Revision: 6059
http://ipcop.svn.sourceforge.net/ipcop/?rev=6059&view=rev
Author: owes
Date: 2011-11-12 14:50:51 +0000 (Sat, 12 Nov 2011)
Log Message:
-----------
Add valid until when creating CA. Does not fix openswan rejecting hostkey.pem
Modified Paths:
--------------
ipcop/trunk/html/cgi-bin/vpnca.cgi
ipcop/trunk/updates/2.0.2/ROOTFILES.i486-2.0.2
Modified: ipcop/trunk/html/cgi-bin/vpnca.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/vpnca.cgi 2011-11-12 14:21:02 UTC (rev 6058)
+++ ipcop/trunk/html/cgi-bin/vpnca.cgi 2011-11-12 14:50:51 UTC (rev 6059)
@@ -13,10 +13,9 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with IPCop; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# along with IPCop. If not, see <http://www.gnu.org/licenses/>.
#
-# (c) 2001-2010 The IPCop Team
+# (c) 2001-2011 The IPCop Team
#
# $Id$
#
@@ -28,6 +27,7 @@
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
+use POSIX();
use strict;
# enable only the following on debugging purpose
#use warnings;
@@ -63,6 +63,12 @@
$cgiparams{'ROOTCERT_COUNTRY'} = '';
$cgiparams{'SUBJECTALTNAME'} = '';
$cgiparams{'P12_PASS'} = '';
+my @now = localtime();
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+my $this_year = $now[5] + 1900;
+# default to 15 years valid
+$cgiparams{'YEAR'} = $now[5] + 1900 + 15;
# Those cgiparams are used as checkbox values have to be initalized with 'off'
before reading %cgiparams
# If a checkbox is not select, there will be no such cgiparam.
@@ -506,6 +512,18 @@
goto ROOTCERT_ERROR;
}
+ if (($cgiparams{'YEAR'} < $this_year)
+ || (($cgiparams{'YEAR'} == $this_year) && ($cgiparams{'MONTH'} <
$now[4]))
+ || (($cgiparams{'YEAR'} == $this_year) && ($cgiparams{'MONTH'} ==
$now[4]) && ($cgiparams{'DAY'} < $now[3])) ) {
+ $errormessage = $Lang::tr{'invalid date entered'};
+ goto ROOTCERT_ERROR;
+ }
+ my $certdays = (POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'},
$cgiparams{'MONTH'}, $cgiparams{'YEAR'}-1900) - POSIX::mktime( 0, 0, 0,
$now[3], $now[4], $now[5])) / 86400;
+ if ($certdays <= 1) {
+ $errormessage = $Lang::tr{'invalid date entered'};
+ goto ROOTCERT_ERROR;
+ }
+
# Copy the cgisettings to rootcertsettings and save the configfile
$rootcertsettings{'ROOTCERT_ORGANIZATION'} =
$cgiparams{'ROOTCERT_ORGANIZATION'};
$rootcertsettings{'ROOTCERT_HOSTNAME'} =
$cgiparams{'ROOTCERT_HOSTNAME'};
@@ -526,7 +544,7 @@
&General::log("vpn", "Creating cacert...");
if (open(STDIN, "-|")) {
my $opt = " req -x509 -nodes -rand
/proc/interrupts:/proc/net/rt_cache";
- $opt .= " -days 999999";
+ $opt .= " -days $certdays";
$opt .= " -newkey rsa:2048";
$opt .= " -keyout /var/ipcop/private/cakey.pem";
$opt .= " -out /var/ipcop/ca/cacert.pem";
@@ -587,7 +605,7 @@
print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if
($cgiparams{'SUBJECTALTNAME'});
close ($fh);
- my $opt = " ca -days 999999";
+ my $opt = " ca -days $certdays";
$opt .= " -batch -notext";
$opt .= " -in /var/ipcop/certs/hostreq.pem";
$opt .= " -out /var/ipcop/certs/hostcert.pem";
@@ -774,6 +792,32 @@
<td class='base'>$Lang::tr{'vpn subjectaltname'} <img src='/blob.gif'
alt='*' /> (subjectAltName=email:*,URI:*,DNS:*,RID:*)</td>
<td class='base' nowrap='nowrap'><input type='text' name='SUBJECTALTNAME'
value='$cgiparams{'SUBJECTALTNAME'}' size='32' /></td>
</tr><tr>
+ <td class='base'>$Lang::tr{'valid until'}:</td>
+ <td class='base' nowrap='nowrap'>
+ <select name='YEAR'>
+END
+ ;
+ for (my $year = $this_year; $year <= $this_year + 25; $year++) {
+ print "\t<option ";
+ print "selected='selected' " if ($year == $cgiparams{'YEAR'});
+ print "value='$year'>$year</option>\n";
+ }
+ print "</select> <select name='MONTH'>";
+ for (my $month = 0; $month < 12; $month++) {
+ print "\t<option ";
+ print "selected='selected' " if ($month == $cgiparams{'MONTH'});
+ print
"value='$month'>$Lang::tr{$General::longMonths[$month]}</option>\n";
+ }
+ print "</select> <select name='DAY'>";
+ for (my $day = 1; $day <= 31; $day++) {
+ print "\t<option ";
+ print "selected='selected' " if ($day == $cgiparams{'DAY'});
+ print "value='$day'>$day</option>\n";
+ }
+ print <<END
+ </select>
+ </td>
+</tr><tr>
<td> </td>
<td><br />
<input type='submit' name='ACTION' value='$Lang::tr{'generate
root/host certificates'}' />
Modified: ipcop/trunk/updates/2.0.2/ROOTFILES.i486-2.0.2
===================================================================
--- ipcop/trunk/updates/2.0.2/ROOTFILES.i486-2.0.2 2011-11-12 14:21:02 UTC
(rev 6058)
+++ ipcop/trunk/updates/2.0.2/ROOTFILES.i486-2.0.2 2011-11-12 14:50:51 UTC
(rev 6059)
@@ -1,5 +1,6 @@
## please place IPCop files first, then packages sorted by alphabetical order
/home/httpd/cgi-bin/proxy.cgi
+/home/httpd/cgi-bin/vpnca.cgi
/usr/share/locale/it_IT/LC_MESSAGES/ipcop.mo
##
## Net-DNS-0.67
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
