From fb4ce0f954865a1412469536b62555b03980ac40 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 3 Jan 2015 18:50:22 +0100 Subject: [PATCH] Print the ocserv's certificate hash and key ID Signed-off-by: Nikos Mavrogiannopoulos --- .../luasrc/model/cbi/ocserv/main.lua | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua b/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua index a909649df9..c4289f0520 100644 --- a/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua +++ b/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua @@ -27,6 +27,39 @@ local e = s:taboption("general", Flag, "enable", translate("Enable server")) e.rmempty = false e.default = "1" +local o_sha = s:taboption("general", DummyValue, "sha_hash", translate("Server's certificate SHA1 hash"), + translate("That value should be communicated to the client to verify the server's certificate")) +local o_pki = s:taboption("general", DummyValue, "pkid", translate("Server's Public Key ID"), + translate("An alternative value to be communicated to the client to verify the server's certificate; this value only depends on the public key")) + +local fd = io.popen("/usr/bin/certtool -i --infile /etc/ocserv/server-cert.pem", "r") +if fd then local ln + local found_sha = false + local found_pki = false + local complete = 0 + while complete < 2 do + local ln = fd:read("*l") + if not ln then + break + elseif ln:match("SHA%-?1 fingerprint:") then + found_sha = true + elseif found_sha then + local hash = ln:match("([a-f0-9]+)") + o_sha.default = hash and hash:upper() + complete = complete + 1 + found_sha = false + elseif ln:match("Public Key I[Dd]:") then + found_pki = true + elseif found_pki then + local hash = ln:match("([a-f0-9]+)") + o_pki.default = hash and hash:upper() + complete = complete + 1 + found_pki = false + end + end + fd:close() +end + function m.on_commit(map) luci.sys.call("/usr/bin/occtl reload >/dev/null 2>&1") end -- 2.30.2