[PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire
@ 2023-02-22 12:25 Michael Tremer
  2023-02-22 12:25 ` [PATCH 2/2] perl-TimeDate: Move from package into main system Michael Tremer
  2023-03-05 14:41 ` [PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire Peter Müller
  0 siblings, 2 replies; 4+ messages in thread
From: Michael Tremer @ 2023-02-22 12:25 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 12907 bytes --]

This will help with #11742 - OpenVPN: No method to replace expired
certificates.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 doc/language_issues.en    |  2 ++
 doc/language_issues.es    |  2 ++
 doc/language_issues.fr    |  2 ++
 doc/language_issues.it    |  2 ++
 doc/language_issues.nl    |  2 ++
 doc/language_issues.pl    |  2 ++
 doc/language_issues.ru    |  2 ++
 doc/language_issues.tr    |  2 ++
 doc/language_missings     | 14 +++++++++++
 html/cgi-bin/ovpnmain.cgi | 51 +++++++++++++++++++++++++--------------
 langs/de/cgi-bin/de.pl    |  2 ++
 langs/en/cgi-bin/en.pl    |  2 ++
 12 files changed, 67 insertions(+), 18 deletions(-)

diff --git a/doc/language_issues.en b/doc/language_issues.en
index c29e3bed6..474921415 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1413,6 +1413,8 @@ WARNING: untranslated string: only digits allowed in max retries field = Only di
 WARNING: untranslated string: only digits allowed in the idle timeout = Only digits allowed in the idle timeout.
 WARNING: untranslated string: open connections = Open Connections
 WARNING: untranslated string: openssl produced an error = OpenSSL produced an error
+WARNING: untranslated string: openvpn cert expires soon = Expires Soon
+WARNING: untranslated string: openvpn cert has expired = Expired
 WARNING: untranslated string: openvpn client = OpenVPN client
 WARNING: untranslated string: openvpn default = Default
 WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server.
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 0bd390d5d..91240dbe6 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -980,6 +980,8 @@ WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilitie
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: no data = unknown string
+WARNING: untranslated string: openvpn cert expires soon = Expires Soon
+WARNING: untranslated string: openvpn cert has expired = Expired
 WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: route config changed = unknown string
 WARNING: untranslated string: routing config added = unknown string
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 56d69d86e..f70cda819 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -946,6 +946,8 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: openvpn cert expires soon = Expires Soon
+WARNING: untranslated string: openvpn cert has expired = Expired
 WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: retbleed = Retbleed
 WARNING: untranslated string: route config changed = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 9999f947c..cfde3f8e4 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1174,6 +1174,8 @@ WARNING: untranslated string: one month = One Month
 WARNING: untranslated string: one week = One Week
 WARNING: untranslated string: one year = One Year
 WARNING: untranslated string: open connections = Open Connections
+WARNING: untranslated string: openvpn cert expires soon = Expires Soon
+WARNING: untranslated string: openvpn cert has expired = Expired
 WARNING: untranslated string: optional = Optional
 WARNING: untranslated string: otp qrcode = OTP QRCode
 WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 14a7b420e..738d7c706 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1197,6 +1197,8 @@ WARNING: untranslated string: one month = One Month
 WARNING: untranslated string: one week = One Week
 WARNING: untranslated string: one year = One Year
 WARNING: untranslated string: open connections = Open Connections
+WARNING: untranslated string: openvpn cert expires soon = Expires Soon
+WARNING: untranslated string: openvpn cert has expired = Expired
 WARNING: untranslated string: optional = Optional
 WARNING: untranslated string: otp qrcode = OTP QRCode
 WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index a53a208d9..ab21f1381 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1355,6 +1355,8 @@ WARNING: untranslated string: one month = One Month
 WARNING: untranslated string: one week = One Week
 WARNING: untranslated string: one year = One Year
 WARNING: untranslated string: open connections = Open Connections
+WARNING: untranslated string: openvpn cert expires soon = Expires Soon
+WARNING: untranslated string: openvpn cert has expired = Expired
 WARNING: untranslated string: openvpn default = Default
 WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server.
 WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol.
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index c5dc1aa61..6b2622f26 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1353,6 +1353,8 @@ WARNING: untranslated string: one month = One Month
 WARNING: untranslated string: one week = One Week
 WARNING: untranslated string: one year = One Year
 WARNING: untranslated string: open connections = Open Connections
+WARNING: untranslated string: openvpn cert expires soon = Expires Soon
+WARNING: untranslated string: openvpn cert has expired = Expired
 WARNING: untranslated string: openvpn default = Default
 WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server.
 WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol.
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 552082a96..6b86ebc7e 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1091,6 +1091,8 @@ WARNING: untranslated string: no entries = No entries at the moment.
 WARNING: untranslated string: not affected = Not Affected
 WARNING: untranslated string: not validating = Not validating
 WARNING: untranslated string: open connections = Open Connections
+WARNING: untranslated string: openvpn cert expires soon = Expires Soon
+WARNING: untranslated string: openvpn cert has expired = Expired
 WARNING: untranslated string: optional = Optional
 WARNING: untranslated string: otp qrcode = OTP QRCode
 WARNING: untranslated string: ovpn connection name = Connection Name
diff --git a/doc/language_missings b/doc/language_missings
index 65d38b422..934c5a60c 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -105,6 +105,8 @@
 < dns servers
 < hardware vulnerabilities
 < invalid ip or hostname
+< openvpn cert expires soon
+< openvpn cert has expired
 < service boot setting unavailable
 < transport mode does not support vti
 < wlanap
@@ -127,6 +129,8 @@
 < retbleed
 < service boot setting unavailable
 < show dh
+< openvpn cert expires soon
+< openvpn cert has expired
 < upload fcdsl.o
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
@@ -470,6 +474,8 @@
 < one week
 < one year
 < open connections
+< openvpn cert expires soon
+< openvpn cert has expired
 < optional
 < otp qrcode
 < outgoing compression in bytes per second
@@ -997,6 +1003,8 @@
 < one week
 < one year
 < open connections
+< openvpn cert expires soon
+< openvpn cert has expired
 < optional
 < otp qrcode
 < outgoing compression in bytes per second
@@ -1829,6 +1837,8 @@
 < one week
 < one year
 < open connections
+< openvpn cert expires soon
+< openvpn cert has expired
 < openvpn default
 < openvpn destination port used
 < openvpn disabled
@@ -2812,6 +2822,8 @@
 < one week
 < one year
 < open connections
+< openvpn cert expires soon
+< openvpn cert has expired
 < openvpn default
 < openvpn destination port used
 < openvpn disabled
@@ -3316,6 +3328,8 @@
 < not validating
 < okay
 < open connections
+< openvpn cert expires soon
+< openvpn cert has expired
 < optional
 < otp qrcode
 < ovpn connection name
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 42a7354fc..87bda4f1e 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -33,6 +33,7 @@ use File::Temp qw/ tempfile tempdir /;
 use strict;
 use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
 use Sort::Naturally;
+use Date::Parse;
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
@@ -5352,31 +5353,45 @@ END
 END
 		}
 	if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
-	if ($id % 2) {
-		print "<tr>";
-		$col="bgcolor='$color{'color20'}'";
-	} else {
-		print "<tr>";
-		$col="bgcolor='$color{'color22'}'";
-	}
-	print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
-	print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
-	#if ($confighash{$key}[4] eq 'cert') {
-	    #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
-	#} else {
-	    #print "<td align='left'>&nbsp;</td>";
-	#}
-	my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
-	my $cavalid;
 
+	# Fetch information about the certificate
+	my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text",
+		"-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+
+	my $expiryDate = 0;
+
+	# Parse the certificate information
 	foreach my $line (@cavalid) {
 		if ($line =~ /Not After : (.*)[\n]/) {
-			$cavalid    = $1;
-
+			$expiryDate = &Date::Parse::str2time($1);
 			last;
 		}
 	}
 
+	# Calculate the remaining time
+	my $remainingTime = $expiryDate - time();
+
+	# Create some simple booleans to check the status
+	my $hasExpired = ($remainingTime <= 0);
+	my $expiresSoon = ($remainingTime <= 30 * 24 * 3600);
+
+	print "<tr>";
+
+	if ($hasExpired || $expiresSoon) {
+		$col="bgcolor='$color{'color14'}'";
+	} elsif ($id % 2) {
+		$col="bgcolor='$color{'color20'}'";
+	} else {
+		$col="bgcolor='$color{'color22'}'";
+	}
+	print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]";
+	if ($hasExpired) {
+		print " ($Lang::tr{'openvpn cert has expired'})";
+	} elsif ($expiresSoon) {
+		print " ($Lang::tr{'openvpn cert expires soon'})";
+	}
+	print "</td>";
+	print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
 	print "<td align='center' $col>$confighash{$key}[25]</td>";
 	$col1="bgcolor='${Header::colourred}'";
 	my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 5fbab2ff8..a57b62ad8 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1884,6 +1884,8 @@
 'open connections' => 'Offene Verbindungen',
 'open to all' => 'Überschreibe externen Zugang zu ALL',
 'openssl produced an error' => 'OpenSSL hat einen Fehler verursacht',
+'openvpn cert expires soon' => 'Läuft bald ab',
+'openvpn cert has expired' => 'Abgelaufen',
 'openvpn client' => 'OpenVPN-Client',
 'openvpn default' => 'Vorgabe',
 'openvpn destination port used' => 'Der Zielport wird bereits von einer anderen OpenVPN-Server-Instanz genutzt.',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 80753b841..4dc9d8577 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1940,6 +1940,8 @@
 'open connections' => 'Open Connections',
 'open to all' => 'Override external access to ALL',
 'openssl produced an error' => 'OpenSSL produced an error',
+'openvpn cert expires soon' => 'Expires Soon',
+'openvpn cert has expired' => 'Expired',
 'openvpn client' => 'OpenVPN client',
 'openvpn default' => 'Default',
 'openvpn destination port used' => 'The destination port is already used by another OpenVPN server.',
-- 
2.30.2


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 2/2] perl-TimeDate: Move from package into main system
  2023-02-22 12:25 [PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire Michael Tremer
@ 2023-02-22 12:25 ` Michael Tremer
  2023-03-05 14:41   ` Peter Müller
  2023-03-05 14:41 ` [PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire Peter Müller
  1 sibling, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2023-02-22 12:25 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1608 bytes --]

This is now required by ovpnmain.cgi for certificate expiry time
detection.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 config/rootfiles/{packages => common}/perl-TimeDate | 0
 lfs/perl-TimeDate                                   | 5 -----
 lfs/swatch                                          | 4 ++--
 3 files changed, 2 insertions(+), 7 deletions(-)
 rename config/rootfiles/{packages => common}/perl-TimeDate (100%)

diff --git a/config/rootfiles/packages/perl-TimeDate b/config/rootfiles/common/perl-TimeDate
similarity index 100%
rename from config/rootfiles/packages/perl-TimeDate
rename to config/rootfiles/common/perl-TimeDate
diff --git a/lfs/perl-TimeDate b/lfs/perl-TimeDate
index b56c5e7f6..ccb6f534a 100644
--- a/lfs/perl-TimeDate
+++ b/lfs/perl-TimeDate
@@ -33,11 +33,6 @@ DL_FILE    = ${THISAPP}.tar.gz
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
-PROG       = perl-TimeDate
-DEPS       =
-PAK_VER    = 7
-
-SERVICES   =
 
 ###############################################################################
 # Top-level Rules
diff --git a/lfs/swatch b/lfs/swatch
index 227313e07..1071e9b12 100644
--- a/lfs/swatch
+++ b/lfs/swatch
@@ -34,9 +34,9 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = swatch
-PAK_VER    = 6
+PAK_VER    = 7
 
-DEPS       = perl-File-Tail perl-Date-Calc perl-TimeDate perl-Date-Manip
+DEPS       = perl-File-Tail perl-Date-Calc perl-Date-Manip
 
 SERVICES   =
 
-- 
2.30.2


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire
  2023-02-22 12:25 [PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire Michael Tremer
  2023-02-22 12:25 ` [PATCH 2/2] perl-TimeDate: Move from package into main system Michael Tremer
@ 2023-03-05 14:41 ` Peter Müller
  1 sibling, 0 replies; 4+ messages in thread
From: Peter Müller @ 2023-03-05 14:41 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 13532 bytes --]

Acked-by: Peter Müller <peter.mueller(a)ipfire.org>

> This will help with #11742 - OpenVPN: No method to replace expired
> certificates.
> 
> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
>  doc/language_issues.en    |  2 ++
>  doc/language_issues.es    |  2 ++
>  doc/language_issues.fr    |  2 ++
>  doc/language_issues.it    |  2 ++
>  doc/language_issues.nl    |  2 ++
>  doc/language_issues.pl    |  2 ++
>  doc/language_issues.ru    |  2 ++
>  doc/language_issues.tr    |  2 ++
>  doc/language_missings     | 14 +++++++++++
>  html/cgi-bin/ovpnmain.cgi | 51 +++++++++++++++++++++++++--------------
>  langs/de/cgi-bin/de.pl    |  2 ++
>  langs/en/cgi-bin/en.pl    |  2 ++
>  12 files changed, 67 insertions(+), 18 deletions(-)
> 
> diff --git a/doc/language_issues.en b/doc/language_issues.en
> index c29e3bed6..474921415 100644
> --- a/doc/language_issues.en
> +++ b/doc/language_issues.en
> @@ -1413,6 +1413,8 @@ WARNING: untranslated string: only digits allowed in max retries field = Only di
>  WARNING: untranslated string: only digits allowed in the idle timeout = Only digits allowed in the idle timeout.
>  WARNING: untranslated string: open connections = Open Connections
>  WARNING: untranslated string: openssl produced an error = OpenSSL produced an error
> +WARNING: untranslated string: openvpn cert expires soon = Expires Soon
> +WARNING: untranslated string: openvpn cert has expired = Expired
>  WARNING: untranslated string: openvpn client = OpenVPN client
>  WARNING: untranslated string: openvpn default = Default
>  WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server.
> diff --git a/doc/language_issues.es b/doc/language_issues.es
> index 0bd390d5d..91240dbe6 100644
> --- a/doc/language_issues.es
> +++ b/doc/language_issues.es
> @@ -980,6 +980,8 @@ WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilitie
>  WARNING: untranslated string: info messages = unknown string
>  WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
>  WARNING: untranslated string: no data = unknown string
> +WARNING: untranslated string: openvpn cert expires soon = Expires Soon
> +WARNING: untranslated string: openvpn cert has expired = Expired
>  WARNING: untranslated string: pakfire ago = ago.
>  WARNING: untranslated string: route config changed = unknown string
>  WARNING: untranslated string: routing config added = unknown string
> diff --git a/doc/language_issues.fr b/doc/language_issues.fr
> index 56d69d86e..f70cda819 100644
> --- a/doc/language_issues.fr
> +++ b/doc/language_issues.fr
> @@ -946,6 +946,8 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
>  WARNING: untranslated string: guardian logtarget_syslog = unknown string
>  WARNING: untranslated string: guardian no entries = unknown string
>  WARNING: untranslated string: guardian service = unknown string
> +WARNING: untranslated string: openvpn cert expires soon = Expires Soon
> +WARNING: untranslated string: openvpn cert has expired = Expired
>  WARNING: untranslated string: pakfire ago = ago.
>  WARNING: untranslated string: retbleed = Retbleed
>  WARNING: untranslated string: route config changed = unknown string
> diff --git a/doc/language_issues.it b/doc/language_issues.it
> index 9999f947c..cfde3f8e4 100644
> --- a/doc/language_issues.it
> +++ b/doc/language_issues.it
> @@ -1174,6 +1174,8 @@ WARNING: untranslated string: one month = One Month
>  WARNING: untranslated string: one week = One Week
>  WARNING: untranslated string: one year = One Year
>  WARNING: untranslated string: open connections = Open Connections
> +WARNING: untranslated string: openvpn cert expires soon = Expires Soon
> +WARNING: untranslated string: openvpn cert has expired = Expired
>  WARNING: untranslated string: optional = Optional
>  WARNING: untranslated string: otp qrcode = OTP QRCode
>  WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression
> diff --git a/doc/language_issues.nl b/doc/language_issues.nl
> index 14a7b420e..738d7c706 100644
> --- a/doc/language_issues.nl
> +++ b/doc/language_issues.nl
> @@ -1197,6 +1197,8 @@ WARNING: untranslated string: one month = One Month
>  WARNING: untranslated string: one week = One Week
>  WARNING: untranslated string: one year = One Year
>  WARNING: untranslated string: open connections = Open Connections
> +WARNING: untranslated string: openvpn cert expires soon = Expires Soon
> +WARNING: untranslated string: openvpn cert has expired = Expired
>  WARNING: untranslated string: optional = Optional
>  WARNING: untranslated string: otp qrcode = OTP QRCode
>  WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression
> diff --git a/doc/language_issues.pl b/doc/language_issues.pl
> index a53a208d9..ab21f1381 100644
> --- a/doc/language_issues.pl
> +++ b/doc/language_issues.pl
> @@ -1355,6 +1355,8 @@ WARNING: untranslated string: one month = One Month
>  WARNING: untranslated string: one week = One Week
>  WARNING: untranslated string: one year = One Year
>  WARNING: untranslated string: open connections = Open Connections
> +WARNING: untranslated string: openvpn cert expires soon = Expires Soon
> +WARNING: untranslated string: openvpn cert has expired = Expired
>  WARNING: untranslated string: openvpn default = Default
>  WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server.
>  WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol.
> diff --git a/doc/language_issues.ru b/doc/language_issues.ru
> index c5dc1aa61..6b2622f26 100644
> --- a/doc/language_issues.ru
> +++ b/doc/language_issues.ru
> @@ -1353,6 +1353,8 @@ WARNING: untranslated string: one month = One Month
>  WARNING: untranslated string: one week = One Week
>  WARNING: untranslated string: one year = One Year
>  WARNING: untranslated string: open connections = Open Connections
> +WARNING: untranslated string: openvpn cert expires soon = Expires Soon
> +WARNING: untranslated string: openvpn cert has expired = Expired
>  WARNING: untranslated string: openvpn default = Default
>  WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server.
>  WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol.
> diff --git a/doc/language_issues.tr b/doc/language_issues.tr
> index 552082a96..6b86ebc7e 100644
> --- a/doc/language_issues.tr
> +++ b/doc/language_issues.tr
> @@ -1091,6 +1091,8 @@ WARNING: untranslated string: no entries = No entries at the moment.
>  WARNING: untranslated string: not affected = Not Affected
>  WARNING: untranslated string: not validating = Not validating
>  WARNING: untranslated string: open connections = Open Connections
> +WARNING: untranslated string: openvpn cert expires soon = Expires Soon
> +WARNING: untranslated string: openvpn cert has expired = Expired
>  WARNING: untranslated string: optional = Optional
>  WARNING: untranslated string: otp qrcode = OTP QRCode
>  WARNING: untranslated string: ovpn connection name = Connection Name
> diff --git a/doc/language_missings b/doc/language_missings
> index 65d38b422..934c5a60c 100644
> --- a/doc/language_missings
> +++ b/doc/language_missings
> @@ -105,6 +105,8 @@
>  < dns servers
>  < hardware vulnerabilities
>  < invalid ip or hostname
> +< openvpn cert expires soon
> +< openvpn cert has expired
>  < service boot setting unavailable
>  < transport mode does not support vti
>  < wlanap
> @@ -127,6 +129,8 @@
>  < retbleed
>  < service boot setting unavailable
>  < show dh
> +< openvpn cert expires soon
> +< openvpn cert has expired
>  < upload fcdsl.o
>  ############################################################################
>  # Checking cgi-bin translations for language: it                           #
> @@ -470,6 +474,8 @@
>  < one week
>  < one year
>  < open connections
> +< openvpn cert expires soon
> +< openvpn cert has expired
>  < optional
>  < otp qrcode
>  < outgoing compression in bytes per second
> @@ -997,6 +1003,8 @@
>  < one week
>  < one year
>  < open connections
> +< openvpn cert expires soon
> +< openvpn cert has expired
>  < optional
>  < otp qrcode
>  < outgoing compression in bytes per second
> @@ -1829,6 +1837,8 @@
>  < one week
>  < one year
>  < open connections
> +< openvpn cert expires soon
> +< openvpn cert has expired
>  < openvpn default
>  < openvpn destination port used
>  < openvpn disabled
> @@ -2812,6 +2822,8 @@
>  < one week
>  < one year
>  < open connections
> +< openvpn cert expires soon
> +< openvpn cert has expired
>  < openvpn default
>  < openvpn destination port used
>  < openvpn disabled
> @@ -3316,6 +3328,8 @@
>  < not validating
>  < okay
>  < open connections
> +< openvpn cert expires soon
> +< openvpn cert has expired
>  < optional
>  < otp qrcode
>  < ovpn connection name
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index 42a7354fc..87bda4f1e 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -33,6 +33,7 @@ use File::Temp qw/ tempfile tempdir /;
>  use strict;
>  use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
>  use Sort::Naturally;
> +use Date::Parse;
>  require '/var/ipfire/general-functions.pl';
>  require "${General::swroot}/lang.pl";
>  require "${General::swroot}/header.pl";
> @@ -5352,31 +5353,45 @@ END
>  END
>  		}
>  	if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
> -	if ($id % 2) {
> -		print "<tr>";
> -		$col="bgcolor='$color{'color20'}'";
> -	} else {
> -		print "<tr>";
> -		$col="bgcolor='$color{'color22'}'";
> -	}
> -	print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
> -	print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
> -	#if ($confighash{$key}[4] eq 'cert') {
> -	    #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
> -	#} else {
> -	    #print "<td align='left'>&nbsp;</td>";
> -	#}
> -	my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
> -	my $cavalid;
>  
> +	# Fetch information about the certificate
> +	my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text",
> +		"-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
> +
> +	my $expiryDate = 0;
> +
> +	# Parse the certificate information
>  	foreach my $line (@cavalid) {
>  		if ($line =~ /Not After : (.*)[\n]/) {
> -			$cavalid    = $1;
> -
> +			$expiryDate = &Date::Parse::str2time($1);
>  			last;
>  		}
>  	}
>  
> +	# Calculate the remaining time
> +	my $remainingTime = $expiryDate - time();
> +
> +	# Create some simple booleans to check the status
> +	my $hasExpired = ($remainingTime <= 0);
> +	my $expiresSoon = ($remainingTime <= 30 * 24 * 3600);
> +
> +	print "<tr>";
> +
> +	if ($hasExpired || $expiresSoon) {
> +		$col="bgcolor='$color{'color14'}'";
> +	} elsif ($id % 2) {
> +		$col="bgcolor='$color{'color20'}'";
> +	} else {
> +		$col="bgcolor='$color{'color22'}'";
> +	}
> +	print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]";
> +	if ($hasExpired) {
> +		print " ($Lang::tr{'openvpn cert has expired'})";
> +	} elsif ($expiresSoon) {
> +		print " ($Lang::tr{'openvpn cert expires soon'})";
> +	}
> +	print "</td>";
> +	print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
>  	print "<td align='center' $col>$confighash{$key}[25]</td>";
>  	$col1="bgcolor='${Header::colourred}'";
>  	my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
> index 5fbab2ff8..a57b62ad8 100644
> --- a/langs/de/cgi-bin/de.pl
> +++ b/langs/de/cgi-bin/de.pl
> @@ -1884,6 +1884,8 @@
>  'open connections' => 'Offene Verbindungen',
>  'open to all' => 'Überschreibe externen Zugang zu ALL',
>  'openssl produced an error' => 'OpenSSL hat einen Fehler verursacht',
> +'openvpn cert expires soon' => 'Läuft bald ab',
> +'openvpn cert has expired' => 'Abgelaufen',
>  'openvpn client' => 'OpenVPN-Client',
>  'openvpn default' => 'Vorgabe',
>  'openvpn destination port used' => 'Der Zielport wird bereits von einer anderen OpenVPN-Server-Instanz genutzt.',
> diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
> index 80753b841..4dc9d8577 100644
> --- a/langs/en/cgi-bin/en.pl
> +++ b/langs/en/cgi-bin/en.pl
> @@ -1940,6 +1940,8 @@
>  'open connections' => 'Open Connections',
>  'open to all' => 'Override external access to ALL',
>  'openssl produced an error' => 'OpenSSL produced an error',
> +'openvpn cert expires soon' => 'Expires Soon',
> +'openvpn cert has expired' => 'Expired',
>  'openvpn client' => 'OpenVPN client',
>  'openvpn default' => 'Default',
>  'openvpn destination port used' => 'The destination port is already used by another OpenVPN server.',

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] perl-TimeDate: Move from package into main system
  2023-02-22 12:25 ` [PATCH 2/2] perl-TimeDate: Move from package into main system Michael Tremer
@ 2023-03-05 14:41   ` Peter Müller
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Müller @ 2023-03-05 14:41 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1743 bytes --]

Acked-by: Peter Müller <peter.mueller(a)ipfire.org>

> This is now required by ovpnmain.cgi for certificate expiry time
> detection.
> 
> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
>  config/rootfiles/{packages => common}/perl-TimeDate | 0
>  lfs/perl-TimeDate                                   | 5 -----
>  lfs/swatch                                          | 4 ++--
>  3 files changed, 2 insertions(+), 7 deletions(-)
>  rename config/rootfiles/{packages => common}/perl-TimeDate (100%)
> 
> diff --git a/config/rootfiles/packages/perl-TimeDate b/config/rootfiles/common/perl-TimeDate
> similarity index 100%
> rename from config/rootfiles/packages/perl-TimeDate
> rename to config/rootfiles/common/perl-TimeDate
> diff --git a/lfs/perl-TimeDate b/lfs/perl-TimeDate
> index b56c5e7f6..ccb6f534a 100644
> --- a/lfs/perl-TimeDate
> +++ b/lfs/perl-TimeDate
> @@ -33,11 +33,6 @@ DL_FILE    = ${THISAPP}.tar.gz
>  DL_FROM    = $(URL_IPFIRE)
>  DIR_APP    = $(DIR_SRC)/$(THISAPP)
>  TARGET     = $(DIR_INFO)/$(THISAPP)
> -PROG       = perl-TimeDate
> -DEPS       =
> -PAK_VER    = 7
> -
> -SERVICES   =
>  
>  ###############################################################################
>  # Top-level Rules
> diff --git a/lfs/swatch b/lfs/swatch
> index 227313e07..1071e9b12 100644
> --- a/lfs/swatch
> +++ b/lfs/swatch
> @@ -34,9 +34,9 @@ DL_FROM    = $(URL_IPFIRE)
>  DIR_APP    = $(DIR_SRC)/$(THISAPP)
>  TARGET     = $(DIR_INFO)/$(THISAPP)
>  PROG       = swatch
> -PAK_VER    = 6
> +PAK_VER    = 7
>  
> -DEPS       = perl-File-Tail perl-Date-Calc perl-TimeDate perl-Date-Manip
> +DEPS       = perl-File-Tail perl-Date-Calc perl-Date-Manip
>  
>  SERVICES   =
>  

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-03-05 14:41 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-22 12:25 [PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire Michael Tremer
2023-02-22 12:25 ` [PATCH 2/2] perl-TimeDate: Move from package into main system Michael Tremer
2023-03-05 14:41   ` Peter Müller
2023-03-05 14:41 ` [PATCH 1/2] OpenVPN: Show indication when OpenVPN certificates expire Peter Müller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox