]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 39239d2)
vpnmain.cgi: Fix for 2nd part of bug10595
authorAdolf Belka <adolf.belka@ipfire.org>
Wed, 11 Dec 2024 11:51:43 +0000 (12:51 +0100)
committerArne Fitzenreiter <arne_f@ipfire.org>
Wed, 18 Dec 2024 07:21:43 +0000 (08:21 +0100)
- Bug10595 had two parts in it and was closed after the first part was fixed. The second
   part was still unfixed at that time. I cam across it when checking out an open bug on
   a similar issue with OpenVPN.
- I found the section that checks on the CA Name and modified it to also allow spaces.
- Having modified that then the subroutines getsubjectfromcert and getCNfromcert required
   to have quotation marks put around the parameter that had the CA Name with spaces in it
   otherwise the openssl statement only got a filename with the first portion of the ca
   name until the first space was encountered.
- Tested this change out on my vm and it worked fine. I was able to upload a ca
   certificate into IPSec and use spaces in the CA Name.

Fixes: Bug10595 part 2
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
html/cgi-bin/vpnmain.cgi [changed mode: 0755->0644] patch | blob | blame | history

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
old mode 100755 (executable)
new mode 100644 (file)
index 3541aaa..694eeed
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -245,7 +245,7 @@ sub callssl ($) {
 ###
 sub getCNfromcert ($) {
        #&General::log("ipsec", "Extracting name from $_[0]...");
-       my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+       my $temp = `/usr/bin/openssl x509 -text -in '$_[0]'`;
        $temp =~ /Subject:.*CN\s*=\s*(.*)[\n]/;
        $temp = $1;
        $temp =~ s+/Email+, E+;
@@ -259,7 +259,7 @@ sub getCNfromcert ($) {
 ###
 sub getsubjectfromcert ($) {
        #&General::log("ipsec", "Extracting subject from $_[0]...");
-       my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+       my $temp = `/usr/bin/openssl x509 -text -in '$_[0]'`;
        $temp =~ /Subject: (.*)[\n]/;
        $temp = $1;
        $temp =~ s+/Email+, E+;
@@ -644,8 +644,8 @@ END
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
        &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash);
 
-       if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
-               $errormessage = $Lang::tr{'name must only contain characters'};
+       if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9 ]*$/) {
+               $errormessage = $Lang::tr{'ca name must only contain characters or spaces'};
                goto UPLOADCA_ERROR;
        }
 
IPFire 2.x development tree