This makes commands shorter and therefore easier to read.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 30 +++++++++++++-----------------
1 file changed, 13 insertions(+), 17 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index c92d0237d..9b8ff5aa5 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -53,6 +53,9 @@ my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+# Use a custom OpenSSL configuration file for all operations
+$ENV["OPENSSL_CONF"] = "${General::swroot}/ovpn/ca/cacert.pem";
+
###
### Initialize variables
###
@@ -1835,8 +1838,7 @@ END
unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes',
'-days', '999999', '-newkey', 'rsa:4096', '-sha512',
'-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
- '-out', "${General::swroot}/ovpn/ca/cacert.pem",
- '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
+ '-out', "${General::swroot}/ovpn/ca/cacert.pem")) {
$errormessage = "$Lang::tr{'cant start openssl'}: $!";
goto ROOTCERT_ERROR;
}
@@ -1867,8 +1869,7 @@ END
'-newkey', 'rsa:4096',
'-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
'-out', "${General::swroot}/ovpn/certs/serverreq.pem",
- '-extensions', 'server',
- '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
+ '-extensions', 'server')) {
$errormessage = "$Lang::tr{'cant start openssl'}: $!";
unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
@@ -1884,8 +1885,7 @@ END
'-batch', '-notext',
'-in', "${General::swroot}/ovpn/certs/serverreq.pem",
'-out', "${General::swroot}/ovpn/certs/servercert.pem",
- '-extensions', 'server',
- '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
+ '-extensions', 'server');
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ("${General::swroot}/ovpn/ca/cakey.pem");
@@ -1903,8 +1903,7 @@ END
# Create an empty CRL
# System call is safe, because all arguments are passed as array.
system('/usr/bin/openssl', 'ca', '-gencrl',
- '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
- '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
+ '-out', "${General::swroot}/ovpn/crls/cacrl.pem");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
@@ -2426,8 +2425,8 @@ else
if ($confighash{$cgiparams{'KEY'}}) {
# Revoke certificate if certificate was deleted and rewrite the CRL
- &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
- &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
+ &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem");
###
# m.a.d net2net
@@ -2480,7 +2479,7 @@ else
&General::system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]");
delete $confighash{$cgiparams{'KEY'}};
- &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
+ &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem");
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
} else {
@@ -4052,8 +4051,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
'-batch', '-notext',
'-in', $filename,
- '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
- '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
+ '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ($filename);
@@ -4265,8 +4263,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
unless (exec ('/usr/bin/openssl', 'req', '-nodes',
'-newkey', 'rsa:4096',
'-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
- '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
- '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
+ '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem")) {
$errormessage = "$Lang::tr{'cant start openssl'}: $!";
unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
@@ -4279,8 +4276,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
'-batch', '-notext',
'-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
- '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
- '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
+ '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
--
2.39.2