From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] backup(.pl): Replace OpenVPN DH parameter with ffdhe4096 Date: Wed, 14 Dec 2022 18:03:56 +0000 Message-ID: In-Reply-To: <68aebaea-c199-4fba-7f0a-ca1851d402d1@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2391726446216860855==" List-Id: --===============2391726446216860855== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This used to be a Perl script, but got rewritten. And it would have been a pain to change it since it is located in /var/ipfire= and so on. So I left the extension. > On 13 Dec 2022, at 15:48, Peter M=C3=BCller wr= ote: >=20 > Also, backup.pl is actually a shell script, so it should either go as "back= up.sh" > or without any file suffix whatsoever. :-) >=20 >> This ensures restoring a backup won't silently bring back an insecure >> Diffie-Hellman parameter (which could also not be inspected through the >> web interface anymore). >>=20 >> Reported-by: Michael Tremer >> Signed-off-by: Peter M=C3=BCller >> --- >> config/backup/backup.pl | 9 +++++++++ >> 1 file changed, 9 insertions(+) >>=20 >> diff --git a/config/backup/backup.pl b/config/backup/backup.pl >> index 6fd9e45bb..520d9315d 100644 >> --- a/config/backup/backup.pl >> +++ b/config/backup/backup.pl >> @@ -187,6 +187,15 @@ restore_backup() { >> # Update OpenVPN CRL >> /etc/fcron.daily/openvpn-crl-updater >>=20 >> + # Replace previously used OpenVPN Diffie-Hellman parameter by ffdhe4096 >> + if [ -f /var/ipfire/ovpn/server.conf ]; then >> + sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/i= pfire/ovpn/server.conf >> + fi >> + >> + if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then >> + sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/i= pfire/ovpn/n2nconf/*/*.conf >> + fi >> + >> return 0 >> } >>=20 --===============2391726446216860855==--