From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 10 Apr 2024 12:11:27 +0000 (+0200)
Subject: ovpnmain.cgi: Enable legacy provider for auths, too
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2a80238db6f97a7997daa96e0dda78e416dca42d;p=people%2Fms%2Fipfire-2.x.git

ovpnmain.cgi: Enable legacy provider for auths, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 0648c2a2b..a390048ce 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -64,6 +64,10 @@ my @LEGACY_CIPHERS = (
 	"SEED-CBC",
 );
 
+my @LEGACY_AUTHS = (
+	"whirlpool",
+);
+
 my $DEFAULT_CIPHERS = "AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305";
 
 # Translations for the cipher selection
@@ -145,6 +149,16 @@ sub is_legacy_cipher($) {
 	return 0;
 }
 
+sub is_legacy_auth($) {
+	my $auth = shift;
+
+	foreach my $a (@LEGACY_AUTHS) {
+		return 1 if ($auth eq $a);
+	}
+
+	return 0;
+}
+
 sub cleanssldatabase() {
 	if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
 		print FILE "01";
@@ -276,6 +290,11 @@ sub writeserverconf {
 	}
 
 	print CONF "auth $sovpnsettings{'DAUTH'}\n";
+
+	if (&is_legacy_auth($sovpnsettings{'DAUTH'})) {
+		$requires_legacy_provider++;
+	}
+
     # Set TLSv2 as minimum
     print CONF "tls-version-min 1.2\n";