From: Michael Tremer Date: Wed, 20 Mar 2024 10:15:18 +0000 (+0100) Subject: ovpnmain.cgi: Remove any left-over traces of DH replacement X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=88f0009d1c32d2c66d77a89cf308459e1a8cfe9b;p=people%2Fms%2Fipfire-2.x.git ovpnmain.cgi: Remove any left-over traces of DH replacement Since there is no way for the user to manipulate this any more, there is no point in checking and showing the DH parameters. Signed-off-by: Michael Tremer --- diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index ee299a33a..13cf2e9a2 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -70,6 +70,9 @@ my %CIPHERS = ( "CHACHA20-POLY1305" => $Lang::tr{'CHACHA20-POLY1305'}, ); +# Use the precomputed DH paramter from RFC7919 +my $DHPARAM = "/etc/ssl/ffdhe4096.pem"; + ### ### Initialize variables ### @@ -94,7 +97,6 @@ my $name; my $col=""; my $local_serverconf = "${General::swroot}/ovpn/scripts/server.conf.local"; my $local_clientconf = "${General::swroot}/ovpn/scripts/client.conf.local"; -my $dhparameter = "/etc/ssl/ffdhe4096.pem"; # Read Ethernet configuration &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); @@ -209,7 +211,7 @@ sub writeserverconf { print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; - print CONF "dh $dhparameter\n"; + print CONF "dh $DHPARAM\n"; my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; @@ -902,7 +904,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; - print SERVERCONF "dh $dhparameter\n"; + print SERVERCONF "dh $DHPARAM\n"; print SERVERCONF "# Cipher\n"; print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n"; @@ -2447,28 +2449,6 @@ END &Header::closepage(); exit(0); -### -### Display Diffie-Hellman key -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) { - - if (! -e "$dhparameter") { - $errormessage = $Lang::tr{'not present'}; - } else { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'ovpn'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:"); - my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "$dhparameter"); - my $output = &Header::cleanhtml(join("", @output) ,"y"); - print "
$output
\n"; - &Header::closebox(); - print "
$Lang::tr{'back'}
"; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - } - ### ### Display tls-auth key ### @@ -5157,7 +5137,6 @@ END print ""; print ""; if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && - -e "$dhparameter" && -e "${General::swroot}/ovpn/certs/servercert.pem" && -e "${General::swroot}/ovpn/certs/serverkey.pem") && (( $cgiparams{'ENABLED'} eq 'on') || @@ -5572,45 +5551,6 @@ END ; } - # Adding DH parameter to chart - if (-f "$dhparameter") { - my @dhsubject = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "$dhparameter"); - my $dhsubject; - - foreach my $line (@dhsubject) { - if ($line =~ / (.*)[\n]/) { - $dhsubject = $1; - - last; - } - } - - print < - $Lang::tr{'dh'} - $dhsubject -
- - -
-
-
-   - -END - ; - } else { - # Nothing - print < - $Lang::tr{'dh'}: - $Lang::tr{'not present'} -   - -END - ; - } - # Adding ta.key to chart if (-f "${General::swroot}/ovpn/certs/ta.key") { open(FILE, "${General::swroot}/ovpn/certs/ta.key");