From 3879b04adad36e6e846a01fe2830a00b4907657f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 10 Apr 2024 14:11:27 +0200
Subject: [PATCH] ovpnmain.cgi: Enable legacy provider for auths, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 26a14640d..10ef584e4 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -64,6 +64,10 @@ my @LEGACY_CIPHERS = (
 	"SEED-CBC",
 );
 
+my @LEGACY_AUTHS = (
+	"whirlpool",
+);
+
 my $DEFAULT_CIPHERS = "AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305";
 
 # Translations for the cipher selection
@@ -145,6 +149,16 @@ sub is_legacy_cipher($) {
 	return 0;
 }
 
+sub is_legacy_auth($) {
+	my $auth = shift;
+
+	foreach my $a (@LEGACY_AUTHS) {
+		return 1 if ($auth eq $a);
+	}
+
+	return 0;
+}
+
 sub cleanssldatabase() {
 	if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
 		print FILE "01";
@@ -276,6 +290,11 @@ sub writeserverconf {
 	}
 
 	print CONF "auth $sovpnsettings{'DAUTH'}\n";
+
+	if (&is_legacy_auth($sovpnsettings{'DAUTH'})) {
+		$requires_legacy_provider++;
+	}
+
     # Set TLSv2 as minimum
     print CONF "tls-version-min 1.2\n";
 
-- 
2.39.5