From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 19 Mar 2024 15:02:34 +0000 (+0100)
Subject: ovpnmain.cgi: Remove certificate warnings
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e7b7d353fcb0e3623c79a92032eb5c09ce75f36a;p=people%2Fms%2Fipfire-2.x.git

ovpnmain.cgi: Remove certificate warnings

I believe that these don't really work and are always shown.
Please see #13634.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 1ba39eb2a..bc94bd40b 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -102,8 +102,6 @@ $cgiparams{'DCIPHER'} = '';
 $cgiparams{'DAUTH'} = '';
 $cgiparams{'TLSAUTH'} = '';
 $routes_push_file = "${General::swroot}/ovpn/routes_push";
-# Perform crypto and configration test
-&pkiconfigcheck;
 
 # Add CCD files if not already presant
 unless (-e $routes_push_file) {
@@ -226,35 +224,6 @@ sub deletebackupcert
 	}
 }
 
-###
-### Check for PKI and configure problems
-###
-
-sub pkiconfigcheck
-{
-	# Warning if md5 is in usage
-	if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-		my @signature = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-		if (grep(/md5WithRSAEncryption/, @signature) ) {
-			$cryptoerror = "$Lang::tr{'ovpn error md5'}";
-			goto CRYPTO_ERROR;
-		}
-	}
-
-	CRYPTO_ERROR:
-
-	# Warning if certificate is not compliant to RFC3280 TLS rules
-	if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
-		my @extendkeyusage = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-		if ( ! grep(/TLS Web Server Authentication/, @extendkeyusage)) {
-			$cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
-			goto CRYPTO_WARNING;
-		}
-	}
-
-	CRYPTO_WARNING:
-}
-
 sub writeserverconf {
     my %sovpnsettings = ();
     my @temp = ();