webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 16:32:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

ovpnmain.cgi: Fix detection of used DH key lenght.

Browse Source 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Stefan Schantl
2021-06-21 17:45:05 +02:00
committed by Michael Tremer
parent 016859ffe4
commit f560408053
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
html/cgi-bin/ovpnmain.cgi
View File

@@ -221,14 +221,23 @@ sub pkiconfigcheck
# Warning if DH parameter is 1024 bit
if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
my $dhbit;
# Loop through the output and search for the DH bit lenght.
foreach my $line (@dhparameter) {
my @dhbit = ($line =~ /(\d+)/);
if ($1 < 2048) {
$cryptoerror = "$Lang::tr{'ovpn error dh'}";
goto CRYPTO_ERROR;
if ($line =~ (/(\d+)/)) {
# Assign match to dhbit value.
$dhbit = $1;
last;
}
}
# Check if the used key lenght is at least 2048 bit.
if ($dhbit < 2048) {
$cryptoerror = "$Lang::tr{'ovpn error dh'}";
goto CRYPTO_ERROR;
}
}
# Warning if md5 is in usage