Hi Michael,
I am afraid somehow I made an error with the last patch I provided. I was sure I transferred the ovpnmain.cgi file from my virtual testbed system and created the patch for bug#13137 from that.
However after upgrading the virtual machines I am finding that the legacy bits are not being applied to legacy certs but to openssl-3.x certs.
It looks like I submitted the subroutine iscertlegacy from ovpnmain.cgi with the return values the wrong way round.
The sub routine was issued like
sub iscertlegacy { my $file=$_[0]; my @certinfo = &General::system_output("/usr/bin/openssl", "pkcs12", "-info", "-nodes", "-in", "$file.p12", "-noout", "-passin", "pass:''"); if (index ($certinfo[0], "MAC: sha1") != -1) { return 0; } return 1; }
but it should have been
sub iscertlegacy { my $file=$_[0]; my @certinfo = &General::system_output("/usr/bin/openssl", "pkcs12", "-info", "-nodes", "-in", "$file.p12", "-noout", "-passin", "pass:''"); if (index ($certinfo[0], "MAC: sha1") != -1) { return 1; } return 0; }
I don't know how I managed to do that error but I did.
How can we deal with that now?
Sorry, Adolf.
On 12/06/2023 12:45, IPFire Project wrote:
IPFire Logo
there is a new post from Michael Tremer on the IPFire Blog:
*IPFire 2.27 - Core Update 175 released*
Finally, the next update, IPFire 2.27 - Core Update 175, has been released! It updates OpenSSL to the 3.1 branch, features a kernel update as well as a large number of package updates and a variety of bug fixes.Click Here To Read More https://blog.ipfire.org/post/ipfire-2-27-core-update-175-released
The IPFire Project Don't like these emails? Unsubscribe https://people.ipfire.org/unsubscribe.