From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: URGENT - Re: IPFire 2.27 - Core Update 175 released
Date: Mon, 12 Jun 2023 14:43:07 +0200
Message-ID: <59987c52-5d65-72d6-8c30-5ed17db1c5f8@ipfire.org>
In-Reply-To: <168656670763.3173477.15681266236887825485.ipfire@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3181131128315952416=="
List-Id: <development.lists.ipfire.org>

--===============3181131128315952416==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Michael,

I am afraid somehow I made an error with the last patch I provided. I was sur=
e I transferred the ovpnmain.cgi file from my virtual testbed system and crea=
ted the patch for bug#13137 from that.

However after upgrading the virtual machines I am finding that the legacy bit=
s are not being applied to legacy certs but to openssl-3.x certs.

It looks like I submitted the subroutine iscertlegacy from ovpnmain.cgi with =
the return values the wrong way round.


The sub routine was issued like

  sub iscertlegacy
  {
          my $file=3D$_[0];
          my @certinfo =3D &General::system_output("/usr/bin/openssl", "pkcs1=
2", "-info", "-nodes",
          "-in", "$file.p12", "-noout", "-passin", "pass:''");
          if (index ($certinfo[0], "MAC: sha1") !=3D -1) {
                  return 0;
          }
          return 1;
  }

but it should have been

  sub iscertlegacy
  {
          my $file=3D$_[0];
          my @certinfo =3D &General::system_output("/usr/bin/openssl", "pkcs1=
2", "-info", "-nodes",
          "-in", "$file.p12", "-noout", "-passin", "pass:''");
          if (index ($certinfo[0], "MAC: sha1") !=3D -1) {
                  return 1;
          }
          return 0;
  }

I don't know how I managed to do that error but I did.

How can we deal with that now?

Sorry,
Adolf.


On 12/06/2023 12:45, IPFire Project wrote:
> IPFire Logo
>=20
> there is a new post from Michael Tremer on the IPFire Blog:
>=20
> *IPFire 2.27 - Core Update 175 released*
>=20
>     Finally, the next update, IPFire 2.27 - Core Update 175, has been relea=
sed! It updates OpenSSL to the 3.1 branch, features a kernel update as well a=
s a large number of package updates and a variety of bug fixes.
>=20
> Click Here To Read More <https://blog.ipfire.org/post/ipfire-2-27-core-upda=
te-175-released>
>=20
> The IPFire Project
> Don't like these emails? Unsubscribe <https://people.ipfire.org/unsubscribe=
>.
>=20

--===============3181131128315952416==--