From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] ovpnmain.cgi: Fix for bug #12883 - separate .p12 file corrupted
Date: Wed, 22 Jun 2022 22:22:36 +0200 [thread overview]
Message-ID: <20220622202236.3149193-1-adolf.belka@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2783 bytes --]
- Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c315a9abfd49060487
from May 2021 put the variable containing the .p12 content into double quotes which
causes the contents to be treated as text whereas the .p12 file is an application file.
- Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so
the problem was not noticed till now and flagged up in the forum.
https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
- The problem does not occur for the .p12 file in the zip file as the downloading of the
zip file does not have the variable name in double quotes.
- Putting the zip file variable into double quotes caused the downloaded zip file to be
corrupt and not able to be opened as an archive.
- Removing the double quotes from the .p12 variable name caused the separate .p12 file
download to be able to be correctly opened.
- The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem
and ta.key file downloads. To be consistent the same change has been applied to these.
Fixes: Bug #2883
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index b8c3e5064..736d17541 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1564,7 +1564,7 @@ END
print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
- print "@tmp";
+ print @tmp;
exit(0);
} else {
@@ -1679,7 +1679,7 @@ END
print "Content-Disposition: filename=cacert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
- print "@tmp";
+ print @tmp;
exit(0);
}
@@ -1693,7 +1693,7 @@ END
print "Content-Disposition: filename=servercert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
- print "@tmp";
+ print @tmp;
exit(0);
}
@@ -1710,7 +1710,7 @@ END
my @tmp = <FILE>;
close(FILE);
- print "@tmp";
+ print @tmp;
exit(0);
}
@@ -2615,7 +2615,7 @@ else
my @tmp = <FILE>;
close(FILE);
- print "@tmp";
+ print @tmp;
exit (0);
###
@@ -3234,7 +3234,7 @@ END
my @tmp = <FILE>;
close(FILE);
- print "@tmp";
+ print @tmp;
exit (0);
}
--
2.36.1
next reply other threads:[~2022-06-22 20:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-22 20:22 Adolf Belka [this message]
2022-06-22 21:51 ` Tom Rymes
2022-06-23 12:56 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220622202236.3149193-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox