X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=052b3e3092e4405df36dbd087383605cad8d5ec6;hb=9063a04e94587fc38f410ec2234275417de201ad;hp=161df4d6e6fc73f61bdba8aed4c6a85a0c0a08c1;hpb=b530bbba9eb2ec961789f78995fb1c5f11cadb75;p=ipfire-2.x.git diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 161df4d6e6..052b3e3092 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -23,7 +23,7 @@ use Net::DNS; use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; - +use Sort::Naturally; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; @@ -61,14 +61,16 @@ my %mainsettings = (); my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"); my $blue_cidr = "# Blue not defined"; -if ($netsettings{'BLUE_DEV'}) { +if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) { $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"); } my $orange_cidr = "# Orange not defined"; -if ($netsettings{'ORANGE_DEV'}) { +if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) { $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"); } +my $col=""; + $cgiparams{'ENABLED'} = 'off'; $cgiparams{'EDIT_ADVANCED'} = 'off'; $cgiparams{'ACTION'} = ''; @@ -104,7 +106,8 @@ $cgiparams{'ROOTCERT_OU'} = ''; $cgiparams{'ROOTCERT_CITY'} = ''; $cgiparams{'ROOTCERT_STATE'} = ''; $cgiparams{'RW_NET'} = ''; - +$cgiparams{'DPD_DELAY'} = '30'; +$cgiparams{'DPD_TIMEOUT'} = '120'; &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); ### @@ -245,9 +248,6 @@ sub writeipsecfiles { flock CONF, 2; flock SECRETS, 2; print CONF "version 2\n\n"; - print CONF "config setup\n"; - print CONF "\tcharondebug=\"dmn 0, mgr 0, ike 0, chd 0, job 0, cfg 0, knl 0, net 0, asn 0, enc 0, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0\"\n"; - print CONF "\n"; print CONF "conn %default\n"; print CONF "\tkeyingtries=%forever\n"; print CONF "\n"; @@ -319,9 +319,16 @@ sub writeipsecfiles { foreach my $j (@ints) { foreach my $k (@groups) { if ($comma != 0) { print CONF ","; } else { $comma = 1; } - print CONF "$i-$j-modp$k"; - } + + my @l = split("", $k); + if ($l[0] eq "e") { + shift @l; + print CONF "$i-$j-ecp".join("", @l); + } else { + print CONF "$i-$j-modp$k"; + } } + } } if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? print CONF "!\n"; @@ -342,7 +349,12 @@ sub writeipsecfiles { foreach my $k (@groups) { if ($comma != 0) { print CONF ","; } else { $comma = 1; } if ($pfs eq "on") { - $modp = "-modp$k"; + my @l = split("", $k); + if ($l[0] eq "e") { + $modp = ""; + } else { + $modp = "-modp$k"; + } } else { $modp = ""; } @@ -375,9 +387,27 @@ sub writeipsecfiles { print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on'); # Dead Peer Detection - print CONF "\tdpddelay=30\n"; - print CONF "\tdpdtimeout=120\n"; - print CONF "\tdpdaction=$lconfighash{$key}[27]\n"; + my $dpdaction = $lconfighash{$key}[27]; + print CONF "\tdpdaction=$dpdaction\n"; + + # If the dead peer detection is disabled and IKEv2 is used, + # dpddelay must be set to zero, too. + if ($dpdaction eq "none") { + if ($lconfighash{$key}[29] eq "ikev2") { + print CONF "\tdpddelay=0\n"; + } + } else { + my $dpddelay = $lconfighash{$key}[30]; + if (!$dpddelay) { + $dpddelay = 30; + } + print CONF "\tdpddelay=$dpddelay\n"; + my $dpdtimeout = $lconfighash{$key}[31]; + if (!$dpdtimeout) { + $dpdtimeout = 120; + } + print CONF "\tdpdtimeout=$dpdtimeout\n"; + } # Build Authentication details: LEFTid RIGHTid : PSK psk my $psk_line; @@ -414,7 +444,7 @@ sub writeipsecfiles { # Hook to regenerate the configuration files. if ($ENV{"REMOTE_ADDR"} eq "") { - writeipsecfiles; + writeipsecfiles(); exit(0); } @@ -1265,6 +1295,16 @@ END $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14]; + $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; + + if (!$cgiparams{'DPD_DELAY'}) { + $cgiparams{'DPD_DELAY'} = 30; + } + + if (!$cgiparams{'DPD_TIMEOUT'}) { + $cgiparams{'DPD_TIMEOUT'} = 120; + } } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); @@ -1739,7 +1779,7 @@ END my $key = $cgiparams{'KEY'}; if (! $key) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 28) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} } $confighash{$key}[0] = $cgiparams{'ENABLED'}; $confighash{$key}[1] = $cgiparams{'NAME'}; @@ -1779,6 +1819,8 @@ END $confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$key}[28] = $cgiparams{'PFS'}; $confighash{$key}[14] = $cgiparams{'VHOST'}; + $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'}; + $confighash{$key}[31] = $cgiparams{'DPD_DELAY'}; #free unused fields! $confighash{$key}[6] = 'off'; @@ -1814,9 +1856,17 @@ END # choose appropriate dpd action if ($cgiparams{'TYPE'} eq 'host') { - $cgiparams{'DPD_ACTION'} = 'clear'; + $cgiparams{'DPD_ACTION'} = 'clear'; } else { - $cgiparams{'DPD_ACTION'} = 'restart'; + $cgiparams{'DPD_ACTION'} = 'restart'; + } + + if (!$cgiparams{'DPD_DELAY'}) { + $cgiparams{'DPD_DELAY'} = 30; + } + + if (!$cgiparams{'DPD_TIMEOUT'}) { + $cgiparams{'DPD_TIMEOUT'} = 120; } # Default IKE Version to v2 @@ -1831,12 +1881,12 @@ END #use default advanced value $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[18]; $cgiparams{'IKE_INTEGRITY'} = 'sha2_256|sha|md5'; #[19]; - $cgiparams{'IKE_GROUPTYPE'} = '8192|6144|4096|3072|2048|1536|1024'; #[20]; - $cgiparams{'IKE_LIFETIME'} = '1'; #[16]; + $cgiparams{'IKE_GROUPTYPE'} = '4096|3072|2048|1536|1024'; #[20]; + $cgiparams{'IKE_LIFETIME'} = '3'; #[16]; $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[21]; $cgiparams{'ESP_INTEGRITY'} = 'sha2_256|sha1|md5'; #[22]; $cgiparams{'ESP_GROUPTYPE'} = ''; #[23]; - $cgiparams{'ESP_KEYLIFE'} = '8'; #[17]; + $cgiparams{'ESP_KEYLIFE'} = '1'; #[17]; $cgiparams{'COMPRESSION'} = 'on'; #[13]; $cgiparams{'ONLY_PROPOSED'} = 'off'; #[24]; $cgiparams{'PFS'} = 'on'; #[28]; @@ -1860,15 +1910,6 @@ END $checked{'AUTH'}{'auth-dn'} = ''; $checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'"; - $selected{'DPD_ACTION'}{'clear'} = ''; - $selected{'DPD_ACTION'}{'hold'} = ''; - $selected{'DPD_ACTION'}{'restart'} = ''; - $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; - - $selected{'IKE_VERSION'}{'ikev1'} = ''; - $selected{'IKE_VERSION'}{'ikev2'} = ''; - $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; - &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -1889,6 +1930,7 @@ END print "
"; print< + @@ -1901,23 +1943,30 @@ END + + + END ; if ($cgiparams{'KEY'}) { print ""; + print ""; print ""; } - &Header::openbox('100%', 'left', "$Lang::tr{'connection'}:"); + &Header::openbox('100%', 'left', "$Lang::tr{'connection'}: $cgiparams{'NAME'}"); print ""; - print ""; - if ($cgiparams{'KEY'}) { - print ""; - } else { - print ""; + if (!$cgiparams{'KEY'}) { + print < + + + + +EOF } - print ""; - print ''; my $disabled; my $blob; @@ -1928,44 +1977,41 @@ END print < - - - - + + + - - + + + - - - - - - - - + - - + + + + + + - - - END ; @@ -2092,7 +2138,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(aes256|aes192|aes128|3des)$/) { + if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2114,7 +2160,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) { + if ($val !~ /^(e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|1024|1536|2048|2048s256|2048s224|2048s160|3072|4096|6144|8192)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2133,7 +2179,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(aes256|aes192|aes128|3des)$/) { + if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2150,7 +2196,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } } if ($cgiparams{'ESP_GROUPTYPE'} ne '' && - $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096|6144|8192)$/) { + $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)(bp)?$/ && + $cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|2048s(256|224|160)|3072|4096|6144|8192)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2174,6 +2221,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } + if ($cgiparams{'DPD_DELAY'} !~ /^\d+$/) { + $errormessage = $Lang::tr{'invalid input for dpd delay'}; + goto ADVANCED_ERROR; + } + + if ($cgiparams{'DPD_TIMEOUT'} !~ /^\d+$/) { + $errormessage = $Lang::tr{'invalid input for dpd timeout'}; + goto ADVANCED_ERROR; + } + + $confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'IKE_VERSION'}; $confighash{$cgiparams{'KEY'}}[18] = $cgiparams{'IKE_ENCRYPTION'}; $confighash{$cgiparams{'KEY'}}[19] = $cgiparams{'IKE_INTEGRITY'}; $confighash{$cgiparams{'KEY'}}[20] = $cgiparams{'IKE_GROUPTYPE'}; @@ -2187,6 +2245,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'}; $confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'}; + $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'}; + $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'}; + $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'}; &General::writehasharray("${General::swroot}/vpn/config", \%confighash); &writeipsecfiles(); if (&vpnenabled) { @@ -2195,6 +2256,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } goto ADVANCED_END; } else { + $cgiparams{'IKE_VERSION'} = $confighash{$cgiparams{'KEY'}}[29]; $cgiparams{'IKE_ENCRYPTION'} = $confighash{$cgiparams{'KEY'}}[18]; $cgiparams{'IKE_INTEGRITY'} = $confighash{$cgiparams{'KEY'}}[19]; $cgiparams{'IKE_GROUPTYPE'} = $confighash{$cgiparams{'KEY'}}[20]; @@ -2207,6 +2269,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14]; + $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; + + if (!$cgiparams{'DPD_DELAY'}) { + $cgiparams{'DPD_DELAY'} = 30; + } + + if (!$cgiparams{'DPD_TIMEOUT'}) { + $cgiparams{'DPD_TIMEOUT'} = 120; + } if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || $confighash{$cgiparams{'KEY'}}[10]) { $cgiparams{'VHOST'} = 'off'; @@ -2218,6 +2291,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'IKE_ENCRYPTION'}{'aes192'} = ''; $checked{'IKE_ENCRYPTION'}{'aes128'} = ''; $checked{'IKE_ENCRYPTION'}{'3des'} = ''; + $checked{'IKE_ENCRYPTION'}{'camellia256'} = ''; + $checked{'IKE_ENCRYPTION'}{'camellia192'} = ''; + $checked{'IKE_ENCRYPTION'}{'camellia128'} = ''; my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'}); foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; } $checked{'IKE_INTEGRITY'}{'sha2_512'} = ''; @@ -2246,6 +2322,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'ESP_ENCRYPTION'}{'aes192'} = ''; $checked{'ESP_ENCRYPTION'}{'aes128'} = ''; $checked{'ESP_ENCRYPTION'}{'3des'} = ''; + $checked{'ESP_ENCRYPTION'}{'camellia256'} = ''; + $checked{'ESP_ENCRYPTION'}{'camellia192'} = ''; + $checked{'ESP_ENCRYPTION'}{'camellia128'} = ''; @temp = split('\|', $cgiparams{'ESP_ENCRYPTION'}); foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; } $checked{'ESP_INTEGRITY'}{'sha2_512'} = ''; @@ -2263,6 +2342,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ; $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ; + $selected{'IKE_VERSION'}{'ikev1'} = ''; + $selected{'IKE_VERSION'}{'ikev2'} = ''; + $selected{'IKE_VERSION'}{$cgiparams{'IKE_VERSION'}} = "selected='selected'"; + + $selected{'DPD_ACTION'}{'clear'} = ''; + $selected{'DPD_ACTION'}{'hold'} = ''; + $selected{'DPD_ACTION'}{'restart'} = ''; + $selected{'DPD_ACTION'}{'none'} = ''; + $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'"; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -2288,91 +2377,191 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
$Lang::tr{'name'}:$cgiparams{'NAME'}$Lang::tr{'name'}: + +
$Lang::tr{'enabled'}

$Lang::tr{'remote host/ip'}: $blob - - $Lang::tr{'remote subnet'} - + $Lang::tr{'enabled'} + + $Lang::tr{'local subnet'} +
$Lang::tr{'local subnet'} - + $Lang::tr{'remote host/ip'}: $blob + + $Lang::tr{'remote subnet'} +
$Lang::tr{'vpn local id'}:
($Lang::tr{'eg'} @xy.example.com)		$Lang::tr{'vpn remote id'}:

$Lang::tr{'vpn keyexchange'}: + $Lang::tr{'vpn local id'}: + $Lang::tr{'dpd action'}: + $Lang::tr{'vpn remote id'}: + +

$Lang::tr{'remark title'} * +
$Lang::tr{'remark title'} *
- - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'ike encryption'} - $Lang::tr{'ike integrity'} - $Lang::tr{'ike grouptype'} -
$Lang::tr{'ike lifetime'} - $Lang::tr{'hours'}
$Lang::tr{'esp encryption'} - $Lang::tr{'esp integrity'} - $Lang::tr{'esp grouptype'} -
$Lang::tr{'esp keylife'} - $Lang::tr{'hours'}
- IKE+ESP: $Lang::tr{'use only proposed settings'}
- $Lang::tr{'pfs yes no'}
- $Lang::tr{'vpn payload compression'}
IKEESP
$Lang::tr{'vpn keyexchange'}: + +
$Lang::tr{'encryption'} + + + +
$Lang::tr{'integrity'} + + + +
$Lang::tr{'lifetime'} + $Lang::tr{'hours'} + + $Lang::tr{'hours'} +
$Lang::tr{'grouptype'} + +
+ +

+ +

$Lang::tr{'dead peer detection'}

+ + + + + + + + + + + + + + +
$Lang::tr{'dpd action'}: + +
$Lang::tr{'dpd timeout'}: + +
$Lang::tr{'dpd delay'}: + +
+ +
+ + + + + + + + + + + + EOF ; if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { print ""; } elsif ($confighash{$cgiparams{'KEY'}}[10]) { - print ""; + print ""; } else { - print ""; + print ""; } - print "
+
+ +
+ +
"; - print " $Lang::tr{'vpn vhost'}
"; - print " $Lang::tr{'vpn vhost'}
"; + print < + + + + + + +EOF + &Header::closebox(); &Header::closebigbox(); &Header::closepage(); @@ -2463,37 +2652,39 @@ END &Header::openbox('100%', 'left', $Lang::tr{'connection status and controlc'}); print < + - - - - - - + + + + + + END ; my $id = 0; my $gif; - foreach my $key (keys %confighash) { + foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) { if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } if ($id % 2) { - print "\n"; + print ""; + $col="bgcolor='$color{'color20'}'"; } else { - print "\n"; + print ""; + $col="bgcolor='$color{'color22'}'"; } - print ""; - print ""; + print ""; + print ""; if ($confighash{$key}[2] eq '%auth-dn') { - print ""; + print ""; } elsif ($confighash{$key}[4] eq 'cert') { - print ""; + print ""; } else { - print ""; + print ""; } - print ""; + print ""; # get real state my $active = "
$Lang::tr{'name'}$Lang::tr{'type'}$Lang::tr{'common name'}$Lang::tr{'remark'}$Lang::tr{'status'}$Lang::tr{'action'}$Lang::tr{'name'}$Lang::tr{'type'}$Lang::tr{'common name'}$Lang::tr{'remark'}$Lang::tr{'status'}$Lang::tr{'action'}
$confighash{$key}[1]" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]$confighash{$key}[1]" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ") $confighash{$key}[29]$confighash{$key}[9]$confighash{$key}[9]$confighash{$key}[2]$confighash{$key}[2]  $confighash{$key}[25]$confighash{$key}[25]
$Lang::tr{'capsclosed'}
"; foreach my $line (@status) { @@ -2508,8 +2699,8 @@ END $active = "
$Lang::tr{'capsclosed'}
"; } print <$active - + $active +
@@ -2520,7 +2711,7 @@ END ; if (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) { print < + @@ -2529,11 +2720,11 @@ END END ; } else { - print " "; + print " "; } if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/certs/$confighash{$key}[1].p12") { print < + @@ -2543,7 +2734,7 @@ END END ; } elsif (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) { print < + @@ -2552,10 +2743,10 @@ END END ; } else { - print " "; + print " "; } print < + @@ -2563,14 +2754,14 @@ END - +
- +
@@ -2627,43 +2818,44 @@ END &Header::openbox('100%', 'left', "$Lang::tr{'certificate authorities'}:"); print < + - - - + + + EOF ; + my $col1="bgcolor='$color{'color22'}'"; + my $col2="bgcolor='$color{'color20'}'"; if (-f "${General::swroot}/ca/cacert.pem") { my $casubject = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/cacert.pem")); - print < - - - + + + - - + END ; } else { # display rootcert generation buttons print < - - - + + + + END ; } @@ -2672,61 +2864,63 @@ END my $hostsubject = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/certs/hostcert.pem")); print < - - - + + + - - + END ; } else { # Nothing print < - - - + + + + END ; } - my $rowcolor = 0; - if (keys %cahash > 0) { - foreach my $key (keys %cahash) { - if ($rowcolor++ % 2) { - print "\n"; - } else { - print "\n"; - } - print "\n"; - print "\n"; + my $rowcolor = 0; + if (keys %cahash > 0) { + foreach my $key (keys %cahash) { + if ($rowcolor++ % 2) { + print ""; + $col="bgcolor='$color{'color20'}'"; + } else { + print ""; + $col="bgcolor='$color{'color22'}'"; + } + print "\n"; + print "\n"; print < + - -
$Lang::tr{'name'}$Lang::tr{'subject'}$Lang::tr{'action'}$Lang::tr{'name'}$Lang::tr{'subject'}$Lang::tr{'action'}
$Lang::tr{'root certificate'}$casubject +
$Lang::tr{'root certificate'}$casubject +
 
 
$Lang::tr{'root certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'root certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'host certificate'}$hostsubject +
$Lang::tr{'host certificate'}$hostsubject
+
- - + +
 
 
$Lang::tr{'host certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'host certificate'}:$Lang::tr{'not present'} 
$cahash{$key}[0]$cahash{$key}[1]
$cahash{$key}[0]$cahash{$key}[1]
+
+