Update to DH 2048

ca/main.php

@@ -15,7 +15,7 @@ case 'dl_takey':
 	break;
 
 case 'dl_dhparam':
-	upload("$config[private_dir]/dhparam1024.pem", "$config[ca_prefix]dhparam1024.pem", 'application/octet-stream');
+	upload("$config[private_dir]/dhparam2048.pem", "$config[ca_prefix]dhparam2048.pem", 'application/octet-stream');
 	break;
 
 case 'dl_root':
@@ -148,7 +148,7 @@ default:
 	<td>This key can be used with OpenVPN as a standalone auth mechanism, or as an additional TLS authentication.</td></tr>
  <?php }
  ?>
- <?php if (file_exists ($config[private_dir] . '/dhparam1024.pem')) {
+ <?php if (file_exists ($config[private_dir] . '/dhparam2048.pem')) {
 	?>
 	<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
 	<a href="<?php echo $PHP_SELF?>?stage=dl_dhparam">Download the Diffie-Hellman parameters</a><br><br>

include/openssl_functions.php

@@ -475,7 +475,7 @@ function ta_key_text() {
 // Returns the dhparam file
 function dhparam_text() {
         global $config;
-        return(shell_exec('cat '.escshellarg($config['private_dir']).'/dhparam1024.pem 2>&1'));
+        return(shell_exec('cat '.escshellarg($config['private_dir']).'/dhparam2048.pem 2>&1'));
 }
 
 // Returns the root CA certificate file (PEM Encoded)

setup.php-presetup

@@ -635,27 +635,28 @@ EOS;
 	#
 	# Create dhparam files for OpenVPN and others.
 	#
-	print '<p><strong>Creating 1024 bit Diffie-Hellman parameters used by OpenVPN.<br>';
+	#print '<p><strong>Creating 1024 bit Diffie-Hellman parameters used by OpenVPN.<br>';
-	print "Saving to $config[private_dir]/dhparam1024.pem.</strong><br>";
+	#print "Saving to $config[private_dir]/dhparam1024.pem.</strong><br>";
-	$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam1024.pem' 1024";
+	#$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam1024.pem' 1024";
-	print $cmd.'<br>';
+	#print $cmd.'<br>';
-    // This works but still errors in logs
+	#flush();
+	#flush_exec($cmd,100);
+
+    #print "Please ignore warnings about \"unable to write 'random state\' <br><br>";
+
+	// This method works but still errors in logs
     // exec(DH . "-rand '$config[random]' -out '$config[private_dir]/dhparam1024.pem' 1024");
 	// exec(DH . " -out '$config[private_dir]/dhparam1024.pem' 1024");
 	
+	print '<p><strong>Creating 2048 bit Diffie-Hellman parameters used by OpenVPN.<br>';
+	print "Saving to $store_dir/dhparam2048.pem.</strong><br>";
+	$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam2048.pem' 2048";
+	print $cmd.'<br>';
 	flush();
-	flush_exec($cmd,100);
+	flush_exec($cmd,200);
 	
 	print "Please ignore warnings about \"unable to write 'random state\' <br><br>";
 	
-	#print '<p><strong>Creating 2048 bit Diffie-Hellman parameters used by OpenVPN.<br>';
-	#print "Saving to $store_dir/dhparam2048.pem.</strong><br>";
-	#$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam2048.pem' 2048";
-	#print $cmd.'<br>';
-	#flush();
-	#flush_exec($cmd,200);
-
-	
 	#
     # Create a TLS auth key for OpenVPN if openvpn is installed
     #