webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Partially revert "vpnmain.cgi: Use new system methods"

Browse Source 
This reverts commit a81cbf6127.

It was no longer possible to generate the root/host certificates.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2021-07-13 15:30:52 +00:00
parent 8c946d1c0a
commit b71a7fb97d
1 changed files with 16 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
html/cgi-bin/vpnmain.cgi
View File

@@ -226,13 +226,9 @@ sub newcleanssldatabase {
### ###
sub callssl ($) { sub callssl ($) {
my $opt = shift; my $opt = shift;
my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
# Split the given argument string into single pieces and assign them to an array.
my @opts = split(/ /, $opt);
my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr
my $ret = ''; my $ret = '';
foreach my $line (split (/\n/, @retssl)) { foreach my $line (split (/\n/, $retssl)) {
&General::log("ipsec", "$line") if (0); # 1 for verbose logging &General::log("ipsec", "$line") if (0); # 1 for verbose logging
$ret .= '<br>'.$line if ( $line =~ /error|unknown/ ); $ret .= '<br>'.$line if ( $line =~ /error|unknown/ );
} }
@@ -246,21 +242,13 @@ sub callssl ($) {
### ###
sub getCNfromcert ($) { sub getCNfromcert ($) {
#&General::log("ipsec", "Extracting name from $_[0]..."); #&General::log("ipsec", "Extracting name from $_[0]...");
my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]"); my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
my $temp; $temp =~ /Subject:.*CN = (.*)[\n]/;
$temp = $1;
foreach my $line (@temp) { $temp =~ s+/Email+, E+;
if ($line =~ /Subject:.*CN = (.*)[\n]/) { $temp =~ s/ ST = / S = /;
$temp = $1; $temp =~ s/,//g;
$temp =~ s+/Email+, E+; $temp =~ s/\'//g;
$temp =~ s/ ST = / S = /;
$temp =~ s/,//g;
$temp =~ s/\'//g;
last;
}
}
return $temp; return $temp;
} }
### ###
@@ -268,19 +256,11 @@ sub getCNfromcert ($) {
### ###
sub getsubjectfromcert ($) { sub getsubjectfromcert ($) {
#&General::log("ipsec", "Extracting subject from $_[0]..."); #&General::log("ipsec", "Extracting subject from $_[0]...");
my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]"); my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
my $temp; $temp =~ /Subject: (.*)[\n]/;
$temp = $1;
foreach my $line (@temp) { $temp =~ s+/Email+, E+;
if($line =~ /Subject: (.*)[\n]/) { $temp =~ s/ ST = / S = /;
$temp = $1;
$temp =~ s+/Email+, E+;
$temp =~ s/ ST = / S = /;
last;
}
}
return $temp; return $temp;
} }
### ###
@@ -689,8 +669,8 @@ END
$errormessage = $!; $errormessage = $!;
goto UPLOADCA_ERROR; goto UPLOADCA_ERROR;
} }
my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename"); my $temp = `/usr/bin/openssl x509 -text -in $filename`;
if (! grep(/CA:TRUE/, @temp)) { if ($temp !~ /CA:TRUE/i) {
$errormessage = $Lang::tr{'not a valid ca certificate'}; $errormessage = $Lang::tr{'not a valid ca certificate'};
unlink ($filename); unlink ($filename);
goto UPLOADCA_ERROR; goto UPLOADCA_ERROR;