- The use of "ipsec" currently means that none of these messages are shown in the system log with IPSec selected as that is looking for charon. - This patch changes all "ipsec" entries in this file to "charon" - This results in the log messages for generation and regeneration of the root/host certificate set being shown in the system log. Without this then the messages log has to be searched from the command line with grep. - Tested out on a physical IPFire system. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- html/cgi-bin/vpnmain.cgi | 58 ++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index fe14b38f0..c9bbbb494 100755 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -233,7 +233,7 @@ sub callssl ($) { if ($?) { foreach my $line (split (/\n/, $retssl)) { - &General::log("ipsec", "$line") if (0); # 1 for verbose logging + &General::log("charon", "$line") if (0); # 1 for verbose logging $ret .= '
' . &Header::escape($line); } } @@ -244,7 +244,7 @@ sub callssl ($) { ### Obtain a CN from given cert ### sub getCNfromcert ($) { - #&General::log("ipsec", "Extracting name from $_[0]..."); + #&General::log("charon", "Extracting name from $_[0]..."); my $temp = `/usr/bin/openssl x509 -text -in $_[0]`; $temp =~ /Subject:.*CN\s*=\s*(.*)[\n]/; $temp = $1; @@ -258,7 +258,7 @@ sub getCNfromcert ($) { ### Obtain Subject from given cert ### sub getsubjectfromcert ($) { - #&General::log("ipsec", "Extracting subject from $_[0]..."); + #&General::log("charon", "Extracting subject from $_[0]..."); my $temp = `/usr/bin/openssl x509 -text -in $_[0]`; $temp =~ /Subject: (.*)[\n]/; $temp = $1; @@ -906,7 +906,7 @@ END } $cgiparams{'ROOTCERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'} if (!$cgiparams{'ROOTCERT_COUNTRY'}); } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) { - &General::log("ipsec", "Importing from p12..."); + &General::log("charon", "Importing from p12..."); unless (ref ($cgiparams{'FH'})) { $errormessage = $Lang::tr{'there was no file upload'}; @@ -921,7 +921,7 @@ END } # Extract the CA certificate from the file - &General::log("ipsec", "Extracting caroot from p12..."); + &General::log("charon", "Extracting caroot from p12..."); if (open(STDIN, "-|")) { my $opt = " pkcs12 -legacy -cacerts -nokeys"; $opt .= " -in $filename"; @@ -934,7 +934,7 @@ END # Extract the Host certificate from the file if (!$errormessage) { - &General::log("ipsec", "Extracting host cert from p12..."); + &General::log("charon", "Extracting host cert from p12..."); if (open(STDIN, "-|")) { my $opt = " pkcs12 -legacy -clcerts -nokeys"; $opt .= " -in $filename"; @@ -948,7 +948,7 @@ END # Extract the Host key from the file if (!$errormessage) { - &General::log("ipsec", "Extracting private key from p12..."); + &General::log("charon", "Extracting private key from p12..."); if (open(STDIN, "-|")) { my $opt = " pkcs12 -legacy -nocerts -nodes"; $opt .= " -in $filename"; @@ -961,21 +961,21 @@ END } if (!$errormessage) { - &General::log("ipsec", "Moving cacert..."); + &General::log("charon", "Moving cacert..."); unless(move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem")) { $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; } } if (!$errormessage) { - &General::log("ipsec", "Moving host cert..."); + &General::log("charon", "Moving host cert..."); unless(move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem")) { $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; } } if (!$errormessage) { - &General::log("ipsec", "Moving private key..."); + &General::log("charon", "Moving private key..."); unless(move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem")) { $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; } @@ -997,7 +997,7 @@ END # the private key for this CAROOT # IPFire can only import certificates - &General::log("ipsec", "p12 import completed!"); + &General::log("charon", "p12 import completed!"); &cleanssldatabase(); goto ROOTCERT_SUCCESS; @@ -1083,7 +1083,7 @@ END # Create the CA certificate if (!$errormessage) { - &General::log("ipsec", "Creating cacert..."); + &General::log("charon", "Creating cacert..."); if (open(STDIN, "-|")) { my $opt = " req -x509 -sha256 -nodes"; $opt .= " -days 3650"; @@ -1106,7 +1106,7 @@ END # Create the Host certificate request if (!$errormessage) { - &General::log("ipsec", "Creating host cert..."); + &General::log("charon", "Creating host cert..."); if (open(STDIN, "-|")) { my $opt = " req -sha256 -nodes"; $opt .= " -newkey rsa:4096"; @@ -1129,7 +1129,7 @@ END # Sign the host certificate request if (!$errormessage) { - &General::log("ipsec", "Self signing host cert..."); + &General::log("charon", "Self signing host cert..."); #No easy way for specifying the contain of subjectAltName without writing a config file... my ($fh, $v3extname) = tempfile ('/tmp/XXXXXXXX'); @@ -1156,7 +1156,7 @@ END # Create an empty CRL if (!$errormessage) { - &General::log("ipsec", "Creating emptycrl..."); + &General::log("charon", "Creating emptycrl..."); my $opt = " ca -gencrl"; $opt .= " -out ${General::swroot}/crls/cacrl.pem"; $errormessage = &callssl ($opt); @@ -1925,7 +1925,7 @@ END } # Sign the certificate request - &General::log("ipsec", "Signing your cert $cgiparams{'NAME'}..."); + &General::log("charon", "Signing your cert $cgiparams{'NAME'}..."); my $opt = " ca -md sha256 -days 825"; $opt .= " -batch -notext"; $opt .= " -in $filename"; @@ -1947,7 +1947,7 @@ END goto VPNCONF_ERROR; } } elsif ($cgiparams{'AUTH'} eq 'pkcs12') { - &General::log("ipsec", "Importing from p12..."); + &General::log("charon", "Importing from p12..."); unless (ref ($cgiparams{'FH'})) { $errormessage = $Lang::tr{'there was no file upload'}; @@ -1962,7 +1962,7 @@ END } # Extract the CA certificate from the file - &General::log("ipsec", "Extracting caroot from p12..."); + &General::log("charon", "Extracting caroot from p12..."); if (open(STDIN, "-|")) { my $opt = " pkcs12 -legacy -cacerts -nokeys"; $opt .= " -in $filename"; @@ -1975,7 +1975,7 @@ END # Extract the Host certificate from the file if (!$errormessage) { - &General::log("ipsec", "Extracting host cert from p12..."); + &General::log("charon", "Extracting host cert from p12..."); if (open(STDIN, "-|")) { my $opt = " pkcs12 -legacy -clcerts -nokeys"; $opt .= " -in $filename"; @@ -1988,7 +1988,7 @@ END } if (!$errormessage) { - &General::log("ipsec", "Moving cacert..."); + &General::log("charon", "Moving cacert..."); #If CA have new subject, add it to our list of CA my $casubject = &Header::cleanhtml(getsubjectfromcert ('/tmp/newcacert')); my @names; @@ -2022,7 +2022,7 @@ END } } if (!$errormessage) { - &General::log("ipsec", "Moving host cert..."); + &General::log("charon", "Moving host cert..."); unless(move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem")) { $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; } @@ -2037,7 +2037,7 @@ END unlink ("${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"); goto VPNCONF_ERROR; } - &General::log("ipsec", "p12 import completed!"); + &General::log("charon", "p12 import completed!"); } elsif ($cgiparams{'AUTH'} eq 'certfile') { if ($cgiparams{'KEY'}) { $errormessage = $Lang::tr{'cant change certificates'}; @@ -2055,7 +2055,7 @@ END } # Verify the certificate has a valid CA and move it - &General::log("ipsec", "Validating imported cert against our known CA..."); + &General::log("charon", "Validating imported cert against our known CA..."); my $validca = 1; #assume ok my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/cacert.pem", "$filename"); if (! grep(/: OK/, @test)) { @@ -2160,7 +2160,7 @@ END (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./; # Create the Client certificate request - &General::log("ipsec", "Creating a cert..."); + &General::log("charon", "Creating a cert..."); if (open(STDIN, "-|")) { my $opt = " req -nodes"; @@ -2187,7 +2187,7 @@ END } # Sign the client certificate request - &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}..."); + &General::log("charon", "Signing the cert $cgiparams{'NAME'}..."); #No easy way for specifying the contain of subjectAltName without writing a config file... my ($fh, $v3extname) = tempfile ('/tmp/XXXXXXXX'); @@ -2221,7 +2221,7 @@ END } # Create the pkcs12 file - &General::log("ipsec", "Packing a pkcs12 file..."); + &General::log("charon", "Packing a pkcs12 file..."); $opt = " pkcs12 -legacy -export"; $opt .= " -inkey ${General::swroot}/certs/$cgiparams{'NAME'}key.pem"; $opt .= " -in ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"; @@ -3834,7 +3834,7 @@ sub make_subnets($$) { sub regenerate_host_certificate() { my $errormessage = ""; - &General::log("ipsec", "Regenerating host certificate..."); + &General::log("charon", "Regenerating host certificate..."); # Create a CSR based on the existing certificate my $opt = " x509 -x509toreq -copy_extensions copyall"; @@ -3845,7 +3845,7 @@ sub regenerate_host_certificate() { # Revoke the old certificate if (!$errormessage) { - &General::log("ipsec", "Revoking the old host cert..."); + &General::log("charon", "Revoking the old host cert..."); my $opt = " ca -revoke ${General::swroot}/certs/hostcert.pem"; $errormessage = &callssl($opt); @@ -3853,7 +3853,7 @@ sub regenerate_host_certificate() { # Sign the host certificate request if (!$errormessage) { - &General::log("ipsec", "Self signing host cert..."); + &General::log("charon", "Self signing host cert..."); my $opt = " ca -md sha256 -days 825"; $opt .= " -batch -notext"; -- 2.48.1