Fixes: #11964 and #12157
If slow boards or/and boards with low entropy needs too long to generate the DH-parameter, ovpnmain.cgi can get into a
"Script timed out before returning headers" and no further OpenSSl commands will be executed after dhparam is finished.
Since the ta.key are created after the DH-parameter, it won´t be produced in that case.
To prevent this, the DH-parameter will now be generated at the end.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
# } else {
# &cleanssldatabase();
}
+ # Create ta.key for tls-auth
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ &cleanssldatabase();
+ goto ROOTCERT_ERROR;
+ }
# Create Diffie Hellmann Parameter
system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
# } else {
# &cleanssldatabase();
}
- # Create ta.key for tls-auth
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
- if ($?) {
- $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
- &cleanssldatabase();
- goto ROOTCERT_ERROR;
- }
goto ROOTCERT_SUCCESS;
}
ROOTCERT_ERROR: