webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 01:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "OpenVPN: Clarify fundamental crypto errors but also warnings in WUI"

Browse Source 
This reverts commit 15a3aa45cf.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2018-07-03 15:32:42 +01:00
parent 37458540bf
commit 55d590518d
3 changed files with 1 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
html/cgi-bin/ovpnmain.cgi
View File

@@ -64,8 +64,6 @@ my %cahash=();
my %selected=();
my $warnmessage = '';
my $errormessage = '';
my $cryptoerror = '';
my $cryptowarning = '';
my %settings=();
my $routes_push_file = '';
my $confighost="${General::swroot}/fwhosts/customhosts";
@@ -1071,42 +1069,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
close(CLIENTCONF);
}
###
### Check for cryptography problems
###
# Warning if DH parameter is 1024 bit
if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
my $dhlenght = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
if ($dhlenght =~ /1024 bit/) {
$cryptoerror = "$Lang::tr{'ovpn error dh'}";
goto CRYPTO_ERROR;
}
}
# Warning if md5 is in usage
if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
if ($signature =~ /md5WithRSAEncryption/) {
$cryptoerror = "$Lang::tr{'ovpn error md5'}";
goto CRYPTO_ERROR;
}
}
CRYPTO_ERROR:
# Warning if certificate is not compliant to RFC3280 TLS rules
if (-f "${General::swroot}/ovpn/openssl/ovpn.cnf") {
my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
if ($extendkeyusage =~ /TLS Web Server Authentication/) {
$cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
goto CRYPTO_WARNING;
}
}
CRYPTO_WARNING:
###
### Save main settings
###
@@ -5172,20 +5135,6 @@ END
&Header::closebox();
}
if ($cryptoerror) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'crypto error'});
print "<class name='base'>$cryptoerror";
print "&nbsp;</class>";
&Header::closebox();
}
if ($cryptowarning) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'crypto warning'});
print "<class name='base'>$cryptowarning";
print "&nbsp;</class>";
&Header::closebox();
}
if ($warnmessage) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
print "$warnmessage<br>";