tr>
- <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
- </tr>
- <tr>
- <td class='base'>$Lang::tr{'dh key warn1'}</td>
- </tr>
- <tr><td colspan='2'><br></td></tr>
- <tr>
- <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
- </form>
- </tr>
- </table>
-
-END
- ;
- &Header::closebox();
- print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
- &Header::closebigbox();
- &Header::closepage();
- exit (0);
-
-###
-### Upload DH key
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
- unless (ref ($cgiparams{'FH'})) {
- $errormessage = $Lang::tr{'there was no file upload'};
- goto UPLOADCA_ERROR;
- }
- # Move uploaded dh key to a temporary file
- (my $fh, my $filename) = tempfile( );
- if (copy ($cgiparams{'FH'}, $fh) != 1) {
- $errormessage = $!;
- goto UPLOADCA_ERROR;
- }
- my @temp = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "$filename");
- if ( ! grep(/DH Parameters: \((2048|3072|4096) bit\)/, @temp)) {
- $errormessage = $Lang::tr{'not a valid dh key'};
- unlink ($filename);
- goto UPLOADCA_ERROR;
- } else {
- # Delete if old key exists
- if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
- unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
- }
- move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
- if ($? ne 0) {
- $errormessage = "$Lang::tr{'dh key move failed'}: $!";
- unlink ($filename);
- goto UPLOADCA_ERROR;
- }
- }
-