/[smecontribs]/rpms/smeserver-openvpn-s2s/contribs10/smeserver-openvpn-s2s-0.2-sme10.patch
ViewVC logotype

Diff of /rpms/smeserver-openvpn-s2s/contribs10/smeserver-openvpn-s2s-0.2-sme10.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.2 by jpp, Tue Mar 30 05:09:44 2021 UTC Revision 1.5 by jpp, Tue Mar 30 06:47:35 2021 UTC
# Line 85  diff -Nur --no-dereference smeserver-ope Line 85  diff -Nur --no-dereference smeserver-ope
85       </entry>       </entry>
86  +  +
87  +    <entry>  +    <entry>
88  +        <base>UNSECURE</base>  +        <base>INSECURE</base>
89  +        <trans>Unsecure parameter</trans>  +        <trans>Insecure parameter</trans>
90  +    </entry>  +    </entry>
91  +    <entry>  +    <entry>
92  +        <base>SUGGESTED</base>  +        <base>SUGGESTED</base>
# Line 371  diff -Nur --no-dereference smeserver-ope Line 371  diff -Nur --no-dereference smeserver-ope
371              exit 1              exit 1
372  diff -Nur --no-dereference smeserver-openvpn-s2s-0.2.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm smeserver-openvpn-s2s-0.2/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm  diff -Nur --no-dereference smeserver-openvpn-s2s-0.2.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm smeserver-openvpn-s2s-0.2/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm
373  --- smeserver-openvpn-s2s-0.2.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm        2021-03-30 00:12:27.724000000 -0400  --- smeserver-openvpn-s2s-0.2.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm        2021-03-30 00:12:27.724000000 -0400
374  +++ smeserver-openvpn-s2s-0.2/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm    2021-03-30 01:07:35.564000000 -0400  +++ smeserver-openvpn-s2s-0.2/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/openvpns2s.pm    2021-03-30 01:19:05.081000000 -0400
375  @@ -26,6 +26,7 @@  @@ -26,6 +26,7 @@
376       remove_conf       remove_conf
377       print_conf_to_remove       print_conf_to_remove
# Line 394  diff -Nur --no-dereference smeserver-ope Line 394  diff -Nur --no-dereference smeserver-ope
394  +    }  +    }
395  +    if ($q->param("cipher") eq 'BF-CBC') {  +    if ($q->param("cipher") eq 'BF-CBC') {
396  +       my $tmpk = $ovpn_db->get($conf);  +       my $tmpk = $ovpn_db->get($conf);
397  +       $tmpk->delete_prop('cipher');  +       $tmpk->delete_prop('Cipher');
398  +    }  +    }
399  +    else {  +    else {
400  +       $ovpn_db->set_prop($conf, 'cipher', $q->param("cipher"));  +       $ovpn_db->set_prop($conf, 'Cipher', $q->param("cipher"));
401  +    }  +    }
402    
403       # Now, update the main configuration entry       # Now, update the main configuration entry
# Line 475  diff -Nur --no-dereference smeserver-ope Line 475  diff -Nur --no-dereference smeserver-ope
475           elsif ($status eq 'disabled'){           elsif ($status eq 'disabled'){
476               $status = $fm->localise('DISABLED');               $status = $fm->localise('DISABLED');
477           }           }
478  +        my $cipher = $config->prop('cipher') || 'BF-CBC';  +        my $cipher = $config->prop('Cipher') || 'BF-CBC';
479  +       $cipher = "<span style='color:red'>". $fm->localise('UNSECURE'). " $cipher</span> " unless ($cipher =~ /(128|192|256|512|SEED)/ );  +       $cipher = "<span style='color:red'>". $fm->localise('INSECURE'). " $cipher</span> " unless ($cipher =~ /(128|192|256|512|SEED)/ );
480  +        my $hmac   = $config->prop('hmac') || 'SHA1';  +        my $hmac   = $config->prop('HMAC') || 'SHA1';
481  +       $hmac= "<span style='color:red'>". $fm->localise('UNSECURE'). " $hmac</span> " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/);  +       $hmac= "<span style='color:red'>". $fm->localise('INSECURE'). " $hmac</span> " unless ($hmac eq "whirlpool" || $hmac =~ /(512|256|384|224)$/);
482  +        my $authe  = $config->prop('Authentication') || '';  +        my $authe  = $config->prop('Authentication') || '';
483  +       my $linkup = "<span style='color:red'>". $fm->localise('DOWN')."</span>" ;  +       my $linkup = "<span style='color:red'>". $fm->localise('DOWN')."</span>" ;
484  +       use Net::Ping;  +       use Net::Ping;
# Line 576  diff -Nur --no-dereference smeserver-ope Line 576  diff -Nur --no-dereference smeserver-ope
576  +    my ($self) = @_;  +    my ($self) = @_;
577  +    my $name = $self->cgi->param('conf_name') or return "AES-128-CBC";  +    my $name = $self->cgi->param('conf_name') or return "AES-128-CBC";
578  +    my $cvpn= $ovpn_db->get($name);  +    my $cvpn= $ovpn_db->get($name);
579  +    return "BF-CBC" unless defined $cvpn->prop('cipher');  +    return "BF-CBC" unless defined $cvpn->prop('Cipher');
580  +    return $cvpn->prop('cipher') ;  +    return $cvpn->prop('Cipher') ;
581  +}  +}
582  +  +
583  +=head2 get_ciphers_options  +=head2 get_ciphers_options
584  +list obtained using  +list obtained using
585  +openvpn --show-ciphers | egrep '^[A-Z]{2}' |  sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print "    '\''" $1 "'\'' => '\''" $1 $2 " " $4 " "  $5 " "  $7")'\''," '}  +openvpn --show-ciphers | egrep '^[A-Z]{2}' |  sed 's/ by//; s/ default//; s/block,/block/; s/)// ' | awk {'print "    '\''" $1 "'\'' => '\''" $1 $2 " " $4 " "  $5 " "  $7")'\''," '}
586  +then reduced to remove most of unsecure ciphers  +then reduced to remove most of insecure ciphers
587  +Using a CBC or GCM mode is recommended.  +Using a CBC or GCM mode is recommended.
588  +In static key mode only CBC mode is allowed.  +In static key mode only CBC mode is allowed.
589  +  +


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed