ovpnmain.cgi: Bug 12574 - OpenVPN Internal server error when returning after generating root/host certificates
Commit Message
- Option "--secret" was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5
It was replaced by "secret". If "--secret" is used with genkey then a user warning is
printed and this is what gives the Internal server error.
- Patch was defined by Erik Kapfer but currently he does not have a build environment
so I have submitted the patch on his behalf.
- Patch tested on a vm testbed running Core Update 160. Confirmed that without patch the
error still occurs and with patch everything runs smoothly.
Fixes: Bug #12574
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by : Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
Hello Adolf,
hello Erik,
thank you very much for working on this.
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Thanks, and best regards,
Peter Müller
> - Option "--secret" was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5
> It was replaced by "secret". If "--secret" is used with genkey then a user warning is
> printed and this is what gives the Internal server error.
> - Patch was defined by Erik Kapfer but currently he does not have a build environment
> so I have submitted the patch on his behalf.
> - Patch tested on a vm testbed running Core Update 160. Confirmed that without patch the
> error still occurs and with patch everything runs smoothly.
>
> Fixes: Bug #12574
> Tested-by: Adolf Belka <adolf.belka@ipfire.org>
> Signed-off-by : Erik Kapfer <ummeegge@ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> html/cgi-bin/ovpnmain.cgi | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index f99bfdef7..7e274b36a 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -1209,7 +1209,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
> if ($cgiparams{'TLSAUTH'} eq 'on') {
> if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
> # This system call is safe, because all arguements are passed as an array.
> - system("/usr/sbin/openvpn", "--genkey", "--secret", "${General::swroot}/ovpn/certs/ta.key");
> + system("/usr/sbin/openvpn", "--genkey", "secret", "${General::swroot}/ovpn/certs/ta.key");
> if ($?) {
> $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
> goto SETTINGS_ERROR;
> @@ -2012,7 +2012,7 @@ END
> }
> # Create ta.key for tls-auth
> # This system call is safe, because all arguments are passed as an array.
> - system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
> + system('/usr/sbin/openvpn', '--genkey', 'secret', "${General::swroot}/ovpn/certs/ta.key");
> if ($?) {
> $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
> &cleanssldatabase();
>
@@ -1209,7 +1209,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
if ($cgiparams{'TLSAUTH'} eq 'on') {
if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
# This system call is safe, because all arguements are passed as an array.
- system("/usr/sbin/openvpn", "--genkey", "--secret", "${General::swroot}/ovpn/certs/ta.key");
+ system("/usr/sbin/openvpn", "--genkey", "secret", "${General::swroot}/ovpn/certs/ta.key");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
goto SETTINGS_ERROR;
@@ -2012,7 +2012,7 @@ END
}
# Create ta.key for tls-auth
# This system call is safe, because all arguments are passed as an array.
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ system('/usr/sbin/openvpn', '--genkey', 'secret', "${General::swroot}/ovpn/certs/ta.key");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
&cleanssldatabase();