[PATCH 1/3] ovpnmain.cgi: Join certificate output before &Header::cleanhtml();

[PATCH 1/3] ovpnmain.cgi: Join certificate output before &Header::cleanhtml();

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 3739 bytes --]

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 7a2833ce6..3cd2f9381 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1532,8 +1532,8 @@ END
 	&Header::openbigbox('100%', 'LEFT', '', $errormessage);
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
 	my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
-	@output = &Header::cleanhtml(@output,"y");
-	print "<pre>@output</pre>\n";
+	my $output = &Header::cleanhtml(join("", @output),"y");
+	print "<pre>$output</pre>\n";
 	&Header::closebox();
 	print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 	&Header::closebigbox();
@@ -1652,8 +1652,8 @@ END
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
 	@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
     }
-    @output = &Header::cleanhtml(@output,"y");
-    print "<pre>@output</pre>\n";
+    my $output = &Header::cleanhtml(join("", @output), "y");
+    print "<pre>$output</pre>\n";
     &Header::closebox();
     print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
     &Header::closebigbox();
@@ -2616,8 +2616,8 @@ else
 	&Header::openbigbox('100%', 'LEFT', '', '');
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
 	my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-	@output = &Header::cleanhtml(@output,"y");
-	print "<pre>@output</pre>\n";
+	my $output = &Header::cleanhtml(join("", @output), "y");
+	print "<pre>$output</pre>\n";
 	&Header::closebox();
 	print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 	&Header::closebigbox();
@@ -2638,8 +2638,8 @@ else
 		&Header::openbigbox('100%', 'LEFT', '', '');
 		&Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
 		my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
-		@output = &Header::cleanhtml(@output,"y");
-		print "<pre>@output</pre>\n";
+		my $output = &Header::cleanhtml(join("", @output) ,"y");
+		print "<pre>$output</pre>\n";
 		&Header::closebox();
 		print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 		&Header::closebigbox();
@@ -2664,8 +2664,8 @@ else
 		my @output = <FILE>;
 		close(FILE);
 
-		@output = &Header::cleanhtml(@output,"y");
-		print "<pre>@output</pre>\n";
+		my $output = &Header::cleanhtml(join("", @output),"y");
+		print "<pre>$output</pre>\n";
 		&Header::closebox();
 		print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 		&Header::closebigbox();
@@ -2687,8 +2687,8 @@ else
 	&Header::openbigbox('100%', 'LEFT', '', '');
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
 	my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem");
-	@output = &Header::cleanhtml(@output,"y");
-	print "<pre>@output</pre>\n";
+	my $output = &Header::cleanhtml(join("", @output), "y");
+	print "<pre>$output</pre>\n";
 	&Header::closebox();
 	print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 	&Header::closebigbox();
-- 
2.31.0

[PATCH 2/3] Partially revert "vpnmain.cgi: Use new system methods"

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2838 bytes --]

This reverts commit a81cbf61273536ee36f3d26504aabdcd65d39cca.

It was no longer possible to generate the root/host certificates.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 52 +++++++++++++---------------------------
 1 file changed, 16 insertions(+), 36 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 8f13cf51f..80e93ffd3 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -226,13 +226,9 @@ sub newcleanssldatabase {
 ###
 sub callssl ($) {
 	my $opt = shift;
-
-	# Split the given argument string into single pieces and assign them to an array.
-	my @opts = split(/ /, $opt);
-
-	my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr
+	my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
 	my $ret = '';
-	foreach my $line (split (/\n/, @retssl)) {
+	foreach my $line (split (/\n/, $retssl)) {
 		&General::log("ipsec", "$line") if (0); # 1 for verbose logging
 		$ret .= '<br>'.$line if ( $line =~ /error|unknown/ );
 	}
@@ -246,21 +242,13 @@ sub callssl ($) {
 ###
 sub getCNfromcert ($) {
 	#&General::log("ipsec", "Extracting name from $_[0]...");
-	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
-	my $temp;
-
-	foreach my $line (@temp) {
-		if ($line =~ /Subject:.*CN = (.*)[\n]/) {
-			$temp = $1;
-			$temp =~ s+/Email+, E+;
-			$temp =~ s/ ST = / S = /;
-			$temp =~ s/,//g;
-			$temp =~ s/\'//g;
-
-			last;
-		}
-	}
-
+	my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+	$temp =~ /Subject:.*CN = (.*)[\n]/;
+	$temp = $1;
+	$temp =~ s+/Email+, E+;
+	$temp =~ s/ ST = / S = /;
+	$temp =~ s/,//g;
+	$temp =~ s/\'//g;
 	return $temp;
 }
 ###
@@ -268,19 +256,11 @@ sub getCNfromcert ($) {
 ###
 sub getsubjectfromcert ($) {
 	#&General::log("ipsec", "Extracting subject from $_[0]...");
-	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
-	my $temp;
-
-	foreach my $line (@temp) {
-		if($line =~ /Subject: (.*)[\n]/) {
-			$temp = $1;
-			$temp =~ s+/Email+, E+;
-			$temp =~ s/ ST = / S = /;
-
-			last;
-		}
-	}
-
+	my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+	$temp =~ /Subject: (.*)[\n]/;
+	$temp = $1;
+	$temp =~ s+/Email+, E+;
+	$temp =~ s/ ST = / S = /;
 	return $temp;
 }
 ###
@@ -689,8 +669,8 @@ END
 		$errormessage = $!;
 		goto UPLOADCA_ERROR;
 	}
-	my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
-	if (! grep(/CA:TRUE/, @temp)) {
+	my $temp = `/usr/bin/openssl x509 -text -in $filename`;
+	if ($temp !~ /CA:TRUE/i) {
 		$errormessage = $Lang::tr{'not a valid ca certificate'};
 		unlink ($filename);
 		goto UPLOADCA_ERROR;
-- 
2.31.0

[PATCH 3/3] vpnmain.cgi: Join certificate output before &Header::cleanhtml();

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2110 bytes --]

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 80e93ffd3..d54b56577 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -705,8 +705,8 @@ END
 		&Header::openbigbox('100%', 'left', '', '');
 		&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
 		my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
-		@output = &Header::cleanhtml(@output,"y");
-		print "<pre>@output</pre>\n";
+		my $output = &Header::cleanhtml(join("", @output) ,"y");
+		print "<pre>$output</pre>\n";
 		&Header::closebox();
 		print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 		&Header::closebigbox();
@@ -832,8 +832,8 @@ END
 		&Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:");
 		@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/hostcert.pem");
 	}
-	@output = &Header::cleanhtml(@output,"y");
-	print "<pre>@output</pre>\n";
+	my $output = &Header::cleanhtml(join("", @output) ,"y");
+	print "<pre>$output</pre>\n";
 	&Header::closebox();
 	print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 	&Header::closebigbox();
@@ -1521,8 +1521,8 @@ END
 		&Header::openbigbox('100%', 'left', '', '');
 		&Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
 		my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-		@output = &Header::cleanhtml(@output,"y");
-		print "<pre>@output</pre>\n";
+		my $output = &Header::cleanhtml(join("", @output) ,"y");
+		print "<pre>$output</pre>\n";
 		&Header::closebox();
 		print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
 		&Header::closebigbox();
-- 
2.31.0