X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=3652627e9b3e48d17de98e822ef774e04488c565;hb=f605a2d303f9239963b0049ff308b25b7782b691;hp=8f13cf51fa294a3d8d871ccabe51b719514be1b3;hpb=27ca856f728c840d90130abd41576ef57e65eae5;p=ipfire-2.x.git
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 8f13cf51fa..3652627e9b 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -226,13 +226,9 @@ sub newcleanssldatabase {
###
sub callssl ($) {
my $opt = shift;
-
- # Split the given argument string into single pieces and assign them to an array.
- my @opts = split(/ /, $opt);
-
- my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr
+ my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
my $ret = '';
- foreach my $line (split (/\n/, @retssl)) {
+ foreach my $line (split (/\n/, $retssl)) {
&General::log("ipsec", "$line") if (0); # 1 for verbose logging
$ret .= '
'.$line if ( $line =~ /error|unknown/ );
}
@@ -246,21 +242,13 @@ sub callssl ($) {
###
sub getCNfromcert ($) {
#&General::log("ipsec", "Extracting name from $_[0]...");
- my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
- my $temp;
-
- foreach my $line (@temp) {
- if ($line =~ /Subject:.*CN = (.*)[\n]/) {
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST = / S = /;
- $temp =~ s/,//g;
- $temp =~ s/\'//g;
-
- last;
- }
- }
-
+ my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+ $temp =~ /Subject:.*CN = (.*)[\n]/;
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST = / S = /;
+ $temp =~ s/,//g;
+ $temp =~ s/\'//g;
return $temp;
}
###
@@ -268,19 +256,11 @@ sub getCNfromcert ($) {
###
sub getsubjectfromcert ($) {
#&General::log("ipsec", "Extracting subject from $_[0]...");
- my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
- my $temp;
-
- foreach my $line (@temp) {
- if($line =~ /Subject: (.*)[\n]/) {
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST = / S = /;
-
- last;
- }
- }
-
+ my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+ $temp =~ /Subject: (.*)[\n]/;
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST = / S = /;
return $temp;
}
###
@@ -689,14 +669,13 @@ END
$errormessage = $!;
goto UPLOADCA_ERROR;
}
- my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
- if (! grep(/CA:TRUE/, @temp)) {
+ my $temp = `/usr/bin/openssl x509 -text -in $filename`;
+ if ($temp !~ /CA:TRUE/i) {
$errormessage = $Lang::tr{'not a valid ca certificate'};
unlink ($filename);
goto UPLOADCA_ERROR;
} else {
- move($filename, "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem");
- if ($? ne 0) {
+ unless(move($filename, "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
unlink ($filename);
goto UPLOADCA_ERROR;
@@ -725,8 +704,8 @@ END
&Header::openbigbox('100%', 'left', '', '');
&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "
@output\n"; + my $output = &Header::cleanhtml(join("", @output) ,"y"); + print "
$output\n"; &Header::closebox(); print ""; &Header::closebigbox(); @@ -852,8 +831,8 @@ END &Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:"); @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/hostcert.pem"); } - @output = &Header::cleanhtml(@output,"y"); - print "
@output\n"; + my $output = &Header::cleanhtml(join("", @output) ,"y"); + print "
$output\n"; &Header::closebox(); print ""; &Header::closebigbox(); @@ -869,7 +848,7 @@ END print "Content-Disposition: attachment; filename=cacert.pem\r\n\r\n"; my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/cacert.pem"); - print "@cert"; + print join("", @cert); exit(0); } ### @@ -881,7 +860,7 @@ END print "Content-Disposition: attachment; filename=hostcert.pem\r\n\r\n"; my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/certs/hostcert.pem"); - print "@cert"; + print join("", @cert); exit(0); } ### @@ -967,20 +946,23 @@ END if (!$errormessage) { &General::log("ipsec", "Moving cacert..."); - move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem"); - $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0); + unless(move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem")) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + } } if (!$errormessage) { &General::log("ipsec", "Moving host cert..."); - move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem"); - $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0); + unless(move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem")) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + } } if (!$errormessage) { &General::log("ipsec", "Moving private key..."); - move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem"); - $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0); + unless(move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem")) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + } } #cleanup temp files @@ -1260,7 +1242,7 @@ END open(FILE, "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); my @p12 =
@output\n"; + my $output = &Header::cleanhtml(join("", @output) ,"y"); + print "
$output\n"; &Header::closebox(); print ""; &Header::closebigbox(); @@ -1999,8 +1981,11 @@ END while (grep(/Imported-$idx/, @names) ) {$idx++}; $cgiparams{'CA_NAME'}="Imported-$idx"; $cgiparams{'CERT_NAME'}=&Header::cleanhtml(getCNfromcert ('/tmp/newhostcert')); - move("/tmp/newcacert", "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem"); - $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0); + + unless(move("/tmp/newcacert", "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem")) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + } + if (!$errormessage) { my $key = &General::findhasharraykey (\%cahash); $cahash{$key}[0] = $cgiparams{'CA_NAME'}; @@ -2013,8 +1998,9 @@ END } if (!$errormessage) { &General::log("ipsec", "Moving host cert..."); - move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"); - $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0); + unless(move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem")) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + } } #cleanup temp files @@ -2062,9 +2048,8 @@ END unlink ($filename); goto VPNCONF_ERROR; } else { - move($filename, "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unless (move($filename, "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem")) { + $errormessage = "$Lang::tr{'certificate file move failed'} ($filename): $!"; unlink ($filename); goto VPNCONF_ERROR; } @@ -2375,11 +2360,11 @@ END #use default advanced value $cgiparams{'IKE_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18]; $cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256'; #[19]; - $cgiparams{'IKE_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[20]; + $cgiparams{'IKE_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[20]; $cgiparams{'IKE_LIFETIME'} = '3'; #[16]; $cgiparams{'ESP_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21]; $cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256'; #[22]; - $cgiparams{'ESP_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[23]; + $cgiparams{'ESP_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[23]; $cgiparams{'ESP_KEYLIFE'} = '1'; #[17]; $cgiparams{'COMPRESSION'} = 'off'; #[13]; $cgiparams{'ONLY_PROPOSED'} = 'on'; #[24];