Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ocserv: fix the public key ID calculation

Browse source 
New versions of certtool change its output format and thus break
the previous parsing. This update works with certtool 3.5.x or later.
It also restricts the output to valid values for openconnect 7.x or
later for simplification.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
(cherry picked from commit c81ca8dae3)
This commit is contained in:
Nikos Mavrogiannopoulos 2019-12-14 09:55:11 +01:00 committed by Jo-Philipp Wich
parent 6aeda9c4c8
commit 391258f4f6
1 changed files with 5 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
applications/luci-app-ocserv/luasrc/model/cbi/ocserv/main.lua
View file

@ -17,35 +17,14 @@ local e = s:taboption("general", Flag, "enable", translate("Enable server"))
e.rmempty = false
e.default = "1"
local o_sha = s:taboption("general", DummyValue, "sha_hash", translate("Server's certificate SHA1 hash"),
translate("That value should be communicated to the client to verify the server's certificate"))
local o_pki = s:taboption("general", DummyValue, "pkid", translate("Server's Public Key ID"),
translate("An alternative value to be communicated to the client to verify the server's certificate; this value only depends on the public key"))
translate("The value to be communicated to the client to verify the server's certificate; this value only depends on the public key"))
local fd = io.popen("/usr/bin/certtool -i --infile /etc/ocserv/server-cert.pem", "r")
local fd = io.popen("/usr/bin/certtool --hash sha256 --key-id --infile /etc/ocserv/server-cert.pem", "r")
if fd then local ln
local found_sha = false
local found_pki = false
local complete = 0
while complete < 2 do
local ln = fd:read("*l")
if not ln then
break
elseif ln:match("SHA%-?1 fingerprint:") then
found_sha = true
elseif found_sha then
local hash = ln:match("([a-f0-9]+)")
o_sha.default = hash and hash:upper()
complete = complete + 1
found_sha = false
elseif ln:match("Public Key I[Dd]:") then
found_pki = true
elseif found_pki then
local hash = ln:match("([a-f0-9]+)")
o_pki.default = hash and "sha1:" .. hash:upper()
complete = complete + 1
found_pki = false
end
local ln = fd:read("*l")
if ln then
o_pki.default = "sha256:" .. ln
end
fd:close()
end