From: Michael Tremer Date: Mon, 8 Dec 2014 18:12:39 +0000 (+0100) Subject: Merge remote-tracking branch 'ummeegge/OpenVPN_validating_N2N' into next X-Git-Tag: v2.17-core89~83^2~13 X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=1450cfebdee10c0ff79335a4d06e42e378338c9b;hp=-c Merge remote-tracking branch 'ummeegge/OpenVPN_validating_N2N' into next --- 1450cfebdee10c0ff79335a4d06e42e378338c9b diff --combined html/cgi-bin/ovpnmain.cgi index 5dbce08f06,52db3255cd..7727333b90 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@@ -1203,7 -1203,8 +1203,7 @@@ EN unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"; } # Create Diffie Hellmann Parameter - system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}"); + system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}"); if ($?) { $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; unlink ("${General::swroot}/ovpn/ca/dh1024.pem"); @@@ -1756,7 -1757,7 +1756,7 @@@ EN goto ROOTCERT_ERROR; } } else { # child - unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', + unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-days', '999999', '-newkey', 'rsa:4096', '-sha512', '-keyout', "${General::swroot}/ovpn/ca/cakey.pem", '-out', "${General::swroot}/ovpn/ca/cacert.pem", @@@ -1787,7 -1788,7 +1787,7 @@@ goto ROOTCERT_ERROR; } } else { # child - unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', + unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-newkey', 'rsa:2048', '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem", '-out', "${General::swroot}/ovpn/certs/serverreq.pem", @@@ -1839,7 -1840,8 +1839,7 @@@ # &cleanssldatabase(); } # Create Diffie Hellmann Parameter - system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}"); + system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}"); if ($?) { $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); @@@ -4012,6 -4014,10 +4012,10 @@@ if ($cgiparams{'TYPE'} eq 'net') $errormessage = $Lang::tr{'passwords do not match'}; goto VPNCONF_ERROR; } + if ($cgiparams{'DAYS_VALID'} ne '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) { + $errormessage = $Lang::tr{'invalid input for valid till days'}; + goto VPNCONF_ERROR; + } # Replace empty strings with a . (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./; @@@ -4039,7 -4045,7 +4043,7 @@@ goto VPNCONF_ERROR; } } else { # child - unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', + unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-newkey', 'rsa:2048', '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", @@@ -4282,6 -4288,7 +4286,7 @@@ $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'}; $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'}; $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'}; + $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'}; } VPNCONF_ERROR: @@@ -4643,27 -4650,28 +4648,28 @@@ EN if ($cgiparams{'TYPE'} eq 'host') { print < - - $Lang::tr{'valid till'} (days): - - + + $Lang::tr{'valid till'} (days): + + $Lang::tr{'pkcs12 file password'}: - $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'}) + $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'}) - -

$Lang::tr{'this field may be blank'} - + +

$Lang::tr{'this field may be blank'} + END }else{ print < - - -

$Lang::tr{'this field may be blank'} + + $Lang::tr{'valid till'} (days): + + + +

$Lang::tr{'this field may be blank'} END