From: <abe...@us...> - 2013-01-03 22:37:15
|
Revision: 5855 http://astlinux.svn.sourceforge.net/astlinux/?rev=5855&view=rev Author: abelbeck Date: 2013-01-03 22:37:07 +0000 (Thu, 03 Jan 2013) Log Message: ----------- web interface, OpenVPN Server sub-tab, adds a new 'Private Key Size:' entry, 1024 or 2048 Bits Modified Paths: -------------- branches/1.0/package/webinterface/altweb/admin/openvpn.php branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php branches/1.0/package/webinterface/altweb/common/version.php Modified: branches/1.0/package/webinterface/altweb/admin/openvpn.php =================================================================== --- branches/1.0/package/webinterface/altweb/admin/openvpn.php 2013-01-03 19:18:59 UTC (rev 5854) +++ branches/1.0/package/webinterface/altweb/admin/openvpn.php 2013-01-03 22:37:07 UTC (rev 5855) @@ -1,6 +1,6 @@ <?php -// Copyright (C) 2008-2009 Lonnie Abelbeck +// Copyright (C) 2008-2013 Lonnie Abelbeck // This is free software, licensed under the GNU General Public License // version 3 as published by the Free Software Foundation; you can // redistribute it and/or modify it under the terms of the GNU @@ -11,6 +11,7 @@ // 12-27-2008, Added Certificate Support // 02-06-2009, Added tls-verify, temporarily disable clients // 08-13-2010, Added QoS Passthrough, setting passtos +// 01-03-2013, Added private keysize support // // System location of /mnt/kd/rc.conf.d directory $OVPNCONFDIR = '/mnt/kd/rc.conf.d'; @@ -25,13 +26,24 @@ require_once '../common/openssl.php'; +if (is_file($OVPNCONFFILE)) { + $db = parseRCconf($OVPNCONFFILE); +} else { + $db = NULL; +} + // Function: openvpn_openssl() // -function openvpn_openssl() { +function openvpn_openssl($keysize) { global $global_prefs; // System location of gui.network.conf file $NETCONFFILE = '/mnt/kd/rc.conf.d/gui.network.conf'; + if ($keysize === '') { + $keysize = '1024'; + } + $opts['keysize'] = (int)$keysize; + if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') { $countryName = 'US'; } @@ -51,8 +63,8 @@ } if (($commonName = getPREFdef($global_prefs, 'dn_common_name_cmdstr')) === '') { if (is_file($NETCONFFILE)) { - $db = parseRCconf($NETCONFFILE); - if (($commonName = getVARdef($db, 'HOSTNAME').'.'.getVARdef($db, 'DOMAIN')) === '') { + $vars = parseRCconf($NETCONFFILE); + if (($commonName = getVARdef($vars, 'HOSTNAME').'.'.getVARdef($vars, 'DOMAIN')) === '') { $commonName = 'pbx.astlinux'; } } else { @@ -62,10 +74,11 @@ if (($email = getPREFdef($global_prefs, 'dn_email_address_cmdstr')) === '') { $email = 'in...@as...'; } - $ssl = openvpnSETUP($countryName, $stateName, $localityName, $orgName, $orgUnit, $commonName, $email); + $ssl = openvpnSETUP($opts, $countryName, $stateName, $localityName, $orgName, $orgUnit, $commonName, $email); return($ssl); } -$openssl = openvpn_openssl(); +$key_size = getVARdef($db, 'OVPN_CERT_KEYSIZE'); +$openssl = openvpn_openssl($key_size); $cipher_menu = array ( '' => 'Default Cipher', @@ -87,6 +100,11 @@ 'yes' => 'Cert. + User/Pass' ); +$key_size_menu = array ( + '1024' => '1024 Bits', + '2048' => '2048 Bits' +); + // Function: saveOVPNsettings // function saveOVPNsettings($conf_dir, $conf_file, $disabled = NULL) { @@ -150,6 +168,9 @@ } fwrite($fp, '"'."\n"); + $value = 'OVPN_CERT_KEYSIZE="'.$_POST['key_size'].'"'; + fwrite($fp, "### Private Key Size\n".$value."\n"); + if (opensslOPENVPNis_valid($openssl)) { $value = 'OVPN_CA="'.$openssl['key_dir'].'/ca.crt"'; fwrite($fp, "### CA File\n".$value."\n"); @@ -246,7 +267,8 @@ @unlink($openssl['config']); } // Rebuild openssl.cnf template for new CA - if (($openssl = openvpn_openssl()) !== FALSE) { + $key_size = $_POST['key_size']; + if (($openssl = openvpn_openssl($key_size)) !== FALSE) { if (opensslCREATEselfCert($openssl)) { if (opensslCREATEserverCert($openssl)) { if (opensslCREATEdh_pem($openssl)) { @@ -336,12 +358,6 @@ $ACCESS_RIGHTS = 'admin'; require_once '../common/header.php'; - if (is_file($OVPNCONFFILE)) { - $db = parseRCconf($OVPNCONFFILE); - } else { - $db = NULL; - } - putHtml("<center>"); if (isset($_GET['result'])) { $result = $_GET['result']; @@ -558,6 +574,20 @@ putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="6">'); putHtml('<strong>Server Certificate and Key:</strong>'); putHtml('</td></tr>'); + + putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">'); + putHtml('Private Key Size:</td><td style="text-align: left;" colspan="4">'); + if (($key_size = getVARdef($db, 'OVPN_CERT_KEYSIZE')) === '') { + $key_size = '1024'; + } + putHtml('<select name="key_size">'); + foreach ($key_size_menu as $key => $value) { + $sel = ($key_size === (string)$key) ? ' selected="selected"' : ''; + putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>'); + } + putHtml('</select>'); + putHtml('</td></tr>'); + putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="3">'); putHtml('Create New Certificate and Key:</td><td class="dialogText" style="text-align: left;" colspan="3">'); $msg = ''; Modified: branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php =================================================================== --- branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php 2013-01-03 19:18:59 UTC (rev 5854) +++ branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php 2013-01-03 22:37:07 UTC (rev 5855) @@ -1,6 +1,6 @@ <?php -// Copyright (C) 2008-2009 Lonnie Abelbeck +// Copyright (C) 2008-2013 Lonnie Abelbeck // This is free software, licensed under the GNU General Public License // version 3 as published by the Free Software Foundation; you can // redistribute it and/or modify it under the terms of the GNU @@ -8,11 +8,12 @@ // openssl-openvpn.php for AstLinux // 05-24-2009 +// 01-03-2013, Added private keysize support // // Function: openvpnSETUP() // -function openvpnSETUP($countryName, $stateName, $localityName, $orgName, $orgUnit, $commonName, $email) { +function openvpnSETUP($opts, $countryName, $stateName, $localityName, $orgName, $orgUnit, $commonName, $email) { // System location of OpenSSL default configuration file $OPENSSL_CNF = '/usr/lib/ssl/openssl.cnf'; @@ -42,27 +43,27 @@ $ssl['configArgs'] = array( 'config' => $ssl['config'], 'digest_alg' => 'sha1', - 'private_key_bits' => 1024, + 'private_key_bits' => $opts['keysize'], 'encrypt_key' => FALSE ); $ssl['sign_ca'] = array( 'config' => $ssl['config'], 'digest_alg' => 'sha1', - 'private_key_bits' => 1024, + 'private_key_bits' => $opts['keysize'], 'x509_extensions' => 'v3_ca', 'encrypt_key' => FALSE ); $ssl['sign_server'] = array( 'config' => $ssl['config'], 'digest_alg' => 'sha1', - 'private_key_bits' => 1024, + 'private_key_bits' => $opts['keysize'], 'x509_extensions' => 'openvpn_server', 'encrypt_key' => FALSE ); $ssl['sign_client'] = array( 'config' => $ssl['config'], 'digest_alg' => 'sha1', - 'private_key_bits' => 1024, + 'private_key_bits' => $opts['keysize'], 'x509_extensions' => 'usr_cert', 'encrypt_key' => FALSE ); Modified: branches/1.0/package/webinterface/altweb/common/version.php =================================================================== --- branches/1.0/package/webinterface/altweb/common/version.php 2013-01-03 19:18:59 UTC (rev 5854) +++ branches/1.0/package/webinterface/altweb/common/version.php 2013-01-03 22:37:07 UTC (rev 5855) @@ -1,6 +1,6 @@ <?php // version.php for AstLinux Alternate Web Interface -$GUI_VERSION = '1.8.19'; +$GUI_VERSION = '1.8.20'; ?> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |