Let the user choose the IPsec CA instead of assuming.

This commit is contained in:
jim-p 2010-08-13 14:15:08 -04:00
parent dc291feb70
commit a22d475f11
2 changed files with 28 additions and 3 deletions

View File

@ -535,7 +535,7 @@ function vpn_ipsec_configure($ipchg = false)
chmod($keypath, 0600);
$ca = lookup_ca($cert['caref']);
$ca = lookup_ca($ph1ent['caref']);
if ($ca) {
$cafile = "ca-".$ikeid.".crt";
$capath = $g['varetc_path']."/".$cafile;

View File

@ -96,6 +96,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
} else {
$pconfig['certref'] = $a_phase1[$p1index]['certref'];
$pconfig['caref'] = $a_phase1[$p1index]['caref'];
}
$pconfig['descr'] = $a_phase1[$p1index]['descr'];
@ -142,8 +143,8 @@ if ($_POST) {
$reqdfields = explode(" ", "pskey");
$reqdfieldsn = array(gettext("Pre-Shared Key"));
} else {
$reqdfields = explode(" ", "certref");
$reqdfieldsn = array(gettext("My Certificate"));
$reqdfields = explode(" ", "caref certref");
$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
}
if (!$pconfig['mobile']) {
$reqdfields[] = "remotegw";
@ -292,6 +293,7 @@ if ($_POST) {
$ph1ent['pre-shared-key'] = $pconfig['pskey'];
$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
$ph1ent['certref'] = $pconfig['certref'];
$ph1ent['caref'] = $pconfig['caref'];
$ph1ent['authentication_method'] = $pconfig['authentication_method'];
$ph1ent['proposal_check'] = $pconfig['proposal_check'];
$ph1ent['descr'] = $pconfig['descr'];
@ -374,24 +376,28 @@ function methodsel_change() {
document.getElementById('opt_psk').style.display = 'none';
document.getElementById('opt_peerid').style.display = '';
document.getElementById('opt_cert').style.display = '';
document.getElementById('opt_ca').style.display = '';
break;
case 'xauth_rsa_server':
case 'rsasig':
document.getElementById('opt_psk').style.display = 'none';
document.getElementById('opt_peerid').style.display = '';
document.getElementById('opt_cert').style.display = '';
document.getElementById('opt_ca').style.display = '';
break;
<?php if ($pconfig['mobile']) { ?>
case 'pre_shared_key':
document.getElementById('opt_psk').style.display = 'none';
document.getElementById('opt_peerid').style.display = 'none';
document.getElementById('opt_cert').style.display = 'none';
document.getElementById('opt_ca').style.display = 'none';
break;
<?php } ?>
default: /* psk modes*/
document.getElementById('opt_psk').style.display = '';
document.getElementById('opt_peerid').style.display = '';
document.getElementById('opt_cert').style.display = 'none';
document.getElementById('opt_ca').style.display = 'none';
break;
}
}
@ -710,6 +716,25 @@ function dpdchkbox_change() {
</span>
</td>
</tr>
<tr id="opt_ca">
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
<td width="78%" class="vtable">
<select name='caref' class="formselect">
<?php
foreach ($config['system']['ca'] as $ca):
$selected = "";
if ($pconfig['caref'] == $ca['refid'])
$selected = "selected";
?>
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['name'];?></option>
<?php endforeach; ?>
</select>
<br>
<span class="vexpl">
<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
</span>
</td>
</tr>
<tr>
<td colspan="2" class="list" height="12"></td>
</tr>