Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[7406] branches/1.0/package/webinterface/altweb
|
From: <abe...@us...> - 2015-12-15 00:17:02
|
Revision: 7406
http://sourceforge.net/p/astlinux/code/7406
Author: abelbeck
Date: 2015-12-15 00:16:59 +0000 (Tue, 15 Dec 2015)
Log Message:
-----------
web interface, New SSL certificate creation, add new 'Signature Algorithm:' option, defaults to SHA-256. We previously hard-coded this to sha256, but some IP Phones with OpenVPN do not (yet) support SHA-256, this allows SHA-1 to be chosen
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
branches/1.0/package/webinterface/altweb/admin/openvpn.php
branches/1.0/package/webinterface/altweb/admin/openvpnclient.php
branches/1.0/package/webinterface/altweb/admin/siptlscert.php
branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php
branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php
branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php
Modified: branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -8,6 +8,7 @@
// ipsecmobile.php for AstLinux
// 11-23-2010
+// 12-14-2015, Added Signature Algorithm support
//
// System location of /mnt/kd/rc.conf.d directory
$IPSECMCONFDIR = '/mnt/kd/rc.conf.d';
@@ -30,15 +31,20 @@
// Function: ipsecmobile_openssl()
//
-function ipsecmobile_openssl($keysize, $dnsname) {
+function ipsecmobile_openssl($keysize, $algorithm, $dnsname) {
global $global_prefs;
// System location of gui.network.conf file
$NETCONFFILE = '/mnt/kd/rc.conf.d/gui.network.conf';
if ($keysize === '') {
- $keysize = '1024';
+ $keysize = '2048';
}
$opts['keysize'] = (int)$keysize;
+
+ if ($algorithm === '') {
+ $algorithm = 'sha256';
+ }
+ $opts['algorithm'] = $algorithm;
$opts['dnsname'] = $dnsname;
if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') {
@@ -75,8 +81,9 @@
return($ssl);
}
$key_size = getVARdef($db, 'IPSECM_CERT_KEYSIZE');
+$signature_algorithm = getVARdef($db, 'IPSECM_CERT_ALGORITHM');
$dns_name = getVARdef($db, 'IPSECM_CERT_DNSNAME');
-$openssl = ipsecmobile_openssl($key_size, $dns_name);
+$openssl = ipsecmobile_openssl($key_size, $signature_algorithm, $dns_name);
$nat_t_menu = array (
'off' => 'Disable',
@@ -136,6 +143,11 @@
'2048' => '2048 Bits'
);
+$signature_algorithm_menu = array (
+ 'sha1' => 'SHA-1',
+ 'sha256' => 'SHA-256'
+);
+
// Function: saveIPSECMsettings
//
function saveIPSECMsettings($conf_dir, $conf_file) {
@@ -210,6 +222,9 @@
$value = 'IPSECM_CERT_KEYSIZE="'.$_POST['key_size'].'"';
fwrite($fp, "### Private Key Size\n".$value."\n");
+ $value = 'IPSECM_CERT_ALGORITHM="'.$_POST['signature_algorithm'].'"';
+ fwrite($fp, "### Signature Algorithm\n".$value."\n");
+
$value = 'IPSECM_CERT_DNSNAME="'.str_replace(' ', '', tuq($_POST['dns_name'])).'"';
fwrite($fp, "### Server Cert DNS Name\n".$value."\n");
@@ -269,8 +284,9 @@
}
// Rebuild openssl.cnf template for new CA
$key_size = $_POST['key_size'];
+ $signature_algorithm = $_POST['signature_algorithm'];
$dns_name = str_replace(' ', '', tuq($_POST['dns_name']));
- if (($openssl = ipsecmobile_openssl($key_size, $dns_name)) !== FALSE) {
+ if (($openssl = ipsecmobile_openssl($key_size, $signature_algorithm, $dns_name)) !== FALSE) {
if (opensslCREATEselfCert($openssl)) {
if (opensslCREATEserverCert($openssl)) {
$result = 30;
@@ -593,7 +609,7 @@
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Private Key Size:</td><td style="text-align: left;" colspan="4">');
if (($key_size = getVARdef($db, 'IPSECM_CERT_KEYSIZE')) === '') {
- $key_size = '1024';
+ $key_size = '2048';
}
putHtml('<select name="key_size">');
foreach ($key_size_menu as $key => $value) {
@@ -602,7 +618,21 @@
}
putHtml('</select>');
putHtml('</td></tr>');
+
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
+ putHtml('Signature Algorithm:</td><td style="text-align: left;" colspan="4">');
+ if (($signature_algorithm = getVARdef($db, 'IPSECM_CERT_ALGORITHM')) === '') {
+ $signature_algorithm = 'sha256';
+ }
+ putHtml('<select name="signature_algorithm">');
+ foreach ($signature_algorithm_menu as $key => $value) {
+ $sel = ($signature_algorithm === $key) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Server Cert DNS Name:</td><td style="text-align: left;" colspan="4">');
$value = getVARdef($db, 'IPSECM_CERT_DNSNAME');
putHtml('<input type="text" size="24" maxlength="128" value="'.$value.'" name="dns_name" />');
Modified: branches/1.0/package/webinterface/altweb/admin/openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpn.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/admin/openvpn.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -13,6 +13,7 @@
// 08-13-2010, Added QoS Passthrough, setting passtos
// 01-03-2013, Added private keysize support
// 02-13-2013, Added OpenVPN 2.3 IPv6 support
+// 12-14-2015, Added Signature Algorithm support
//
// System location of /mnt/kd/rc.conf.d directory
$OVPNCONFDIR = '/mnt/kd/rc.conf.d';
@@ -35,16 +36,21 @@
// Function: openvpn_openssl()
//
-function openvpn_openssl($keysize) {
+function openvpn_openssl($keysize, $algorithm) {
global $global_prefs;
// System location of gui.network.conf file
$NETCONFFILE = '/mnt/kd/rc.conf.d/gui.network.conf';
if ($keysize === '') {
- $keysize = '1024';
+ $keysize = '2048';
}
$opts['keysize'] = (int)$keysize;
+ if ($algorithm === '') {
+ $algorithm = 'sha256';
+ }
+ $opts['algorithm'] = $algorithm;
+
if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') {
$countryName = 'US';
}
@@ -79,7 +85,8 @@
return($ssl);
}
$key_size = getVARdef($db, 'OVPN_CERT_KEYSIZE');
-$openssl = openvpn_openssl($key_size);
+$signature_algorithm = getVARdef($db, 'OVPN_CERT_ALGORITHM');
+$openssl = openvpn_openssl($key_size, $signature_algorithm);
$cipher_menu = array (
'' => 'Use Default',
@@ -91,8 +98,8 @@
$auth_hmac_menu = array (
'' => 'Use Default',
- 'SHA1' => 'SHA1',
- 'SHA256' => 'SHA256'
+ 'SHA1' => 'SHA-1',
+ 'SHA256' => 'SHA-256'
);
$verbosity_menu = array (
@@ -119,6 +126,11 @@
'2048' => '2048 Bits'
);
+$signature_algorithm_menu = array (
+ 'sha1' => 'SHA-1',
+ 'sha256' => 'SHA-256'
+);
+
$topology_menu = array (
'' => 'Use Default',
'net30' => '[net30] older, OpenVPN 2.0 default',
@@ -204,6 +216,9 @@
$value = 'OVPN_CERT_KEYSIZE="'.$_POST['key_size'].'"';
fwrite($fp, "### Private Key Size\n".$value."\n");
+ $value = 'OVPN_CERT_ALGORITHM="'.$_POST['signature_algorithm'].'"';
+ fwrite($fp, "### Signature Algorithm\n".$value."\n");
+
if (opensslOPENVPNis_valid($openssl)) {
$value = 'OVPN_CA="'.$openssl['key_dir'].'/ca.crt"';
fwrite($fp, "### CA File\n".$value."\n");
@@ -397,7 +412,8 @@
}
// Rebuild openssl.cnf template for new CA
$key_size = $_POST['key_size'];
- if (($openssl = openvpn_openssl($key_size)) !== FALSE) {
+ $signature_algorithm = $_POST['signature_algorithm'];
+ if (($openssl = openvpn_openssl($key_size, $signature_algorithm)) !== FALSE) {
if (opensslCREATEselfCert($openssl)) {
if (opensslCREATEserverCert($openssl)) {
if (opensslCREATEdh_pem($openssl)) {
@@ -785,7 +801,7 @@
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Private Key Size:</td><td style="text-align: left;" colspan="4">');
if (($key_size = getVARdef($db, 'OVPN_CERT_KEYSIZE')) === '') {
- $key_size = '1024';
+ $key_size = '2048';
}
putHtml('<select name="key_size">');
foreach ($key_size_menu as $key => $value) {
@@ -795,6 +811,19 @@
putHtml('</select>');
putHtml('</td></tr>');
+ putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
+ putHtml('Signature Algorithm:</td><td style="text-align: left;" colspan="4">');
+ if (($signature_algorithm = getVARdef($db, 'OVPN_CERT_ALGORITHM')) === '') {
+ $signature_algorithm = 'sha256';
+ }
+ putHtml('<select name="signature_algorithm">');
+ foreach ($signature_algorithm_menu as $key => $value) {
+ $sel = ($signature_algorithm === $key) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('</td></tr>');
+
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="3">');
putHtml('Create New Certificate and Key:</td><td class="dialogText" style="text-align: left;" colspan="3">');
$msg = '';
Modified: branches/1.0/package/webinterface/altweb/admin/openvpnclient.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpnclient.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/admin/openvpnclient.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -47,8 +47,8 @@
$auth_hmac_menu = array (
'' => 'Use Default',
- 'SHA1' => 'SHA1',
- 'SHA256' => 'SHA256'
+ 'SHA1' => 'SHA-1',
+ 'SHA256' => 'SHA-256'
);
$nscerttype_menu = array (
Modified: branches/1.0/package/webinterface/altweb/admin/siptlscert.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -8,6 +8,7 @@
// siptlscert.php for AstLinux
// 11-12-2012
+// 12-14-2015, Added Signature Algorithm support
//
// System location of /mnt/kd/rc.conf.d directory
$SIPTLSCERTCONFDIR = '/mnt/kd/rc.conf.d';
@@ -30,7 +31,7 @@
// Function: siptlscert_openssl()
//
-function siptlscert_openssl($keysize, $dnsname) {
+function siptlscert_openssl($keysize, $algorithm, $dnsname) {
global $global_prefs;
// System location of gui.network.conf file
$NETCONFFILE = '/mnt/kd/rc.conf.d/gui.network.conf';
@@ -39,6 +40,11 @@
$keysize = '2048';
}
$opts['keysize'] = (int)$keysize;
+
+ if ($algorithm === '') {
+ $algorithm = 'sha256';
+ }
+ $opts['algorithm'] = $algorithm;
$opts['dnsname'] = $dnsname;
if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') {
@@ -75,14 +81,20 @@
return($ssl);
}
$key_size = getVARdef($db, 'SIPTLSCERT_CERT_KEYSIZE');
+$signature_algorithm = getVARdef($db, 'SIPTLSCERT_CERT_ALGORITHM');
$dns_name = getVARdef($db, 'SIPTLSCERT_CERT_DNSNAME');
-$openssl = siptlscert_openssl($key_size, $dns_name);
+$openssl = siptlscert_openssl($key_size, $signature_algorithm, $dns_name);
$key_size_menu = array (
'1024' => '1024 Bits',
'2048' => '2048 Bits'
);
+$signature_algorithm_menu = array (
+ 'sha1' => 'SHA-1',
+ 'sha256' => 'SHA-256'
+);
+
// Function: saveSIPTLSCERTsettings
//
function saveSIPTLSCERTsettings($conf_dir, $conf_file) {
@@ -101,6 +113,9 @@
$value = 'SIPTLSCERT_CERT_KEYSIZE="'.$_POST['key_size'].'"';
fwrite($fp, "### Private Key Size\n".$value."\n");
+ $value = 'SIPTLSCERT_CERT_ALGORITHM="'.$_POST['signature_algorithm'].'"';
+ fwrite($fp, "### Signature Algorithm\n".$value."\n");
+
$value = 'SIPTLSCERT_CERT_DNSNAME="'.str_replace(' ', '', tuq($_POST['dns_name'])).'"';
fwrite($fp, "### Server Cert DNS Name\n".$value."\n");
@@ -131,8 +146,9 @@
}
// Rebuild openssl.cnf template for new CA
$key_size = $_POST['key_size'];
+ $signature_algorithm = $_POST['signature_algorithm'];
$dns_name = str_replace(' ', '', tuq($_POST['dns_name']));
- if (($openssl = siptlscert_openssl($key_size, $dns_name)) !== FALSE) {
+ if (($openssl = siptlscert_openssl($key_size, $signature_algorithm, $dns_name)) !== FALSE) {
if (opensslCREATEselfCert($openssl)) {
if (opensslCREATEserverCert($openssl)) {
$result = 30;
@@ -281,7 +297,21 @@
}
putHtml('</select>');
putHtml('</td></tr>');
+
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
+ putHtml('Signature Algorithm:</td><td style="text-align: left;" colspan="4">');
+ if (($signature_algorithm = getVARdef($db, 'SIPTLSCERT_CERT_ALGORITHM')) === '') {
+ $signature_algorithm = 'sha256';
+ }
+ putHtml('<select name="signature_algorithm">');
+ foreach ($signature_algorithm_menu as $key => $value) {
+ $sel = ($signature_algorithm === $key) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Server Cert DNS Name:</td><td style="text-align: left;" colspan="4">');
if (($value = getVARdef($db, 'SIPTLSCERT_CERT_DNSNAME')) === '') {
$value = getPREFdef($global_prefs, 'dn_common_name_cmdstr');
Modified: branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -40,27 +40,27 @@
);
$ssl['configArgs'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'encrypt_key' => FALSE
);
$ssl['sign_ca'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'v3_ca',
'encrypt_key' => FALSE
);
$ssl['sign_server'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'ipsecmobile_server',
'encrypt_key' => FALSE
);
$ssl['sign_client'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'usr_cert',
'encrypt_key' => FALSE
Modified: branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -42,27 +42,27 @@
);
$ssl['configArgs'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'encrypt_key' => FALSE
);
$ssl['sign_ca'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'v3_ca',
'encrypt_key' => FALSE
);
$ssl['sign_server'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'openvpn_server',
'encrypt_key' => FALSE
);
$ssl['sign_client'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'usr_cert',
'encrypt_key' => FALSE
Modified: branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -40,27 +40,27 @@
);
$ssl['configArgs'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'encrypt_key' => FALSE
);
$ssl['sign_ca'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'v3_ca',
'encrypt_key' => FALSE
);
$ssl['sign_server'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'sip_tls_server',
'encrypt_key' => FALSE
);
$ssl['sign_client'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'usr_cert',
'encrypt_key' => FALSE
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
