From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] ovpnmain.cgi: Fix detection of used DH key lenght.
Date: Mon, 21 Jun 2021 17:45:05 +0200
Message-ID: <20210621154506.2482-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0342298972263285701=="
List-Id: <development.lists.ipfire.org>

--===============0342298972263285701==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 023000dd5..5af1b807e 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -221,14 +221,23 @@ sub pkiconfigcheck
 	# Warning if DH parameter is 1024 bit
 	if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
 		my @dhparameter =3D &General::system_output("/usr/bin/openssl", "dhparam",=
 "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+		my $dhbit;
=20
+		# Loop through the output and search for the DH bit lenght.
 		foreach my $line (@dhparameter) {
-			my @dhbit =3D ($line =3D~ /(\d+)/);
-			if ($1 < 2048) {
-				$cryptoerror =3D "$Lang::tr{'ovpn error dh'}";
-				goto CRYPTO_ERROR;
+			if ($line =3D~ (/(\d+)/)) {
+				# Assign match to dhbit value.
+				$dhbit =3D $1;
+
+				last;
 			}
 		}
+
+		# Check if the used key lenght is at least 2048 bit.
+		if ($dhbit < 2048) {
+			$cryptoerror =3D "$Lang::tr{'ovpn error dh'}";
+			goto CRYPTO_ERROR;
+		}
 	}
=20
 	# Warning if md5 is in usage
--=20
2.20.1


--===============0342298972263285701==--