From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/2] vpnmain.cgi: Change the log name from "ipsec" to "charon" Date: Sun, 02 Mar 2025 20:14:31 +0100 Message-ID: <20250302191431.20813-2-adolf.belka@ipfire.org> In-Reply-To: <20250302191431.20813-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1085041081650585352==" List-Id: --===============1085041081650585352== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - The use of "ipsec" currently means that none of these messages are shown in= the system log with IPSec selected as that is looking for charon. - This patch changes all "ipsec" entries in this file to "charon" - This results in the log messages for generation and regeneration of the roo= t/host certificate set being shown in the system log. Without this then the messa= ges log has to be searched from the command line with grep. - Tested out on a physical IPFire system. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- html/cgi-bin/vpnmain.cgi | 58 ++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index fe14b38f0..c9bbbb494 100755 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -233,7 +233,7 @@ sub callssl ($) { =20 if ($?) { foreach my $line (split (/\n/, $retssl)) { - &General::log("ipsec", "$line") if (0); # 1 for verbose logging + &General::log("charon", "$line") if (0); # 1 for verbose logging $ret .=3D '
' . &Header::escape($line); } } @@ -244,7 +244,7 @@ sub callssl ($) { ### Obtain a CN from given cert ### sub getCNfromcert ($) { - #&General::log("ipsec", "Extracting name from $_[0]..."); + #&General::log("charon", "Extracting name from $_[0]..."); my $temp =3D `/usr/bin/openssl x509 -text -in $_[0]`; $temp =3D~ /Subject:.*CN\s*=3D\s*(.*)[\n]/; $temp =3D $1; @@ -258,7 +258,7 @@ sub getCNfromcert ($) { ### Obtain Subject from given cert ### sub getsubjectfromcert ($) { - #&General::log("ipsec", "Extracting subject from $_[0]..."); + #&General::log("charon", "Extracting subject from $_[0]..."); my $temp =3D `/usr/bin/openssl x509 -text -in $_[0]`; $temp =3D~ /Subject: (.*)[\n]/; $temp =3D $1; @@ -906,7 +906,7 @@ END } $cgiparams{'ROOTCERT_COUNTRY'} =3D $vpnsettings{'ROOTCERT_COUNTRY'} if (!$= cgiparams{'ROOTCERT_COUNTRY'}); } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) { - &General::log("ipsec", "Importing from p12..."); + &General::log("charon", "Importing from p12..."); =20 unless (ref ($cgiparams{'FH'})) { $errormessage =3D $Lang::tr{'there was no file upload'}; @@ -921,7 +921,7 @@ END } =20 # Extract the CA certificate from the file - &General::log("ipsec", "Extracting caroot from p12..."); + &General::log("charon", "Extracting caroot from p12..."); if (open(STDIN, "-|")) { my $opt =3D " pkcs12 -legacy -cacerts -nokeys"; $opt .=3D " -in $filename"; @@ -934,7 +934,7 @@ END =20 # Extract the Host certificate from the file if (!$errormessage) { - &General::log("ipsec", "Extracting host cert from p12..."); + &General::log("charon", "Extracting host cert from p12..."); if (open(STDIN, "-|")) { my $opt =3D " pkcs12 -legacy -clcerts -nokeys"; $opt .=3D " -in $filename"; @@ -948,7 +948,7 @@ END =20 # Extract the Host key from the file if (!$errormessage) { - &General::log("ipsec", "Extracting private key from p12..."); + &General::log("charon", "Extracting private key from p12..."); if (open(STDIN, "-|")) { my $opt =3D " pkcs12 -legacy -nocerts -nodes"; $opt .=3D " -in $filename"; @@ -961,21 +961,21 @@ END } =20 if (!$errormessage) { - &General::log("ipsec", "Moving cacert..."); + &General::log("charon", "Moving cacert..."); unless(move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem")) { $errormessage =3D "$Lang::tr{'certificate file move failed'}: $!"; } } =20 if (!$errormessage) { - &General::log("ipsec", "Moving host cert..."); + &General::log("charon", "Moving host cert..."); unless(move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem"))= { $errormessage =3D "$Lang::tr{'certificate file move failed'}: $!"; } } =20 if (!$errormessage) { - &General::log("ipsec", "Moving private key..."); + &General::log("charon", "Moving private key..."); unless(move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem")) { $errormessage =3D "$Lang::tr{'certificate file move failed'}: $!"; } @@ -997,7 +997,7 @@ END # the private key for this CAROOT # IPFire can only import certificates =20 - &General::log("ipsec", "p12 import completed!"); + &General::log("charon", "p12 import completed!"); &cleanssldatabase(); goto ROOTCERT_SUCCESS; =20 @@ -1083,7 +1083,7 @@ END =20 # Create the CA certificate if (!$errormessage) { - &General::log("ipsec", "Creating cacert..."); + &General::log("charon", "Creating cacert..."); if (open(STDIN, "-|")) { my $opt =3D " req -x509 -sha256 -nodes"; $opt .=3D " -days 3650"; @@ -1106,7 +1106,7 @@ END =20 # Create the Host certificate request if (!$errormessage) { - &General::log("ipsec", "Creating host cert..."); + &General::log("charon", "Creating host cert..."); if (open(STDIN, "-|")) { my $opt =3D " req -sha256 -nodes"; $opt .=3D " -newkey rsa:4096"; @@ -1129,7 +1129,7 @@ END =20 # Sign the host certificate request if (!$errormessage) { - &General::log("ipsec", "Self signing host cert..."); + &General::log("charon", "Self signing host cert..."); =20 #No easy way for specifying the contain of subjectAltName without writing= a config file... my ($fh, $v3extname) =3D tempfile ('/tmp/XXXXXXXX'); @@ -1156,7 +1156,7 @@ END =20 # Create an empty CRL if (!$errormessage) { - &General::log("ipsec", "Creating emptycrl..."); + &General::log("charon", "Creating emptycrl..."); my $opt =3D " ca -gencrl"; $opt .=3D " -out ${General::swroot}/crls/cacrl.pem"; $errormessage =3D &callssl ($opt); @@ -1925,7 +1925,7 @@ END } =20 # Sign the certificate request - &General::log("ipsec", "Signing your cert $cgiparams{'NAME'}..."); + &General::log("charon", "Signing your cert $cgiparams{'NAME'}..."); my $opt =3D " ca -md sha256 -days 825"; $opt .=3D " -batch -notext"; $opt .=3D " -in $filename"; @@ -1947,7 +1947,7 @@ END goto VPNCONF_ERROR; } } elsif ($cgiparams{'AUTH'} eq 'pkcs12') { - &General::log("ipsec", "Importing from p12..."); + &General::log("charon", "Importing from p12..."); =20 unless (ref ($cgiparams{'FH'})) { $errormessage =3D $Lang::tr{'there was no file upload'}; @@ -1962,7 +1962,7 @@ END } =20 # Extract the CA certificate from the file - &General::log("ipsec", "Extracting caroot from p12..."); + &General::log("charon", "Extracting caroot from p12..."); if (open(STDIN, "-|")) { my $opt =3D " pkcs12 -legacy -cacerts -nokeys"; $opt .=3D " -in $filename"; @@ -1975,7 +1975,7 @@ END =20 # Extract the Host certificate from the file if (!$errormessage) { - &General::log("ipsec", "Extracting host cert from p12..."); + &General::log("charon", "Extracting host cert from p12..."); if (open(STDIN, "-|")) { my $opt =3D " pkcs12 -legacy -clcerts -nokeys"; $opt .=3D " -in $filename"; @@ -1988,7 +1988,7 @@ END } =20 if (!$errormessage) { - &General::log("ipsec", "Moving cacert..."); + &General::log("charon", "Moving cacert..."); #If CA have new subject, add it to our list of CA my $casubject =3D &Header::cleanhtml(getsubjectfromcert ('/tmp/newcacert'= )); my @names; @@ -2022,7 +2022,7 @@ END } } if (!$errormessage) { - &General::log("ipsec", "Moving host cert..."); + &General::log("charon", "Moving host cert..."); unless(move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAM= E'}cert.pem")) { $errormessage =3D "$Lang::tr{'certificate file move failed'}: $!"; } @@ -2037,7 +2037,7 @@ END unlink ("${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"); goto VPNCONF_ERROR; } - &General::log("ipsec", "p12 import completed!"); + &General::log("charon", "p12 import completed!"); } elsif ($cgiparams{'AUTH'} eq 'certfile') { if ($cgiparams{'KEY'}) { $errormessage =3D $Lang::tr{'cant change certificates'}; @@ -2055,7 +2055,7 @@ END } =20 # Verify the certificate has a valid CA and move it - &General::log("ipsec", "Validating imported cert against our known CA..."); + &General::log("charon", "Validating imported cert against our known CA..."= ); my $validca =3D 1; #assume ok my @test =3D &General::system_output("/usr/bin/openssl", "verify", "-CAfil= e", "${General::swroot}/ca/cacert.pem", "$filename"); if (! grep(/: OK/, @test)) { @@ -2160,7 +2160,7 @@ END (my $state =3D $cgiparams{'CERT_STATE'}) =3D~ s/^\s*$/\./; =20 # Create the Client certificate request - &General::log("ipsec", "Creating a cert..."); + &General::log("charon", "Creating a cert..."); =20 if (open(STDIN, "-|")) { my $opt =3D " req -nodes"; @@ -2187,7 +2187,7 @@ END } =20 # Sign the client certificate request - &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}..."); + &General::log("charon", "Signing the cert $cgiparams{'NAME'}..."); =20 #No easy way for specifying the contain of subjectAltName without writing = a config file... my ($fh, $v3extname) =3D tempfile ('/tmp/XXXXXXXX'); @@ -2221,7 +2221,7 @@ END } =20 # Create the pkcs12 file - &General::log("ipsec", "Packing a pkcs12 file..."); + &General::log("charon", "Packing a pkcs12 file..."); $opt =3D " pkcs12 -legacy -export"; $opt .=3D " -inkey ${General::swroot}/certs/$cgiparams{'NAME'}key.pem"; $opt .=3D " -in ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"; @@ -3834,7 +3834,7 @@ sub make_subnets($$) { sub regenerate_host_certificate() { my $errormessage =3D ""; =20 - &General::log("ipsec", "Regenerating host certificate..."); + &General::log("charon", "Regenerating host certificate..."); =20 # Create a CSR based on the existing certificate my $opt =3D " x509 -x509toreq -copy_extensions copyall"; @@ -3845,7 +3845,7 @@ sub regenerate_host_certificate() { =20 # Revoke the old certificate if (!$errormessage) { - &General::log("ipsec", "Revoking the old host cert..."); + &General::log("charon", "Revoking the old host cert..."); =20 my $opt =3D " ca -revoke ${General::swroot}/certs/hostcert.pem"; $errormessage =3D &callssl($opt); @@ -3853,7 +3853,7 @@ sub regenerate_host_certificate() { =20 # Sign the host certificate request if (!$errormessage) { - &General::log("ipsec", "Self signing host cert..."); + &General::log("charon", "Self signing host cert..."); =20 my $opt =3D " ca -md sha256 -days 825"; $opt .=3D " -batch -notext"; --=20 2.48.1 --===============1085041081650585352==--