From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] ovpnmain.cgi: Bug 12574 - OpenVPN Internal server error when returning after generating root/host certificates Date: Wed, 17 Nov 2021 19:57:49 +0000 Message-ID: <2ce8e59e-bc19-b5c0-5bfd-276850583987@ipfire.org> In-Reply-To: <20211114204252.3464019-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0083003441765707066==" List-Id: --===============0083003441765707066== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Adolf, hello Erik, thank you very much for working on this. Reviewed-by: Peter M=C3=BCller Thanks, and best regards, Peter M=C3=BCller > - Option "--secret" was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5 > It was replaced by "secret". If "--secret" is used with genkey then a u= ser warning is > printed and this is what gives the Internal server error. > - Patch was defined by Erik Kapfer but currently he does not have a build e= nvironment > so I have submitted the patch on his behalf. > - Patch tested on a vm testbed running Core Update 160. Confirmed that with= out patch the > error still occurs and with patch everything runs smoothly. >=20 > Fixes: Bug #12574 > Tested-by: Adolf Belka > Signed-off-by : Erik Kapfer > Signed-off-by: Adolf Belka > --- > html/cgi-bin/ovpnmain.cgi | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index f99bfdef7..7e274b36a 100644 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -1209,7 +1209,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgi= params{'TYPE'} eq '' && $cg > if ($cgiparams{'TLSAUTH'} eq 'on') { > if ( ! -e "${General::swroot}/ovpn/certs/ta.key") { > # This system call is safe, because all arguements are passed as an ar= ray. > - system("/usr/sbin/openvpn", "--genkey", "--secret", "${General::swroot}= /ovpn/certs/ta.key"); > + system("/usr/sbin/openvpn", "--genkey", "secret", "${General::swroot}/o= vpn/certs/ta.key"); > if ($?) { > $errormessage =3D "$Lang::tr{'openssl produced an error'}: $?"; > goto SETTINGS_ERROR; > @@ -2012,7 +2012,7 @@ END > } > # Create ta.key for tls-auth > # This system call is safe, because all arguments are passed as an array. > - system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/o= vpn/certs/ta.key"); > + system('/usr/sbin/openvpn', '--genkey', 'secret', "${General::swroot}/ovp= n/certs/ta.key"); > if ($?) { > $errormessage =3D "$Lang::tr{'openssl produced an error'}: $?"; > &cleanssldatabase(); >=20 --===============0083003441765707066==--