Revision: 7548
http://sourceforge.net/p/ipcop/svn/7548
Author: owes
Date: 2014-05-17 20:51:20 +0000 (Sat, 17 May 2014)
Log Message:
-----------
OpenVPN RW certificate: change md algo to sha256 and add option to set bit size.
Modified Paths:
--------------
ipcop/trunk/html/cgi-bin/openvpn.cgi
ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6
Modified: ipcop/trunk/html/cgi-bin/openvpn.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/openvpn.cgi 2014-05-17 20:43:01 UTC (rev
7547)
+++ ipcop/trunk/html/cgi-bin/openvpn.cgi 2014-05-17 20:51:20 UTC (rev
7548)
@@ -21,7 +21,7 @@
#
# Ipcop and OpenVPN eas as one two three..
#
-# (c) 2007-2011 The IPCop Team
+# (c) 2007-2014 The IPCop Team
#
# $Id$
#
@@ -105,6 +105,7 @@
my $this_year = $now[5] + 1900;
# default to 15 years valid
$cgiparams{'YEAR'} = $now[5] + 1900 + 15;
+$cgiparams{'CERT_BITS'} = 2048;
&General::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
&General::readhash('/var/ipcop/openvpn/settings', \%vpnsettings);
@@ -1428,7 +1429,7 @@
if (open(STDIN, "-|")) {
my $opt = " req -nodes -rand
/proc/interrupts:/proc/net/rt_cache";
- $opt .= " -newkey rsa:1024";
+ $opt .= " -newkey rsa:$cgiparams{'CERT_BITS'} -sha256";
$opt .= " -keyout
/var/ipcop/openvpn/certs/$cgiparams{'NAME'}key.pem";
$opt .= " -out
/var/ipcop/openvpn/certs/$cgiparams{'NAME'}req.pem";
@@ -1454,7 +1455,7 @@
# Sign the host certificate request
&General::log("openvpn", "Signing the cert $cgiparams{'NAME'}...");
- my $opt = " ca -days $certdays -batch -notext";
+ my $opt = " ca -days $certdays -batch -notext -md sha256";
$opt .= " -in /var/ipcop/openvpn/certs/$cgiparams{'NAME'}req.pem";
$opt .= " -out
/var/ipcop/openvpn/certs/$cgiparams{'NAME'}cert.pem";
@@ -1673,12 +1674,16 @@
END
}
elsif (! $cgiparams{'KEY'}) {
- my $disabled='';
my $cakeydisabled='';
my $cacrtdisabled='';
$cakeydisabled = "disabled='disabled'" if ( ! -f
'/var/ipcop/private/cakey.pem' );
$cacrtdisabled = "disabled='disabled'" if ( ! -f
'/var/ipcop/ca/cacert.pem' );
+ $selected{'CERT_BITS'}{'1024'} = '';
+ $selected{'CERT_BITS'}{'2048'} = '';
+ $selected{'CERT_BITS'}{'4096'} = '';
+ $selected{'CERT_BITS'}{$cgiparams{'CERT_BITS'}} =
"selected='selected'";
+
# Close the previous box
&Header::closebox();
@@ -1771,6 +1776,15 @@
print <<END
</select>
</td>
+</tr><tr>
+ <td> </td><td class='base'>$Lang::tr{'certificate'}:</td>
+ <td class='base' nowrap='nowrap'>
+ <select name='CERT_BITS'>
+ <option value='1024' $selected{'CERT_BITS'}{'1024'}>1024 bits</option>
+ <option value='2048' $selected{'CERT_BITS'}{'2048'}>2048 bits</option>
+ <option value='4096' $selected{'CERT_BITS'}{'4096'}>4096 bits</option>
+ </select>
+ </td>
</tr></table>
END
;
@@ -1955,18 +1969,20 @@
<tr><td class='base' nowrap='nowrap'>$Lang::tr{'comp-lzo'}:</td>
<td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'}
/></td>
<td class='base' nowrap='nowrap'>$Lang::tr{'cipher'}:</td>
- <td><select name='DCIPHER'><option value='DES-CBC'
$selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
- <option value='DES-EDE-CBC'
$selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
- <option value='DES-EDE3-CBC'
$selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
- <option value='DESX-CBC'
$selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
- <option value='RC2-CBC'
$selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
- <option value='RC2-40-CBC'
$selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
- <option value='RC2-64-CBC'
$selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
- <option value='BF-CBC'
$selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
- <option value='CAST5-CBC'
$selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
- <option value='AES-128-CBC'
$selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
- <option value='AES-192-CBC'
$selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
- <option value='AES-256-CBC'
$selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
+ <td><select name='DCIPHER'>
+ <option value='DES-CBC'
$selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
+ <option value='DES-EDE-CBC'
$selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
+ <option value='DES-EDE3-CBC'
$selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
+ <option value='DESX-CBC'
$selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
+ <option value='RC2-CBC'
$selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
+ <option value='RC2-40-CBC'
$selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
+ <option value='RC2-64-CBC'
$selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
+ <option value='BF-CBC'
$selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
+ <option value='CAST5-CBC'
$selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
+ <option value='AES-128-CBC'
$selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
+ <option value='AES-192-CBC'
$selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
+ <option value='AES-256-CBC'
$selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option>
+ </select></td>
</tr>
</table>
<hr />
Modified: ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6
===================================================================
--- ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6 2014-05-17 20:43:01 UTC
(rev 7547)
+++ ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6 2014-05-17 20:51:20 UTC
(rev 7548)
@@ -3,8 +3,10 @@
/etc/logrotate.d/squidGuard
/etc/rc.d/rc.sysinit
/etc/ssl/openssl.cnf
+/etc/ssl/openvpn.cnf
/home/httpd/cgi-bin/changepw.cgi
/home/httpd/cgi-bin/fwrulesadm.cgi
+/home/httpd/cgi-bin/openvpn.cgi
/home/httpd/cgi-bin/proxy.cgi
/home/httpd/cgi-bin/vpnca.cgi
/usr/lib/ipcop/DataAccess.pl
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
