ovpnmain.cgi: Enable legacy provider for auths, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 0648c2a2bd46ddd2eb342a08aa235737e76112fd..a390048ce1a9fd9224a057d15baa159d8ab94544 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -64,6 +64,10 @@ my @LEGACY_CIPHERS = (
        "SEED-CBC",
 );
 
+my @LEGACY_AUTHS = (
+       "whirlpool",
+);
+
 my $DEFAULT_CIPHERS = "AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305";
 
 # Translations for the cipher selection
@@ -145,6 +149,16 @@ sub is_legacy_cipher($) {
        return 0;
 }
 
+sub is_legacy_auth($) {
+       my $auth = shift;
+
+       foreach my $a (@LEGACY_AUTHS) {
+               return 1 if ($auth eq $a);
+       }
+
+       return 0;
+}
+
 sub cleanssldatabase() {
        if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
                print FILE "01";
@@ -276,6 +290,11 @@ sub writeserverconf {
        }
 
        print CONF "auth $sovpnsettings{'DAUTH'}\n";
+
+       if (&is_legacy_auth($sovpnsettings{'DAUTH'})) {
+               $requires_legacy_provider++;
+       }
+
     # Set TLSv2 as minimum
     print CONF "tls-version-min 1.2\n";