This makes commands shorter and therefore easier to read.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- html/cgi-bin/ovpnmain.cgi | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index c92d0237d..9b8ff5aa5 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -53,6 +53,9 @@ my %mainsettings = (); &General::readhash("${General::swroot}/main/settings", %mainsettings); &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", %color);
+# Use a custom OpenSSL configuration file for all operations +$ENV["OPENSSL_CONF"] = "${General::swroot}/ovpn/ca/cacert.pem"; + ### ### Initialize variables ### @@ -1835,8 +1838,7 @@ END unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-days', '999999', '-newkey', 'rsa:4096', '-sha512', '-keyout', "${General::swroot}/ovpn/ca/cakey.pem", - '-out', "${General::swroot}/ovpn/ca/cacert.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { + '-out', "${General::swroot}/ovpn/ca/cacert.pem")) { $errormessage = "$Lang::tr{'cant start openssl'}: $!"; goto ROOTCERT_ERROR; } @@ -1867,8 +1869,7 @@ END '-newkey', 'rsa:4096', '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem", '-out', "${General::swroot}/ovpn/certs/serverreq.pem", - '-extensions', 'server', - '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) { + '-extensions', 'server')) { $errormessage = "$Lang::tr{'cant start openssl'}: $!"; unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); unlink ("${General::swroot}/ovpn/certs/serverreq.pem"); @@ -1884,8 +1885,7 @@ END '-batch', '-notext', '-in', "${General::swroot}/ovpn/certs/serverreq.pem", '-out', "${General::swroot}/ovpn/certs/servercert.pem", - '-extensions', 'server', - '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf"); + '-extensions', 'server'); if ($?) { $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; unlink ("${General::swroot}/ovpn/ca/cakey.pem"); @@ -1903,8 +1903,7 @@ END # Create an empty CRL # System call is safe, because all arguments are passed as array. system('/usr/bin/openssl', 'ca', '-gencrl', - '-out', "${General::swroot}/ovpn/crls/cacrl.pem", - '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" ); + '-out', "${General::swroot}/ovpn/crls/cacrl.pem"); if ($?) { $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); @@ -2426,8 +2425,8 @@ else
if ($confighash{$cgiparams{'KEY'}}) { # Revoke certificate if certificate was deleted and rewrite the CRL - &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf"); - &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf"); + &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem");
### # m.a.d net2net @@ -2480,7 +2479,7 @@ else &General::system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]");
delete $confighash{$cgiparams{'KEY'}}; - &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf"); + &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem"); &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
} else { @@ -4052,8 +4051,7 @@ if ($cgiparams{'TYPE'} eq 'net') { system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}", '-batch', '-notext', '-in', $filename, - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf"); + '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); if ($?) { $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; unlink ($filename); @@ -4265,8 +4263,7 @@ if ($cgiparams{'TYPE'} eq 'net') { unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-newkey', 'rsa:4096', '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { + '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem")) { $errormessage = "$Lang::tr{'cant start openssl'}: $!"; unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); @@ -4279,8 +4276,7 @@ if ($cgiparams{'TYPE'} eq 'net') { system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}", '-batch', '-notext', '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf"); + '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); if ($?) { $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");