From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] vpnmain.cgi: Change the log name from "ipsec" to "charon"
Date: Sun, 02 Mar 2025 20:14:31 +0100 [thread overview]
Message-ID: <20250302191431.20813-2-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20250302191431.20813-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 10606 bytes --]
- The use of "ipsec" currently means that none of these messages are shown in the
system log with IPSec selected as that is looking for charon.
- This patch changes all "ipsec" entries in this file to "charon"
- This results in the log messages for generation and regeneration of the root/host
certificate set being shown in the system log. Without this then the messages log
has to be searched from the command line with grep.
- Tested out on a physical IPFire system.
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
html/cgi-bin/vpnmain.cgi | 58 ++++++++++++++++++++--------------------
1 file changed, 29 insertions(+), 29 deletions(-)
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index fe14b38f0..c9bbbb494 100755
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -233,7 +233,7 @@ sub callssl ($) {
if ($?) {
foreach my $line (split (/\n/, $retssl)) {
- &General::log("ipsec", "$line") if (0); # 1 for verbose logging
+ &General::log("charon", "$line") if (0); # 1 for verbose logging
$ret .= '<br>' . &Header::escape($line);
}
}
@@ -244,7 +244,7 @@ sub callssl ($) {
### Obtain a CN from given cert
###
sub getCNfromcert ($) {
- #&General::log("ipsec", "Extracting name from $_[0]...");
+ #&General::log("charon", "Extracting name from $_[0]...");
my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
$temp =~ /Subject:.*CN\s*=\s*(.*)[\n]/;
$temp = $1;
@@ -258,7 +258,7 @@ sub getCNfromcert ($) {
### Obtain Subject from given cert
###
sub getsubjectfromcert ($) {
- #&General::log("ipsec", "Extracting subject from $_[0]...");
+ #&General::log("charon", "Extracting subject from $_[0]...");
my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
$temp =~ /Subject: (.*)[\n]/;
$temp = $1;
@@ -906,7 +906,7 @@ END
}
$cgiparams{'ROOTCERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'} if (!$cgiparams{'ROOTCERT_COUNTRY'});
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
- &General::log("ipsec", "Importing from p12...");
+ &General::log("charon", "Importing from p12...");
unless (ref ($cgiparams{'FH'})) {
$errormessage = $Lang::tr{'there was no file upload'};
@@ -921,7 +921,7 @@ END
}
# Extract the CA certificate from the file
- &General::log("ipsec", "Extracting caroot from p12...");
+ &General::log("charon", "Extracting caroot from p12...");
if (open(STDIN, "-|")) {
my $opt = " pkcs12 -legacy -cacerts -nokeys";
$opt .= " -in $filename";
@@ -934,7 +934,7 @@ END
# Extract the Host certificate from the file
if (!$errormessage) {
- &General::log("ipsec", "Extracting host cert from p12...");
+ &General::log("charon", "Extracting host cert from p12...");
if (open(STDIN, "-|")) {
my $opt = " pkcs12 -legacy -clcerts -nokeys";
$opt .= " -in $filename";
@@ -948,7 +948,7 @@ END
# Extract the Host key from the file
if (!$errormessage) {
- &General::log("ipsec", "Extracting private key from p12...");
+ &General::log("charon", "Extracting private key from p12...");
if (open(STDIN, "-|")) {
my $opt = " pkcs12 -legacy -nocerts -nodes";
$opt .= " -in $filename";
@@ -961,21 +961,21 @@ END
}
if (!$errormessage) {
- &General::log("ipsec", "Moving cacert...");
+ &General::log("charon", "Moving cacert...");
unless(move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
}
}
if (!$errormessage) {
- &General::log("ipsec", "Moving host cert...");
+ &General::log("charon", "Moving host cert...");
unless(move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
}
}
if (!$errormessage) {
- &General::log("ipsec", "Moving private key...");
+ &General::log("charon", "Moving private key...");
unless(move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
}
@@ -997,7 +997,7 @@ END
# the private key for this CAROOT
# IPFire can only import certificates
- &General::log("ipsec", "p12 import completed!");
+ &General::log("charon", "p12 import completed!");
&cleanssldatabase();
goto ROOTCERT_SUCCESS;
@@ -1083,7 +1083,7 @@ END
# Create the CA certificate
if (!$errormessage) {
- &General::log("ipsec", "Creating cacert...");
+ &General::log("charon", "Creating cacert...");
if (open(STDIN, "-|")) {
my $opt = " req -x509 -sha256 -nodes";
$opt .= " -days 3650";
@@ -1106,7 +1106,7 @@ END
# Create the Host certificate request
if (!$errormessage) {
- &General::log("ipsec", "Creating host cert...");
+ &General::log("charon", "Creating host cert...");
if (open(STDIN, "-|")) {
my $opt = " req -sha256 -nodes";
$opt .= " -newkey rsa:4096";
@@ -1129,7 +1129,7 @@ END
# Sign the host certificate request
if (!$errormessage) {
- &General::log("ipsec", "Self signing host cert...");
+ &General::log("charon", "Self signing host cert...");
#No easy way for specifying the contain of subjectAltName without writing a config file...
my ($fh, $v3extname) = tempfile ('/tmp/XXXXXXXX');
@@ -1156,7 +1156,7 @@ END
# Create an empty CRL
if (!$errormessage) {
- &General::log("ipsec", "Creating emptycrl...");
+ &General::log("charon", "Creating emptycrl...");
my $opt = " ca -gencrl";
$opt .= " -out ${General::swroot}/crls/cacrl.pem";
$errormessage = &callssl ($opt);
@@ -1925,7 +1925,7 @@ END
}
# Sign the certificate request
- &General::log("ipsec", "Signing your cert $cgiparams{'NAME'}...");
+ &General::log("charon", "Signing your cert $cgiparams{'NAME'}...");
my $opt = " ca -md sha256 -days 825";
$opt .= " -batch -notext";
$opt .= " -in $filename";
@@ -1947,7 +1947,7 @@ END
goto VPNCONF_ERROR;
}
} elsif ($cgiparams{'AUTH'} eq 'pkcs12') {
- &General::log("ipsec", "Importing from p12...");
+ &General::log("charon", "Importing from p12...");
unless (ref ($cgiparams{'FH'})) {
$errormessage = $Lang::tr{'there was no file upload'};
@@ -1962,7 +1962,7 @@ END
}
# Extract the CA certificate from the file
- &General::log("ipsec", "Extracting caroot from p12...");
+ &General::log("charon", "Extracting caroot from p12...");
if (open(STDIN, "-|")) {
my $opt = " pkcs12 -legacy -cacerts -nokeys";
$opt .= " -in $filename";
@@ -1975,7 +1975,7 @@ END
# Extract the Host certificate from the file
if (!$errormessage) {
- &General::log("ipsec", "Extracting host cert from p12...");
+ &General::log("charon", "Extracting host cert from p12...");
if (open(STDIN, "-|")) {
my $opt = " pkcs12 -legacy -clcerts -nokeys";
$opt .= " -in $filename";
@@ -1988,7 +1988,7 @@ END
}
if (!$errormessage) {
- &General::log("ipsec", "Moving cacert...");
+ &General::log("charon", "Moving cacert...");
#If CA have new subject, add it to our list of CA
my $casubject = &Header::cleanhtml(getsubjectfromcert ('/tmp/newcacert'));
my @names;
@@ -2022,7 +2022,7 @@ END
}
}
if (!$errormessage) {
- &General::log("ipsec", "Moving host cert...");
+ &General::log("charon", "Moving host cert...");
unless(move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
}
@@ -2037,7 +2037,7 @@ END
unlink ("${General::swroot}/certs/$cgiparams{'NAME'}cert.pem");
goto VPNCONF_ERROR;
}
- &General::log("ipsec", "p12 import completed!");
+ &General::log("charon", "p12 import completed!");
} elsif ($cgiparams{'AUTH'} eq 'certfile') {
if ($cgiparams{'KEY'}) {
$errormessage = $Lang::tr{'cant change certificates'};
@@ -2055,7 +2055,7 @@ END
}
# Verify the certificate has a valid CA and move it
- &General::log("ipsec", "Validating imported cert against our known CA...");
+ &General::log("charon", "Validating imported cert against our known CA...");
my $validca = 1; #assume ok
my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/cacert.pem", "$filename");
if (! grep(/: OK/, @test)) {
@@ -2160,7 +2160,7 @@ END
(my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
# Create the Client certificate request
- &General::log("ipsec", "Creating a cert...");
+ &General::log("charon", "Creating a cert...");
if (open(STDIN, "-|")) {
my $opt = " req -nodes";
@@ -2187,7 +2187,7 @@ END
}
# Sign the client certificate request
- &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}...");
+ &General::log("charon", "Signing the cert $cgiparams{'NAME'}...");
#No easy way for specifying the contain of subjectAltName without writing a config file...
my ($fh, $v3extname) = tempfile ('/tmp/XXXXXXXX');
@@ -2221,7 +2221,7 @@ END
}
# Create the pkcs12 file
- &General::log("ipsec", "Packing a pkcs12 file...");
+ &General::log("charon", "Packing a pkcs12 file...");
$opt = " pkcs12 -legacy -export";
$opt .= " -inkey ${General::swroot}/certs/$cgiparams{'NAME'}key.pem";
$opt .= " -in ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem";
@@ -3834,7 +3834,7 @@ sub make_subnets($$) {
sub regenerate_host_certificate() {
my $errormessage = "";
- &General::log("ipsec", "Regenerating host certificate...");
+ &General::log("charon", "Regenerating host certificate...");
# Create a CSR based on the existing certificate
my $opt = " x509 -x509toreq -copy_extensions copyall";
@@ -3845,7 +3845,7 @@ sub regenerate_host_certificate() {
# Revoke the old certificate
if (!$errormessage) {
- &General::log("ipsec", "Revoking the old host cert...");
+ &General::log("charon", "Revoking the old host cert...");
my $opt = " ca -revoke ${General::swroot}/certs/hostcert.pem";
$errormessage = &callssl($opt);
@@ -3853,7 +3853,7 @@ sub regenerate_host_certificate() {
# Sign the host certificate request
if (!$errormessage) {
- &General::log("ipsec", "Self signing host cert...");
+ &General::log("charon", "Self signing host cert...");
my $opt = " ca -md sha256 -days 825";
$opt .= " -batch -notext";
--
2.48.1
prev parent reply other threads:[~2025-03-02 19:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-02 19:14 [PATCH 1/2] vpnmain.cgi: Fixes bug13737 - increments the serial number to allow cert regen Adolf Belka
2025-03-02 19:14 ` Adolf Belka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250302191431.20813-2-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox