mirror of
https://github.com/pfsense/pfsense.git
synced 2025-10-26 11:38:35 +00:00
Let the user choose the IPsec CA instead of assuming.
This commit is contained in:
parent
dc291feb70
commit
a22d475f11
@ -535,7 +535,7 @@ function vpn_ipsec_configure($ipchg = false)
|
||||
|
||||
chmod($keypath, 0600);
|
||||
|
||||
$ca = lookup_ca($cert['caref']);
|
||||
$ca = lookup_ca($ph1ent['caref']);
|
||||
if ($ca) {
|
||||
$cafile = "ca-".$ikeid.".crt";
|
||||
$capath = $g['varetc_path']."/".$cafile;
|
||||
|
||||
@ -96,6 +96,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
|
||||
$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
|
||||
} else {
|
||||
$pconfig['certref'] = $a_phase1[$p1index]['certref'];
|
||||
$pconfig['caref'] = $a_phase1[$p1index]['caref'];
|
||||
}
|
||||
|
||||
$pconfig['descr'] = $a_phase1[$p1index]['descr'];
|
||||
@ -142,8 +143,8 @@ if ($_POST) {
|
||||
$reqdfields = explode(" ", "pskey");
|
||||
$reqdfieldsn = array(gettext("Pre-Shared Key"));
|
||||
} else {
|
||||
$reqdfields = explode(" ", "certref");
|
||||
$reqdfieldsn = array(gettext("My Certificate"));
|
||||
$reqdfields = explode(" ", "caref certref");
|
||||
$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
|
||||
}
|
||||
if (!$pconfig['mobile']) {
|
||||
$reqdfields[] = "remotegw";
|
||||
@ -292,6 +293,7 @@ if ($_POST) {
|
||||
$ph1ent['pre-shared-key'] = $pconfig['pskey'];
|
||||
$ph1ent['private-key'] = base64_encode($pconfig['privatekey']);
|
||||
$ph1ent['certref'] = $pconfig['certref'];
|
||||
$ph1ent['caref'] = $pconfig['caref'];
|
||||
$ph1ent['authentication_method'] = $pconfig['authentication_method'];
|
||||
$ph1ent['proposal_check'] = $pconfig['proposal_check'];
|
||||
$ph1ent['descr'] = $pconfig['descr'];
|
||||
@ -374,24 +376,28 @@ function methodsel_change() {
|
||||
document.getElementById('opt_psk').style.display = 'none';
|
||||
document.getElementById('opt_peerid').style.display = '';
|
||||
document.getElementById('opt_cert').style.display = '';
|
||||
document.getElementById('opt_ca').style.display = '';
|
||||
break;
|
||||
case 'xauth_rsa_server':
|
||||
case 'rsasig':
|
||||
document.getElementById('opt_psk').style.display = 'none';
|
||||
document.getElementById('opt_peerid').style.display = '';
|
||||
document.getElementById('opt_cert').style.display = '';
|
||||
document.getElementById('opt_ca').style.display = '';
|
||||
break;
|
||||
<?php if ($pconfig['mobile']) { ?>
|
||||
case 'pre_shared_key':
|
||||
document.getElementById('opt_psk').style.display = 'none';
|
||||
document.getElementById('opt_peerid').style.display = 'none';
|
||||
document.getElementById('opt_cert').style.display = 'none';
|
||||
document.getElementById('opt_ca').style.display = 'none';
|
||||
break;
|
||||
<?php } ?>
|
||||
default: /* psk modes*/
|
||||
document.getElementById('opt_psk').style.display = '';
|
||||
document.getElementById('opt_peerid').style.display = '';
|
||||
document.getElementById('opt_cert').style.display = 'none';
|
||||
document.getElementById('opt_ca').style.display = 'none';
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -710,6 +716,25 @@ function dpdchkbox_change() {
|
||||
</span>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="opt_ca">
|
||||
<td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
|
||||
<td width="78%" class="vtable">
|
||||
<select name='caref' class="formselect">
|
||||
<?php
|
||||
foreach ($config['system']['ca'] as $ca):
|
||||
$selected = "";
|
||||
if ($pconfig['caref'] == $ca['refid'])
|
||||
$selected = "selected";
|
||||
?>
|
||||
<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['name'];?></option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<br>
|
||||
<span class="vexpl">
|
||||
<?=gettext("Select a certificate authority previously configured in the Certificate Manager"); ?>.
|
||||
</span>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2" class="list" height="12"></td>
|
||||
</tr>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user