From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a201764e756895ed5fc23028863ba3b0e8bb406d Date: Tue, 04 Apr 2023 20:27:03 +0000 Message-ID: <4PrfSR4Q9Dz2xcm@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6690714780504315056==" List-Id: --===============6690714780504315056== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via a201764e756895ed5fc23028863ba3b0e8bb406d (commit) from d3a520fa68d2d0198ddca827a96a4e2cbb595d8a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a201764e756895ed5fc23028863ba3b0e8bb406d Author: Peter M=C3=BCller Date: Tue Apr 4 20:25:55 2023 +0000 ovpnmain.cgi: Do not determine certificate expiry status for N2N connecti= ons =20 https://wiki.ipfire.org/devel/telco/2023-04-03 =20 Fixes: #13066 Signed-off-by: Peter M=C3=BCller ----------------------------------------------------------------------- Summary of changes: html/cgi-bin/ovpnmain.cgi | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) Difference in files: diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 87bda4f1e..51d6e8431 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2,7 +2,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2022 IPFire Team = # +# Copyright (C) 2007-2023 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -5354,26 +5354,37 @@ END } if ($confighash{$key}[0] eq 'on') { $gif =3D 'on.gif'; } else { $gif =3D 'o= ff.gif'; } =20 - # Fetch information about the certificate - my @cavalid =3D &General::system_output("/usr/bin/openssl", "x509", "-text", - "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem"); + # Create some simple booleans to check the status + my $hasExpired; + my $expiresSoon; =20 - my $expiryDate =3D 0; + # Fetch information about the certificate for non-N2N connections only + if ($confighash{$key}[3] ne 'net') { + my @cavalid =3D &General::system_output("/usr/bin/openssl", "x509", "-text= ", + "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem"); =20 - # Parse the certificate information - foreach my $line (@cavalid) { - if ($line =3D~ /Not After : (.*)[\n]/) { - $expiryDate =3D &Date::Parse::str2time($1); - last; + my $expiryDate =3D 0; + + # Parse the certificate information + foreach my $line (@cavalid) { + if ($line =3D~ /Not After : (.*)[\n]/) { + $expiryDate =3D &Date::Parse::str2time($1); + last; + } } - } =20 - # Calculate the remaining time - my $remainingTime =3D $expiryDate - time(); + # Calculate the remaining time + my $remainingTime =3D $expiryDate - time(); =20 - # Create some simple booleans to check the status - my $hasExpired =3D ($remainingTime <=3D 0); - my $expiresSoon =3D ($remainingTime <=3D 30 * 24 * 3600); + # Determine whether the certificate has already expired, or will so soon + $hasExpired =3D ($remainingTime <=3D 0); + $expiresSoon =3D ($remainingTime <=3D 30 * 24 * 3600); + + } else { + # Populate booleans with dummy values for N2N connections (#13066) + $hasExpired =3D 0; + $expiresSoon =3D 0; + } =20 print ""; =20 hooks/post-receive -- IPFire 2.x development tree --===============6690714780504315056==--