Revision: 6087
http://ipcop.svn.sourceforge.net/ipcop/?rev=6087&view=rev
Author: owes
Date: 2011-11-15 16:25:57 +0000 (Tue, 15 Nov 2011)
Log Message:
-----------
Add valid until for IPsec and OpenVPN generated certificates.
Modified Paths:
--------------
ipcop/trunk/html/cgi-bin/ipsec.cgi
ipcop/trunk/html/cgi-bin/openvpn.cgi
ipcop/trunk/updates/2.0.2/ROOTFILES.i486-2.0.2
Modified: ipcop/trunk/html/cgi-bin/ipsec.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/ipsec.cgi 2011-11-15 16:24:02 UTC (rev 6086)
+++ ipcop/trunk/html/cgi-bin/ipsec.cgi 2011-11-15 16:25:57 UTC (rev 6087)
@@ -13,10 +13,10 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with IPCop; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# along with IPCop. If not, see <http://www.gnu.org/licenses/>.
#
# Copyright (C) 2003-05-25 Mark Wormgoor <[email protected]>
+# (c) 2003-2011 The IPCop Team
#
# $Id$
#
@@ -27,6 +27,7 @@
use Net::DNS;
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
+use POSIX();
use strict;
# enable only the following on debugging purpose
@@ -115,6 +116,12 @@
$cgiparams{'COMPRESSION'} = 'off';
$cgiparams{'VHOST'} = 'off';
$cgiparams{'VPN_WATCH'} = 'off';
+my @now = localtime();
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+my $this_year = $now[5] + 1900;
+# default to 15 years valid
+$cgiparams{'YEAR'} = $now[5] + 1900 + 15;
# Those cgiparams are used as checkbox values have to be initalized with 'off'
before reading %cgiparams
# If a checkbox is not select, there will be no such cgiparam.
@@ -791,6 +798,18 @@
goto VPNCONF_ERROR;
}
+ if (($cgiparams{'YEAR'} < $this_year)
+ || (($cgiparams{'YEAR'} == $this_year) && ($cgiparams{'MONTH'}
< $now[4]))
+ || (($cgiparams{'YEAR'} == $this_year) && ($cgiparams{'MONTH'}
== $now[4]) && ($cgiparams{'DAY'} < $now[3])) ) {
+ $errormessage = $Lang::tr{'invalid date entered'};
+ goto VPNCONF_ERROR;
+ }
+ my $certdays = (POSIX::mktime( 0, 0, 1, $cgiparams{'DAY'},
$cgiparams{'MONTH'}, $cgiparams{'YEAR'}-1900) - POSIX::mktime( 0, 0, 0,
$now[3], $now[4], $now[5])) / 86400;
+ if ($certdays <= 1) {
+ $errormessage = $Lang::tr{'invalid date entered'};
+ goto VPNCONF_ERROR;
+ }
+
# Replace empty strings with a .
(my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
(my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
@@ -839,7 +858,7 @@
print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if
($cgiparams{'SUBJECTALTNAME'});
close ($fh);
- my $opt = " ca -days 999999 -batch -notext";
+ my $opt = " ca -days $certdays -batch -notext";
$opt .= " -in /var/ipcop/certs/$cgiparams{'NAME'}req.pem";
$opt .= " -out /var/ipcop/certs/$cgiparams{'NAME'}cert.pem";
$opt .= " -extfile $v3extname";
@@ -1286,6 +1305,32 @@
</tr><tr>
<td> </td><td class='base'>$Lang::tr{'pkcs12 file
password'}:($Lang::tr{'confirmation'})</td>
<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2'
value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td>
+</tr><tr>
+ <td> </td><td class='base'>$Lang::tr{'valid until'}:</td>
+ <td class='base' nowrap='nowrap'>
+ <select name='YEAR'>
+END
+ ;
+ for (my $year = $this_year; $year <= $this_year + 25; $year++) {
+ print "\t<option ";
+ print "selected='selected' " if ($year == $cgiparams{'YEAR'});
+ print "value='$year'>$year</option>\n";
+ }
+ print "</select> <select name='MONTH'>";
+ for (my $month = 0; $month < 12; $month++) {
+ print "\t<option ";
+ print "selected='selected' " if ($month == $cgiparams{'MONTH'});
+ print
"value='$month'>$Lang::tr{$General::longMonths[$month]}</option>\n";
+ }
+ print "</select> <select name='DAY'>";
+ for (my $day = 1; $day <= 31; $day++) {
+ print "\t<option ";
+ print "selected='selected' " if ($day == $cgiparams{'DAY'});
+ print "value='$day'>$day</option>\n";
+ }
+ print <<END
+ </select>
+ </td>
</tr></table>
<hr />
END
Modified: ipcop/trunk/html/cgi-bin/openvpn.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/openvpn.cgi 2011-11-15 16:24:02 UTC (rev
6086)
+++ ipcop/trunk/html/cgi-bin/openvpn.cgi 2011-11-15 16:25:57 UTC (rev
6087)
@@ -21,6 +21,7 @@
use strict;
use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
use NetAddr::IP;
+use POSIX();
require '/usr/lib/ipcop/general-functions.pl';
require '/usr/lib/ipcop/vpn-functions.pl';
@@ -83,6 +84,12 @@
$cgiparams{'PUSH_ORANGE_1'} = 'off';
$cgiparams{'TYPE'} = '';
$cgiparams{'KEY'} = '';
+my @now = localtime();
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+my $this_year = $now[5] + 1900;
+# default to 15 years valid
+$cgiparams{'YEAR'} = $now[5] + 1900 + 15;
&General::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
&General::readhash('/var/ipcop/openvpn/settings', \%vpnsettings);
@@ -1383,6 +1390,18 @@
goto VPNCONF_ERROR;
}
+ if (($cgiparams{'YEAR'} < $this_year)
+ || (($cgiparams{'YEAR'} == $this_year) && ($cgiparams{'MONTH'}
< $now[4]))
+ || (($cgiparams{'YEAR'} == $this_year) && ($cgiparams{'MONTH'}
== $now[4]) && ($cgiparams{'DAY'} < $now[3])) ) {
+ $errormessage = $Lang::tr{'invalid date entered'};
+ goto VPNCONF_ERROR;
+ }
+ my $certdays = (POSIX::mktime( 0, 0, 1, $cgiparams{'DAY'},
$cgiparams{'MONTH'}, $cgiparams{'YEAR'}-1900) - POSIX::mktime( 0, 0, 0,
$now[3], $now[4], $now[5])) / 86400;
+ if ($certdays <= 1) {
+ $errormessage = $Lang::tr{'invalid date entered'};
+ goto VPNCONF_ERROR;
+ }
+
# Replace empty strings with a .
(my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
(my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
@@ -1419,7 +1438,7 @@
# Sign the host certificate request
&General::log("openvpn", "Signing the cert $cgiparams{'NAME'}...");
- my $opt = " ca -days 999999 -batch -notext";
+ my $opt = " ca -days $certdays -batch -notext";
$opt .= " -in /var/ipcop/openvpn/certs/$cgiparams{'NAME'}req.pem";
$opt .= " -out
/var/ipcop/openvpn/certs/$cgiparams{'NAME'}cert.pem";
@@ -1699,6 +1718,32 @@
<td> </td>
<td class='base'>$Lang::tr{'pkcs12 file password'}:<br
/>($Lang::tr{'confirmation'})</td>
<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2'
value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td>
+</tr><tr>
+ <td> </td><td class='base'>$Lang::tr{'valid until'}:</td>
+ <td class='base' nowrap='nowrap'>
+ <select name='YEAR'>
+END
+ ;
+ for (my $year = $this_year; $year <= $this_year + 25; $year++) {
+ print "\t<option ";
+ print "selected='selected' " if ($year == $cgiparams{'YEAR'});
+ print "value='$year'>$year</option>\n";
+ }
+ print "</select> <select name='MONTH'>";
+ for (my $month = 0; $month < 12; $month++) {
+ print "\t<option ";
+ print "selected='selected' " if ($month == $cgiparams{'MONTH'});
+ print
"value='$month'>$Lang::tr{$General::longMonths[$month]}</option>\n";
+ }
+ print "</select> <select name='DAY'>";
+ for (my $day = 1; $day <= 31; $day++) {
+ print "\t<option ";
+ print "selected='selected' " if ($day == $cgiparams{'DAY'});
+ print "value='$day'>$day</option>\n";
+ }
+ print <<END
+ </select>
+ </td>
</tr></table>
END
;
Modified: ipcop/trunk/updates/2.0.2/ROOTFILES.i486-2.0.2
===================================================================
--- ipcop/trunk/updates/2.0.2/ROOTFILES.i486-2.0.2 2011-11-15 16:24:02 UTC
(rev 6086)
+++ ipcop/trunk/updates/2.0.2/ROOTFILES.i486-2.0.2 2011-11-15 16:25:57 UTC
(rev 6087)
@@ -1,5 +1,7 @@
## please place IPCop files first, then packages sorted by alphabetical order
/home/httpd/cgi-bin/fwrulesadm.cgi
+/home/httpd/cgi-bin/ipsec.cgi
+/home/httpd/cgi-bin/openvpn.cgi
/home/httpd/cgi-bin/proxy.cgi
/home/httpd/cgi-bin/urlfilter.cgi
/home/httpd/cgi-bin/vpnca.cgi
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
