[git.ipfire.org] IPFire 2.x development tree branch, next, updated. a201764e756895ed5fc23028863ba3b0e8bb406d

["Peter Müller" <git@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3867 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  a201764e756895ed5fc23028863ba3b0e8bb406d (commit)
      from  d3a520fa68d2d0198ddca827a96a4e2cbb595d8a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a201764e756895ed5fc23028863ba3b0e8bb406d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Tue Apr 4 20:25:55 2023 +0000

    ovpnmain.cgi: Do not determine certificate expiry status for N2N connections
    
    https://wiki.ipfire.org/devel/telco/2023-04-03
    
    Fixes: #13066
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 html/cgi-bin/ovpnmain.cgi | 43 +++++++++++++++++++++++++++----------------
 1 file changed, 27 insertions(+), 16 deletions(-)

Difference in files:
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 87bda4f1e..51d6e8431 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -5354,26 +5354,37 @@ END
 		}
 	if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
 
-	# Fetch information about the certificate
-	my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text",
-		"-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+	# Create some simple booleans to check the status
+	my $hasExpired;
+	my $expiresSoon;
 
-	my $expiryDate = 0;
+	# Fetch information about the certificate for non-N2N connections only
+	if ($confighash{$key}[3] ne 'net') {
+		my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text",
+			"-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
 
-	# Parse the certificate information
-	foreach my $line (@cavalid) {
-		if ($line =~ /Not After : (.*)[\n]/) {
-			$expiryDate = &Date::Parse::str2time($1);
-			last;
+		my $expiryDate = 0;
+
+		# Parse the certificate information
+		foreach my $line (@cavalid) {
+			if ($line =~ /Not After : (.*)[\n]/) {
+				$expiryDate = &Date::Parse::str2time($1);
+				last;
+			}
 		}
-	}
 
-	# Calculate the remaining time
-	my $remainingTime = $expiryDate - time();
+		# Calculate the remaining time
+		my $remainingTime = $expiryDate - time();
 
-	# Create some simple booleans to check the status
-	my $hasExpired = ($remainingTime <= 0);
-	my $expiresSoon = ($remainingTime <= 30 * 24 * 3600);
+		# Determine whether the certificate has already expired, or will so soon
+		$hasExpired = ($remainingTime <= 0);
+		$expiresSoon = ($remainingTime <= 30 * 24 * 3600);
+
+	} else {
+		# Populate booleans with dummy values for N2N connections (#13066)
+		$hasExpired = 0;
+		$expiresSoon = 0;
+	}
 
 	print "<tr>";
 


hooks/post-receive
--
IPFire 2.x development tree