- Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c3... from May 2021 put the variable containing the .p12 content into double quotes which causes the contents to be treated as text whereas the .p12 file is an application file. - Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so the problem was not noticed till now and flagged up in the forum. https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127 - The problem does not occur for the .p12 file in the zip file as the downloading of the zip file does not have the variable name in double quotes. - Putting the zip file variable into double quotes caused the downloaded zip file to be corrupt and not able to be opened as an archive. - Removing the double quotes from the .p12 variable name caused the separate .p12 file download to be able to be correctly opened. - The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem and ta.key file downloads. To be consistent the same change has been applied to these.
Fixes: Bug #2883 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- html/cgi-bin/ovpnmain.cgi | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index b8c3e5064..736d17541 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1564,7 +1564,7 @@ END print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); - print "@tmp"; + print @tmp;
exit(0); } else { @@ -1679,7 +1679,7 @@ END print "Content-Disposition: filename=cacert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem"); - print "@tmp"; + print @tmp;
exit(0); } @@ -1693,7 +1693,7 @@ END print "Content-Disposition: filename=servercert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem"); - print "@tmp"; + print @tmp;
exit(0); } @@ -1710,7 +1710,7 @@ END my @tmp = <FILE>; close(FILE);
- print "@tmp"; + print @tmp;
exit(0); } @@ -2615,7 +2615,7 @@ else my @tmp = <FILE>; close(FILE);
- print "@tmp"; + print @tmp; exit (0);
### @@ -3234,7 +3234,7 @@ END my @tmp = <FILE>; close(FILE);
- print "@tmp"; + print @tmp; exit (0); }
Adolf: Just noting that the subject of your message says fixes #12883, but on line 13 of your below message, it says #2883. I assume that's not terribly important, but figured I would point it out.
On 06/22/2022 4:22 PM, Adolf Belka wrote:
- Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c3... from May 2021 put the variable containing the .p12 content into double quotes which causes the contents to be treated as text whereas the .p12 file is an application file.
- Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so the problem was not noticed till now and flagged up in the forum. https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
- The problem does not occur for the .p12 file in the zip file as the downloading of the zip file does not have the variable name in double quotes.
- Putting the zip file variable into double quotes caused the downloaded zip file to be corrupt and not able to be opened as an archive.
- Removing the double quotes from the .p12 variable name caused the separate .p12 file download to be able to be correctly opened.
- The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem and ta.key file downloads. To be consistent the same change has been applied to these.
Fixes: Bug #2883 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
html/cgi-bin/ovpnmain.cgi | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index b8c3e5064..736d17541 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1564,7 +1564,7 @@ END print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
- print "@tmp";
print @tmp;
exit(0); } else {
@@ -1679,7 +1679,7 @@ END print "Content-Disposition: filename=cacert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
- print "@tmp";
print @tmp;
exit(0); }
@@ -1693,7 +1693,7 @@ END print "Content-Disposition: filename=servercert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
- print "@tmp";
print @tmp;
exit(0); }
@@ -1710,7 +1710,7 @@ END my @tmp = <FILE>; close(FILE);
- print "@tmp";
print @tmp;
exit(0); }
@@ -2615,7 +2615,7 @@ else my @tmp = <FILE>; close(FILE);
- print "@tmp";
print @tmp; exit (0);
###
@@ -3234,7 +3234,7 @@ END my @tmp = <FILE>; close(FILE);
- print "@tmp";
- print @tmp; exit (0); }
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 22 Jun 2022, at 21:22, Adolf Belka adolf.belka@ipfire.org wrote:
- Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c3... from May 2021 put the variable containing the .p12 content into double quotes which causes the contents to be treated as text whereas the .p12 file is an application file.
- Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so the problem was not noticed till now and flagged up in the forum. https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
- The problem does not occur for the .p12 file in the zip file as the downloading of the zip file does not have the variable name in double quotes.
- Putting the zip file variable into double quotes caused the downloaded zip file to be corrupt and not able to be opened as an archive.
- Removing the double quotes from the .p12 variable name caused the separate .p12 file download to be able to be correctly opened.
- The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem and ta.key file downloads. To be consistent the same change has been applied to these.
Fixes: Bug #2883 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
html/cgi-bin/ovpnmain.cgi | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index b8c3e5064..736d17541 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1564,7 +1564,7 @@ END print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
- print "@tmp";
print @tmp;
exit(0); } else {
@@ -1679,7 +1679,7 @@ END print "Content-Disposition: filename=cacert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
- print "@tmp";
print @tmp;
exit(0); }
@@ -1693,7 +1693,7 @@ END print "Content-Disposition: filename=servercert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
- print "@tmp";
print @tmp;
exit(0); }
@@ -1710,7 +1710,7 @@ END my @tmp = <FILE>; close(FILE);
- print "@tmp";
print @tmp;
exit(0); }
@@ -2615,7 +2615,7 @@ else my @tmp = <FILE>; close(FILE);
- print "@tmp";
- print @tmp; exit (0);
### @@ -3234,7 +3234,7 @@ END my @tmp = <FILE>; close(FILE);
- print "@tmp";
- print @tmp; exit (0); }
-- 2.36.1
-
Adolf Belka -
Michael Tremer -
Tom Rymes