webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "OpenVPN: Clarify fundamental crypto errors but also warnings in WUI"

Browse Source 
This reverts commit 15a3aa45cf.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2018-07-03 15:32:42 +01:00
parent 37458540bf
commit 55d590518d
3 changed files with 1 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
html/cgi-bin/ovpnmain.cgi
View File

@@ -64,8 +64,6 @@ my %cahash=();
my %selected=();
my $warnmessage = '';
my $errormessage = '';
my $cryptoerror = '';
my $cryptowarning = '';
my %settings=();
my $routes_push_file = '';
my $confighost="${General::swroot}/fwhosts/customhosts";
@@ -1071,42 +1069,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
close(CLIENTCONF);
}
###
### Check for cryptography problems
###
# Warning if DH parameter is 1024 bit
if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
my $dhlenght = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
if ($dhlenght =~ /1024 bit/) {
$cryptoerror = "$Lang::tr{'ovpn error dh'}";
goto CRYPTO_ERROR;
}
}
# Warning if md5 is in usage
if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
if ($signature =~ /md5WithRSAEncryption/) {
$cryptoerror = "$Lang::tr{'ovpn error md5'}";
goto CRYPTO_ERROR;
}
}
CRYPTO_ERROR:
# Warning if certificate is not compliant to RFC3280 TLS rules
if (-f "${General::swroot}/ovpn/openssl/ovpn.cnf") {
my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
if ($extendkeyusage =~ /TLS Web Server Authentication/) {
$cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
goto CRYPTO_WARNING;
}
}
CRYPTO_WARNING:
###
### Save main settings
###
@@ -5172,20 +5135,6 @@ END
&Header::closebox();
}
if ($cryptoerror) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'crypto error'});
print "<class name='base'>$cryptoerror";
print "&nbsp;</class>";
&Header::closebox();
}
if ($cryptowarning) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'crypto warning'});
print "<class name='base'>$cryptowarning";
print "&nbsp;</class>";
&Header::closebox();
}
if ($warnmessage) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
print "$warnmessage<br>";

5
langs/de/cgi-bin/de.pl
View File

@@ -661,8 +661,6 @@
'credits' => 'Credits',
'crl' => 'Certificate Revocation List',
'cron server' => 'Cron-Server',
'crypto error' => 'Kryptografiefehler',
'crypto warning' => 'Kryptografiewarnungen',
'current' => 'Aktuell',
'current aliases' => 'Aktuelle Alias-Adresse',
'current class' => 'Aktuelle Klasse',
@@ -1819,8 +1817,6 @@
'ovpn engines' => 'Krypto Engine',
'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
'ovpn error dh' => 'Der Diffie-Hellman Parameter muss mindestens 2048 bit lang sein! <br>Bitte einen neuen Diffie-Hellman Parameter erzeugen oder hochladen, dies kann unten über den Bereich "Diffie-Hellman-Parameter Optionen" gemacht werden.</br>',
'ovpn error md5' => 'Das Host Zertifikat nutzt einen MD5 Algorithmus welcher nicht mehr akzeptiert wird. <br>Bitte IPFire auf die neueste Version updaten und generieren sie ein neues Root und Host Zertifikate.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
'ovpn ha' => 'Hash-Algorithmus',
'ovpn hmac' => 'HMAC-Optionen',
@@ -1845,7 +1841,6 @@
'ovpn subnet' => 'OpenVPN-Subnetz:',
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',
'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform. <br>Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentgrösse',
'ovpn_mssfix' => 'MSSFIX-Grösse',

5
langs/en/cgi-bin/en.pl
View File

@@ -682,8 +682,6 @@
'credits' => 'Credits',
'crl' => 'Certificate Revocation List',
'cron server' => 'CRON Server',
'crypto error' => 'Cryptographic error',
'crypto warning' => 'Cryptographic warning',
'current' => 'Current',
'current aliases' => 'Current aliases',
'current class' => 'Current class',
@@ -1852,8 +1850,6 @@
'ovpn engines' => 'Crypto engine',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn error dh' => 'The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>',
'ovpn error md5' => 'You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn generating the root and host certificates' => 'Generating the root and host certifictae can take a long time.',
'ovpn ha' => 'Hash algorithm',
'ovpn hmac' => 'HMAC options',
@@ -1878,7 +1874,6 @@
'ovpn subnet' => 'OpenVPN subnet:',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_mssfix' => 'MSSFIX Size',
'ovpn_mtudisc' => 'MTU-Discovery',