</select></td>
<tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
<td class='base'><select name='DHLENGHT'>
- <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'} ($Lang::tr{'vpn weak'}</option>
+ <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'} ($Lang::tr{'vpn weak'})</option>
<option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
<option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
<option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
goto VPNCONF_ERROR;
}
+ # Check for N2N that OpenSSL maximum of valid days will not be exceeded
+ if ($cgiparams{'TYPE'} eq 'net') {
+ if ($cgiparams{'DAYS_VALID'} >= '999999') {
+ $errormessage = $Lang::tr{'invalid input for valid till days'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ }
+
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto VPNCONF_ERROR;
}
my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
- $temp =~ /Subject:.*CN=(.*)[\n]/;
+ $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
$temp = $1;
$temp =~ s+/Email+, E+;
$temp =~ s/ ST=/ S=/;
}
my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
- $temp =~ /Subject:.*CN=(.*)[\n]/;
+ $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
$temp = $1;
$temp =~ s+/Email+, E+;
$temp =~ s/ ST=/ S=/;
$errormessage = $Lang::tr{'passwords do not match'};
goto VPNCONF_ERROR;
}
- if ($cgiparams{'DAYS_VALID'} ne '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
+ if ($cgiparams{'DAYS_VALID'} eq '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
$errormessage = $Lang::tr{'invalid input for valid till days'};
goto VPNCONF_ERROR;
}
+ # Check for RW that OpenSSL maximum of valid days will not be exceeded
+ if ($cgiparams{'TYPE'} eq 'host') {
+ if ($cgiparams{'DAYS_VALID'} >= '999999') {
+ $errormessage = $Lang::tr{'invalid input for valid till days'};
+ goto VPNCONF_ERROR;
+ }
+ }
+
# Replace empty strings with a .
(my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
(my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
$cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
$cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
$cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
- $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'};
+ $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} = '730';
}
VPNCONF_ERROR:
if ($cgiparams{'TYPE'} eq 'host') {
print <<END;
</select></td></tr>
- <td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+ <td> </td><td class='base'>$Lang::tr{'valid till'} (days): <img src='/blob.gif' alt='*' /</td>
<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
<tr><td> </td>
<td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
}else{
print <<END;
</select></td></tr>
- <td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+ <td> </td><td class='base'>$Lang::tr{'valid till'} (days): <img src='/blob.gif' alt='*' /</td>
<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
<tr><td> </td><td> </td><td> </td></tr>
<tr><td> </td><td> </td><td> </td></tr>
projects / ipfire-2.x.git / blobdiff