diff mbox series

[1/2] ovpn: Generate ta.key before dh-parameter

Message ID 20190918050334.10792-1-ummeegge@ipfire.org
State Accepted
Commit ae04d0a3110f6d9d9f9ac96312ca7ce130be0ffd
Headers
Series [1/2] ovpn: Generate ta.key before dh-parameter |

Commit Message

ummeegge 18 Sep 2019, 5:03 a.m. UTC 
Fixes: #11964 and #12157

If slow boards or/and boards with low entropy needs too long to generate the DH-parameter, ovpnmain.cgi can get into a
"Script timed out before returning headers" and no further OpenSSl commands will be executed after dhparam is finished.
Since the ta.key are created after the DH-parameter, it won´t be produced in that case.
To prevent this, the DH-parameter will now be generated at the end.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)
diff mbox series

Patch

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 439390228..5de80b269 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1947,6 +1947,13 @@  END
 #	} else {
 #	    &cleanssldatabase();
 	}
+	# Create ta.key for tls-auth
+	system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+	if ($?) {
+	    $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+	    &cleanssldatabase();
+	    goto ROOTCERT_ERROR;
+	}
 	# Create Diffie Hellmann Parameter
 	system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
 	if ($?) {
@@ -1961,13 +1968,6 @@  END
 #	} else {
 #	    &cleanssldatabase();
 	}
-	# Create ta.key for tls-auth
-	system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
-	if ($?) {
-	    $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
-	    &cleanssldatabase();
-	    goto ROOTCERT_ERROR;
-	}
 	goto ROOTCERT_SUCCESS;
     }
     ROOTCERT_ERROR: