From patchwork Tue Jul 13 15:30:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 4514 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GPPjk3sGCz3xGv for ; Tue, 13 Jul 2021 15:31:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4GPPjh5V8Nz27x; Tue, 13 Jul 2021 15:31:04 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GPPjh4dt0z2xqw; Tue, 13 Jul 2021 15:31:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GPPjg3FVDz2xm2 for ; Tue, 13 Jul 2021 15:31:03 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4GPPjf5cqPzZZ; Tue, 13 Jul 2021 15:31:02 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1626190263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FkV2elq/YAnDzZyXYXOu+W6Y1iSaqjSTQnbfE3YUtMU=; b=GeUO2inBe8bcDPpvpuvaNmVI340Wn129F2EwOtgub7s0NKFoTSDg5Dz6Y9/YXwPD7KbPtc flvRHXg0qIy1SUCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1626190263; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FkV2elq/YAnDzZyXYXOu+W6Y1iSaqjSTQnbfE3YUtMU=; b=j2qLvFgkR3KvA7UBElIGv7UJHy4WROEQGuawH5vr061Fmkzrldafcky72Z6jTLL/KO3ErU zHI5tZJIWbevc1Xxaa+bYrFa/2LX+Rz4FmnXRS0AGPhhMuwdKNop0QH5HLERAmhbbepBQ9 aClLLwLRfRaBSJtvLk2yCwnDRXmLBmlTRjj1qAAw4xeX0qYykXfMz0CCBQkZ879w+Za/qv 4FHn2GIj64qb3qk0tIPlm+QE5+qedhVoAZzvo1g+yj3pagJB4iY5UXq2J5jPqcuVBpt4l3 wn/tNfPaWJ/VGyAJYI2kTmpMweqh5ng16TtArB/NscFPTH8Veb39mQy819e85Q== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 2/3] Partially revert "vpnmain.cgi: Use new system methods" Date: Tue, 13 Jul 2021 15:30:52 +0000 Message-Id: <20210713153053.11281-2-michael.tremer@ipfire.org> In-Reply-To: <20210713153053.11281-1-michael.tremer@ipfire.org> References: <20210713153053.11281-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This reverts commit a81cbf61273536ee36f3d26504aabdcd65d39cca. It was no longer possible to generate the root/host certificates. Signed-off-by: Michael Tremer --- html/cgi-bin/vpnmain.cgi | 52 +++++++++++++--------------------------- 1 file changed, 16 insertions(+), 36 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 8f13cf51f..80e93ffd3 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -226,13 +226,9 @@ sub newcleanssldatabase { ### sub callssl ($) { my $opt = shift; - - # Split the given argument string into single pieces and assign them to an array. - my @opts = split(/ /, $opt); - - my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr + my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr my $ret = ''; - foreach my $line (split (/\n/, @retssl)) { + foreach my $line (split (/\n/, $retssl)) { &General::log("ipsec", "$line") if (0); # 1 for verbose logging $ret .= '
'.$line if ( $line =~ /error|unknown/ ); } @@ -246,21 +242,13 @@ sub callssl ($) { ### sub getCNfromcert ($) { #&General::log("ipsec", "Extracting name from $_[0]..."); - my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]"); - my $temp; - - foreach my $line (@temp) { - if ($line =~ /Subject:.*CN = (.*)[\n]/) { - $temp = $1; - $temp =~ s+/Email+, E+; - $temp =~ s/ ST = / S = /; - $temp =~ s/,//g; - $temp =~ s/\'//g; - - last; - } - } - + my $temp = `/usr/bin/openssl x509 -text -in $_[0]`; + $temp =~ /Subject:.*CN = (.*)[\n]/; + $temp = $1; + $temp =~ s+/Email+, E+; + $temp =~ s/ ST = / S = /; + $temp =~ s/,//g; + $temp =~ s/\'//g; return $temp; } ### @@ -268,19 +256,11 @@ sub getCNfromcert ($) { ### sub getsubjectfromcert ($) { #&General::log("ipsec", "Extracting subject from $_[0]..."); - my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]"); - my $temp; - - foreach my $line (@temp) { - if($line =~ /Subject: (.*)[\n]/) { - $temp = $1; - $temp =~ s+/Email+, E+; - $temp =~ s/ ST = / S = /; - - last; - } - } - + my $temp = `/usr/bin/openssl x509 -text -in $_[0]`; + $temp =~ /Subject: (.*)[\n]/; + $temp = $1; + $temp =~ s+/Email+, E+; + $temp =~ s/ ST = / S = /; return $temp; } ### @@ -689,8 +669,8 @@ END $errormessage = $!; goto UPLOADCA_ERROR; } - my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename"); - if (! grep(/CA:TRUE/, @temp)) { + my $temp = `/usr/bin/openssl x509 -text -in $filename`; + if ($temp !~ /CA:TRUE/i) { $errormessage = $Lang::tr{'not a valid ca certificate'}; unlink ($filename); goto UPLOADCA_ERROR;