summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-ocserv/luasrc
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2019-12-14 09:55:11 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2019-12-14 09:55:48 +0100
commitc81ca8dae3e914b41b754e1cdc7cad3aeead9e66 (patch)
tree24260269f3ec6350af089c5d93833b0796620a5e /applications/luci-app-ocserv/luasrc
parent5d55a0a4a9c338f64818ac73b7d5f28079aa95b7 (diff)
ocserv: fix the public key ID calculation
New versions of certtool change its output format and thus break the previous parsing. This update works with certtool 3.5.x or later. It also restricts the output to valid values for openconnect 7.x or later for simplification. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'applications/luci-app-ocserv/luasrc')
-rw-r--r--applications/luci-app-ocserv/luasrc/model/cbi/ocserv/main.lua31
1 files changed, 5 insertions, 26 deletions
diff --git a/applications/luci-app-ocserv/luasrc/model/cbi/ocserv/main.lua b/applications/luci-app-ocserv/luasrc/model/cbi/ocserv/main.lua
index 396dedd4a..6194a18dc 100644
--- a/applications/luci-app-ocserv/luasrc/model/cbi/ocserv/main.lua
+++ b/applications/luci-app-ocserv/luasrc/model/cbi/ocserv/main.lua
@@ -17,35 +17,14 @@ local e = s:taboption("general", Flag, "enable", translate("Enable server"))
e.rmempty = false
e.default = "1"
-local o_sha = s:taboption("general", DummyValue, "sha_hash", translate("Server's certificate SHA1 hash"),
- translate("That value should be communicated to the client to verify the server's certificate"))
local o_pki = s:taboption("general", DummyValue, "pkid", translate("Server's Public Key ID"),
- translate("An alternative value to be communicated to the client to verify the server's certificate; this value only depends on the public key"))
+ translate("The value to be communicated to the client to verify the server's certificate; this value only depends on the public key"))
-local fd = io.popen("/usr/bin/certtool -i --infile /etc/ocserv/server-cert.pem", "r")
+local fd = io.popen("/usr/bin/certtool --hash sha256 --key-id --infile /etc/ocserv/server-cert.pem", "r")
if fd then local ln
- local found_sha = false
- local found_pki = false
- local complete = 0
- while complete < 2 do
- local ln = fd:read("*l")
- if not ln then
- break
- elseif ln:match("SHA%-?1 fingerprint:") then
- found_sha = true
- elseif found_sha then
- local hash = ln:match("([a-f0-9]+)")
- o_sha.default = hash and hash:upper()
- complete = complete + 1
- found_sha = false
- elseif ln:match("Public Key I[Dd]:") then
- found_pki = true
- elseif found_pki then
- local hash = ln:match("([a-f0-9]+)")
- o_pki.default = hash and "sha1:" .. hash:upper()
- complete = complete + 1
- found_pki = false
- end
+ local ln = fd:read("*l")
+ if ln then
+ o_pki.default = "sha256:" .. ln
end
fd:close()
end