[Ipcop-svn] SF.net SVN: ipcop:[6080] ipcop/trunk/html/cgi-bin/vpnca.cgi

Sun, 13 Nov 2011 13:47:15 -0800 

Revision: 6080
          http://ipcop.svn.sourceforge.net/ipcop/?rev=6080&view=rev
Author:   owes
Date:     2011-11-13 21:47:04 +0000 (Sun, 13 Nov 2011)
Log Message:
-----------
openssl 1.0 seems to encode hostkey by default. Work around that to make 
openswan happy again.

Modified Paths:
--------------
    ipcop/trunk/html/cgi-bin/vpnca.cgi

Modified: ipcop/trunk/html/cgi-bin/vpnca.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/vpnca.cgi  2011-11-13 18:04:18 UTC (rev 6079)
+++ ipcop/trunk/html/cgi-bin/vpnca.cgi  2011-11-13 21:47:04 UTC (rev 6080)
@@ -569,7 +569,7 @@
             if (open(STDIN, "-|")) {
                 my $opt  = " req -nodes -rand 
/proc/interrupts:/proc/net/rt_cache";
                 $opt .= " -newkey rsa:1024";
-                $opt .= " -keyout /var/ipcop/certs/hostkey.pem";
+                $opt .= " -keyout /var/ipcop/certs/hostkeytmp.pem";
                 $opt .= " -out /var/ipcop/certs/hostreq.pem";
                 $opt .= " -extensions server";
                 $errormessage = &VPN::callssl ($opt);
@@ -596,7 +596,7 @@
             my ($fh, $v3extname) = tempfile ('/tmp/XXXXXXXX');
             print $fh <<END
 basicConstraints=CA:FALSE
-nsCertType                     = server
+nsCertType=server
 nsComment="OpenSSL Server Generated Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
@@ -615,6 +615,15 @@
             unlink ($v3extname);
         }
 
+        # Manipulate hostkey to make openswan happy
+        if (!$errormessage) {
+            &General::log("vpn", "decrypt hostkey");
+            my $opt  = " rsa -in /var/ipcop/certs/hostkeytmp.pem";
+            $opt .= " -out /var/ipcop/certs/hostkey.pem";
+            $errormessage = &VPN::callssl ($opt);
+            unlink ("/var/ipcop/certs/hostkeytmp.pem");
+        }
+
         # Create an empty CRL
         if (!$errormessage) {
             &General::log("vpn", "Creating emptycrl...");

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn

Reply via email to