From aa07e1bb3eba3606a0b8e647180e0926a411016b Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 30 Jan 2024 17:45:43 +0000
Subject: [PATCH] vpnmain.cgi: Return the entire error message if OpenSSL fails

The function did not evaluate the return code which is why it used a
hack to figure out if some output is an error or not.

This is being fixed in this commit and the entire output is being
returned if the return code is non-zero.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 8b05a0de79..d82e6b5c94 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -229,13 +229,14 @@ sub callssl ($) {
 	my $opt = shift;
 	my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
 	my $ret = '';
-	foreach my $line (split (/\n/, $retssl)) {
-		&General::log("ipsec", "$line") if (0); # 1 for verbose logging
-		$ret .= '<br>'.$line if ( $line =~ /error|unknown/ );
-	}
-	if ($ret) {
-		$ret= &Header::cleanhtml($ret);
+
+	if ($?) {
+		foreach my $line (split (/\n/, $retssl)) {
+			&General::log("ipsec", "$line") if (0); # 1 for verbose logging
+			$ret .= '<br>' . &Header::escape($line);
+		}
 	}
+
 	return $ret ? "$Lang::tr{'openssl produced an error'}: $ret" : '' ;
 }
 ###
-- 
2.39.5