I have noticed a few **very** minor oddities with certificate names when setting up IPSec Certificates: 1.) When you use the WUI to create the Root/Host certs for a machine, the 'C' in certificate is capitalized in "Host Certificate", but not in "Root certificate". This is obviously not a big deal, but it ought to be uniform, all the same. 2.) When uploading a remote system's root certificate, you are not able to specify a name that has any spaces in it, even though the local certificate names *DO* have spaces in them. If you try to specify a name with a space in it, you get the error "Name must only contain characters."
OK, not much of a start, but I did figure out the solution to #1. The English translation file located at /var/ipfire/langs/en.pl contains the offending strings, and I would suggest changing line 1967 from 'root certificate' => 'Root certificate', to 'root certificate' => 'Root Certificate', Is there somewhere that I should place this, or is here enough? attach a modified file? I will try to figure out the portion of vpnmain.cgi that controls the form validation for #2, but that's way beyond my skillset.
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=cfa228c2f3c852ad6f5829fddfffe1f49a1f98f0
This bug has been closed as fixed but there were two parts to it and only the first part was fixed. Therefore I have re-opened it and will submit a patch to fix the second part. I came across this one when looking at a similar open bug related to OpenVPN where this bug related to IPSec was referenced.
Patch submitted into dev mailing list and patchwork. https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/thread/ROQIIEWTI3BHTN6CF2CLSE243BQ3GXRS/ https://patchwork.ipfire.org/project/ipfire/list/?series=4653 Change tested out on my vm system and confirmed to allow CA Names with spaces to be uploaded.
The patch set has been reverted https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=754451021b7d6fa6aa812b1ac2f017fb118bd383 https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=17ad30b9e2aaca5b90df98ceee9ac68a9c68e238 as the placing of quotation marks around the $_[0] I have learnt is bad code as it results in a potential vulnerability situation. I have been given some guidance on an alternative approach and I am working on that and will re-submit the patch set as a v2 version once I have got the new fix working.
Updated patch set submitted to dev mailing list and patchwork. https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/thread/JW5LP2W3UAHZVN75TW4W5VLXNBC4CO2G/ https://patchwork.ipfire.org/project/ipfire/list/?series=4774 This v2 patch set version uses the &General::system_output function suggested by @Michael.
v3 version of the patch set has been submitted as the previous v2 version clashed with another bug patch update of the same file. https://lists.ipfire.org/development/20250306113221.6990-1-adolf.belka@ipfire.org/T/#t https://patchwork.ipfire.org/project/ipfire/list/?series=4775
v3 patch set has been merged into next. https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=f82c1bd187d7a3a1001db4bb42b3f989f9c223f7 https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=bfd3c3f0c20be976dab670162d4891c192433f72
https://www.ipfire.org/blog/ipfire-2-29-core-update-193-is-available-for-testing