ovpnmain.cgi: Enable legacy provider for auths, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index b93b05cdb80ca59e38b471cd16e06a1dbba17020..28709ebd78724f29cc86e323847a69ea09bdde3f 100755 (executable)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -64,6 +64,10 @@ my @LEGACY_CIPHERS = (
        "SEED-CBC",
 );
 
+my @LEGACY_AUTHS = (
+       "whirlpool",
+);
+
 my $DEFAULT_CIPHERS = "AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305";
 
 # Translations for the cipher selection
@@ -145,6 +149,16 @@ sub is_legacy_cipher($) {
        return 0;
 }
 
+sub is_legacy_auth($) {
+       my $auth = shift;
+
+       foreach my $a (@LEGACY_AUTHS) {
+               return 1 if ($auth eq $a);
+       }
+
+       return 0;
+}
+
 sub cleanssldatabase() {
        if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
                print FILE "01";
@@ -276,6 +290,11 @@ sub writeserverconf {
        }
 
        print CONF "auth $sovpnsettings{'DAUTH'}\n";
+
+       if (&is_legacy_auth($sovpnsettings{'DAUTH'})) {
+               $requires_legacy_provider++;
+       }
+
     # Set TLSv2 as minimum
     print CONF "tls-version-min 1.2\n";