From a0f66eaa214f31356d9ec70c95798987a47fc846 Mon Sep 17 00:00:00 2001
From: John Crisp <john@reetspetit.net>
Date: Thu, 19 Mar 2020 01:05:16 +0100
Subject: [PATCH] Update to DH 2048

---
 ca/main.php                   |  4 ++--
 include/openssl_functions.php |  2 +-
 setup.php-presetup            | 31 ++++++++++++++++---------------
 3 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/ca/main.php b/ca/main.php
index 812f046..78da7e8 100644
--- a/ca/main.php
+++ b/ca/main.php
@@ -15,7 +15,7 @@ case 'dl_takey':
 	break;
 
 case 'dl_dhparam':
-	upload("$config[private_dir]/dhparam1024.pem", "$config[ca_prefix]dhparam1024.pem", 'application/octet-stream');
+	upload("$config[private_dir]/dhparam2048.pem", "$config[ca_prefix]dhparam2048.pem", 'application/octet-stream');
 	break;
 
 case 'dl_root':
@@ -148,7 +148,7 @@ default:
 	<td>This key can be used with OpenVPN as a standalone auth mechanism, or as an additional TLS authentication.</td></tr>
  <?php }
  ?>
- <?php if (file_exists ($config[private_dir] . '/dhparam1024.pem')) {
+ <?php if (file_exists ($config[private_dir] . '/dhparam2048.pem')) {
 	?>
 	<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
 	<a href="<?php echo $PHP_SELF?>?stage=dl_dhparam">Download the Diffie-Hellman parameters</a><br><br>
diff --git a/include/openssl_functions.php b/include/openssl_functions.php
index d97be82..cf53d67 100644
--- a/include/openssl_functions.php
+++ b/include/openssl_functions.php
@@ -475,7 +475,7 @@ function ta_key_text() {
 // Returns the dhparam file
 function dhparam_text() {
         global $config;
-        return(shell_exec('cat '.escshellarg($config['private_dir']).'/dhparam1024.pem 2>&1'));
+        return(shell_exec('cat '.escshellarg($config['private_dir']).'/dhparam2048.pem 2>&1'));
 }
 
 // Returns the root CA certificate file (PEM Encoded)
diff --git a/setup.php-presetup b/setup.php-presetup
index 65d328d..44b26ce 100644
--- a/setup.php-presetup
+++ b/setup.php-presetup
@@ -635,26 +635,27 @@ EOS;
 	#
 	# Create dhparam files for OpenVPN and others.
 	#
-	print '<p><strong>Creating 1024 bit Diffie-Hellman parameters used by OpenVPN.<br>';
-	print "Saving to $config[private_dir]/dhparam1024.pem.</strong><br>";
-	$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam1024.pem' 1024";
-	print $cmd.'<br>';
-    // This works but still errors in logs
+	#print '<p><strong>Creating 1024 bit Diffie-Hellman parameters used by OpenVPN.<br>';
+	#print "Saving to $config[private_dir]/dhparam1024.pem.</strong><br>";
+	#$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam1024.pem' 1024";
+	#print $cmd.'<br>';
+	#flush();
+	#flush_exec($cmd,100);
+
+    #print "Please ignore warnings about \"unable to write 'random state\' <br><br>";
+
+	// This method works but still errors in logs
     // exec(DH . "-rand '$config[random]' -out '$config[private_dir]/dhparam1024.pem' 1024");
 	// exec(DH . " -out '$config[private_dir]/dhparam1024.pem' 1024");
 	
+	print '<p><strong>Creating 2048 bit Diffie-Hellman parameters used by OpenVPN.<br>';
+	print "Saving to $store_dir/dhparam2048.pem.</strong><br>";
+	$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam2048.pem' 2048";
+	print $cmd.'<br>';
 	flush();
-	flush_exec($cmd,100);
+	flush_exec($cmd,200);
 	
-    print "Please ignore warnings about \"unable to write 'random state\' <br><br>";
-
-	#print '<p><strong>Creating 2048 bit Diffie-Hellman parameters used by OpenVPN.<br>';
-	#print "Saving to $store_dir/dhparam2048.pem.</strong><br>";
-	#$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam2048.pem' 2048";
-	#print $cmd.'<br>';
-	#flush();
-	#flush_exec($cmd,200);
-
+	print "Please ignore warnings about \"unable to write 'random state\' <br><br>";
 	
 	#
     # Create a TLS auth key for OpenVPN if openvpn is installed