diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-01-05 19:04:19 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-01-05 19:04:19 +0100 |
commit | 9edd0e46c3f880727738ce8ca6ff1c8b85f99ef4 (patch) | |
tree | c3e40d8e79cd47ae7f645e041ae0254f6ef14b3f | |
parent | 66aa988246f4226627b6b0061ff7304b88c3036d (diff) | |
parent | fb4ce0f954865a1412469536b62555b03980ac40 (diff) |
Merge pull request #278 from nmav/ocserv
Print the ocserv's certificate hash and key ID
-rw-r--r-- | applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua b/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua index a909649df9..c4289f0520 100644 --- a/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua +++ b/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua @@ -27,6 +27,39 @@ local e = s:taboption("general", Flag, "enable", translate("Enable server")) e.rmempty = false e.default = "1" +local o_sha = s:taboption("general", DummyValue, "sha_hash", translate("Server's certificate SHA1 hash"), + translate("That value should be communicated to the client to verify the server's certificate")) +local o_pki = s:taboption("general", DummyValue, "pkid", translate("Server's Public Key ID"), + translate("An alternative value to be communicated to the client to verify the server's certificate; this value only depends on the public key")) + +local fd = io.popen("/usr/bin/certtool -i --infile /etc/ocserv/server-cert.pem", "r") +if fd then local ln + local found_sha = false + local found_pki = false + local complete = 0 + while complete < 2 do + local ln = fd:read("*l") + if not ln then + break + elseif ln:match("SHA%-?1 fingerprint:") then + found_sha = true + elseif found_sha then + local hash = ln:match("([a-f0-9]+)") + o_sha.default = hash and hash:upper() + complete = complete + 1 + found_sha = false + elseif ln:match("Public Key I[Dd]:") then + found_pki = true + elseif found_pki then + local hash = ln:match("([a-f0-9]+)") + o_pki.default = hash and hash:upper() + complete = complete + 1 + found_pki = false + end + end + fd:close() +end + function m.on_commit(map) luci.sys.call("/usr/bin/occtl reload >/dev/null 2>&1") end |