From: Peter Müller <peter.mueller@ipfire.org>
Date: Tue, 4 Apr 2023 20:25:55 +0000 (+0000)
Subject: ovpnmain.cgi: Do not determine certificate expiry status for N2N connections
X-Git-Tag: v2.27-core174~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a201764e756895ed5fc23028863ba3b0e8bb406d;p=ipfire-2.x.git

ovpnmain.cgi: Do not determine certificate expiry status for N2N connections

https://wiki.ipfire.org/devel/telco/2023-04-03

Fixes: #13066
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 87bda4f1ef..51d6e8431d 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -5354,26 +5354,37 @@ END
 		}
 	if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
 
-	# Fetch information about the certificate
-	my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text",
-		"-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+	# Create some simple booleans to check the status
+	my $hasExpired;
+	my $expiresSoon;
 
-	my $expiryDate = 0;
+	# Fetch information about the certificate for non-N2N connections only
+	if ($confighash{$key}[3] ne 'net') {
+		my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text",
+			"-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
 
-	# Parse the certificate information
-	foreach my $line (@cavalid) {
-		if ($line =~ /Not After : (.*)[\n]/) {
-			$expiryDate = &Date::Parse::str2time($1);
-			last;
+		my $expiryDate = 0;
+
+		# Parse the certificate information
+		foreach my $line (@cavalid) {
+			if ($line =~ /Not After : (.*)[\n]/) {
+				$expiryDate = &Date::Parse::str2time($1);
+				last;
+			}
 		}
-	}
 
-	# Calculate the remaining time
-	my $remainingTime = $expiryDate - time();
+		# Calculate the remaining time
+		my $remainingTime = $expiryDate - time();
 
-	# Create some simple booleans to check the status
-	my $hasExpired = ($remainingTime <= 0);
-	my $expiresSoon = ($remainingTime <= 30 * 24 * 3600);
+		# Determine whether the certificate has already expired, or will so soon
+		$hasExpired = ($remainingTime <= 0);
+		$expiresSoon = ($remainingTime <= 30 * 24 * 3600);
+
+	} else {
+		# Populate booleans with dummy values for N2N connections (#13066)
+		$hasExpired = 0;
+		$expiresSoon = 0;
+	}
 
 	print "<tr>";