From patchwork Wed Dec 11 11:51:43 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 8318
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Y7YqP5q0Kz3wxp
	for <patchwork@web04.haj.ipfire.org>; Wed, 11 Dec 2024 11:52:01 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4Y7YqN1jgTz4Md;
	Wed, 11 Dec 2024 11:52:00 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Y7YqN0840z340v;
	Wed, 11 Dec 2024 11:52:00 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Y7YqK4FVkz32wS
	for <development@lists.ipfire.org>; Wed, 11 Dec 2024 11:51:57 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4Y7YqJ6QyMz1G0;
	Wed, 11 Dec 2024 11:51:56 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1733917917;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kvr+hohqQ9lni1Q9hSJ/aPmqixQVFtdYP5KowhZ6ZNk=;
	b=hXv4qst/yPT/ZyXnV7sH3rBTZokIByRbqRO6YLReAKA4zvDOQOfwj3kn80AvrvCfxc9vTp
	deu9dsfvJXtQgcCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1733917917;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kvr+hohqQ9lni1Q9hSJ/aPmqixQVFtdYP5KowhZ6ZNk=;
	b=LU8aA7/knh+E3Vo+gHY9sewDzmMdCZd0uDG3D16UtBKiPPLujKdH8CRy8JpYI3RWuBz0uF
	Zk0Kwf4FGoDUfUCO9yOtHYTn7cNYSbc7PSrG1HBNVGTiomPePjPcpTohBPKYVTgz4xwDBl
	oHtgeEleHVE1o3nAsvLWGTkc5eUyIapMqWF8bAerp+o0C3N1BfAmEn6Y6HdmhL93ICEw61
	WVMEeaQnkOws9Z4e6xTjoxCklVcf8nX0aJWmdQ/P9tvjRoGpFNZvu5r7Y38N1gNvZaf+64
	xhqgUF20kJjcrkY3cwOPBJwPoWYk5OZpIIoNxH8Ea/Gzvbsbe77DkmWstH+WUQ==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] vpnmain.cgi: Fix for 2nd part of bug10595
Date: Wed, 11 Dec 2024 12:51:43 +0100
Message-ID: <20241211115144.2837-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: ROQIIEWTI3BHTN6CF2CLSE243BQ3GXRS
X-Message-ID-Hash: ROQIIEWTI3BHTN6CF2CLSE243BQ3GXRS
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/ROQIIEWTI3BHTN6CF2CLSE243BQ3GXRS/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- Bug10595 had two parts in it and was closed after the first part was fixed. The second
   part was still unfixed at that time. I cam across it when checking out an open bug on
   a similar issue with OpenVPN.
- I found the section that checks on the CA Name and modified it to also allow spaces.
- Having modified that then the subroutines getsubjectfromcert and getCNfromcert required
   to have quotation marks put around the parameter that had the CA Name with spaces in it
   otherwise the openssl statement only got a filename with the first portion of the ca
   name until the first space was encountered.
- Tested this change out on my vm and it worked fine. I was able to upload a ca
   certificate into IPSec and use spaces in the CA Name.

Fixes: Bug10595 part 2
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 mode change 100755 => 100644 html/cgi-bin/vpnmain.cgi

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
old mode 100755
new mode 100644
index 3541aaa29..694eeed76
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -245,7 +245,7 @@ sub callssl ($) {
 ###
 sub getCNfromcert ($) {
 	#&General::log("ipsec", "Extracting name from $_[0]...");
-	my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+	my $temp = `/usr/bin/openssl x509 -text -in '$_[0]'`;
 	$temp =~ /Subject:.*CN\s*=\s*(.*)[\n]/;
 	$temp = $1;
 	$temp =~ s+/Email+, E+;
@@ -259,7 +259,7 @@ sub getCNfromcert ($) {
 ###
 sub getsubjectfromcert ($) {
 	#&General::log("ipsec", "Extracting subject from $_[0]...");
-	my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+	my $temp = `/usr/bin/openssl x509 -text -in '$_[0]'`;
 	$temp =~ /Subject: (.*)[\n]/;
 	$temp = $1;
 	$temp =~ s+/Email+, E+;
@@ -644,8 +644,8 @@ END
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
 	&General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash);
 
-	if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
-		$errormessage = $Lang::tr{'name must only contain characters'};
+	if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9 ]*$/) {
+		$errormessage = $Lang::tr{'ca name must only contain characters or spaces'};
 		goto UPLOADCA_ERROR;
 	}
 

From patchwork Wed Dec 11 11:51:44 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 8319
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Y7YqT0nztz3wxp
	for <patchwork@web04.haj.ipfire.org>; Wed, 11 Dec 2024 11:52:05 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4Y7YqN5kgsz6DN;
	Wed, 11 Dec 2024 11:52:00 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Y7YqN2Qx0z333Y;
	Wed, 11 Dec 2024 11:52:00 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Y7YqK58tbz32wS
	for <development@lists.ipfire.org>; Wed, 11 Dec 2024 11:51:57 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4Y7YqK3jLLz4dc;
	Wed, 11 Dec 2024 11:51:57 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1733917917;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=4uNpiijGML2wYES8qETkerYmGlk1igbrVXExQIQVfR4=;
	b=Z0fpd0lQWRy/Yam8e3lCjhy4x9rfendTt/23AJdrT9LYtf8VSEXqictDfUo7+0GXcFu/6J
	RqWvA4VLyegA1rAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1733917917;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=4uNpiijGML2wYES8qETkerYmGlk1igbrVXExQIQVfR4=;
	b=JFIkB+XYOIbPyC8hwADnsYYvzg5zuLu5vNQu75vpTlh8SNPMafPaMRd2wjW/HX+s9gtUqr
	SkD0TikiVKaIwWEjWDxbyED3v0eFidVR9ty8CzVMxbl1RN7Asa8Nz5sgITJ1hKoqqua358
	BKMmeV3Ua0lmVggT/x6qp1ljSCXh1691ZX2REBRR8mt5/LQre8FW9zT6+V9ePA3V8f1QnD
	8+nf3LLZHil2TPzZDIm+G6hdQDhRBYA7oHUzTDhZPB6vKq1s1p+0N7gdCnbMEWE5F+n07P
	l1Azr4aClbZvZcFCGd+xxBX8dg8usqfhisoVTZlBRDJ2nSFrbBWwzVEbWuDtqw==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] en.pl: Update the wording for the check on the CA Name
 for upload
Date: Wed, 11 Dec 2024 12:51:44 +0100
Message-ID: <20241211115144.2837-2-adolf.belka@ipfire.org>
In-Reply-To: <20241211115144.2837-1-adolf.belka@ipfire.org>
References: <20241211115144.2837-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: 4BADOK3P2PFLEQJSIMJFCGRO4VM4TNDN
X-Message-ID-Hash: 4BADOK3P2PFLEQJSIMJFCGRO4VM4TNDN
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/4BADOK3P2PFLEQJSIMJFCGRO4VM4TNDN/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- This changes the wording to allowing characters and spaces.

Fixes: Bug10595 part 2
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 doc/language_issues.de | 1 +
 doc/language_issues.en | 1 +
 doc/language_issues.es | 1 +
 doc/language_issues.fr | 1 +
 doc/language_issues.it | 1 +
 doc/language_issues.nl | 1 +
 doc/language_issues.pl | 1 +
 doc/language_issues.ru | 1 +
 doc/language_issues.tr | 1 +
 doc/language_missings  | 8 ++++++++
 langs/en/cgi-bin/en.pl | 1 +
 11 files changed, 18 insertions(+)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 7883bef76..f83e1e775 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -930,6 +930,7 @@ WARNING: untranslated string: access point name = Access Point Name
 WARNING: untranslated string: access point name is invalid = Access Point Name is invalid
 WARNING: untranslated string: access point name is required = Access Point Name is required
 WARNING: untranslated string: aliases default interface = - Default Interface -
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes)
 WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes)
 WARNING: untranslated string: cake profile bridged-vcmux 24 = Bridged VC-MUX (24 bytes)
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 3f1626b68..2a14bd370 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -360,6 +360,7 @@ WARNING: untranslated string: bytes received = Bytes Received
 WARNING: untranslated string: bytes sent = Bytes Sent
 WARNING: untranslated string: ca certificate = CA Certificate
 WARNING: untranslated string: ca name = CA name
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: cached = cached
 WARNING: untranslated string: cached memory = Cached Memory  
 WARNING: untranslated string: cached swap = Cached Swap
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 0a89279d5..bfbd4a012 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1003,6 +1003,7 @@ WARNING: untranslated string: access point name = Access Point Name
 WARNING: untranslated string: access point name is invalid = Access Point Name is invalid
 WARNING: untranslated string: access point name is required = Access Point Name is required
 WARNING: untranslated string: bypassed = Bypassed
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: cpu frequency = CPU frequency
 WARNING: untranslated string: data transfer = Data Transfer
 WARNING: untranslated string: dhcp fixed ip address in dynamic range = Fixed IP Address in dynamic range
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 7f9349bc0..e1721e70e 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -968,6 +968,7 @@ WARNING: translation string unused: zoneconf val vlan tag assignment error
 WARNING: translation string unused: zoneconf val vlan tag range error
 WARNING: translation string unused: zoneconf val zoneslave amount error
 WARNING: untranslated string: bypassed = Bypassed
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: core notice 3 = available.
 WARNING: untranslated string: data transfer = Data Transfer
 WARNING: untranslated string: enable disable client = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 5870e2bc7..d21751c68 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -970,6 +970,7 @@ WARNING: untranslated string: available = available
 WARNING: untranslated string: block = Block
 WARNING: untranslated string: broken = Broken
 WARNING: untranslated string: bypassed = Bypassed
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes)
 WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes)
 WARNING: untranslated string: cake profile bridged-vcmux 24 = Bridged VC-MUX (24 bytes)
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 88493d1d9..b9718913f 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -972,6 +972,7 @@ WARNING: untranslated string: available = available
 WARNING: untranslated string: block = Block
 WARNING: untranslated string: broken = Broken
 WARNING: untranslated string: bypassed = Bypassed
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes)
 WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes)
 WARNING: untranslated string: cake profile bridged-vcmux 24 = Bridged VC-MUX (24 bytes)
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 5f3806102..b15e1bf63 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -897,6 +897,7 @@ WARNING: untranslated string: bit = bit
 WARNING: untranslated string: block = Block
 WARNING: untranslated string: broken = Broken
 WARNING: untranslated string: bypassed = Bypassed
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes)
 WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes)
 WARNING: untranslated string: cake profile bridged-vcmux 24 = Bridged VC-MUX (24 bytes)
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 8891ce20e..c4c33bf32 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -892,6 +892,7 @@ WARNING: untranslated string: bit = bit
 WARNING: untranslated string: block = Block
 WARNING: untranslated string: broken = Broken
 WARNING: untranslated string: bypassed = Bypassed
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes)
 WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes)
 WARNING: untranslated string: cake profile bridged-vcmux 24 = Bridged VC-MUX (24 bytes)
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index c0cb2703a..56897ca62 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -957,6 +957,7 @@ WARNING: untranslated string: autonomous system = Autonomous System
 WARNING: untranslated string: available = available
 WARNING: untranslated string: broken = Broken
 WARNING: untranslated string: bypassed = Bypassed
+WARNING: untranslated string: ca name must only contain characters or spaces = CA Name must only contain characters or spaces.
 WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes)
 WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes)
 WARNING: untranslated string: cake profile bridged-vcmux 24 = Bridged VC-MUX (24 bytes)
diff --git a/doc/language_missings b/doc/language_missings
index 2a2333d94..f94e7f174 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -39,6 +39,7 @@
 < cake profile pppoe-ptm 27
 < cake profile pppoe-vcmux 32
 < cake profile raw 0
+< ca name must only contain characters or spaces
 < Captive heading terms
 < Captive heading voucher
 < Captive invalid coupon
@@ -122,6 +123,7 @@
 < access point name is required
 < addon
 < bypassed
+< ca name must only contain characters or spaces
 < cpu frequency
 < data transfer
 < dhcp fixed ip address in dynamic range
@@ -179,6 +181,7 @@
 < bewan adsl pci st
 < bewan adsl usb
 < bypassed
+< ca name must only contain characters or spaces
 < data transfer
 < extrahd because it it outside the allowed mount path
 < fwdfw syn flood protection
@@ -261,6 +264,7 @@
 < cake profile pppoe-ptm 27
 < cake profile pppoe-vcmux 32
 < cake profile raw 0
+< ca name must only contain characters or spaces
 < Captive
 < Captive 1day
 < Captive 1month
@@ -804,6 +808,7 @@
 < cake profile pppoe-ptm 27
 < cake profile pppoe-vcmux 32
 < cake profile raw 0
+< ca name must only contain characters or spaces
 < capabilities
 < Captive
 < Captive 1day
@@ -1387,6 +1392,7 @@
 < cake profile pppoe-ptm 27
 < cake profile pppoe-vcmux 32
 < cake profile raw 0
+< ca name must only contain characters or spaces
 < capabilities
 < Captive
 < Captive 1day
@@ -2403,6 +2409,7 @@
 < cake profile pppoe-ptm 27
 < cake profile pppoe-vcmux 32
 < cake profile raw 0
+< ca name must only contain characters or spaces
 < capabilities
 < Captive
 < Captive 1day
@@ -3400,6 +3407,7 @@
 < cake profile pppoe-ptm 27
 < cake profile pppoe-vcmux 32
 < cake profile raw 0
+< ca name must only contain characters or spaces
 < Captive delete logo
 < core update
 < cpu frequency
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 5c8da52be..7576fbd0b 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -530,6 +530,7 @@
 'bytes sent' => 'Bytes Sent',
 'ca certificate' => 'CA Certificate',
 'ca name' => 'CA name',
+'ca name must only contain characters or spaces' => 'CA Name must only contain characters or spaces.',
 'cache management' => 'Cache management',
 'cache size' => 'Cache size (MB):',
 'cached' => 'cached',