This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via a201764e756895ed5fc23028863ba3b0e8bb406d (commit) from d3a520fa68d2d0198ddca827a96a4e2cbb595d8a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a201764e756895ed5fc23028863ba3b0e8bb406d Author: Peter Müller peter.mueller@ipfire.org Date: Tue Apr 4 20:25:55 2023 +0000
ovpnmain.cgi: Do not determine certificate expiry status for N2N connections
https://wiki.ipfire.org/devel/telco/2023-04-03
Fixes: #13066 Signed-off-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
Summary of changes: html/cgi-bin/ovpnmain.cgi | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-)
Difference in files: diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 87bda4f1e..51d6e8431 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -5354,26 +5354,37 @@ END } if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
- # Fetch information about the certificate - my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", - "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem"); + # Create some simple booleans to check the status + my $hasExpired; + my $expiresSoon;
- my $expiryDate = 0; + # Fetch information about the certificate for non-N2N connections only + if ($confighash{$key}[3] ne 'net') { + my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", + "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
- # Parse the certificate information - foreach my $line (@cavalid) { - if ($line =~ /Not After : (.*)[\n]/) { - $expiryDate = &Date::Parse::str2time($1); - last; + my $expiryDate = 0; + + # Parse the certificate information + foreach my $line (@cavalid) { + if ($line =~ /Not After : (.*)[\n]/) { + $expiryDate = &Date::Parse::str2time($1); + last; + } } - }
- # Calculate the remaining time - my $remainingTime = $expiryDate - time(); + # Calculate the remaining time + my $remainingTime = $expiryDate - time();
- # Create some simple booleans to check the status - my $hasExpired = ($remainingTime <= 0); - my $expiresSoon = ($remainingTime <= 30 * 24 * 3600); + # Determine whether the certificate has already expired, or will so soon + $hasExpired = ($remainingTime <= 0); + $expiresSoon = ($remainingTime <= 30 * 24 * 3600); + + } else { + # Populate booleans with dummy values for N2N connections (#13066) + $hasExpired = 0; + $expiresSoon = 0; + }
print "<tr>";
hooks/post-receive -- IPFire 2.x development tree